aws-cdk-lib 2.155.0__py3-none-any.whl → 2.157.0__py3-none-any.whl

aws_cdk/aws_codebuild/__init__.py

@@ -10832,7 +10832,7 @@ class LinuxArmBuildImage(
         fleet: typing.Optional[IFleet] = None,
         privileged: typing.Optional[builtins.bool] = None,
     ) -> typing.List[builtins.str]:
-        '''Validates by checking the BuildEnvironment computeType as aarch64 images only support ComputeType.SMALL and ComputeType.LARGE.
+        '''Validates by checking the BuildEnvironments' images are not Lambda ComputeTypes.
 
         :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_1_0
         :param certificate: The location of the PEM-encoded certificate for the build project. Default: - No external certificate is added to the project

aws_cdk/aws_datasync/__init__.py

@@ -997,12 +997,12 @@ class CfnLocationEFS(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param ec2_config: Specifies the subnet and security groups DataSync uses to access your Amazon EFS file system.
-        :param access_point_arn: Specifies the Amazon Resource Name (ARN) of the access point that DataSync uses to access the Amazon EFS file system.
-        :param efs_filesystem_arn: Specifies the ARN for the Amazon EFS file system.
-        :param file_system_access_role_arn: Specifies an AWS Identity and Access Management (IAM) role that DataSync assumes when mounting the Amazon EFS file system.
-        :param in_transit_encryption: Specifies whether you want DataSync to use Transport Layer Security (TLS) 1.2 encryption when it copies data to or from the Amazon EFS file system. If you specify an access point using ``AccessPointArn`` or an IAM role using ``FileSystemAccessRoleArn`` , you must set this parameter to ``TLS1_2`` .
-        :param subdirectory: Specifies a mount path for your Amazon EFS file system. This is where DataSync reads or writes data (depending on if this is a source or destination location). By default, DataSync uses the root directory, but you can also include subdirectories. .. epigraph:: You must specify a value with forward slashes (for example, ``/path/to/folder`` ).
+        :param ec2_config: Specifies the subnet and security groups DataSync uses to connect to one of your Amazon EFS file system's `mount targets <https://docs.aws.amazon.com/efs/latest/ug/accessing-fs.html>`_ .
+        :param access_point_arn: Specifies the Amazon Resource Name (ARN) of the access point that DataSync uses to mount your Amazon EFS file system. For more information, see `Accessing restricted file systems <https://docs.aws.amazon.com/datasync/latest/userguide/create-efs-location.html#create-efs-location-iam>`_ .
+        :param efs_filesystem_arn: Specifies the ARN for your Amazon EFS file system.
+        :param file_system_access_role_arn: Specifies an AWS Identity and Access Management (IAM) role that allows DataSync to access your Amazon EFS file system. For information on creating this role, see `Creating a DataSync IAM role for file system access <https://docs.aws.amazon.com/datasync/latest/userguide/create-efs-location.html#create-efs-location-iam-role>`_ .
+        :param in_transit_encryption: Specifies whether you want DataSync to use Transport Layer Security (TLS) 1.2 encryption when it transfers data to or from your Amazon EFS file system. If you specify an access point using ``AccessPointArn`` or an IAM role using ``FileSystemAccessRoleArn`` , you must set this parameter to ``TLS1_2`` .
+        :param subdirectory: Specifies a mount path for your Amazon EFS file system. This is where DataSync reads or writes data (depending on if this is a source or destination location) on your file system. By default, DataSync uses the root directory (or `access point <https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html>`_ if you provide one by using ``AccessPointArn`` ). You can also include subdirectories using forward slashes (for example, ``/path/to/folder`` ).
         :param tags: Specifies the key-value pair that represents a tag that you want to add to the resource. The value can be an empty string. This value helps you manage, filter, and search for your resources. We recommend that you create a name tag for your location.
         '''
         if __debug__:
@@ -1085,7 +1085,7 @@ class CfnLocationEFS(
     def ec2_config(
         self,
     ) -> typing.Union[_IResolvable_da3f097b, "CfnLocationEFS.Ec2ConfigProperty"]:
-        '''Specifies the subnet and security groups DataSync uses to access your Amazon EFS file system.'''
+        '''Specifies the subnet and security groups DataSync uses to connect to one of your Amazon EFS file system's `mount targets <https://docs.aws.amazon.com/efs/latest/ug/accessing-fs.html>`_ .'''
         return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnLocationEFS.Ec2ConfigProperty"], jsii.get(self, "ec2Config"))
 
     @ec2_config.setter
@@ -1101,7 +1101,7 @@ class CfnLocationEFS(
     @builtins.property
     @jsii.member(jsii_name="accessPointArn")
     def access_point_arn(self) -> typing.Optional[builtins.str]:
-        '''Specifies the Amazon Resource Name (ARN) of the access point that DataSync uses to access the Amazon EFS file system.'''
+        '''Specifies the Amazon Resource Name (ARN) of the access point that DataSync uses to mount your Amazon EFS file system.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "accessPointArn"))
 
     @access_point_arn.setter
@@ -1114,7 +1114,7 @@ class CfnLocationEFS(
     @builtins.property
     @jsii.member(jsii_name="efsFilesystemArn")
     def efs_filesystem_arn(self) -> typing.Optional[builtins.str]:
-        '''Specifies the ARN for the Amazon EFS file system.'''
+        '''Specifies the ARN for your Amazon EFS file system.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "efsFilesystemArn"))
 
     @efs_filesystem_arn.setter
@@ -1127,7 +1127,7 @@ class CfnLocationEFS(
     @builtins.property
     @jsii.member(jsii_name="fileSystemAccessRoleArn")
     def file_system_access_role_arn(self) -> typing.Optional[builtins.str]:
-        '''Specifies an AWS Identity and Access Management (IAM) role that DataSync assumes when mounting the Amazon EFS file system.'''
+        '''Specifies an AWS Identity and Access Management (IAM) role that allows DataSync to access your Amazon EFS file system.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "fileSystemAccessRoleArn"))
 
     @file_system_access_role_arn.setter
@@ -1140,7 +1140,7 @@ class CfnLocationEFS(
     @builtins.property
     @jsii.member(jsii_name="inTransitEncryption")
     def in_transit_encryption(self) -> typing.Optional[builtins.str]:
-        '''Specifies whether you want DataSync to use Transport Layer Security (TLS) 1.2 encryption when it copies data to or from the Amazon EFS file system.'''
+        '''Specifies whether you want DataSync to use Transport Layer Security (TLS) 1.2 encryption when it transfers data to or from your Amazon EFS file system.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "inTransitEncryption"))
 
     @in_transit_encryption.setter
@@ -1191,7 +1191,7 @@ class CfnLocationEFS(
             security_group_arns: typing.Sequence[builtins.str],
             subnet_arn: builtins.str,
         ) -> None:
-            '''The subnet and security groups that AWS DataSync uses to access your Amazon EFS file system.
+            '''The subnet and security groups that AWS DataSync uses to connect to one of your Amazon EFS file system's `mount targets <https://docs.aws.amazon.com/efs/latest/ug/accessing-fs.html>`_ .
 
             :param security_group_arns: Specifies the Amazon Resource Names (ARNs) of the security groups associated with an Amazon EFS file system's mount target.
             :param subnet_arn: Specifies the ARN of a subnet where DataSync creates the `network interfaces <https://docs.aws.amazon.com/datasync/latest/userguide/datasync-network.html#required-network-interfaces>`_ for managing traffic during your transfer. The subnet must be located: - In the same virtual private cloud (VPC) as the Amazon EFS file system. - In the same Availability Zone as at least one mount target for the Amazon EFS file system. .. epigraph:: You don't need to specify a subnet that includes a file system mount target.
@@ -1287,12 +1287,12 @@ class CfnLocationEFSProps:
     ) -> None:
         '''Properties for defining a ``CfnLocationEFS``.
 
-        :param ec2_config: Specifies the subnet and security groups DataSync uses to access your Amazon EFS file system.
-        :param access_point_arn: Specifies the Amazon Resource Name (ARN) of the access point that DataSync uses to access the Amazon EFS file system.
-        :param efs_filesystem_arn: Specifies the ARN for the Amazon EFS file system.
-        :param file_system_access_role_arn: Specifies an AWS Identity and Access Management (IAM) role that DataSync assumes when mounting the Amazon EFS file system.
-        :param in_transit_encryption: Specifies whether you want DataSync to use Transport Layer Security (TLS) 1.2 encryption when it copies data to or from the Amazon EFS file system. If you specify an access point using ``AccessPointArn`` or an IAM role using ``FileSystemAccessRoleArn`` , you must set this parameter to ``TLS1_2`` .
-        :param subdirectory: Specifies a mount path for your Amazon EFS file system. This is where DataSync reads or writes data (depending on if this is a source or destination location). By default, DataSync uses the root directory, but you can also include subdirectories. .. epigraph:: You must specify a value with forward slashes (for example, ``/path/to/folder`` ).
+        :param ec2_config: Specifies the subnet and security groups DataSync uses to connect to one of your Amazon EFS file system's `mount targets <https://docs.aws.amazon.com/efs/latest/ug/accessing-fs.html>`_ .
+        :param access_point_arn: Specifies the Amazon Resource Name (ARN) of the access point that DataSync uses to mount your Amazon EFS file system. For more information, see `Accessing restricted file systems <https://docs.aws.amazon.com/datasync/latest/userguide/create-efs-location.html#create-efs-location-iam>`_ .
+        :param efs_filesystem_arn: Specifies the ARN for your Amazon EFS file system.
+        :param file_system_access_role_arn: Specifies an AWS Identity and Access Management (IAM) role that allows DataSync to access your Amazon EFS file system. For information on creating this role, see `Creating a DataSync IAM role for file system access <https://docs.aws.amazon.com/datasync/latest/userguide/create-efs-location.html#create-efs-location-iam-role>`_ .
+        :param in_transit_encryption: Specifies whether you want DataSync to use Transport Layer Security (TLS) 1.2 encryption when it transfers data to or from your Amazon EFS file system. If you specify an access point using ``AccessPointArn`` or an IAM role using ``FileSystemAccessRoleArn`` , you must set this parameter to ``TLS1_2`` .
+        :param subdirectory: Specifies a mount path for your Amazon EFS file system. This is where DataSync reads or writes data (depending on if this is a source or destination location) on your file system. By default, DataSync uses the root directory (or `access point <https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html>`_ if you provide one by using ``AccessPointArn`` ). You can also include subdirectories using forward slashes (for example, ``/path/to/folder`` ).
         :param tags: Specifies the key-value pair that represents a tag that you want to add to the resource. The value can be an empty string. This value helps you manage, filter, and search for your resources. We recommend that you create a name tag for your location.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-datasync-locationefs.html
@@ -1351,7 +1351,7 @@ class CfnLocationEFSProps:
     def ec2_config(
         self,
     ) -> typing.Union[_IResolvable_da3f097b, CfnLocationEFS.Ec2ConfigProperty]:
-        '''Specifies the subnet and security groups DataSync uses to access your Amazon EFS file system.
+        '''Specifies the subnet and security groups DataSync uses to connect to one of your Amazon EFS file system's `mount targets <https://docs.aws.amazon.com/efs/latest/ug/accessing-fs.html>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-datasync-locationefs.html#cfn-datasync-locationefs-ec2config
         '''
@@ -1361,7 +1361,9 @@ class CfnLocationEFSProps:
 
     @builtins.property
     def access_point_arn(self) -> typing.Optional[builtins.str]:
-        '''Specifies the Amazon Resource Name (ARN) of the access point that DataSync uses to access the Amazon EFS file system.
+        '''Specifies the Amazon Resource Name (ARN) of the access point that DataSync uses to mount your Amazon EFS file system.
+
+        For more information, see `Accessing restricted file systems <https://docs.aws.amazon.com/datasync/latest/userguide/create-efs-location.html#create-efs-location-iam>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-datasync-locationefs.html#cfn-datasync-locationefs-accesspointarn
         '''
@@ -1370,7 +1372,7 @@ class CfnLocationEFSProps:
 
     @builtins.property
     def efs_filesystem_arn(self) -> typing.Optional[builtins.str]:
-        '''Specifies the ARN for the Amazon EFS file system.
+        '''Specifies the ARN for your Amazon EFS file system.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-datasync-locationefs.html#cfn-datasync-locationefs-efsfilesystemarn
         '''
@@ -1379,7 +1381,9 @@ class CfnLocationEFSProps:
 
     @builtins.property
     def file_system_access_role_arn(self) -> typing.Optional[builtins.str]:
-        '''Specifies an AWS Identity and Access Management (IAM) role that DataSync assumes when mounting the Amazon EFS file system.
+        '''Specifies an AWS Identity and Access Management (IAM) role that allows DataSync to access your Amazon EFS file system.
+
+        For information on creating this role, see `Creating a DataSync IAM role for file system access <https://docs.aws.amazon.com/datasync/latest/userguide/create-efs-location.html#create-efs-location-iam-role>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-datasync-locationefs.html#cfn-datasync-locationefs-filesystemaccessrolearn
         '''
@@ -1388,7 +1392,7 @@ class CfnLocationEFSProps:
 
     @builtins.property
     def in_transit_encryption(self) -> typing.Optional[builtins.str]:
-        '''Specifies whether you want DataSync to use Transport Layer Security (TLS) 1.2 encryption when it copies data to or from the Amazon EFS file system.
+        '''Specifies whether you want DataSync to use Transport Layer Security (TLS) 1.2 encryption when it transfers data to or from your Amazon EFS file system.
 
         If you specify an access point using ``AccessPointArn`` or an IAM role using ``FileSystemAccessRoleArn`` , you must set this parameter to ``TLS1_2`` .
 
@@ -1401,10 +1405,9 @@ class CfnLocationEFSProps:
     def subdirectory(self) -> typing.Optional[builtins.str]:
         '''Specifies a mount path for your Amazon EFS file system.
 
-        This is where DataSync reads or writes data (depending on if this is a source or destination location). By default, DataSync uses the root directory, but you can also include subdirectories.
-        .. epigraph::
+        This is where DataSync reads or writes data (depending on if this is a source or destination location) on your file system.
 
-           You must specify a value with forward slashes (for example, ``/path/to/folder`` ).
+        By default, DataSync uses the root directory (or `access point <https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html>`_ if you provide one by using ``AccessPointArn`` ). You can also include subdirectories using forward slashes (for example, ``/path/to/folder`` ).
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-datasync-locationefs.html#cfn-datasync-locationefs-subdirectory
         '''
@@ -8428,7 +8431,7 @@ class CfnTask(
         ) -> None:
             '''Configures your AWS DataSync task to run on a `schedule <https://docs.aws.amazon.com/datasync/latest/userguide/task-scheduling.html>`_ (at a minimum interval of 1 hour).
 
-            :param schedule_expression: Specifies your task schedule by using a cron expression in UTC time. For information about cron expression syntax, see the `*Amazon EventBridge User Guide* <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-cron-expressions.html>`_ .
+            :param schedule_expression: Specifies your task schedule by using a cron or rate expression. Use cron expressions for task schedules that run on a specific time and day. For example, the following cron expression creates a task schedule that runs at 8 AM on the first Wednesday of every month: ``cron(0 8 * * 3#1)`` Use rate expressions for task schedules that run on a regular interval. For example, the following rate expression creates a task schedule that runs every 12 hours: ``rate(12 hours)`` For information about cron and rate expression syntax, see the `*Amazon EventBridge User Guide* <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-scheduled-rule-pattern.html>`_ .
             :param status: Specifies whether to enable or disable your task schedule. Your schedule is enabled by default, but there can be situations where you need to disable it. For example, you might need to perform maintenance on a storage system before you can begin a recurring DataSync transfer. DataSync might disable your schedule automatically if your task fails repeatedly with the same error. For more information, see the `*DataSync User Guide* <https://docs.aws.amazon.com/datasync/latest/userguide/task-scheduling.html#pause-task-schedule>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-datasync-task-taskschedule.html
@@ -8457,9 +8460,17 @@ class CfnTask(
 
         @builtins.property
         def schedule_expression(self) -> typing.Optional[builtins.str]:
-            '''Specifies your task schedule by using a cron expression in UTC time.
+            '''Specifies your task schedule by using a cron or rate expression.
+
+            Use cron expressions for task schedules that run on a specific time and day. For example, the following cron expression creates a task schedule that runs at 8 AM on the first Wednesday of every month:
+
+            ``cron(0 8 * * 3#1)``
+
+            Use rate expressions for task schedules that run on a regular interval. For example, the following rate expression creates a task schedule that runs every 12 hours:
+
+            ``rate(12 hours)``
 
-            For information about cron expression syntax, see the `*Amazon EventBridge User Guide* <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-cron-expressions.html>`_ .
+            For information about cron and rate expression syntax, see the `*Amazon EventBridge User Guide* <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-scheduled-rule-pattern.html>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-datasync-task-taskschedule.html#cfn-datasync-task-taskschedule-scheduleexpression
             '''

aws_cdk/aws_docdb/__init__.py

@@ -283,6 +283,26 @@ cluster = docdb.DatabaseCluster(self, "Database",
     ca_certificate=docdb.CaCertificate.RDS_CA_RSA4096_G1
 )
 ```
+
+## Storage Type
+
+You can specify [storage type](https://docs.aws.amazon.com/documentdb/latest/developerguide/db-cluster-storage-configs.html) for the cluster.
+
+```python
+# vpc: ec2.Vpc
+
+
+cluster = docdb.DatabaseCluster(self, "Database",
+    master_user=docdb.Login(
+        username="myuser"
+    ),
+    instance_type=ec2.InstanceType.of(ec2.InstanceClass.MEMORY5, ec2.InstanceSize.LARGE),
+    vpc=vpc,
+    storage_type=docdb.StorageType.IOPT1
+)
+```
+
+**Note**: `StorageType.IOPT1` is supported starting with engine version 5.0.0.
 '''
 from pkgutil import extend_path
 __path__ = extend_path(__path__, __name__)
@@ -3460,6 +3480,7 @@ class DatabaseClusterAttributes:
         "security_group": "securityGroup",
         "security_group_removal_policy": "securityGroupRemovalPolicy",
         "storage_encrypted": "storageEncrypted",
+        "storage_type": "storageType",
         "vpc_subnets": "vpcSubnets",
     },
 )
@@ -3492,6 +3513,7 @@ class DatabaseClusterProps:
         security_group: typing.Optional[_ISecurityGroup_acf8a799] = None,
         security_group_removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
         storage_encrypted: typing.Optional[builtins.bool] = None,
+        storage_type: typing.Optional["StorageType"] = None,
         vpc_subnets: typing.Optional[typing.Union[_SubnetSelection_e57d76df, typing.Dict[builtins.str, typing.Any]]] = None,
     ) -> None:
         '''Properties for a new database cluster.
@@ -3507,7 +3529,7 @@ class DatabaseClusterProps:
         :param db_cluster_name: An optional identifier for the cluster. Default: - A name is automatically generated.
         :param deletion_protection: Specifies whether this cluster can be deleted. If deletionProtection is enabled, the cluster cannot be deleted unless it is modified and deletionProtection is disabled. deletionProtection protects clusters from being accidentally deleted. Default: - false
         :param enable_performance_insights: A value that indicates whether to enable Performance Insights for the instances in the DB Cluster. Default: - false
-        :param engine_version: What version of the database to start. Default: - The default engine version.
+        :param engine_version: What version of the database to start. Default: - the latest major version
         :param export_audit_logs_to_cloud_watch: Whether the audit logs should be exported to CloudWatch. Note that you also have to configure the audit log export in the Cluster's Parameter Group. Default: false
         :param export_profiler_logs_to_cloud_watch: Whether the profiler logs should be exported to CloudWatch. Note that you also have to configure the profiler log export in the Cluster's Parameter Group. Default: false
         :param instance_identifier_base: Base identifier for instances. Every replica is named by appending the replica number to this string, 1-based. Default: - ``dbClusterName`` is used with the word "Instance" appended. If ``dbClusterName`` is not provided, the identifier is automatically generated.
@@ -3521,6 +3543,7 @@ class DatabaseClusterProps:
         :param security_group: Security group. Default: a new security group is created.
         :param security_group_removal_policy: The removal policy to apply to the cluster's security group. Cannot be set to ``SNAPSHOT``. Default: - ``RemovalPolicy.DESTROY`` when ``removalPolicy`` is set to ``SNAPSHOT``, ``removalPolicy`` otherwise.
         :param storage_encrypted: Whether to enable storage encryption. Default: true
+        :param storage_type: The storage type of the DocDB cluster. I/O-optimized storage is supported starting with engine version 5.0.0. Default: StorageType.STANDARD
         :param vpc_subnets: Where to place the instances within the VPC. Default: private subnets
 
         :exampleMetadata: infused
@@ -3539,7 +3562,7 @@ class DatabaseClusterProps:
                     subnet_type=ec2.SubnetType.PUBLIC
                 ),
                 vpc=vpc,
-                ca_certificate=docdb.CaCertificate.RDS_CA_RSA4096_G1
+                removal_policy=RemovalPolicy.SNAPSHOT
             )
         '''
         if isinstance(master_user, dict):
@@ -3575,6 +3598,7 @@ class DatabaseClusterProps:
             check_type(argname="argument security_group", value=security_group, expected_type=type_hints["security_group"])
             check_type(argname="argument security_group_removal_policy", value=security_group_removal_policy, expected_type=type_hints["security_group_removal_policy"])
             check_type(argname="argument storage_encrypted", value=storage_encrypted, expected_type=type_hints["storage_encrypted"])
+            check_type(argname="argument storage_type", value=storage_type, expected_type=type_hints["storage_type"])
             check_type(argname="argument vpc_subnets", value=vpc_subnets, expected_type=type_hints["vpc_subnets"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "instance_type": instance_type,
@@ -3625,6 +3649,8 @@ class DatabaseClusterProps:
             self._values["security_group_removal_policy"] = security_group_removal_policy
         if storage_encrypted is not None:
             self._values["storage_encrypted"] = storage_encrypted
+        if storage_type is not None:
+            self._values["storage_type"] = storage_type
         if vpc_subnets is not None:
             self._values["vpc_subnets"] = vpc_subnets
 
@@ -3747,7 +3773,7 @@ class DatabaseClusterProps:
     def engine_version(self) -> typing.Optional[builtins.str]:
         '''What version of the database to start.
 
-        :default: - The default engine version.
+        :default: - the latest major version
         '''
         result = self._values.get("engine_version")
         return typing.cast(typing.Optional[builtins.str], result)
@@ -3908,6 +3934,19 @@ class DatabaseClusterProps:
         result = self._values.get("storage_encrypted")
         return typing.cast(typing.Optional[builtins.bool], result)
 
+    @builtins.property
+    def storage_type(self) -> typing.Optional["StorageType"]:
+        '''The storage type of the DocDB cluster.
+
+        I/O-optimized storage is supported starting with engine version 5.0.0.
+
+        :default: StorageType.STANDARD
+
+        :see: https://docs.aws.amazon.com/documentdb/latest/developerguide/release-notes.html#release-notes.11-21-2023
+        '''
+        result = self._values.get("storage_type")
+        return typing.cast(typing.Optional["StorageType"], result)
+
     @builtins.property
     def vpc_subnets(self) -> typing.Optional[_SubnetSelection_e57d76df]:
         '''Where to place the instances within the VPC.
@@ -4721,7 +4760,7 @@ class Login:
                     subnet_type=ec2.SubnetType.PUBLIC
                 ),
                 vpc=vpc,
-                ca_certificate=docdb.CaCertificate.RDS_CA_RSA4096_G1
+                removal_policy=RemovalPolicy.SNAPSHOT
             )
         '''
         if __debug__:
@@ -4884,6 +4923,33 @@ class RotationMultiUserOptions:
         )
 
 
+@jsii.enum(jsii_type="aws-cdk-lib.aws_docdb.StorageType")
+class StorageType(enum.Enum):
+    '''The storage type of the DocDB cluster.
+
+    :exampleMetadata: infused
+
+    Example::
+
+        # vpc: ec2.Vpc
+        
+        
+        cluster = docdb.DatabaseCluster(self, "Database",
+            master_user=docdb.Login(
+                username="myuser"
+            ),
+            instance_type=ec2.InstanceType.of(ec2.InstanceClass.MEMORY5, ec2.InstanceSize.LARGE),
+            vpc=vpc,
+            storage_type=docdb.StorageType.IOPT1
+        )
+    '''
+
+    STANDARD = "STANDARD"
+    '''Standard storage.'''
+    IOPT1 = "IOPT1"
+    '''I/O-optimized storage.'''
+
+
 @jsii.implements(IClusterParameterGroup)
 class ClusterParameterGroup(
     _Resource_45bc6135,
@@ -4997,7 +5063,7 @@ class DatabaseCluster(
                 subnet_type=ec2.SubnetType.PUBLIC
             ),
             vpc=vpc,
-            ca_certificate=docdb.CaCertificate.RDS_CA_RSA4096_G1
+            removal_policy=RemovalPolicy.SNAPSHOT
         )
     '''
 
@@ -5031,6 +5097,7 @@ class DatabaseCluster(
         security_group: typing.Optional[_ISecurityGroup_acf8a799] = None,
         security_group_removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
         storage_encrypted: typing.Optional[builtins.bool] = None,
+        storage_type: typing.Optional[StorageType] = None,
         vpc_subnets: typing.Optional[typing.Union[_SubnetSelection_e57d76df, typing.Dict[builtins.str, typing.Any]]] = None,
     ) -> None:
         '''
@@ -5047,7 +5114,7 @@ class DatabaseCluster(
         :param db_cluster_name: An optional identifier for the cluster. Default: - A name is automatically generated.
         :param deletion_protection: Specifies whether this cluster can be deleted. If deletionProtection is enabled, the cluster cannot be deleted unless it is modified and deletionProtection is disabled. deletionProtection protects clusters from being accidentally deleted. Default: - false
         :param enable_performance_insights: A value that indicates whether to enable Performance Insights for the instances in the DB Cluster. Default: - false
-        :param engine_version: What version of the database to start. Default: - The default engine version.
+        :param engine_version: What version of the database to start. Default: - the latest major version
         :param export_audit_logs_to_cloud_watch: Whether the audit logs should be exported to CloudWatch. Note that you also have to configure the audit log export in the Cluster's Parameter Group. Default: false
         :param export_profiler_logs_to_cloud_watch: Whether the profiler logs should be exported to CloudWatch. Note that you also have to configure the profiler log export in the Cluster's Parameter Group. Default: false
         :param instance_identifier_base: Base identifier for instances. Every replica is named by appending the replica number to this string, 1-based. Default: - ``dbClusterName`` is used with the word "Instance" appended. If ``dbClusterName`` is not provided, the identifier is automatically generated.
@@ -5061,6 +5128,7 @@ class DatabaseCluster(
         :param security_group: Security group. Default: a new security group is created.
         :param security_group_removal_policy: The removal policy to apply to the cluster's security group. Cannot be set to ``SNAPSHOT``. Default: - ``RemovalPolicy.DESTROY`` when ``removalPolicy`` is set to ``SNAPSHOT``, ``removalPolicy`` otherwise.
         :param storage_encrypted: Whether to enable storage encryption. Default: true
+        :param storage_type: The storage type of the DocDB cluster. I/O-optimized storage is supported starting with engine version 5.0.0. Default: StorageType.STANDARD
         :param vpc_subnets: Where to place the instances within the VPC. Default: private subnets
         '''
         if __debug__:
@@ -5093,6 +5161,7 @@ class DatabaseCluster(
             security_group=security_group,
             security_group_removal_policy=security_group_removal_policy,
             storage_encrypted=storage_encrypted,
+            storage_type=storage_type,
             vpc_subnets=vpc_subnets,
         )
 
@@ -5461,6 +5530,7 @@ __all__ = [
     "IDatabaseInstance",
     "Login",
     "RotationMultiUserOptions",
+    "StorageType",
 ]
 
 publication.publish()
@@ -6051,6 +6121,7 @@ def _typecheckingstub__bb24ec128a97ca07df15f55d4e96dda851d4300951806a7a3d7f391cc
     security_group: typing.Optional[_ISecurityGroup_acf8a799] = None,
     security_group_removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
     storage_encrypted: typing.Optional[builtins.bool] = None,
+    storage_type: typing.Optional[StorageType] = None,
     vpc_subnets: typing.Optional[typing.Union[_SubnetSelection_e57d76df, typing.Dict[builtins.str, typing.Any]]] = None,
 ) -> None:
     """Type checking stubs"""
@@ -6179,6 +6250,7 @@ def _typecheckingstub__3fef762ebf4d69195051e79f76d91c6d9e93e2a84a6c1e71f7b4a0b8c
     security_group: typing.Optional[_ISecurityGroup_acf8a799] = None,
     security_group_removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
     storage_encrypted: typing.Optional[builtins.bool] = None,
+    storage_type: typing.Optional[StorageType] = None,
     vpc_subnets: typing.Optional[typing.Union[_SubnetSelection_e57d76df, typing.Dict[builtins.str, typing.Any]]] = None,
 ) -> None:
     """Type checking stubs"""