aws-cdk-lib 2.149.0__py3-none-any.whl → 2.150.0__py3-none-any.whl

aws_cdk/aws_rds/__init__.py

@@ -4665,7 +4665,7 @@ class CfnDBCluster(
         :param port: The port number on which the DB instances in the DB cluster accept connections. Default: - When ``EngineMode`` is ``provisioned`` , ``3306`` (for both Aurora MySQL and Aurora PostgreSQL) - When ``EngineMode`` is ``serverless`` : - ``3306`` when ``Engine`` is ``aurora`` or ``aurora-mysql`` - ``5432`` when ``Engine`` is ``aurora-postgresql`` .. epigraph:: The ``No interruption`` on update behavior only applies to DB clusters. If you are updating a DB instance, see `Port <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-port>`_ for the AWS::RDS::DBInstance resource. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param preferred_backup_window: The daily time range during which automated backups are created. For more information, see `Backup Window <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow>`_ in the *Amazon Aurora User Guide.* Constraints: - Must be in the format ``hh24:mi-hh24:mi`` . - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param preferred_maintenance_window: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ``ddd:hh24:mi-ddd:hh24:mi`` The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Adjusting the Preferred DB Cluster Maintenance Window <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora>`_ in the *Amazon Aurora User Guide.* Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. Constraints: Minimum 30-minute window. Valid for: Aurora DB clusters and Multi-AZ DB clusters
-        :param publicly_accessible: Specifies whether the DB cluster is publicly accessible. When the DB cluster is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB cluster's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB cluster's VPC. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it. When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address. Valid for Cluster Type: Multi-AZ DB clusters only Default: The default behavior varies depending on whether ``DBSubnetGroupName`` is specified. If ``DBSubnetGroupName`` isn't specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private. - If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public. If ``DBSubnetGroupName`` is specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private. - If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.
+        :param publicly_accessible: Specifies whether the DB cluster is publicly accessible. When the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it. When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address. Valid for Cluster Type: Multi-AZ DB clusters only Default: The default behavior varies depending on whether ``DBSubnetGroupName`` is specified. If ``DBSubnetGroupName`` isn't specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private. - If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public. If ``DBSubnetGroupName`` is specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private. - If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.
         :param replication_source_identifier: The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a read replica. Valid for: Aurora DB clusters only
         :param restore_to_time: The date and time to restore the DB cluster to. Valid Values: Value must be a time in Universal Coordinated Time (UTC) format Constraints: - Must be before the latest restorable time for the DB instance - Must be specified if ``UseLatestRestorableTime`` parameter isn't provided - Can't be specified if the ``UseLatestRestorableTime`` parameter is enabled - Can't be specified if the ``RestoreType`` parameter is ``copy-on-write`` This property must be used with ``SourceDBClusterIdentifier`` property. The resulting cluster will have the identifier that matches the value of the ``DBclusterIdentifier`` property. Example: ``2015-03-07T23:45:00Z`` Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param restore_type: The type of restore to be performed. You can specify one of the following values:. - ``full-copy`` - The new DB cluster is restored as a full copy of the source DB cluster. - ``copy-on-write`` - The new DB cluster is restored as a clone of the source DB cluster. If you don't specify a ``RestoreType`` value, then the new DB cluster is restored as a full copy of the source DB cluster. Valid for: Aurora DB clusters and Multi-AZ DB clusters Default: - "full-copy"
@@ -5894,7 +5894,7 @@ class CfnDBCluster(
             For more information, see `Password management with AWS Secrets Manager <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html>`_ in the *Amazon RDS User Guide* and `Password management with AWS Secrets Manager <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html>`_ in the *Amazon Aurora User Guide.*
 
             :param kms_key_id: The AWS KMS key identifier that is used to encrypt the secret.
-            :param secret_arn: The Amazon Resource Name (ARN) of the secret.
+            :param secret_arn: The Amazon Resource Name (ARN) of the secret. This parameter is a return value that you can retrieve using the ``Fn::GetAtt`` intrinsic function. For more information, see `Return values <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html#aws-resource-rds-dbcluster-return-values>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html
             :exampleMetadata: fixture=_generated
@@ -5933,6 +5933,8 @@ class CfnDBCluster(
         def secret_arn(self) -> typing.Optional[builtins.str]:
             '''The Amazon Resource Name (ARN) of the secret.
 
+            This parameter is a return value that you can retrieve using the ``Fn::GetAtt`` intrinsic function. For more information, see `Return values <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html#aws-resource-rds-dbcluster-return-values>`_ .
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html#cfn-rds-dbcluster-masterusersecret-secretarn
             '''
             result = self._values.get("secret_arn")
@@ -6774,7 +6776,7 @@ class CfnDBClusterProps:
         :param port: The port number on which the DB instances in the DB cluster accept connections. Default: - When ``EngineMode`` is ``provisioned`` , ``3306`` (for both Aurora MySQL and Aurora PostgreSQL) - When ``EngineMode`` is ``serverless`` : - ``3306`` when ``Engine`` is ``aurora`` or ``aurora-mysql`` - ``5432`` when ``Engine`` is ``aurora-postgresql`` .. epigraph:: The ``No interruption`` on update behavior only applies to DB clusters. If you are updating a DB instance, see `Port <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-port>`_ for the AWS::RDS::DBInstance resource. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param preferred_backup_window: The daily time range during which automated backups are created. For more information, see `Backup Window <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow>`_ in the *Amazon Aurora User Guide.* Constraints: - Must be in the format ``hh24:mi-hh24:mi`` . - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param preferred_maintenance_window: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ``ddd:hh24:mi-ddd:hh24:mi`` The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Adjusting the Preferred DB Cluster Maintenance Window <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora>`_ in the *Amazon Aurora User Guide.* Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. Constraints: Minimum 30-minute window. Valid for: Aurora DB clusters and Multi-AZ DB clusters
-        :param publicly_accessible: Specifies whether the DB cluster is publicly accessible. When the DB cluster is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB cluster's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB cluster's VPC. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it. When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address. Valid for Cluster Type: Multi-AZ DB clusters only Default: The default behavior varies depending on whether ``DBSubnetGroupName`` is specified. If ``DBSubnetGroupName`` isn't specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private. - If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public. If ``DBSubnetGroupName`` is specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private. - If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.
+        :param publicly_accessible: Specifies whether the DB cluster is publicly accessible. When the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it. When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address. Valid for Cluster Type: Multi-AZ DB clusters only Default: The default behavior varies depending on whether ``DBSubnetGroupName`` is specified. If ``DBSubnetGroupName`` isn't specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private. - If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public. If ``DBSubnetGroupName`` is specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private. - If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.
         :param replication_source_identifier: The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a read replica. Valid for: Aurora DB clusters only
         :param restore_to_time: The date and time to restore the DB cluster to. Valid Values: Value must be a time in Universal Coordinated Time (UTC) format Constraints: - Must be before the latest restorable time for the DB instance - Must be specified if ``UseLatestRestorableTime`` parameter isn't provided - Can't be specified if the ``UseLatestRestorableTime`` parameter is enabled - Can't be specified if the ``RestoreType`` parameter is ``copy-on-write`` This property must be used with ``SourceDBClusterIdentifier`` property. The resulting cluster will have the identifier that matches the value of the ``DBclusterIdentifier`` property. Example: ``2015-03-07T23:45:00Z`` Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param restore_type: The type of restore to be performed. You can specify one of the following values:. - ``full-copy`` - The new DB cluster is restored as a full copy of the source DB cluster. - ``copy-on-write`` - The new DB cluster is restored as a clone of the source DB cluster. If you don't specify a ``RestoreType`` value, then the new DB cluster is restored as a full copy of the source DB cluster. Valid for: Aurora DB clusters and Multi-AZ DB clusters Default: - "full-copy"
@@ -7809,7 +7811,7 @@ class CfnDBClusterProps:
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
         '''Specifies whether the DB cluster is publicly accessible.
 
-        When the DB cluster is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB cluster's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB cluster's VPC. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.
+        When the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.
 
         When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.
 
@@ -8325,7 +8327,7 @@ class CfnDBInstance(
         :param allow_major_version_upgrade: A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. Constraints: Major version upgrades must be allowed when specifying a value for the ``EngineVersion`` parameter that is a different major version than the DB instance's current version.
         :param associated_roles: The AWS Identity and Access Management (IAM) roles associated with the DB instance. *Amazon Aurora* Not applicable. The associated roles are managed by the DB cluster.
         :param automatic_backup_replication_kms_key_id: The AWS KMS key identifier for encryption of the replicated automated backups. The KMS key ID is the Amazon Resource Name (ARN) for the KMS encryption key in the destination AWS Region , for example, ``arn:aws:kms:us-east-1:123456789012:key/AKIAIOSFODNN7EXAMPLE`` .
-        :param automatic_backup_replication_region: The destination region for the backup replication of the DB instance. For more info, see `Replicating automated backups to another AWS Region <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html>`_ in the *Amazon RDS User Guide* .
+        :param automatic_backup_replication_region: The destination region for the backup replication of the DB instance. For more info, see `Replicating automated backups to another Region <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html>`_ in the *Amazon RDS User Guide*.
         :param auto_minor_version_upgrade: A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically.
         :param availability_zone: The Availability Zone (AZ) where the database will be created. For information on AWS Regions and Availability Zones, see `Regions and Availability Zones <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html>`_ . For Amazon Aurora, each Aurora DB cluster hosts copies of its storage in three separate Availability Zones. Specify one of these Availability Zones. Aurora automatically chooses an appropriate Availability Zone if you don't specify one. Default: A random, system-chosen Availability Zone in the endpoint's AWS Region . Constraints: - The ``AvailabilityZone`` parameter can't be specified if the DB instance is a Multi-AZ deployment. - The specified Availability Zone must be in the same AWS Region as the current endpoint. Example: ``us-east-1d``
         :param backup_retention_period: The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups. *Amazon Aurora* Not applicable. The retention period for automated backups is managed by the DB cluster. Default: 1 Constraints: - Must be a value from 0 to 35 - Can't be set to 0 if the DB instance is a source to read replicas Default: - 1
@@ -8604,6 +8606,8 @@ class CfnDBInstance(
     def attr_master_user_secret_secret_arn(self) -> builtins.str:
         '''The Amazon Resource Name (ARN) of the secret.
 
+        This parameter is a return value that you can retrieve using the ``Fn::GetAtt`` intrinsic function. For more information, see `Return values <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#aws-resource-rds-dbinstance-return-values>`_ .
+
         :cloudformationAttribute: MasterUserSecret.SecretArn
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrMasterUserSecretSecretArn"))
@@ -10047,7 +10051,7 @@ class CfnDBInstance(
             For more information, see `Password management with AWS Secrets Manager <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html>`_ in the *Amazon RDS User Guide* and `Password management with AWS Secrets Manager <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html>`_ in the *Amazon Aurora User Guide.*
 
             :param kms_key_id: The AWS KMS key identifier that is used to encrypt the secret.
-            :param secret_arn: The Amazon Resource Name (ARN) of the secret.
+            :param secret_arn: The Amazon Resource Name (ARN) of the secret. This parameter is a return value that you can retrieve using the ``Fn::GetAtt`` intrinsic function. For more information, see `Return values <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#aws-resource-rds-dbinstance-return-values>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbinstance-masterusersecret.html
             :exampleMetadata: fixture=_generated
@@ -10086,6 +10090,8 @@ class CfnDBInstance(
         def secret_arn(self) -> typing.Optional[builtins.str]:
             '''The Amazon Resource Name (ARN) of the secret.
 
+            This parameter is a return value that you can retrieve using the ``Fn::GetAtt`` intrinsic function. For more information, see `Return values <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#aws-resource-rds-dbinstance-return-values>`_ .
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbinstance-masterusersecret.html#cfn-rds-dbinstance-masterusersecret-secretarn
             '''
             result = self._values.get("secret_arn")
@@ -10114,7 +10120,7 @@ class CfnDBInstance(
             name: typing.Optional[builtins.str] = None,
             value: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''The ``ProcessorFeature`` property type specifies the processor features of a DB instance class status.
+            '''The ``ProcessorFeature`` property type specifies the processor features of a DB instance class.
 
             :param name: The name of the processor feature. Valid names are ``coreCount`` and ``threadsPerCore`` .
             :param value: The value of a processor feature.
@@ -10348,7 +10354,7 @@ class CfnDBInstanceProps:
         :param allow_major_version_upgrade: A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. Constraints: Major version upgrades must be allowed when specifying a value for the ``EngineVersion`` parameter that is a different major version than the DB instance's current version.
         :param associated_roles: The AWS Identity and Access Management (IAM) roles associated with the DB instance. *Amazon Aurora* Not applicable. The associated roles are managed by the DB cluster.
         :param automatic_backup_replication_kms_key_id: The AWS KMS key identifier for encryption of the replicated automated backups. The KMS key ID is the Amazon Resource Name (ARN) for the KMS encryption key in the destination AWS Region , for example, ``arn:aws:kms:us-east-1:123456789012:key/AKIAIOSFODNN7EXAMPLE`` .
-        :param automatic_backup_replication_region: The destination region for the backup replication of the DB instance. For more info, see `Replicating automated backups to another AWS Region <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html>`_ in the *Amazon RDS User Guide* .
+        :param automatic_backup_replication_region: The destination region for the backup replication of the DB instance. For more info, see `Replicating automated backups to another Region <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html>`_ in the *Amazon RDS User Guide*.
         :param auto_minor_version_upgrade: A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically.
         :param availability_zone: The Availability Zone (AZ) where the database will be created. For information on AWS Regions and Availability Zones, see `Regions and Availability Zones <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html>`_ . For Amazon Aurora, each Aurora DB cluster hosts copies of its storage in three separate Availability Zones. Specify one of these Availability Zones. Aurora automatically chooses an appropriate Availability Zone if you don't specify one. Default: A random, system-chosen Availability Zone in the endpoint's AWS Region . Constraints: - The ``AvailabilityZone`` parameter can't be specified if the DB instance is a Multi-AZ deployment. - The specified Availability Zone must be in the same AWS Region as the current endpoint. Example: ``us-east-1d``
         :param backup_retention_period: The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups. *Amazon Aurora* Not applicable. The retention period for automated backups is managed by the DB cluster. Default: 1 Constraints: - Must be a value from 0 to 35 - Can't be set to 0 if the DB instance is a source to read replicas Default: - 1
@@ -10885,7 +10891,7 @@ class CfnDBInstanceProps:
     def automatic_backup_replication_region(self) -> typing.Optional[builtins.str]:
         '''The destination region for the backup replication of the DB instance.
 
-        For more info, see `Replicating automated backups to another AWS Region <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html>`_ in the *Amazon RDS User Guide* .
+        For more info, see `Replicating automated backups to another Region <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html>`_ in the *Amazon RDS User Guide*.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#cfn-rds-dbinstance-automaticbackupreplicationregion
         '''

aws_cdk/aws_sagemaker/__init__.py

@@ -3725,9 +3725,9 @@ class CfnDataQualityJobDefinition(
     )
     class StoppingConditionProperty:
         def __init__(self, *, max_runtime_in_seconds: jsii.Number) -> None:
-            '''Specifies a limit to how long a model training job or model compilation job can run.
+            '''Specifies a limit to how long a job can run.
 
-            It also specifies how long a managed spot training job has to complete. When the job reaches the time limit, SageMaker ends the training or compilation job. Use this API to cap model training costs.
+            When the job reaches the time limit, SageMaker ends the job. Use this API to cap costs.
 
             To stop a training job, SageMaker sends the algorithm the ``SIGTERM`` signal, which delays job termination for 120 seconds. Algorithms can use this 120-second window to save the model artifacts, so the results of training are not lost.
 
@@ -20279,9 +20279,9 @@ class CfnModelBiasJobDefinition(
     )
     class StoppingConditionProperty:
         def __init__(self, *, max_runtime_in_seconds: jsii.Number) -> None:
-            '''Specifies a limit to how long a model training job or model compilation job can run.
+            '''Specifies a limit to how long a job can run.
 
-            It also specifies how long a managed spot training job has to complete. When the job reaches the time limit, SageMaker ends the training or compilation job. Use this API to cap model training costs.
+            When the job reaches the time limit, SageMaker ends the job. Use this API to cap costs.
 
             To stop a training job, SageMaker sends the algorithm the ``SIGTERM`` signal, which delays job termination for 120 seconds. Algorithms can use this 120-second window to save the model artifacts, so the results of training are not lost.
 
@@ -26021,9 +26021,9 @@ class CfnModelExplainabilityJobDefinition(
     )
     class StoppingConditionProperty:
         def __init__(self, *, max_runtime_in_seconds: jsii.Number) -> None:
-            '''Specifies a limit to how long a model training job or model compilation job can run.
+            '''Specifies a limit to how long a job can run.
 
-            It also specifies how long a managed spot training job has to complete. When the job reaches the time limit, SageMaker ends the training or compilation job. Use this API to cap model training costs.
+            When the job reaches the time limit, SageMaker ends the job. Use this API to cap costs.
 
             To stop a training job, SageMaker sends the algorithm the ``SIGTERM`` signal, which delays job termination for 120 seconds. Algorithms can use this 120-second window to save the model artifacts, so the results of training are not lost.
 
@@ -33926,9 +33926,9 @@ class CfnModelQualityJobDefinition(
     )
     class StoppingConditionProperty:
         def __init__(self, *, max_runtime_in_seconds: jsii.Number) -> None:
-            '''Specifies a limit to how long a model training job or model compilation job can run.
+            '''Specifies a limit to how long a job can run.
 
-            It also specifies how long a managed spot training job has to complete. When the job reaches the time limit, SageMaker ends the training or compilation job. Use this API to cap model training costs.
+            When the job reaches the time limit, SageMaker ends the job. Use this API to cap costs.
 
             To stop a training job, SageMaker sends the algorithm the ``SIGTERM`` signal, which delays job termination for 120 seconds. Algorithms can use this 120-second window to save the model artifacts, so the results of training are not lost.
 
@@ -36982,9 +36982,9 @@ class CfnMonitoringSchedule(
     )
     class StoppingConditionProperty:
         def __init__(self, *, max_runtime_in_seconds: jsii.Number) -> None:
-            '''Specifies a limit to how long a model training job or model compilation job can run.
+            '''Specifies a limit to how long a job can run.
 
-            It also specifies how long a managed spot training job has to complete. When the job reaches the time limit, SageMaker ends the training or compilation job. Use this API to cap model training costs.
+            When the job reaches the time limit, SageMaker ends the job. Use this API to cap costs.
 
             To stop a training job, SageMaker sends the algorithm the ``SIGTERM`` signal, which delays job termination for 120 seconds. Algorithms can use this 120-second window to save the model artifacts, so the results of training are not lost.
 

aws_cdk/aws_stepfunctions_tasks/__init__.py

@@ -7003,11 +7003,11 @@ class CallAwsServiceCrossRegion(
         :param action: The API action to call. Use camelCase.
         :param iam_resources: The resources for the IAM statement that will be added to the Lambda function role's policy to allow the state machine to make the API call.
         :param region: The AWS region to call this AWS API for.
-        :param service: The AWS service to call in AWS SDK for JavaScript v3 style.
+        :param service: The AWS service to call in AWS SDK for JavaScript v3 format.
         :param additional_iam_statements: Additional IAM statements that will be added to the state machine role's policy. Use in the case where the call requires more than a single statement to be executed, e.g. ``rekognition:detectLabels`` requires also S3 permissions to read the object on which it must act. Default: - no additional statements are added
         :param endpoint: The AWS API endpoint. Default: Do not override API endpoint.
         :param iam_action: The action for the IAM statement that will be added to the Lambda function role's policy to allow the state machine to make the API call. By default the action for this IAM statement will be ``service:action``. Use in the case where the IAM action name does not match with the API service/action name, e.g. ``s3:ListBuckets`` requires ``s3:ListAllMyBuckets``. Default: - service:action
-        :param parameters: Parameters for the API action call. Use PascalCase for the parameter names. Default: - no parameters
+        :param parameters: Parameters for the API action call in AWS SDK for JavaScript v3 format. Default: - no parameters
         :param retry_on_service_exceptions: Whether to retry on the backend Lambda service exceptions. This handles ``Lambda.ServiceException``, ``Lambda.AWSLambdaException``, ``Lambda.SdkClientException``, and ``Lambda.ClientExecutionTimeoutException`` with an interval of 2 seconds, a back-off rate of 2 and 6 maximum attempts. Default: true
         :param comment: An optional description for this state. Default: - No comment
         :param credentials: Credentials for an IAM Role that the State Machine assumes for executing the task. This enables cross-account resource invocations. Default: - None (Task is executed using the State Machine's execution role)
@@ -7138,11 +7138,11 @@ class CallAwsServiceCrossRegionProps(_TaskStateBaseProps_3a62b6d0):
         :param action: The API action to call. Use camelCase.
         :param iam_resources: The resources for the IAM statement that will be added to the Lambda function role's policy to allow the state machine to make the API call.
         :param region: The AWS region to call this AWS API for.
-        :param service: The AWS service to call in AWS SDK for JavaScript v3 style.
+        :param service: The AWS service to call in AWS SDK for JavaScript v3 format.
         :param additional_iam_statements: Additional IAM statements that will be added to the state machine role's policy. Use in the case where the call requires more than a single statement to be executed, e.g. ``rekognition:detectLabels`` requires also S3 permissions to read the object on which it must act. Default: - no additional statements are added
         :param endpoint: The AWS API endpoint. Default: Do not override API endpoint.
         :param iam_action: The action for the IAM statement that will be added to the Lambda function role's policy to allow the state machine to make the API call. By default the action for this IAM statement will be ``service:action``. Use in the case where the IAM action name does not match with the API service/action name, e.g. ``s3:ListBuckets`` requires ``s3:ListAllMyBuckets``. Default: - service:action
-        :param parameters: Parameters for the API action call. Use PascalCase for the parameter names. Default: - no parameters
+        :param parameters: Parameters for the API action call in AWS SDK for JavaScript v3 format. Default: - no parameters
         :param retry_on_service_exceptions: Whether to retry on the backend Lambda service exceptions. This handles ``Lambda.ServiceException``, ``Lambda.AWSLambdaException``, ``Lambda.SdkClientException``, and ``Lambda.ClientExecutionTimeoutException`` with an interval of 2 seconds, a back-off rate of 2 and 6 maximum attempts. Default: true
 
         :exampleMetadata: infused
@@ -7414,7 +7414,7 @@ class CallAwsServiceCrossRegionProps(_TaskStateBaseProps_3a62b6d0):
 
     @builtins.property
     def service(self) -> builtins.str:
-        '''The AWS service to call in AWS SDK for JavaScript v3 style.
+        '''The AWS service to call in AWS SDK for JavaScript v3 format.
 
         :see: https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/
 
@@ -7466,9 +7466,7 @@ class CallAwsServiceCrossRegionProps(_TaskStateBaseProps_3a62b6d0):
 
     @builtins.property
     def parameters(self) -> typing.Optional[typing.Mapping[builtins.str, typing.Any]]:
-        '''Parameters for the API action call.
-
-        Use PascalCase for the parameter names.
+        '''Parameters for the API action call in AWS SDK for JavaScript v3 format.
 
         :default: - no parameters
         '''

aws_cdk/aws_synthetics/__init__.py

@@ -3564,7 +3564,7 @@ class Runtime(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_synthetics.Run
         - **Ephemeral storage monitoring**: This runtime adds ephemeral storage monitoring in customer accounts.
         - **Bug fixes**
 
-        :see: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_nodejs_puppeteer.html#CloudWatch_Synthetics_runtimeversion-nodejs-puppeteer-6.1
+        :see: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_nodejs_puppeteer.html#CloudWatch_Synthetics_runtimeversion-nodejs-puppeteer-6.2
         '''
         return typing.cast("Runtime", jsii.sget(cls, "SYNTHETICS_NODEJS_PUPPETEER_6_2"))
 
@@ -3581,6 +3581,20 @@ class Runtime(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_synthetics.Run
         '''
         return typing.cast("Runtime", jsii.sget(cls, "SYNTHETICS_NODEJS_PUPPETEER_7_0"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="SYNTHETICS_NODEJS_PUPPETEER_8_0")
+    def SYNTHETICS_NODEJS_PUPPETEER_8_0(cls) -> "Runtime":
+        '''``syn-nodejs-puppeteer-8.0`` includes the following: - Lambda runtime Node.js 20.x - Puppeteer-core version 22.10.0 - Chromium version 125.0.6422.112.
+
+        New Features:
+
+        - **Support for two-factor authentication**
+        - **Bug fixes** for situations where some service clients were losing data in Node.js SDK V3 responses.
+
+        :see: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_nodejs_puppeteer.html#CloudWatch_Synthetics_runtimeversion-nodejs-puppeteer-8.0
+        '''
+        return typing.cast("Runtime", jsii.sget(cls, "SYNTHETICS_NODEJS_PUPPETEER_8_0"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="SYNTHETICS_PYTHON_SELENIUM_1_0")
     def SYNTHETICS_PYTHON_SELENIUM_1_0(cls) -> "Runtime":

aws_cdk/custom_resources/__init__.py

@@ -158,7 +158,7 @@ The return value from `onEvent` must be a JSON object with the following fields:
 | -------------------- | ------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | `PhysicalResourceId` | String  | No       | The allocated/assigned physical ID of the resource. If omitted for `Create` events, the event's `RequestId` will be used. For `Update`, the current physical ID will be used. If a different value is returned, CloudFormation will follow with a subsequent `Delete` for the previous ID (resource replacement). For `Delete`, it will always return the current physical resource ID, and if the user returns a different one, an error will occur. |
 | `Data`               | JSON    | No       | Resource attributes, which can later be retrieved through `Fn::GetAtt` on the custom resource object.                                                                                                                                                                                                                                                                                                                                                 |
-| `NoEcho`             | Boolean | No       | Whether to mask the output of the custom resource when retrieved by using the `Fn::GetAtt` function.                                                                                                                                                                                                                                                                                                                                                  |
+| `NoEcho`             | Boolean | No       | Whether to mask the output of the custom resource when retrieved by using the `Fn::GetAtt` function and to mask the `Data` values.                                                                                                                                                                                                                                                                                                                                                 |
 | *any*                | *any*   | No       | Any other field included in the response will be passed through to `isComplete`. This can sometimes be useful to pass state between the handlers.                                                                                                                                                                                                                                                                                                     |
 
 ### Asynchronous Providers: isComplete
@@ -215,6 +215,48 @@ must return this name in `PhysicalResourceId` and make sure to handle
 replacement properly. The `S3File` example demonstrates this
 through the `objectKey` property.
 
+### Masking the output of log statements
+
+When using the Provider framework to create a custom resource, the request and response
+objects are logged by the provider function.If secret values are returned in the custom
+resource's Data object, it would be logged and exposed which possesses security threats.
+
+To mask the output of log statements, you can utilize the `NoEcho` field in the custom
+resource handler's response.
+
+```python
+# Create custom resource handler entrypoint
+handler = lambda_.Function(self, "my-handler",
+    runtime=lambda_.Runtime.NODEJS_20_X,
+    handler="index.handler",
+    code=lambda_.Code.from_inline("""
+          exports.handler = async (event, context) => {
+            return {
+              PhysicalResourceId: '1234',
+              NoEcho: true,
+              Data: {
+                mySecret: 'secret-value',
+                hello: 'world',
+                ghToken: 'gho_xxxxxxx',
+              },
+            };
+          };""")
+)
+
+# Provision a custom resource provider framework
+provider = cr.Provider(self, "my-provider",
+    on_event_handler=handler
+)
+
+CustomResource(self, "my-cr",
+    service_token=provider.service_token
+)
+```
+
+When `NoEcho` field is set to `true` in the response of custom resource handler,
+it will automatically mask all values in the `Data` object in the log statements
+to asterisks (*****).
+
 ### When there are errors
 
 As mentioned above, if any of the user handlers fail (i.e. throws an exception)
@@ -2011,18 +2053,31 @@ class Provider(
 
     Example::
 
-        # on_event: lambda.Function
-        # is_complete: lambda.Function
-        # my_role: iam.Role
+        # Create custom resource handler entrypoint
+        handler = lambda_.Function(self, "my-handler",
+            runtime=lambda_.Runtime.NODEJS_20_X,
+            handler="index.handler",
+            code=lambda_.Code.from_inline("""
+                  exports.handler = async (event, context) => {
+                    return {
+                      PhysicalResourceId: '1234',
+                      NoEcho: true,
+                      Data: {
+                        mySecret: 'secret-value',
+                        hello: 'world',
+                        ghToken: 'gho_xxxxxxx',
+                      },
+                    };
+                  };""")
+        )
         
-        my_provider = cr.Provider(self, "MyProvider",
-            on_event_handler=on_event,
-            is_complete_handler=is_complete,
-            log_group=logs.LogGroup(self, "MyProviderLogs",
-                retention=logs.RetentionDays.ONE_DAY
-            ),
-            role=my_role,
-            provider_function_name="the-lambda-name"
+        # Provision a custom resource provider framework
+        provider = cr.Provider(self, "my-provider",
+            on_event_handler=handler
+        )
+        
+        CustomResource(self, "my-cr",
+            service_token=provider.service_token
         )
     '''
 
@@ -2166,18 +2221,31 @@ class ProviderProps:
 
         Example::
 
-            # on_event: lambda.Function
-            # is_complete: lambda.Function
-            # my_role: iam.Role
+            # Create custom resource handler entrypoint
+            handler = lambda_.Function(self, "my-handler",
+                runtime=lambda_.Runtime.NODEJS_20_X,
+                handler="index.handler",
+                code=lambda_.Code.from_inline("""
+                      exports.handler = async (event, context) => {
+                        return {
+                          PhysicalResourceId: '1234',
+                          NoEcho: true,
+                          Data: {
+                            mySecret: 'secret-value',
+                            hello: 'world',
+                            ghToken: 'gho_xxxxxxx',
+                          },
+                        };
+                      };""")
+            )
+            
+            # Provision a custom resource provider framework
+            provider = cr.Provider(self, "my-provider",
+                on_event_handler=handler
+            )
             
-            my_provider = cr.Provider(self, "MyProvider",
-                on_event_handler=on_event,
-                is_complete_handler=is_complete,
-                log_group=logs.LogGroup(self, "MyProviderLogs",
-                    retention=logs.RetentionDays.ONE_DAY
-                ),
-                role=my_role,
-                provider_function_name="the-lambda-name"
+            CustomResource(self, "my-cr",
+                service_token=provider.service_token
             )
         '''
         if isinstance(vpc_subnets, dict):

aws_cdk/pipelines/__init__.py

@@ -28,7 +28,7 @@ construct library directly.
 > engines other than CodePipeline.
 >
 > The README for the original API, as well as a migration guide, can be found in
-> [our GitHub repository](https://github.com/aws/aws-cdk/blob/main/packages/@aws-cdk/pipelines/ORIGINAL_API.md).
+> [our GitHub repository](https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/pipelines/ORIGINAL_API.md).
 
 ## At a glance
 

aws_cdk/region_info/__init__.py

@@ -18,8 +18,7 @@ the regional information database:
 region = region_info.RegionInfo.get("eu-west-1")
 
 # Access attributes:
-region.s3_static_website_endpoint # s3-website-eu-west-1.amazonaws.com
-region.service_principal("logs.amazonaws.com")
+region.s3_static_website_endpoint
 ```
 
 The `RegionInfo` layer is built on top of the Low-Level API, which is described
@@ -34,9 +33,6 @@ a list of known fact names, which can then be used with the `RegionInfo` to
 retrieve a particular value:
 
 ```python
-code_deploy_principal = region_info.Fact.find("us-east-1", region_info.FactName.service_principal("codedeploy.amazonaws.com"))
-# => codedeploy.us-east-1.amazonaws.com
-
 static_website = region_info.Fact.find("ap-northeast-1", region_info.FactName.S3_STATIC_WEBSITE_ENDPOINT)
 ```
 
@@ -94,7 +90,15 @@ from .._jsii import *
 
 
 class Default(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.region_info.Default"):
-    '''Provides default values for certain regional information points.'''
+    '''(deprecated) Provides default values for certain regional information points.
+
+    This class is no longer needed because service principals are no longer needed except in very specific cases
+    that are handled in the IAM ServicePrincipal class.
+
+    :deprecated: - Service principals are now globally ``<SERVICE>.amazonaws.com``, use iam.ServicePrincipal instead.
+
+    :stability: deprecated
+    '''
 
     @jsii.member(jsii_name="servicePrincipal")
     @builtins.classmethod
@@ -104,7 +108,7 @@ class Default(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.region_info.Defaul
         region: builtins.str,
         url_suffix: builtins.str,
     ) -> builtins.str:
-        '''Computes a "standard" AWS Service principal for a given service, region and suffix.
+        '''(deprecated) Computes a "standard" AWS Service principal for a given service, region and suffix.
 
         This is useful for example when
         you need to compute a service principal name, but you do not have a synthesize-time region literal available (so
@@ -114,6 +118,10 @@ class Default(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.region_info.Defaul
         :param service_fqn: the name of the service (s3, s3.amazonaws.com, ...).
         :param region: the region in which the service principal is needed.
         :param url_suffix: deprecated and ignored.
+
+        :deprecated: - Service principals are now globally ``<SERVICE>.amazonaws.com``, use iam.ServicePrincipal instead.
+
+        :stability: deprecated
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__6ed580ab93fc60dd8fa1b87d26acd7858752bf9581325d9fdde38b224ee5da52)
@@ -125,7 +133,12 @@ class Default(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.region_info.Defaul
     @jsii.python.classproperty
     @jsii.member(jsii_name="VPC_ENDPOINT_SERVICE_NAME_PREFIX")
     def VPC_ENDPOINT_SERVICE_NAME_PREFIX(cls) -> builtins.str:
-        '''The default value for a VPC Endpoint Service name prefix, useful if you do not have a synthesize-time region literal available (all you have is ``{ "Ref": "AWS::Region" }``).'''
+        '''(deprecated) The default value for a VPC Endpoint Service name prefix, useful if you do not have a synthesize-time region literal available (all you have is ``{ "Ref": "AWS::Region" }``).
+
+        :deprecated: - Use VpceEndpointService.DEFAULT_PREFIX instead
+
+        :stability: deprecated
+        '''
         return typing.cast(builtins.str, jsii.sget(cls, "VPC_ENDPOINT_SERVICE_NAME_PREFIX"))
 
 
@@ -339,9 +352,13 @@ class FactName(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.region_info.FactN
     @jsii.member(jsii_name="servicePrincipal")
     @builtins.classmethod
     def service_principal(cls, service: builtins.str) -> builtins.str:
-        '''The name of the regional service principal for a given service.
+        '''(deprecated) The name of the regional service principal for a given service.
 
         :param service: the service name, either simple (e.g: ``s3``, ``codedeploy``) or qualified (e.g: ``s3.amazonaws.com``). The ``.amazonaws.com`` and ``.amazonaws.com.cn`` domains are stripped from service names, so they are canonicalized in that respect.
+
+        :deprecated: - Use ``iam.ServicePrincipal.servicePrincipalName()`` instead.
+
+        :stability: deprecated
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__b14fde076501b6bbe3459fe473f8a85eda6046b48c735804859dd2c381a5566f)
@@ -511,8 +528,7 @@ class RegionInfo(
         region = region_info.RegionInfo.get("eu-west-1")
         
         # Access attributes:
-        region.s3_static_website_endpoint # s3-website-eu-west-1.amazonaws.com
-        region.service_principal("logs.amazonaws.com")
+        region.s3_static_website_endpoint
     '''
 
     @jsii.member(jsii_name="get")
@@ -643,9 +659,13 @@ class RegionInfo(
 
     @jsii.member(jsii_name="servicePrincipal")
     def service_principal(self, service: builtins.str) -> typing.Optional[builtins.str]:
-        '''The name of the service principal for a given service in this region.
+        '''(deprecated) The name of the service principal for a given service in this region.
 
         :param service: the service name (e.g: s3.amazonaws.com).
+
+        :deprecated: - Use ``iam.ServicePrincipal.servicePrincipalName()`` instead.
+
+        :stability: deprecated
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__b7fa00c6eee8344d2d7dec9a9b3e5aabd291377b56af4261818a521770e400cf)

{aws_cdk_lib-2.149.0.dist-info → aws_cdk_lib-2.150.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aws-cdk-lib
-Version: 2.149.0
+Version: 2.150.0
 Summary: Version 2 of the AWS Cloud Development Kit library
 Home-page: https://github.com/aws/aws-cdk
 Author: Amazon Web Services