aws-cdk-lib 2.148.1__py3-none-any.whl → 2.150.0__py3-none-any.whl

aws_cdk/aws_wafv2/__init__.py

@@ -5476,9 +5476,11 @@ class CfnRuleGroup(
 
             Example JSON: ``"JsonBody": { "MatchPattern": { "All": {} }, "MatchScope": "ALL" }``
 
+            For additional information about this request component option, see `JSON body <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body>`_ in the *AWS WAF Developer Guide* .
+
             :param match_pattern: The patterns to look for in the JSON body. AWS WAF inspects the results of these pattern matches against the rule inspection criteria.
             :param match_scope: The parts of the JSON to match against using the ``MatchPattern`` . If you specify ``ALL`` , AWS WAF matches against keys and values. ``All`` does not require a match to be found in the keys and a match to be found in the values. It requires a match to be found in the keys or the values or both. To require a match in the keys and in the values, use a logical ``AND`` statement to combine two match rules, one that inspects the keys and another that inspects the values.
-            :param invalid_fallback_behavior: What AWS WAF should do if it fails to completely parse the JSON body. The options are the following:. - ``EVALUATE_AS_STRING`` - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters. AWS WAF does its best to parse the entire JSON body, but might be forced to stop for reasons such as invalid characters, duplicate keys, truncation, and any content whose root node isn't an object or an array. AWS WAF parses the JSON in the following examples as two valid key, value pairs: - Missing comma: ``{"key1":"value1""key2":"value2"}`` - Missing colon: ``{"key1":"value1","key2""value2"}`` - Extra colons: ``{"key1"::"value1","key2""value2"}``
+            :param invalid_fallback_behavior: What AWS WAF should do if it fails to completely parse the JSON body. The options are the following:. - ``EVALUATE_AS_STRING`` - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters. .. epigraph:: AWS WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, AWS WAF doesn't apply the fallback behavior. For more information, see `JSON body <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body>`_ in the *AWS WAF Developer Guide* .
             :param oversize_handling: What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. The options for oversize handling are the following: - ``CONTINUE`` - Inspect the available body contents normally, according to the rule inspection criteria. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. You can combine the ``MATCH`` or ``NO_MATCH`` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. Default: ``CONTINUE``
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-jsonbody.html
@@ -5556,14 +5558,9 @@ class CfnRuleGroup(
             - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
 
             If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters.
+            .. epigraph::
 
-            AWS WAF does its best to parse the entire JSON body, but might be forced to stop for reasons such as invalid characters, duplicate keys, truncation, and any content whose root node isn't an object or an array.
-
-            AWS WAF parses the JSON in the following examples as two valid key, value pairs:
-
-            - Missing comma: ``{"key1":"value1""key2":"value2"}``
-            - Missing colon: ``{"key1":"value1","key2""value2"}``
-            - Extra colons: ``{"key1"::"value1","key2""value2"}``
+               AWS WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, AWS WAF doesn't apply the fallback behavior. For more information, see `JSON body <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body>`_ in the *AWS WAF Developer Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-jsonbody.html#cfn-wafv2-rulegroup-jsonbody-invalidfallbackbehavior
             '''
@@ -14956,9 +14953,11 @@ class CfnWebACL(
 
             Example JSON: ``"JsonBody": { "MatchPattern": { "All": {} }, "MatchScope": "ALL" }``
 
+            For additional information about this request component option, see `JSON body <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body>`_ in the *AWS WAF Developer Guide* .
+
             :param match_pattern: The patterns to look for in the JSON body. AWS WAF inspects the results of these pattern matches against the rule inspection criteria.
             :param match_scope: The parts of the JSON to match against using the ``MatchPattern`` . If you specify ``ALL`` , AWS WAF matches against keys and values. ``All`` does not require a match to be found in the keys and a match to be found in the values. It requires a match to be found in the keys or the values or both. To require a match in the keys and in the values, use a logical ``AND`` statement to combine two match rules, one that inspects the keys and another that inspects the values.
-            :param invalid_fallback_behavior: What AWS WAF should do if it fails to completely parse the JSON body. The options are the following:. - ``EVALUATE_AS_STRING`` - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters. AWS WAF does its best to parse the entire JSON body, but might be forced to stop for reasons such as invalid characters, duplicate keys, truncation, and any content whose root node isn't an object or an array. AWS WAF parses the JSON in the following examples as two valid key, value pairs: - Missing comma: ``{"key1":"value1""key2":"value2"}`` - Missing colon: ``{"key1":"value1","key2""value2"}`` - Extra colons: ``{"key1"::"value1","key2""value2"}``
+            :param invalid_fallback_behavior: What AWS WAF should do if it fails to completely parse the JSON body. The options are the following:. - ``EVALUATE_AS_STRING`` - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters. .. epigraph:: AWS WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, AWS WAF doesn't apply the fallback behavior. For more information, see `JSON body <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body>`_ in the *AWS WAF Developer Guide* .
             :param oversize_handling: What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. The options for oversize handling are the following: - ``CONTINUE`` - Inspect the available body contents normally, according to the rule inspection criteria. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. You can combine the ``MATCH`` or ``NO_MATCH`` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. Default: ``CONTINUE``
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-jsonbody.html
@@ -15036,14 +15035,9 @@ class CfnWebACL(
             - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
 
             If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters.
+            .. epigraph::
 
-            AWS WAF does its best to parse the entire JSON body, but might be forced to stop for reasons such as invalid characters, duplicate keys, truncation, and any content whose root node isn't an object or an array.
-
-            AWS WAF parses the JSON in the following examples as two valid key, value pairs:
-
-            - Missing comma: ``{"key1":"value1""key2":"value2"}``
-            - Missing colon: ``{"key1":"value1","key2""value2"}``
-            - Extra colons: ``{"key1"::"value1","key2""value2"}``
+               AWS WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, AWS WAF doesn't apply the fallback behavior. For more information, see `JSON body <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body>`_ in the *AWS WAF Developer Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-jsonbody.html#cfn-wafv2-webacl-jsonbody-invalidfallbackbehavior
             '''

aws_cdk/aws_workspaces/__init__.py

@@ -453,11 +453,11 @@ class CfnWorkspace(
         :param id: Construct identifier for this resource (unique in its scope).
         :param bundle_id: The identifier of the bundle for the WorkSpace.
         :param directory_id: The identifier of the AWS Directory Service directory for the WorkSpace.
-        :param user_name: The user name of the user for the WorkSpace. This user name must exist in the AWS Directory Service directory for the WorkSpace. The reserved keyword, ``[UNDEFINED]`` , is used when creating user-decoupled WorkSpaces.
+        :param user_name: The user name of the user for the WorkSpace. This user name must exist in the AWS Directory Service directory for the WorkSpace.
         :param root_volume_encryption_enabled: Indicates whether the data stored on the root volume is encrypted.
         :param tags: The tags for the WorkSpace.
         :param user_volume_encryption_enabled: Indicates whether the data stored on the user volume is encrypted.
-        :param volume_encryption_key: The ARN of the symmetric AWS KMS key used to encrypt data stored on your WorkSpace. Amazon WorkSpaces does not support asymmetric KMS keys.
+        :param volume_encryption_key: The symmetric AWS KMS key used to encrypt data stored on your WorkSpace. Amazon WorkSpaces does not support asymmetric KMS keys.
         :param workspace_properties: The WorkSpace properties.
         '''
         if __debug__:
@@ -618,7 +618,7 @@ class CfnWorkspace(
     @builtins.property
     @jsii.member(jsii_name="volumeEncryptionKey")
     def volume_encryption_key(self) -> typing.Optional[builtins.str]:
-        '''The ARN of the symmetric AWS KMS key used to encrypt data stored on your WorkSpace.'''
+        '''The symmetric AWS KMS key used to encrypt data stored on your WorkSpace.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "volumeEncryptionKey"))
 
     @volume_encryption_key.setter
@@ -671,7 +671,7 @@ class CfnWorkspace(
 
             :param compute_type_name: The compute type. For more information, see `Amazon WorkSpaces Bundles <https://docs.aws.amazon.com/workspaces/details/#Amazon_WorkSpaces_Bundles>`_ .
             :param root_volume_size_gib: The size of the root volume. For important information about how to modify the size of the root and user volumes, see `Modify a WorkSpace <https://docs.aws.amazon.com/workspaces/latest/adminguide/modify-workspaces.html>`_ .
-            :param running_mode: The running mode. For more information, see `Manage the WorkSpace Running Mode <https://docs.aws.amazon.com/workspaces/latest/adminguide/running-mode.html>`_ . .. epigraph:: The ``MANUAL`` value is only supported by Amazon WorkSpaces Core. Contact your account team to be allow-listed to use this value. For more information, see `Amazon WorkSpaces Core <https://docs.aws.amazon.com/workspaces/core/>`_ .
+            :param running_mode: The running mode. For more information, see `Manage the WorkSpace Running Mode <https://docs.aws.amazon.com/workspaces/latest/adminguide/running-mode.html>`_ .
             :param running_mode_auto_stop_timeout_in_minutes: The time after a user logs off when WorkSpaces are automatically stopped. Configured in 60-minute intervals.
             :param user_volume_size_gib: The size of the user storage. For important information about how to modify the size of the root and user volumes, see `Modify a WorkSpace <https://docs.aws.amazon.com/workspaces/latest/adminguide/modify-workspaces.html>`_ .
 
@@ -735,11 +735,9 @@ class CfnWorkspace(
 
         @builtins.property
         def running_mode(self) -> typing.Optional[builtins.str]:
-            '''The running mode. For more information, see `Manage the WorkSpace Running Mode <https://docs.aws.amazon.com/workspaces/latest/adminguide/running-mode.html>`_ .
+            '''The running mode.
 
-            .. epigraph::
-
-               The ``MANUAL`` value is only supported by Amazon WorkSpaces Core. Contact your account team to be allow-listed to use this value. For more information, see `Amazon WorkSpaces Core <https://docs.aws.amazon.com/workspaces/core/>`_ .
+            For more information, see `Manage the WorkSpace Running Mode <https://docs.aws.amazon.com/workspaces/latest/adminguide/running-mode.html>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-workspaces-workspace-workspaceproperties.html#cfn-workspaces-workspace-workspaceproperties-runningmode
             '''
@@ -813,11 +811,11 @@ class CfnWorkspaceProps:
 
         :param bundle_id: The identifier of the bundle for the WorkSpace.
         :param directory_id: The identifier of the AWS Directory Service directory for the WorkSpace.
-        :param user_name: The user name of the user for the WorkSpace. This user name must exist in the AWS Directory Service directory for the WorkSpace. The reserved keyword, ``[UNDEFINED]`` , is used when creating user-decoupled WorkSpaces.
+        :param user_name: The user name of the user for the WorkSpace. This user name must exist in the AWS Directory Service directory for the WorkSpace.
         :param root_volume_encryption_enabled: Indicates whether the data stored on the root volume is encrypted.
         :param tags: The tags for the WorkSpace.
         :param user_volume_encryption_enabled: Indicates whether the data stored on the user volume is encrypted.
-        :param volume_encryption_key: The ARN of the symmetric AWS KMS key used to encrypt data stored on your WorkSpace. Amazon WorkSpaces does not support asymmetric KMS keys.
+        :param volume_encryption_key: The symmetric AWS KMS key used to encrypt data stored on your WorkSpace. Amazon WorkSpaces does not support asymmetric KMS keys.
         :param workspace_properties: The WorkSpace properties.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-workspaces-workspace.html
@@ -903,8 +901,6 @@ class CfnWorkspaceProps:
 
         This user name must exist in the AWS Directory Service directory for the WorkSpace.
 
-        The reserved keyword, ``[UNDEFINED]`` , is used when creating user-decoupled WorkSpaces.
-
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-workspaces-workspace.html#cfn-workspaces-workspace-username
         '''
         result = self._values.get("user_name")
@@ -944,7 +940,7 @@ class CfnWorkspaceProps:
 
     @builtins.property
     def volume_encryption_key(self) -> typing.Optional[builtins.str]:
-        '''The ARN of the symmetric AWS KMS key used to encrypt data stored on your WorkSpace.
+        '''The symmetric AWS KMS key used to encrypt data stored on your WorkSpace.
 
         Amazon WorkSpaces does not support asymmetric KMS keys.
 
@@ -982,7 +978,7 @@ class CfnWorkspacesPool(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_workspaces.CfnWorkspacesPool",
 ):
-    '''Resource Type definition for AWS::WorkSpaces::WorkspacesPool.
+    '''Describes a pool of WorkSpaces.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-workspaces-workspacespool.html
     :cloudformationResource: AWS::WorkSpaces::WorkspacesPool
@@ -1039,14 +1035,14 @@ class CfnWorkspacesPool(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param bundle_id: 
-        :param capacity: 
-        :param directory_id: 
-        :param pool_name: 
-        :param application_settings: 
-        :param description: 
-        :param tags: 
-        :param timeout_settings: 
+        :param bundle_id: The identifier of the bundle used by the pool.
+        :param capacity: Describes the user capacity for the pool.
+        :param directory_id: The identifier of the directory used by the pool.
+        :param pool_name: The name of the pool.
+        :param application_settings: The persistent application settings for users of the pool.
+        :param description: The description of the pool.
+        :param tags: The tags for the pool.
+        :param timeout_settings: The amount of time that a pool session remains active after users disconnect. If they try to reconnect to the pool session after a disconnection or network interruption within this time interval, they are connected to their previous session. Otherwise, they are connected to a new session with a new pool instance.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__2d46eb37beb6bc915a0a0c68f02dfa689a2d725a4252e6874da1ed60602a91e4)
@@ -1098,7 +1094,8 @@ class CfnWorkspacesPool(
     @builtins.property
     @jsii.member(jsii_name="attrCreatedAt")
     def attr_created_at(self) -> builtins.str:
-        '''
+        '''The time the pool was created.
+
         :cloudformationAttribute: CreatedAt
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrCreatedAt"))
@@ -1106,7 +1103,8 @@ class CfnWorkspacesPool(
     @builtins.property
     @jsii.member(jsii_name="attrPoolArn")
     def attr_pool_arn(self) -> builtins.str:
-        '''
+        '''The Amazon Resource Name (ARN) for the pool.
+
         :cloudformationAttribute: PoolArn
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrPoolArn"))
@@ -1114,7 +1112,8 @@ class CfnWorkspacesPool(
     @builtins.property
     @jsii.member(jsii_name="attrPoolId")
     def attr_pool_id(self) -> builtins.str:
-        '''
+        '''The identifier of the pool.
+
         :cloudformationAttribute: PoolId
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrPoolId"))
@@ -1133,6 +1132,7 @@ class CfnWorkspacesPool(
     @builtins.property
     @jsii.member(jsii_name="bundleId")
     def bundle_id(self) -> builtins.str:
+        '''The identifier of the bundle used by the pool.'''
         return typing.cast(builtins.str, jsii.get(self, "bundleId"))
 
     @bundle_id.setter
@@ -1147,6 +1147,7 @@ class CfnWorkspacesPool(
     def capacity(
         self,
     ) -> typing.Union[_IResolvable_da3f097b, "CfnWorkspacesPool.CapacityProperty"]:
+        '''Describes the user capacity for the pool.'''
         return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnWorkspacesPool.CapacityProperty"], jsii.get(self, "capacity"))
 
     @capacity.setter
@@ -1162,6 +1163,7 @@ class CfnWorkspacesPool(
     @builtins.property
     @jsii.member(jsii_name="directoryId")
     def directory_id(self) -> builtins.str:
+        '''The identifier of the directory used by the pool.'''
         return typing.cast(builtins.str, jsii.get(self, "directoryId"))
 
     @directory_id.setter
@@ -1174,6 +1176,7 @@ class CfnWorkspacesPool(
     @builtins.property
     @jsii.member(jsii_name="poolName")
     def pool_name(self) -> builtins.str:
+        '''The name of the pool.'''
         return typing.cast(builtins.str, jsii.get(self, "poolName"))
 
     @pool_name.setter
@@ -1188,6 +1191,7 @@ class CfnWorkspacesPool(
     def application_settings(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWorkspacesPool.ApplicationSettingsProperty"]]:
+        '''The persistent application settings for users of the pool.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWorkspacesPool.ApplicationSettingsProperty"]], jsii.get(self, "applicationSettings"))
 
     @application_settings.setter
@@ -1203,6 +1207,7 @@ class CfnWorkspacesPool(
     @builtins.property
     @jsii.member(jsii_name="description")
     def description(self) -> typing.Optional[builtins.str]:
+        '''The description of the pool.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "description"))
 
     @description.setter
@@ -1215,6 +1220,7 @@ class CfnWorkspacesPool(
     @builtins.property
     @jsii.member(jsii_name="tags")
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
+        '''The tags for the pool.'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tags"))
 
     @tags.setter
@@ -1229,6 +1235,7 @@ class CfnWorkspacesPool(
     def timeout_settings(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWorkspacesPool.TimeoutSettingsProperty"]]:
+        '''The amount of time that a pool session remains active after users disconnect.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWorkspacesPool.TimeoutSettingsProperty"]], jsii.get(self, "timeoutSettings"))
 
     @timeout_settings.setter
@@ -1253,9 +1260,10 @@ class CfnWorkspacesPool(
             status: builtins.str,
             settings_group: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''
-            :param status: 
-            :param settings_group: 
+            '''The persistent application settings for users in the pool.
+
+            :param status: Enables or disables persistent application settings for users during their pool sessions.
+            :param settings_group: The path prefix for the S3 bucket where users’ persistent application settings are stored.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-workspaces-workspacespool-applicationsettings.html
             :exampleMetadata: fixture=_generated
@@ -1285,7 +1293,8 @@ class CfnWorkspacesPool(
 
         @builtins.property
         def status(self) -> builtins.str:
-            '''
+            '''Enables or disables persistent application settings for users during their pool sessions.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-workspaces-workspacespool-applicationsettings.html#cfn-workspaces-workspacespool-applicationsettings-status
             '''
             result = self._values.get("status")
@@ -1294,7 +1303,8 @@ class CfnWorkspacesPool(
 
         @builtins.property
         def settings_group(self) -> typing.Optional[builtins.str]:
-            '''
+            '''The path prefix for the S3 bucket where users’ persistent application settings are stored.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-workspaces-workspacespool-applicationsettings.html#cfn-workspaces-workspacespool-applicationsettings-settingsgroup
             '''
             result = self._values.get("settings_group")
@@ -1318,8 +1328,9 @@ class CfnWorkspacesPool(
     )
     class CapacityProperty:
         def __init__(self, *, desired_user_sessions: jsii.Number) -> None:
-            '''
-            :param desired_user_sessions: 
+            '''Describes the user capacity for the pool.
+
+            :param desired_user_sessions: The desired number of user sessions for the WorkSpaces in the pool.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-workspaces-workspacespool-capacity.html
             :exampleMetadata: fixture=_generated
@@ -1343,7 +1354,8 @@ class CfnWorkspacesPool(
 
         @builtins.property
         def desired_user_sessions(self) -> jsii.Number:
-            '''
+            '''The desired number of user sessions for the WorkSpaces in the pool.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-workspaces-workspacespool-capacity.html#cfn-workspaces-workspacespool-capacity-desiredusersessions
             '''
             result = self._values.get("desired_user_sessions")
@@ -1378,10 +1390,11 @@ class CfnWorkspacesPool(
             idle_disconnect_timeout_in_seconds: typing.Optional[jsii.Number] = None,
             max_user_duration_in_seconds: typing.Optional[jsii.Number] = None,
         ) -> None:
-            '''
-            :param disconnect_timeout_in_seconds: 
-            :param idle_disconnect_timeout_in_seconds: 
-            :param max_user_duration_in_seconds: 
+            '''Describes the timeout settings for the pool.
+
+            :param disconnect_timeout_in_seconds: Specifies the amount of time, in seconds, that a streaming session remains active after users disconnect. If users try to reconnect to the streaming session after a disconnection or network interruption within the time set, they are connected to their previous session. Otherwise, they are connected to a new session with a new streaming instance.
+            :param idle_disconnect_timeout_in_seconds: The amount of time in seconds a connection will stay active while idle.
+            :param max_user_duration_in_seconds: Specifies the maximum amount of time, in seconds, that a streaming session can remain active. If users are still connected to a streaming instance five minutes before this limit is reached, they are prompted to save any open documents before being disconnected. After this time elapses, the instance is terminated and replaced by a new instance.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-workspaces-workspacespool-timeoutsettings.html
             :exampleMetadata: fixture=_generated
@@ -1413,7 +1426,10 @@ class CfnWorkspacesPool(
 
         @builtins.property
         def disconnect_timeout_in_seconds(self) -> typing.Optional[jsii.Number]:
-            '''
+            '''Specifies the amount of time, in seconds, that a streaming session remains active after users disconnect.
+
+            If users try to reconnect to the streaming session after a disconnection or network interruption within the time set, they are connected to their previous session. Otherwise, they are connected to a new session with a new streaming instance.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-workspaces-workspacespool-timeoutsettings.html#cfn-workspaces-workspacespool-timeoutsettings-disconnecttimeoutinseconds
             '''
             result = self._values.get("disconnect_timeout_in_seconds")
@@ -1421,7 +1437,8 @@ class CfnWorkspacesPool(
 
         @builtins.property
         def idle_disconnect_timeout_in_seconds(self) -> typing.Optional[jsii.Number]:
-            '''
+            '''The amount of time in seconds a connection will stay active while idle.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-workspaces-workspacespool-timeoutsettings.html#cfn-workspaces-workspacespool-timeoutsettings-idledisconnecttimeoutinseconds
             '''
             result = self._values.get("idle_disconnect_timeout_in_seconds")
@@ -1429,7 +1446,10 @@ class CfnWorkspacesPool(
 
         @builtins.property
         def max_user_duration_in_seconds(self) -> typing.Optional[jsii.Number]:
-            '''
+            '''Specifies the maximum amount of time, in seconds, that a streaming session can remain active.
+
+            If users are still connected to a streaming instance five minutes before this limit is reached, they are prompted to save any open documents before being disconnected. After this time elapses, the instance is terminated and replaced by a new instance.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-workspaces-workspacespool-timeoutsettings.html#cfn-workspaces-workspacespool-timeoutsettings-maxuserdurationinseconds
             '''
             result = self._values.get("max_user_duration_in_seconds")
@@ -1476,14 +1496,14 @@ class CfnWorkspacesPoolProps:
     ) -> None:
         '''Properties for defining a ``CfnWorkspacesPool``.
 
-        :param bundle_id: 
-        :param capacity: 
-        :param directory_id: 
-        :param pool_name: 
-        :param application_settings: 
-        :param description: 
-        :param tags: 
-        :param timeout_settings: 
+        :param bundle_id: The identifier of the bundle used by the pool.
+        :param capacity: Describes the user capacity for the pool.
+        :param directory_id: The identifier of the directory used by the pool.
+        :param pool_name: The name of the pool.
+        :param application_settings: The persistent application settings for users of the pool.
+        :param description: The description of the pool.
+        :param tags: The tags for the pool.
+        :param timeout_settings: The amount of time that a pool session remains active after users disconnect. If they try to reconnect to the pool session after a disconnection or network interruption within this time interval, they are connected to their previous session. Otherwise, they are connected to a new session with a new pool instance.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-workspaces-workspacespool.html
         :exampleMetadata: fixture=_generated
@@ -1548,7 +1568,8 @@ class CfnWorkspacesPoolProps:
 
     @builtins.property
     def bundle_id(self) -> builtins.str:
-        '''
+        '''The identifier of the bundle used by the pool.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-workspaces-workspacespool.html#cfn-workspaces-workspacespool-bundleid
         '''
         result = self._values.get("bundle_id")
@@ -1559,7 +1580,8 @@ class CfnWorkspacesPoolProps:
     def capacity(
         self,
     ) -> typing.Union[_IResolvable_da3f097b, CfnWorkspacesPool.CapacityProperty]:
-        '''
+        '''Describes the user capacity for the pool.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-workspaces-workspacespool.html#cfn-workspaces-workspacespool-capacity
         '''
         result = self._values.get("capacity")
@@ -1568,7 +1590,8 @@ class CfnWorkspacesPoolProps:
 
     @builtins.property
     def directory_id(self) -> builtins.str:
-        '''
+        '''The identifier of the directory used by the pool.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-workspaces-workspacespool.html#cfn-workspaces-workspacespool-directoryid
         '''
         result = self._values.get("directory_id")
@@ -1577,7 +1600,8 @@ class CfnWorkspacesPoolProps:
 
     @builtins.property
     def pool_name(self) -> builtins.str:
-        '''
+        '''The name of the pool.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-workspaces-workspacespool.html#cfn-workspaces-workspacespool-poolname
         '''
         result = self._values.get("pool_name")
@@ -1588,7 +1612,8 @@ class CfnWorkspacesPoolProps:
     def application_settings(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnWorkspacesPool.ApplicationSettingsProperty]]:
-        '''
+        '''The persistent application settings for users of the pool.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-workspaces-workspacespool.html#cfn-workspaces-workspacespool-applicationsettings
         '''
         result = self._values.get("application_settings")
@@ -1596,7 +1621,8 @@ class CfnWorkspacesPoolProps:
 
     @builtins.property
     def description(self) -> typing.Optional[builtins.str]:
-        '''
+        '''The description of the pool.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-workspaces-workspacespool.html#cfn-workspaces-workspacespool-description
         '''
         result = self._values.get("description")
@@ -1604,7 +1630,8 @@ class CfnWorkspacesPoolProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''
+        '''The tags for the pool.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-workspaces-workspacespool.html#cfn-workspaces-workspacespool-tags
         '''
         result = self._values.get("tags")
@@ -1614,7 +1641,10 @@ class CfnWorkspacesPoolProps:
     def timeout_settings(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnWorkspacesPool.TimeoutSettingsProperty]]:
-        '''
+        '''The amount of time that a pool session remains active after users disconnect.
+
+        If they try to reconnect to the pool session after a disconnection or network interruption within this time interval, they are connected to their previous session. Otherwise, they are connected to a new session with a new pool instance.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-workspaces-workspacespool.html#cfn-workspaces-workspacespool-timeoutsettings
         '''
         result = self._values.get("timeout_settings")

aws_cdk/custom_resources/__init__.py

@@ -158,7 +158,7 @@ The return value from `onEvent` must be a JSON object with the following fields:
 | -------------------- | ------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | `PhysicalResourceId` | String  | No       | The allocated/assigned physical ID of the resource. If omitted for `Create` events, the event's `RequestId` will be used. For `Update`, the current physical ID will be used. If a different value is returned, CloudFormation will follow with a subsequent `Delete` for the previous ID (resource replacement). For `Delete`, it will always return the current physical resource ID, and if the user returns a different one, an error will occur. |
 | `Data`               | JSON    | No       | Resource attributes, which can later be retrieved through `Fn::GetAtt` on the custom resource object.                                                                                                                                                                                                                                                                                                                                                 |
-| `NoEcho`             | Boolean | No       | Whether to mask the output of the custom resource when retrieved by using the `Fn::GetAtt` function.                                                                                                                                                                                                                                                                                                                                                  |
+| `NoEcho`             | Boolean | No       | Whether to mask the output of the custom resource when retrieved by using the `Fn::GetAtt` function and to mask the `Data` values.                                                                                                                                                                                                                                                                                                                                                 |
 | *any*                | *any*   | No       | Any other field included in the response will be passed through to `isComplete`. This can sometimes be useful to pass state between the handlers.                                                                                                                                                                                                                                                                                                     |
 
 ### Asynchronous Providers: isComplete
@@ -215,6 +215,48 @@ must return this name in `PhysicalResourceId` and make sure to handle
 replacement properly. The `S3File` example demonstrates this
 through the `objectKey` property.
 
+### Masking the output of log statements
+
+When using the Provider framework to create a custom resource, the request and response
+objects are logged by the provider function.If secret values are returned in the custom
+resource's Data object, it would be logged and exposed which possesses security threats.
+
+To mask the output of log statements, you can utilize the `NoEcho` field in the custom
+resource handler's response.
+
+```python
+# Create custom resource handler entrypoint
+handler = lambda_.Function(self, "my-handler",
+    runtime=lambda_.Runtime.NODEJS_20_X,
+    handler="index.handler",
+    code=lambda_.Code.from_inline("""
+          exports.handler = async (event, context) => {
+            return {
+              PhysicalResourceId: '1234',
+              NoEcho: true,
+              Data: {
+                mySecret: 'secret-value',
+                hello: 'world',
+                ghToken: 'gho_xxxxxxx',
+              },
+            };
+          };""")
+)
+
+# Provision a custom resource provider framework
+provider = cr.Provider(self, "my-provider",
+    on_event_handler=handler
+)
+
+CustomResource(self, "my-cr",
+    service_token=provider.service_token
+)
+```
+
+When `NoEcho` field is set to `true` in the response of custom resource handler,
+it will automatically mask all values in the `Data` object in the log statements
+to asterisks (*****).
+
 ### When there are errors
 
 As mentioned above, if any of the user handlers fail (i.e. throws an exception)
@@ -2011,18 +2053,31 @@ class Provider(
 
     Example::
 
-        # on_event: lambda.Function
-        # is_complete: lambda.Function
-        # my_role: iam.Role
+        # Create custom resource handler entrypoint
+        handler = lambda_.Function(self, "my-handler",
+            runtime=lambda_.Runtime.NODEJS_20_X,
+            handler="index.handler",
+            code=lambda_.Code.from_inline("""
+                  exports.handler = async (event, context) => {
+                    return {
+                      PhysicalResourceId: '1234',
+                      NoEcho: true,
+                      Data: {
+                        mySecret: 'secret-value',
+                        hello: 'world',
+                        ghToken: 'gho_xxxxxxx',
+                      },
+                    };
+                  };""")
+        )
         
-        my_provider = cr.Provider(self, "MyProvider",
-            on_event_handler=on_event,
-            is_complete_handler=is_complete,
-            log_group=logs.LogGroup(self, "MyProviderLogs",
-                retention=logs.RetentionDays.ONE_DAY
-            ),
-            role=my_role,
-            provider_function_name="the-lambda-name"
+        # Provision a custom resource provider framework
+        provider = cr.Provider(self, "my-provider",
+            on_event_handler=handler
+        )
+        
+        CustomResource(self, "my-cr",
+            service_token=provider.service_token
         )
     '''
 
@@ -2166,18 +2221,31 @@ class ProviderProps:
 
         Example::
 
-            # on_event: lambda.Function
-            # is_complete: lambda.Function
-            # my_role: iam.Role
+            # Create custom resource handler entrypoint
+            handler = lambda_.Function(self, "my-handler",
+                runtime=lambda_.Runtime.NODEJS_20_X,
+                handler="index.handler",
+                code=lambda_.Code.from_inline("""
+                      exports.handler = async (event, context) => {
+                        return {
+                          PhysicalResourceId: '1234',
+                          NoEcho: true,
+                          Data: {
+                            mySecret: 'secret-value',
+                            hello: 'world',
+                            ghToken: 'gho_xxxxxxx',
+                          },
+                        };
+                      };""")
+            )
+            
+            # Provision a custom resource provider framework
+            provider = cr.Provider(self, "my-provider",
+                on_event_handler=handler
+            )
             
-            my_provider = cr.Provider(self, "MyProvider",
-                on_event_handler=on_event,
-                is_complete_handler=is_complete,
-                log_group=logs.LogGroup(self, "MyProviderLogs",
-                    retention=logs.RetentionDays.ONE_DAY
-                ),
-                role=my_role,
-                provider_function_name="the-lambda-name"
+            CustomResource(self, "my-cr",
+                service_token=provider.service_token
             )
         '''
         if isinstance(vpc_subnets, dict):

aws_cdk/pipelines/__init__.py

@@ -28,7 +28,7 @@ construct library directly.
 > engines other than CodePipeline.
 >
 > The README for the original API, as well as a migration guide, can be found in
-> [our GitHub repository](https://github.com/aws/aws-cdk/blob/main/packages/@aws-cdk/pipelines/ORIGINAL_API.md).
+> [our GitHub repository](https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/pipelines/ORIGINAL_API.md).
 
 ## At a glance