aws-cdk-lib 2.153.0__py3-none-any.whl → 2.154.1__py3-none-any.whl

aws_cdk/aws_securityhub/__init__.py

@@ -428,7 +428,7 @@ class CfnAutomationRule(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__90988dc6b536563439917056373f7379ca48a864b5a3471a7b3552f6c9b40897)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "actions", value)
+        jsii.set(self, "actions", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="criteria")
@@ -446,7 +446,7 @@ class CfnAutomationRule(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__cc91daff88300654f2c8a9e4e5aad76fd0c26ae9c62e118febc7d1bff9733c5f)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "criteria", value)
+        jsii.set(self, "criteria", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="description")
@@ -459,7 +459,7 @@ class CfnAutomationRule(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__13e710145ba6564ce42bac7fc3465ec7406a15699f473acd70e62bf605c1f259)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "description", value)
+        jsii.set(self, "description", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="isTerminal")
@@ -477,7 +477,7 @@ class CfnAutomationRule(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__11031a77a18a3180e3bf703420372155750c7001d9c920558ff50230e0111537)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "isTerminal", value)
+        jsii.set(self, "isTerminal", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="ruleName")
@@ -490,7 +490,7 @@ class CfnAutomationRule(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__ffff694fc9dee0bbe561a13e56455e4e3a3b12c8c47e7c20a7fe2e8c13c0725c)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "ruleName", value)
+        jsii.set(self, "ruleName", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="ruleOrder")
@@ -503,7 +503,7 @@ class CfnAutomationRule(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__db37e60211fd885d4c7d0aa9af521faa3786061d7fa1712b86f54f3646a4738b)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "ruleOrder", value)
+        jsii.set(self, "ruleOrder", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="ruleStatus")
@@ -516,7 +516,7 @@ class CfnAutomationRule(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__c0c77fc16c58c2d94764bb0b74df80e4884ec2c3948c0a364a0d9c75a4e9c79a)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "ruleStatus", value)
+        jsii.set(self, "ruleStatus", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="tags")
@@ -532,7 +532,7 @@ class CfnAutomationRule(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__7a7d0579ca491d9adc050f0e2036942728d9db8e3d190f067473714a8ce9fd4b)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "tags", value)
+        jsii.set(self, "tags", value) # pyright: ignore[reportArgumentType]
 
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_securityhub.CfnAutomationRule.AutomationRulesActionProperty",
@@ -953,7 +953,7 @@ class CfnAutomationRule(
             :param related_findings_id: The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param related_findings_product_arn: The ARN for the product that generated a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param resource_details_other: Custom fields and values about the resource that a finding pertains to. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-            :param resource_id: The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource. Array Members: Minimum number of 1 item. Maximum number of 100 items.
+            :param resource_id: The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource. Array Members: Minimum number of 1 item. Maximum number of 100 items.
             :param resource_partition: The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition. Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param resource_region: The AWS Region where the resource that a finding pertains to is located. Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param resource_tags: A list of AWS tags associated with a resource at the time the finding was processed. Array Members: Minimum number of 1 item. Maximum number of 20 items.
@@ -1585,7 +1585,7 @@ class CfnAutomationRule(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.StringFilterProperty"]]]]:
             '''The identifier for the given resource type.
 
-            For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.
+            For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.
 
             Array Members: Minimum number of 1 item. Maximum number of 100 items.
 
@@ -3123,7 +3123,7 @@ class CfnConfigurationPolicy(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__dcfe8504c7335f76a4bad5bb43755a142eab48d80958f837dfc86c94989b8b0b)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "configurationPolicy", value)
+        jsii.set(self, "configurationPolicy", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="name")
@@ -3136,7 +3136,7 @@ class CfnConfigurationPolicy(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__0c731f4e7d50837bdafa92a4f5cb8478dc20fafa27c5a4f08cdf841e2570899f)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "name", value)
+        jsii.set(self, "name", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="description")
@@ -3149,7 +3149,7 @@ class CfnConfigurationPolicy(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__04301850c858bba803007d4d9502ff9c879ed1e1d926fa157899bd92a915c3cd)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "description", value)
+        jsii.set(self, "description", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="tags")
@@ -3165,7 +3165,7 @@ class CfnConfigurationPolicy(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__418f84486ff1ec65f898c97538e438a38d2ee43b4f9ed6260595a25dfa039629)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "tags", value)
+        jsii.set(self, "tags", value) # pyright: ignore[reportArgumentType]
 
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_securityhub.CfnConfigurationPolicy.ParameterConfigurationProperty",
@@ -3443,7 +3443,7 @@ class CfnConfigurationPolicy(
 
             It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
 
-            :param security_hub: The AWS service that the configuration policy applies to.
+            :param security_hub: The AWS-service that the configuration policy applies to.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-configurationpolicy-policy.html
             :exampleMetadata: fixture=_generated
@@ -3496,7 +3496,7 @@ class CfnConfigurationPolicy(
         def security_hub(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnConfigurationPolicy.SecurityHubPolicyProperty"]]:
-            '''The AWS service that the configuration policy applies to.
+            '''The AWS-service that the configuration policy applies to.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-configurationpolicy-policy.html#cfn-securityhub-configurationpolicy-policy-securityhub
             '''
@@ -3626,8 +3626,10 @@ class CfnConfigurationPolicy(
 
             The enablement status of a control is aligned across all of the enabled standards in an account.
 
-            :param disabled_security_control_identifiers: A list of security controls that are disabled in the configuration policy. Security Hub enables all other controls (including newly released controls) other than the listed controls.
-            :param enabled_security_control_identifiers: A list of security controls that are enabled in the configuration policy. Security Hub disables all other controls (including newly released controls) other than the listed controls.
+            This property is required only if ``ServiceEnabled`` is set to ``true`` in your configuration policy.
+
+            :param disabled_security_control_identifiers: A list of security controls that are disabled in the configuration policy. Provide only one of ``EnabledSecurityControlIdentifiers`` or ``DisabledSecurityControlIdentifiers`` . If you provide ``DisabledSecurityControlIdentifiers`` , Security Hub enables all other controls not in the list, and enables `AutoEnableControls <https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateSecurityHubConfiguration.html#securityhub-UpdateSecurityHubConfiguration-request-AutoEnableControls>`_ .
+            :param enabled_security_control_identifiers: A list of security controls that are enabled in the configuration policy. Provide only one of ``EnabledSecurityControlIdentifiers`` or ``DisabledSecurityControlIdentifiers`` . If you provide ``EnabledSecurityControlIdentifiers`` , Security Hub disables all other controls not in the list, and disables `AutoEnableControls <https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateSecurityHubConfiguration.html#securityhub-UpdateSecurityHubConfiguration-request-AutoEnableControls>`_ .
             :param security_control_custom_parameters: A list of security controls and control parameter values that are included in a configuration policy.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-configurationpolicy-securitycontrolsconfiguration.html
@@ -3683,7 +3685,9 @@ class CfnConfigurationPolicy(
         ) -> typing.Optional[typing.List[builtins.str]]:
             '''A list of security controls that are disabled in the configuration policy.
 
-            Security Hub enables all other controls (including newly released controls) other than the listed controls.
+            Provide only one of ``EnabledSecurityControlIdentifiers`` or ``DisabledSecurityControlIdentifiers`` .
+
+            If you provide ``DisabledSecurityControlIdentifiers`` , Security Hub enables all other controls not in the list, and enables `AutoEnableControls <https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateSecurityHubConfiguration.html#securityhub-UpdateSecurityHubConfiguration-request-AutoEnableControls>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-configurationpolicy-securitycontrolsconfiguration.html#cfn-securityhub-configurationpolicy-securitycontrolsconfiguration-disabledsecuritycontrolidentifiers
             '''
@@ -3696,7 +3700,9 @@ class CfnConfigurationPolicy(
         ) -> typing.Optional[typing.List[builtins.str]]:
             '''A list of security controls that are enabled in the configuration policy.
 
-            Security Hub disables all other controls (including newly released controls) other than the listed controls.
+            Provide only one of ``EnabledSecurityControlIdentifiers`` or ``DisabledSecurityControlIdentifiers`` .
+
+            If you provide ``EnabledSecurityControlIdentifiers`` , Security Hub disables all other controls not in the list, and disables `AutoEnableControls <https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateSecurityHubConfiguration.html#securityhub-UpdateSecurityHubConfiguration-request-AutoEnableControls>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-configurationpolicy-securitycontrolsconfiguration.html#cfn-securityhub-configurationpolicy-securitycontrolsconfiguration-enabledsecuritycontrolidentifiers
             '''
@@ -3746,8 +3752,8 @@ class CfnConfigurationPolicy(
 
             The configuration policy includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
 
-            :param enabled_standard_identifiers: A list that defines which security standards are enabled in the configuration policy.
-            :param security_controls_configuration: An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.
+            :param enabled_standard_identifiers: A list that defines which security standards are enabled in the configuration policy. This property is required only if ``ServiceEnabled`` is set to ``true`` in your configuration policy.
+            :param security_controls_configuration: An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account. This property is required only if ``ServiceEnabled`` is set to true in your configuration policy.
             :param service_enabled: Indicates whether Security Hub is enabled in the policy.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-configurationpolicy-securityhubpolicy.html
@@ -3807,6 +3813,8 @@ class CfnConfigurationPolicy(
         ) -> typing.Optional[typing.List[builtins.str]]:
             '''A list that defines which security standards are enabled in the configuration policy.
 
+            This property is required only if ``ServiceEnabled`` is set to ``true`` in your configuration policy.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-configurationpolicy-securityhubpolicy.html#cfn-securityhub-configurationpolicy-securityhubpolicy-enabledstandardidentifiers
             '''
             result = self._values.get("enabled_standard_identifiers")
@@ -3820,6 +3828,8 @@ class CfnConfigurationPolicy(
 
             The enablement status of a control is aligned across all of the enabled standards in an account.
 
+            This property is required only if ``ServiceEnabled`` is set to true in your configuration policy.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-configurationpolicy-securityhubpolicy.html#cfn-securityhub-configurationpolicy-securityhubpolicy-securitycontrolsconfiguration
             '''
             result = self._values.get("security_controls_configuration")
@@ -4111,7 +4121,7 @@ class CfnDelegatedAdmin(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__f5fdd5db8baf5624dbb4185acb8020d5499aa459d03967b97375912c3e6844c5)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "adminAccountId", value)
+        jsii.set(self, "adminAccountId", value) # pyright: ignore[reportArgumentType]
 
 
 @jsii.data_type(
@@ -4210,8 +4220,8 @@ class CfnFindingAggregator(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param region_linking_mode: Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them. The selected option also determines how to use the Regions provided in the Regions list. The options are as follows: - ``ALL_REGIONS`` - Indicates to aggregate findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. - ``ALL_REGIONS_EXCEPT_SPECIFIED`` - Indicates to aggregate findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the ``Regions`` parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. - ``SPECIFIED_REGIONS`` - Indicates to aggregate findings only from the Regions listed in the ``Regions`` parameter. Security Hub does not automatically aggregate findings from new Regions.
-        :param regions: If ``RegionLinkingMode`` is ``ALL_REGIONS_EXCEPT_SPECIFIED`` , then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region. If ``RegionLinkingMode`` is ``SPECIFIED_REGIONS`` , then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.
+        :param region_linking_mode: Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them. The selected option also determines how to use the Regions provided in the Regions list. The options are as follows: - ``ALL_REGIONS`` - Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. - ``ALL_REGIONS_EXCEPT_SPECIFIED`` - Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the ``Regions`` parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. - ``SPECIFIED_REGIONS`` - Aggregates findings only from the Regions listed in the ``Regions`` parameter. Security Hub does not automatically aggregate findings from new Regions. - ``NO_REGIONS`` - Aggregates no data because no Regions are selected as linked Regions.
+        :param regions: If ``RegionLinkingMode`` is ``ALL_REGIONS_EXCEPT_SPECIFIED`` , then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region. If ``RegionLinkingMode`` is ``SPECIFIED_REGIONS`` , then this is a space-separated list of Regions that do aggregate findings to the aggregation Region. An ``InvalidInputException`` error results if you populate this field while ``RegionLinkingMode`` is ``NO_REGIONS`` .
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__def955d28b5fec6358172b72efd12a764fe7f7be8d0ea9076bc99608ed72dd3c)
@@ -4289,7 +4299,7 @@ class CfnFindingAggregator(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__475994d9cd8d46f8f3a69625c313f5aeede3069bc0a97c77f4287886450a34ba)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "regionLinkingMode", value)
+        jsii.set(self, "regionLinkingMode", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="regions")
@@ -4302,7 +4312,7 @@ class CfnFindingAggregator(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__8df27b51aae55bb4c2c3ab84a0b047bdd2763b4077910af8afa3825bbe83283d)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "regions", value)
+        jsii.set(self, "regions", value) # pyright: ignore[reportArgumentType]
 
 
 @jsii.data_type(
@@ -4319,8 +4329,8 @@ class CfnFindingAggregatorProps:
     ) -> None:
         '''Properties for defining a ``CfnFindingAggregator``.
 
-        :param region_linking_mode: Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them. The selected option also determines how to use the Regions provided in the Regions list. The options are as follows: - ``ALL_REGIONS`` - Indicates to aggregate findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. - ``ALL_REGIONS_EXCEPT_SPECIFIED`` - Indicates to aggregate findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the ``Regions`` parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. - ``SPECIFIED_REGIONS`` - Indicates to aggregate findings only from the Regions listed in the ``Regions`` parameter. Security Hub does not automatically aggregate findings from new Regions.
-        :param regions: If ``RegionLinkingMode`` is ``ALL_REGIONS_EXCEPT_SPECIFIED`` , then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region. If ``RegionLinkingMode`` is ``SPECIFIED_REGIONS`` , then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.
+        :param region_linking_mode: Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them. The selected option also determines how to use the Regions provided in the Regions list. The options are as follows: - ``ALL_REGIONS`` - Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. - ``ALL_REGIONS_EXCEPT_SPECIFIED`` - Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the ``Regions`` parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. - ``SPECIFIED_REGIONS`` - Aggregates findings only from the Regions listed in the ``Regions`` parameter. Security Hub does not automatically aggregate findings from new Regions. - ``NO_REGIONS`` - Aggregates no data because no Regions are selected as linked Regions.
+        :param regions: If ``RegionLinkingMode`` is ``ALL_REGIONS_EXCEPT_SPECIFIED`` , then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region. If ``RegionLinkingMode`` is ``SPECIFIED_REGIONS`` , then this is a space-separated list of Regions that do aggregate findings to the aggregation Region. An ``InvalidInputException`` error results if you populate this field while ``RegionLinkingMode`` is ``NO_REGIONS`` .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-findingaggregator.html
         :exampleMetadata: fixture=_generated
@@ -4358,9 +4368,10 @@ class CfnFindingAggregatorProps:
 
         The options are as follows:
 
-        - ``ALL_REGIONS`` - Indicates to aggregate findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.
-        - ``ALL_REGIONS_EXCEPT_SPECIFIED`` - Indicates to aggregate findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the ``Regions`` parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.
-        - ``SPECIFIED_REGIONS`` - Indicates to aggregate findings only from the Regions listed in the ``Regions`` parameter. Security Hub does not automatically aggregate findings from new Regions.
+        - ``ALL_REGIONS`` - Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.
+        - ``ALL_REGIONS_EXCEPT_SPECIFIED`` - Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the ``Regions`` parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.
+        - ``SPECIFIED_REGIONS`` - Aggregates findings only from the Regions listed in the ``Regions`` parameter. Security Hub does not automatically aggregate findings from new Regions.
+        - ``NO_REGIONS`` - Aggregates no data because no Regions are selected as linked Regions.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-findingaggregator.html#cfn-securityhub-findingaggregator-regionlinkingmode
         '''
@@ -4374,6 +4385,8 @@ class CfnFindingAggregatorProps:
 
         If ``RegionLinkingMode`` is ``SPECIFIED_REGIONS`` , then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.
 
+        An ``InvalidInputException`` error results if you populate this field while ``RegionLinkingMode`` is ``NO_REGIONS`` .
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-findingaggregator.html#cfn-securityhub-findingaggregator-regions
         '''
         result = self._values.get("regions")
@@ -4533,7 +4546,7 @@ class CfnHub(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__f8111fb2c58ed3e1e0c85928b084d60f2c8b02b604055e3087ce38f249967a54)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "autoEnableControls", value)
+        jsii.set(self, "autoEnableControls", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="controlFindingGenerator")
@@ -4546,7 +4559,7 @@ class CfnHub(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__6647ce06efe713d1b36ec98af92808e5bf616a683fa68b2fb4fe64fafe92bf35)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "controlFindingGenerator", value)
+        jsii.set(self, "controlFindingGenerator", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="enableDefaultStandards")
@@ -4564,7 +4577,7 @@ class CfnHub(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__4d118847a7bb58b794458a6afe88e0a8324a3a4e1590aba4f028de455ee8c624)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "enableDefaultStandards", value)
+        jsii.set(self, "enableDefaultStandards", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
@@ -4577,7 +4590,7 @@ class CfnHub(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__e17fb796b4e0971555823ae1c97a99f19e5677ae303ff0ef984cd00ac919ea87)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "tagsRaw", value)
+        jsii.set(self, "tagsRaw", value) # pyright: ignore[reportArgumentType]
 
 
 @jsii.data_type(
@@ -5288,7 +5301,7 @@ class CfnInsight(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__40bc93b289fd6fbe5ea66bbe5f8eca6d1371fec0a59789022949021156c016a4)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "filters", value)
+        jsii.set(self, "filters", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="groupByAttribute")
@@ -5301,7 +5314,7 @@ class CfnInsight(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__645260a48ef5fcfdb2acc56551dd1e6897e309e4feef6d7b81e9aa50ad0cc353)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "groupByAttribute", value)
+        jsii.set(self, "groupByAttribute", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="name")
@@ -5314,7 +5327,7 @@ class CfnInsight(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__766e42c726b2c502b30c5c9ccf965e83324fe1b106e1918e14b49c7f3b6cb61c)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "name", value)
+        jsii.set(self, "name", value) # pyright: ignore[reportArgumentType]
 
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_securityhub.CfnInsight.AwsSecurityFindingFiltersProperty",
@@ -5543,7 +5556,7 @@ class CfnInsight(
             :param aws_account_name: The name of the AWS account in which a finding is generated.
             :param company_name: The name of the findings provider (company) that owns the solution (product) that generates findings.
             :param compliance_associated_standards_id: The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the `DescribeStandards <https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html>`_ API response.
-            :param compliance_security_control_id: The unique identifier of a control across standards. Values for this field typically consist of an AWS service and a number, such as APIGateway.5.
+            :param compliance_security_control_id: The unique identifier of a control across standards. Values for this field typically consist of an AWS-service and a number, such as APIGateway.5.
             :param compliance_security_control_parameters_name: The name of a security control parameter.
             :param compliance_security_control_parameters_value: The current value of a security control parameter.
             :param compliance_status: Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains security standard-related finding details.
@@ -6490,7 +6503,7 @@ class CfnInsight(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnInsight.StringFilterProperty"]]]]:
             '''The unique identifier of a control across standards.
 
-            Values for this field typically consist of an AWS service and a number, such as APIGateway.5.
+            Values for this field typically consist of an AWS-service and a number, such as APIGateway.5.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-compliancesecuritycontrolid
             '''
@@ -9063,7 +9076,7 @@ class CfnOrganizationConfiguration(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__c9c68b5ed857f20db52a9ddd608779c26714ad57f3e5ec020cd2ec205b0b4686)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "autoEnable", value)
+        jsii.set(self, "autoEnable", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="autoEnableStandards")
@@ -9076,7 +9089,7 @@ class CfnOrganizationConfiguration(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__a91a9e8125723c3bbf2b823016143a56e3921498aeef3bea3e38ab2507456375)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "autoEnableStandards", value)
+        jsii.set(self, "autoEnableStandards", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="configurationType")
@@ -9089,7 +9102,7 @@ class CfnOrganizationConfiguration(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__a9716e72aa1123497cebad00869227a883554f1d22c3001478ca2aa367e4480e)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "configurationType", value)
+        jsii.set(self, "configurationType", value) # pyright: ignore[reportArgumentType]
 
 
 @jsii.data_type(
@@ -9347,7 +9360,7 @@ class CfnPolicyAssociation(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__099694d0e3019ff95f4caf646c1f0281841f787418a0d3d41abadbc38cec77cb)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "configurationPolicyId", value)
+        jsii.set(self, "configurationPolicyId", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="targetId")
@@ -9360,7 +9373,7 @@ class CfnPolicyAssociation(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__af8804051f98d2fff348049fe6c76b9cb9a5e095f2b7216509e1bbc6c1557271)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "targetId", value)
+        jsii.set(self, "targetId", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="targetType")
@@ -9373,7 +9386,7 @@ class CfnPolicyAssociation(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__ecc5d3f7535d58c2be7c9d763790a7e3c9fe6b64d4feea0c9122267c1bb09e15)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "targetType", value)
+        jsii.set(self, "targetType", value) # pyright: ignore[reportArgumentType]
 
 
 @jsii.data_type(
@@ -9573,7 +9586,7 @@ class CfnProductSubscription(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__1e63b86460e92e5a56fd9d1eaf71d8f57c62718a7502fdde0b9cc7898029252a)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "productArn", value)
+        jsii.set(self, "productArn", value) # pyright: ignore[reportArgumentType]
 
 
 @jsii.data_type(
@@ -9681,7 +9694,7 @@ class CfnSecurityControl(
         :param parameters: An object that identifies the name of a control parameter, its current value, and whether it has been customized.
         :param last_update_reason: The most recent reason for updating the customizable properties of a security control. This differs from the ``UpdateReason`` field of the ```BatchUpdateStandardsControlAssociations`` <https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html>`_ API, which tracks the reason for updating the enablement status of a control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores.
         :param security_control_arn: The Amazon Resource Name (ARN) for a security control across standards, such as ``arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1`` . This parameter doesn't mention a specific standard.
-        :param security_control_id: The unique identifier of a security control across standards. Values for this field typically consist of an AWS service name and a number, such as APIGateway.3.
+        :param security_control_id: The unique identifier of a security control across standards. Values for this field typically consist of an AWS-service name and a number, such as APIGateway.3.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__726fa705fd558de76e132e75c55b8475c62b8dc48c449b5a702f64b1f4bff214)
@@ -9747,7 +9760,7 @@ class CfnSecurityControl(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__ba42fae33edc1f1aa919c0aa456d75e2059314d6bb1a4b1deec59b91ddaeaf4e)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "parameters", value)
+        jsii.set(self, "parameters", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="lastUpdateReason")
@@ -9760,7 +9773,7 @@ class CfnSecurityControl(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__3b44d1cfbd6f5b9cc0e4f01d2215ab6605103c5dd09dd732f99604233458a89a)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "lastUpdateReason", value)
+        jsii.set(self, "lastUpdateReason", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="securityControlArn")
@@ -9773,7 +9786,7 @@ class CfnSecurityControl(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__4478e81bddb9f9df8efd5c0032ddfb869fb7885b4a68ad3bdb3c327deb03328a)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "securityControlArn", value)
+        jsii.set(self, "securityControlArn", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="securityControlId")
@@ -9786,7 +9799,7 @@ class CfnSecurityControl(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__ff55fd11201a4a7c92e4e58e9fa5bcdb6762a8ac0310ada761c3b90158e2f5e4)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "securityControlId", value)
+        jsii.set(self, "securityControlId", value) # pyright: ignore[reportArgumentType]
 
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_securityhub.CfnSecurityControl.ParameterConfigurationProperty",
@@ -9869,7 +9882,7 @@ class CfnSecurityControlProps:
         :param parameters: An object that identifies the name of a control parameter, its current value, and whether it has been customized.
         :param last_update_reason: The most recent reason for updating the customizable properties of a security control. This differs from the ``UpdateReason`` field of the ```BatchUpdateStandardsControlAssociations`` <https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html>`_ API, which tracks the reason for updating the enablement status of a control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores.
         :param security_control_arn: The Amazon Resource Name (ARN) for a security control across standards, such as ``arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1`` . This parameter doesn't mention a specific standard.
-        :param security_control_id: The unique identifier of a security control across standards. Values for this field typically consist of an AWS service name and a number, such as APIGateway.3.
+        :param security_control_id: The unique identifier of a security control across standards. Values for this field typically consist of an AWS-service name and a number, such as APIGateway.3.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-securitycontrol.html
         :exampleMetadata: fixture=_generated
@@ -9945,7 +9958,7 @@ class CfnSecurityControlProps:
     def security_control_id(self) -> typing.Optional[builtins.str]:
         '''The unique identifier of a security control across standards.
 
-        Values for this field typically consist of an AWS service name and a number, such as APIGateway.3.
+        Values for this field typically consist of an AWS-service name and a number, such as APIGateway.3.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-securitycontrol.html#cfn-securityhub-securitycontrol-securitycontrolid
         '''
@@ -10081,7 +10094,7 @@ class CfnStandard(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__1f003fbeecd432c822b1f4490f85902feb985eef57ec347d64e831f0a337b479)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "standardsArn", value)
+        jsii.set(self, "standardsArn", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="disabledStandardsControls")
@@ -10099,7 +10112,7 @@ class CfnStandard(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__0e923480bf5c5fa4fccb5bf4b4fb34ecf10ca3accba9f2a4f7b1b6ad7ad9437c)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "disabledStandardsControls", value)
+        jsii.set(self, "disabledStandardsControls", value) # pyright: ignore[reportArgumentType]
 
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_securityhub.CfnStandard.StandardsControlProperty",