aws-cdk-lib 2.155.0__py3-none-any.whl → 2.157.0__py3-none-any.whl

aws_cdk/aws_secretsmanager/__init__.py

@@ -2251,7 +2251,7 @@ class CfnSecretTargetAttachment(
         :param id: Construct identifier for this resource (unique in its scope).
         :param secret_id: The ARN or name of the secret. To reference a secret also created in this template, use the see `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function with the secret's logical ID.
         :param target_id: The ID of the database or cluster.
-        :param target_type: A string that defines the type of service or database associated with the secret. This value instructs Secrets Manager how to update the secret with the details of the service or database. This value must be one of the following: - AWS::RDS::DBInstance - AWS::RDS::DBCluster - AWS::Redshift::Cluster - AWS::DocDB::DBInstance - AWS::DocDB::DBCluster - AWS::DocDBElastic::Cluster
+        :param target_type: A string that defines the type of service or database associated with the secret. This value instructs Secrets Manager how to update the secret with the details of the service or database. This value must be one of the following: - AWS::RDS::DBInstance - AWS::RDS::DBCluster - AWS::Redshift::Cluster - AWS::DocDB::DBInstance - AWS::DocDB::DBCluster
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__f27548ced74eb3d06a9cd3710e7d562d307b5a2c264476a3e685fcb94ccdee58)
@@ -2367,7 +2367,7 @@ class CfnSecretTargetAttachmentProps:
 
         :param secret_id: The ARN or name of the secret. To reference a secret also created in this template, use the see `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function with the secret's logical ID.
         :param target_id: The ID of the database or cluster.
-        :param target_type: A string that defines the type of service or database associated with the secret. This value instructs Secrets Manager how to update the secret with the details of the service or database. This value must be one of the following: - AWS::RDS::DBInstance - AWS::RDS::DBCluster - AWS::Redshift::Cluster - AWS::DocDB::DBInstance - AWS::DocDB::DBCluster - AWS::DocDBElastic::Cluster
+        :param target_type: A string that defines the type of service or database associated with the secret. This value instructs Secrets Manager how to update the secret with the details of the service or database. This value must be one of the following: - AWS::RDS::DBInstance - AWS::RDS::DBCluster - AWS::Redshift::Cluster - AWS::DocDB::DBInstance - AWS::DocDB::DBCluster
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html
         :exampleMetadata: fixture=_generated
@@ -2428,7 +2428,6 @@ class CfnSecretTargetAttachmentProps:
         - AWS::Redshift::Cluster
         - AWS::DocDB::DBInstance
         - AWS::DocDB::DBCluster
-        - AWS::DocDBElastic::Cluster
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html#cfn-secretsmanager-secrettargetattachment-targettype
         '''

aws_cdk/aws_securityhub/__init__.py

@@ -274,9 +274,11 @@ class CfnAutomationRule(
                 )]
             ),
             description="description",
-            is_terminal=False,
             rule_name="ruleName",
             rule_order=123,
+        
+            # the properties below are optional
+            is_terminal=False,
             rule_status="ruleStatus",
             tags={
                 "tags_key": "tags"
@@ -289,12 +291,12 @@ class CfnAutomationRule(
         scope: _constructs_77d1e7e8.Construct,
         id: builtins.str,
         *,
-        actions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRule.AutomationRulesActionProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
-        criteria: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRule.AutomationRulesFindingFiltersProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
-        description: typing.Optional[builtins.str] = None,
+        actions: typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRule.AutomationRulesActionProperty", typing.Dict[builtins.str, typing.Any]]]]],
+        criteria: typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRule.AutomationRulesFindingFiltersProperty", typing.Dict[builtins.str, typing.Any]]],
+        description: builtins.str,
+        rule_name: builtins.str,
+        rule_order: jsii.Number,
         is_terminal: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
-        rule_name: typing.Optional[builtins.str] = None,
-        rule_order: typing.Optional[jsii.Number] = None,
         rule_status: typing.Optional[builtins.str] = None,
         tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     ) -> None:
@@ -304,9 +306,9 @@ class CfnAutomationRule(
         :param actions: One or more actions to update finding fields if a finding matches the conditions specified in ``Criteria`` .
         :param criteria: A set of `AWS Security Finding Format (ASFF) <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html>`_ finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, Security Hub applies the rule action to the finding.
         :param description: A description of the rule.
-        :param is_terminal: Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
         :param rule_name: The name of the rule.
         :param rule_order: An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
+        :param is_terminal: Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
         :param rule_status: Whether the rule is active after it is created. If this parameter is equal to ``ENABLED`` , Security Hub applies the rule to findings and finding updates after the rule is created.
         :param tags: User-defined tags associated with an automation rule.
         '''
@@ -318,9 +320,9 @@ class CfnAutomationRule(
             actions=actions,
             criteria=criteria,
             description=description,
-            is_terminal=is_terminal,
             rule_name=rule_name,
             rule_order=rule_order,
+            is_terminal=is_terminal,
             rule_status=rule_status,
             tags=tags,
         )
@@ -416,14 +418,14 @@ class CfnAutomationRule(
     @jsii.member(jsii_name="actions")
     def actions(
         self,
-    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.AutomationRulesActionProperty"]]]]:
+    ) -> typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.AutomationRulesActionProperty"]]]:
         '''One or more actions to update finding fields if a finding matches the conditions specified in ``Criteria`` .'''
-        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.AutomationRulesActionProperty"]]]], jsii.get(self, "actions"))
+        return typing.cast(typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.AutomationRulesActionProperty"]]], jsii.get(self, "actions"))
 
     @actions.setter
     def actions(
         self,
-        value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.AutomationRulesActionProperty"]]]],
+        value: typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.AutomationRulesActionProperty"]]],
     ) -> None:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__90988dc6b536563439917056373f7379ca48a864b5a3471a7b3552f6c9b40897)
@@ -434,14 +436,14 @@ class CfnAutomationRule(
     @jsii.member(jsii_name="criteria")
     def criteria(
         self,
-    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.AutomationRulesFindingFiltersProperty"]]:
+    ) -> typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.AutomationRulesFindingFiltersProperty"]:
         '''A set of `AWS Security Finding Format (ASFF) <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html>`_ finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, Security Hub applies the rule action to the finding.'''
-        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.AutomationRulesFindingFiltersProperty"]], jsii.get(self, "criteria"))
+        return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.AutomationRulesFindingFiltersProperty"], jsii.get(self, "criteria"))
 
     @criteria.setter
     def criteria(
         self,
-        value: typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.AutomationRulesFindingFiltersProperty"]],
+        value: typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.AutomationRulesFindingFiltersProperty"],
     ) -> None:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__cc91daff88300654f2c8a9e4e5aad76fd0c26ae9c62e118febc7d1bff9733c5f)
@@ -450,43 +452,25 @@ class CfnAutomationRule(
 
     @builtins.property
     @jsii.member(jsii_name="description")
-    def description(self) -> typing.Optional[builtins.str]:
+    def description(self) -> builtins.str:
         '''A description of the rule.'''
-        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "description"))
+        return typing.cast(builtins.str, jsii.get(self, "description"))
 
     @description.setter
-    def description(self, value: typing.Optional[builtins.str]) -> None:
+    def description(self, value: builtins.str) -> None:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__13e710145ba6564ce42bac7fc3465ec7406a15699f473acd70e62bf605c1f259)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "description", value) # pyright: ignore[reportArgumentType]
 
-    @builtins.property
-    @jsii.member(jsii_name="isTerminal")
-    def is_terminal(
-        self,
-    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria.'''
-        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "isTerminal"))
-
-    @is_terminal.setter
-    def is_terminal(
-        self,
-        value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
-    ) -> None:
-        if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__11031a77a18a3180e3bf703420372155750c7001d9c920558ff50230e0111537)
-            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "isTerminal", value) # pyright: ignore[reportArgumentType]
-
     @builtins.property
     @jsii.member(jsii_name="ruleName")
-    def rule_name(self) -> typing.Optional[builtins.str]:
+    def rule_name(self) -> builtins.str:
         '''The name of the rule.'''
-        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "ruleName"))
+        return typing.cast(builtins.str, jsii.get(self, "ruleName"))
 
     @rule_name.setter
-    def rule_name(self, value: typing.Optional[builtins.str]) -> None:
+    def rule_name(self, value: builtins.str) -> None:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__ffff694fc9dee0bbe561a13e56455e4e3a3b12c8c47e7c20a7fe2e8c13c0725c)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
@@ -494,17 +478,35 @@ class CfnAutomationRule(
 
     @builtins.property
     @jsii.member(jsii_name="ruleOrder")
-    def rule_order(self) -> typing.Optional[jsii.Number]:
+    def rule_order(self) -> jsii.Number:
         '''An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings.'''
-        return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "ruleOrder"))
+        return typing.cast(jsii.Number, jsii.get(self, "ruleOrder"))
 
     @rule_order.setter
-    def rule_order(self, value: typing.Optional[jsii.Number]) -> None:
+    def rule_order(self, value: jsii.Number) -> None:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__db37e60211fd885d4c7d0aa9af521faa3786061d7fa1712b86f54f3646a4738b)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "ruleOrder", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="isTerminal")
+    def is_terminal(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        '''Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria.'''
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "isTerminal"))
+
+    @is_terminal.setter
+    def is_terminal(
+        self,
+        value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__11031a77a18a3180e3bf703420372155750c7001d9c920558ff50230e0111537)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "isTerminal", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="ruleStatus")
     def rule_status(self) -> typing.Optional[builtins.str]:
@@ -2554,9 +2556,9 @@ class CfnAutomationRule(
         "actions": "actions",
         "criteria": "criteria",
         "description": "description",
-        "is_terminal": "isTerminal",
         "rule_name": "ruleName",
         "rule_order": "ruleOrder",
+        "is_terminal": "isTerminal",
         "rule_status": "ruleStatus",
         "tags": "tags",
     },
@@ -2565,12 +2567,12 @@ class CfnAutomationRuleProps:
     def __init__(
         self,
         *,
-        actions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRule.AutomationRulesActionProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
-        criteria: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRule.AutomationRulesFindingFiltersProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
-        description: typing.Optional[builtins.str] = None,
+        actions: typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRule.AutomationRulesActionProperty, typing.Dict[builtins.str, typing.Any]]]]],
+        criteria: typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRule.AutomationRulesFindingFiltersProperty, typing.Dict[builtins.str, typing.Any]]],
+        description: builtins.str,
+        rule_name: builtins.str,
+        rule_order: jsii.Number,
         is_terminal: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
-        rule_name: typing.Optional[builtins.str] = None,
-        rule_order: typing.Optional[jsii.Number] = None,
         rule_status: typing.Optional[builtins.str] = None,
         tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     ) -> None:
@@ -2579,9 +2581,9 @@ class CfnAutomationRuleProps:
         :param actions: One or more actions to update finding fields if a finding matches the conditions specified in ``Criteria`` .
         :param criteria: A set of `AWS Security Finding Format (ASFF) <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html>`_ finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, Security Hub applies the rule action to the finding.
         :param description: A description of the rule.
-        :param is_terminal: Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
         :param rule_name: The name of the rule.
         :param rule_order: An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
+        :param is_terminal: Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
         :param rule_status: Whether the rule is active after it is created. If this parameter is equal to ``ENABLED`` , Security Hub applies the rule to findings and finding updates after the rule is created.
         :param tags: User-defined tags associated with an automation rule.
 
@@ -2794,9 +2796,11 @@ class CfnAutomationRuleProps:
                     )]
                 ),
                 description="description",
-                is_terminal=False,
                 rule_name="ruleName",
                 rule_order=123,
+            
+                # the properties below are optional
+                is_terminal=False,
                 rule_status="ruleStatus",
                 tags={
                     "tags_key": "tags"
@@ -2808,24 +2812,20 @@ class CfnAutomationRuleProps:
             check_type(argname="argument actions", value=actions, expected_type=type_hints["actions"])
             check_type(argname="argument criteria", value=criteria, expected_type=type_hints["criteria"])
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
-            check_type(argname="argument is_terminal", value=is_terminal, expected_type=type_hints["is_terminal"])
             check_type(argname="argument rule_name", value=rule_name, expected_type=type_hints["rule_name"])
             check_type(argname="argument rule_order", value=rule_order, expected_type=type_hints["rule_order"])
+            check_type(argname="argument is_terminal", value=is_terminal, expected_type=type_hints["is_terminal"])
             check_type(argname="argument rule_status", value=rule_status, expected_type=type_hints["rule_status"])
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
-        self._values: typing.Dict[builtins.str, typing.Any] = {}
-        if actions is not None:
-            self._values["actions"] = actions
-        if criteria is not None:
-            self._values["criteria"] = criteria
-        if description is not None:
-            self._values["description"] = description
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "actions": actions,
+            "criteria": criteria,
+            "description": description,
+            "rule_name": rule_name,
+            "rule_order": rule_order,
+        }
         if is_terminal is not None:
             self._values["is_terminal"] = is_terminal
-        if rule_name is not None:
-            self._values["rule_name"] = rule_name
-        if rule_order is not None:
-            self._values["rule_order"] = rule_order
         if rule_status is not None:
             self._values["rule_status"] = rule_status
         if tags is not None:
@@ -2834,58 +2834,49 @@ class CfnAutomationRuleProps:
     @builtins.property
     def actions(
         self,
-    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnAutomationRule.AutomationRulesActionProperty]]]]:
+    ) -> typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnAutomationRule.AutomationRulesActionProperty]]]:
         '''One or more actions to update finding fields if a finding matches the conditions specified in ``Criteria`` .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrule.html#cfn-securityhub-automationrule-actions
         '''
         result = self._values.get("actions")
-        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnAutomationRule.AutomationRulesActionProperty]]]], result)
+        assert result is not None, "Required property 'actions' is missing"
+        return typing.cast(typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnAutomationRule.AutomationRulesActionProperty]]], result)
 
     @builtins.property
     def criteria(
         self,
-    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnAutomationRule.AutomationRulesFindingFiltersProperty]]:
+    ) -> typing.Union[_IResolvable_da3f097b, CfnAutomationRule.AutomationRulesFindingFiltersProperty]:
         '''A set of `AWS Security Finding Format (ASFF) <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html>`_ finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, Security Hub applies the rule action to the finding.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrule.html#cfn-securityhub-automationrule-criteria
         '''
         result = self._values.get("criteria")
-        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, CfnAutomationRule.AutomationRulesFindingFiltersProperty]], result)
+        assert result is not None, "Required property 'criteria' is missing"
+        return typing.cast(typing.Union[_IResolvable_da3f097b, CfnAutomationRule.AutomationRulesFindingFiltersProperty], result)
 
     @builtins.property
-    def description(self) -> typing.Optional[builtins.str]:
+    def description(self) -> builtins.str:
         '''A description of the rule.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrule.html#cfn-securityhub-automationrule-description
         '''
         result = self._values.get("description")
-        return typing.cast(typing.Optional[builtins.str], result)
-
-    @builtins.property
-    def is_terminal(
-        self,
-    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria.
-
-        This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
-
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrule.html#cfn-securityhub-automationrule-isterminal
-        '''
-        result = self._values.get("is_terminal")
-        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
+        assert result is not None, "Required property 'description' is missing"
+        return typing.cast(builtins.str, result)
 
     @builtins.property
-    def rule_name(self) -> typing.Optional[builtins.str]:
+    def rule_name(self) -> builtins.str:
         '''The name of the rule.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrule.html#cfn-securityhub-automationrule-rulename
         '''
         result = self._values.get("rule_name")
-        return typing.cast(typing.Optional[builtins.str], result)
+        assert result is not None, "Required property 'rule_name' is missing"
+        return typing.cast(builtins.str, result)
 
     @builtins.property
-    def rule_order(self) -> typing.Optional[jsii.Number]:
+    def rule_order(self) -> jsii.Number:
         '''An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings.
 
         Security Hub applies rules with lower values for this parameter first.
@@ -2893,7 +2884,21 @@ class CfnAutomationRuleProps:
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrule.html#cfn-securityhub-automationrule-ruleorder
         '''
         result = self._values.get("rule_order")
-        return typing.cast(typing.Optional[jsii.Number], result)
+        assert result is not None, "Required property 'rule_order' is missing"
+        return typing.cast(jsii.Number, result)
+
+    @builtins.property
+    def is_terminal(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        '''Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria.
+
+        This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrule.html#cfn-securityhub-automationrule-isterminal
+        '''
+        result = self._values.get("is_terminal")
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
 
     @builtins.property
     def rule_status(self) -> typing.Optional[builtins.str]:
@@ -10314,12 +10319,12 @@ def _typecheckingstub__90c663d2946359b509542feafdcb3d89f11ca9e30a214aae02ea3d6b3
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
     *,
-    actions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRule.AutomationRulesActionProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
-    criteria: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRule.AutomationRulesFindingFiltersProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
-    description: typing.Optional[builtins.str] = None,
+    actions: typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRule.AutomationRulesActionProperty, typing.Dict[builtins.str, typing.Any]]]]],
+    criteria: typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRule.AutomationRulesFindingFiltersProperty, typing.Dict[builtins.str, typing.Any]]],
+    description: builtins.str,
+    rule_name: builtins.str,
+    rule_order: jsii.Number,
     is_terminal: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
-    rule_name: typing.Optional[builtins.str] = None,
-    rule_order: typing.Optional[jsii.Number] = None,
     rule_status: typing.Optional[builtins.str] = None,
     tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
 ) -> None:
@@ -10339,37 +10344,37 @@ def _typecheckingstub__cc6a8a522560219490822e00b9ec3810152de6616cf975f073c37fc9d
     pass
 
 def _typecheckingstub__90988dc6b536563439917056373f7379ca48a864b5a3471a7b3552f6c9b40897(
-    value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnAutomationRule.AutomationRulesActionProperty]]]],
+    value: typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnAutomationRule.AutomationRulesActionProperty]]],
 ) -> None:
     """Type checking stubs"""
     pass
 
 def _typecheckingstub__cc91daff88300654f2c8a9e4e5aad76fd0c26ae9c62e118febc7d1bff9733c5f(
-    value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnAutomationRule.AutomationRulesFindingFiltersProperty]],
+    value: typing.Union[_IResolvable_da3f097b, CfnAutomationRule.AutomationRulesFindingFiltersProperty],
 ) -> None:
     """Type checking stubs"""
     pass
 
 def _typecheckingstub__13e710145ba6564ce42bac7fc3465ec7406a15699f473acd70e62bf605c1f259(
-    value: typing.Optional[builtins.str],
+    value: builtins.str,
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__11031a77a18a3180e3bf703420372155750c7001d9c920558ff50230e0111537(
-    value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+def _typecheckingstub__ffff694fc9dee0bbe561a13e56455e4e3a3b12c8c47e7c20a7fe2e8c13c0725c(
+    value: builtins.str,
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__ffff694fc9dee0bbe561a13e56455e4e3a3b12c8c47e7c20a7fe2e8c13c0725c(
-    value: typing.Optional[builtins.str],
+def _typecheckingstub__db37e60211fd885d4c7d0aa9af521faa3786061d7fa1712b86f54f3646a4738b(
+    value: jsii.Number,
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__db37e60211fd885d4c7d0aa9af521faa3786061d7fa1712b86f54f3646a4738b(
-    value: typing.Optional[jsii.Number],
+def _typecheckingstub__11031a77a18a3180e3bf703420372155750c7001d9c920558ff50230e0111537(
+    value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
 ) -> None:
     """Type checking stubs"""
     pass
@@ -10527,12 +10532,12 @@ def _typecheckingstub__e47be336b722bb880cce3edf7d5752dceac8f243282fcb2bc5094d82b
 
 def _typecheckingstub__221241b44c93ea569fcf69aaaade0ce7cf31b7343bc3d072d74ccd16895d9a2d(
     *,
-    actions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRule.AutomationRulesActionProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
-    criteria: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRule.AutomationRulesFindingFiltersProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
-    description: typing.Optional[builtins.str] = None,
+    actions: typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRule.AutomationRulesActionProperty, typing.Dict[builtins.str, typing.Any]]]]],
+    criteria: typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRule.AutomationRulesFindingFiltersProperty, typing.Dict[builtins.str, typing.Any]]],
+    description: builtins.str,
+    rule_name: builtins.str,
+    rule_order: jsii.Number,
     is_terminal: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
-    rule_name: typing.Optional[builtins.str] = None,
-    rule_order: typing.Optional[jsii.Number] = None,
     rule_status: typing.Optional[builtins.str] = None,
     tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
 ) -> None:

aws_cdk/aws_ses/__init__.py

@@ -9944,6 +9944,7 @@ class CfnReceiptRule(
                         bucket_name="bucketName",
         
                         # the properties below are optional
+                        iam_role_arn="iamRoleArn",
                         kms_key_arn="kmsKeyArn",
                         object_key_prefix="objectKeyPrefix",
                         topic_arn="topicArn"
@@ -10164,6 +10165,7 @@ class CfnReceiptRule(
                         bucket_name="bucketName",
                 
                         # the properties below are optional
+                        iam_role_arn="iamRoleArn",
                         kms_key_arn="kmsKeyArn",
                         object_key_prefix="objectKeyPrefix",
                         topic_arn="topicArn"
@@ -10686,6 +10688,7 @@ class CfnReceiptRule(
                             bucket_name="bucketName",
                 
                             # the properties below are optional
+                            iam_role_arn="iamRoleArn",
                             kms_key_arn="kmsKeyArn",
                             object_key_prefix="objectKeyPrefix",
                             topic_arn="topicArn"
@@ -10826,6 +10829,7 @@ class CfnReceiptRule(
         jsii_struct_bases=[],
         name_mapping={
             "bucket_name": "bucketName",
+            "iam_role_arn": "iamRoleArn",
             "kms_key_arn": "kmsKeyArn",
             "object_key_prefix": "objectKeyPrefix",
             "topic_arn": "topicArn",
@@ -10836,6 +10840,7 @@ class CfnReceiptRule(
             self,
             *,
             bucket_name: builtins.str,
+            iam_role_arn: typing.Optional[builtins.str] = None,
             kms_key_arn: typing.Optional[builtins.str] = None,
             object_key_prefix: typing.Optional[builtins.str] = None,
             topic_arn: typing.Optional[builtins.str] = None,
@@ -10850,6 +10855,7 @@ class CfnReceiptRule(
             For information about specifying Amazon S3 actions in receipt rules, see the `Amazon SES Developer Guide <https://docs.aws.amazon.com/ses/latest/dg/receiving-email-action-s3.html>`_ .
 
             :param bucket_name: The name of the Amazon S3 bucket for incoming email.
+            :param iam_role_arn: The ARN of the IAM role to be used by Amazon Simple Email Service while writing to the Amazon S3 bucket, optionally encrypting your mail via the provided customer managed key, and publishing to the Amazon SNS topic. This role should have access to the following APIs: - ``s3:PutObject`` , ``kms:Encrypt`` and ``kms:GenerateDataKey`` for the given Amazon S3 bucket. - ``kms:GenerateDataKey`` for the given AWS KMS customer managed key. - ``sns:Publish`` for the given Amazon SNS topic. .. epigraph:: If an IAM role ARN is provided, the role (and only the role) is used to access all the given resources (Amazon S3 bucket, AWS KMS customer managed key and Amazon SNS topic). Therefore, setting up individual resource access permissions is not required.
             :param kms_key_arn: The customer managed key that Amazon SES should use to encrypt your emails before saving them to the Amazon S3 bucket. You can use the AWS managed key or a customer managed key that you created in AWS KMS as follows: - To use the AWS managed key, provide an ARN in the form of ``arn:aws:kms:REGION:ACCOUNT-ID-WITHOUT-HYPHENS:alias/aws/ses`` . For example, if your AWS account ID is 123456789012 and you want to use the AWS managed key in the US West (Oregon) Region, the ARN of the AWS managed key would be ``arn:aws:kms:us-west-2:123456789012:alias/aws/ses`` . If you use the AWS managed key, you don't need to perform any extra steps to give Amazon SES permission to use the key. - To use a customer managed key that you created in AWS KMS, provide the ARN of the customer managed key and ensure that you add a statement to your key's policy to give Amazon SES permission to use it. For more information about giving permissions, see the `Amazon SES Developer Guide <https://docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html>`_ . For more information about key policies, see the `AWS KMS Developer Guide <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html>`_ . If you do not specify an AWS KMS key, Amazon SES does not encrypt your emails. .. epigraph:: Your mail is encrypted by Amazon SES using the Amazon S3 encryption client before the mail is submitted to Amazon S3 for storage. It is not encrypted using Amazon S3 server-side encryption. This means that you must use the Amazon S3 encryption client to decrypt the email after retrieving it from Amazon S3, as the service has no access to use your AWS KMS keys for decryption. This encryption client is currently available with the `AWS SDK for Java <https://docs.aws.amazon.com/sdk-for-java/>`_ and `AWS SDK for Ruby <https://docs.aws.amazon.com/sdk-for-ruby/>`_ only. For more information about client-side encryption using AWS KMS managed keys, see the `Amazon S3 Developer Guide <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html>`_ .
             :param object_key_prefix: The key prefix of the Amazon S3 bucket. The key prefix is similar to a directory name that enables you to store similar data under the same directory in a bucket.
             :param topic_arn: The ARN of the Amazon SNS topic to notify when the message is saved to the Amazon S3 bucket. You can find the ARN of a topic by using the `ListTopics <https://docs.aws.amazon.com/sns/latest/api/API_ListTopics.html>`_ operation in Amazon SNS. For more information about Amazon SNS topics, see the `Amazon SNS Developer Guide <https://docs.aws.amazon.com/sns/latest/dg/CreateTopic.html>`_ .
@@ -10867,6 +10873,7 @@ class CfnReceiptRule(
                     bucket_name="bucketName",
                 
                     # the properties below are optional
+                    iam_role_arn="iamRoleArn",
                     kms_key_arn="kmsKeyArn",
                     object_key_prefix="objectKeyPrefix",
                     topic_arn="topicArn"
@@ -10875,12 +10882,15 @@ class CfnReceiptRule(
             if __debug__:
                 type_hints = typing.get_type_hints(_typecheckingstub__39d61a089bfe9f0df546774b89ce5903a571f298fca9c95b6767da42860a40aa)
                 check_type(argname="argument bucket_name", value=bucket_name, expected_type=type_hints["bucket_name"])
+                check_type(argname="argument iam_role_arn", value=iam_role_arn, expected_type=type_hints["iam_role_arn"])
                 check_type(argname="argument kms_key_arn", value=kms_key_arn, expected_type=type_hints["kms_key_arn"])
                 check_type(argname="argument object_key_prefix", value=object_key_prefix, expected_type=type_hints["object_key_prefix"])
                 check_type(argname="argument topic_arn", value=topic_arn, expected_type=type_hints["topic_arn"])
             self._values: typing.Dict[builtins.str, typing.Any] = {
                 "bucket_name": bucket_name,
             }
+            if iam_role_arn is not None:
+                self._values["iam_role_arn"] = iam_role_arn
             if kms_key_arn is not None:
                 self._values["kms_key_arn"] = kms_key_arn
             if object_key_prefix is not None:
@@ -10898,6 +10908,25 @@ class CfnReceiptRule(
             assert result is not None, "Required property 'bucket_name' is missing"
             return typing.cast(builtins.str, result)
 
+        @builtins.property
+        def iam_role_arn(self) -> typing.Optional[builtins.str]:
+            '''The ARN of the IAM role to be used by Amazon Simple Email Service while writing to the Amazon S3 bucket, optionally encrypting your mail via the provided customer managed key, and publishing to the Amazon SNS topic.
+
+            This role should have access to the following APIs:
+
+            - ``s3:PutObject`` , ``kms:Encrypt`` and ``kms:GenerateDataKey`` for the given Amazon S3 bucket.
+            - ``kms:GenerateDataKey`` for the given AWS KMS customer managed key.
+            - ``sns:Publish`` for the given Amazon SNS topic.
+
+            .. epigraph::
+
+               If an IAM role ARN is provided, the role (and only the role) is used to access all the given resources (Amazon S3 bucket, AWS KMS customer managed key and Amazon SNS topic). Therefore, setting up individual resource access permissions is not required.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-receiptrule-s3action.html#cfn-ses-receiptrule-s3action-iamrolearn
+            '''
+            result = self._values.get("iam_role_arn")
+            return typing.cast(typing.Optional[builtins.str], result)
+
         @builtins.property
         def kms_key_arn(self) -> typing.Optional[builtins.str]:
             '''The customer managed key that Amazon SES should use to encrypt your emails before saving them to the Amazon S3 bucket.
@@ -11261,6 +11290,7 @@ class CfnReceiptRuleProps:
                             bucket_name="bucketName",
             
                             # the properties below are optional
+                            iam_role_arn="iamRoleArn",
                             kms_key_arn="kmsKeyArn",
                             object_key_prefix="objectKeyPrefix",
                             topic_arn="topicArn"
@@ -17674,6 +17704,7 @@ def _typecheckingstub__597a4926fee926f01951cda574fa9265912d5bc1c5bf1e98c3410d25d
 def _typecheckingstub__39d61a089bfe9f0df546774b89ce5903a571f298fca9c95b6767da42860a40aa(
     *,
     bucket_name: builtins.str,
+    iam_role_arn: typing.Optional[builtins.str] = None,
     kms_key_arn: typing.Optional[builtins.str] = None,
     object_key_prefix: typing.Optional[builtins.str] = None,
     topic_arn: typing.Optional[builtins.str] = None,