aws-cdk-lib 2.156.0__py3-none-any.whl → 2.158.0__py3-none-any.whl

aws_cdk/__init__.py

@@ -1514,7 +1514,22 @@ import jsii
 import publication
 import typing_extensions
 
-from typeguard import check_type
+import typeguard
+from importlib.metadata import version as _metadata_package_version
+TYPEGUARD_MAJOR_VERSION = int(_metadata_package_version('typeguard').split('.')[0])
+
+def check_type(argname: str, value: object, expected_type: typing.Any) -> typing.Any:
+    if TYPEGUARD_MAJOR_VERSION <= 2:
+        return typeguard.check_type(argname=argname, value=value, expected_type=expected_type) # type:ignore
+    else:
+        if isinstance(value, jsii._reference_map.InterfaceDynamicProxy): # pyright: ignore [reportAttributeAccessIssue]
+           pass
+        else:
+            if TYPEGUARD_MAJOR_VERSION == 3:
+                typeguard.config.collection_check_strategy = typeguard.CollectionCheckStrategy.ALL_ITEMS # type:ignore
+                typeguard.check_type(value=value, expected_type=expected_type) # type:ignore
+            else:
+                typeguard.check_type(value=value, expected_type=expected_type, collection_check_strategy=typeguard.CollectionCheckStrategy.ALL_ITEMS) # type:ignore
 
 from ._jsii import *
 
@@ -6734,7 +6749,7 @@ class CfnPublicTypeVersionProps:
 
         :param arn: The Amazon Resource Number (ARN) of the extension. Conditional: You must specify ``Arn`` , or ``TypeName`` and ``Type`` .
         :param log_delivery_bucket: The S3 bucket to which CloudFormation delivers the contract test execution logs. CloudFormation delivers the logs by the time contract testing has completed and the extension has been assigned a test type status of ``PASSED`` or ``FAILED`` . The user initiating the stack operation must be able to access items in the specified S3 bucket. Specifically, the user needs the following permissions: - GetObject - PutObject For more information, see `Actions, Resources, and Condition Keys for Amazon S3 <https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html>`_ in the *AWS Identity and Access Management User Guide* .
-        :param public_version_number: The version number to assign to this version of the extension. Use the following format, and adhere to semantic versioning when assigning a version number to your extension: ``MAJOR.MINOR.PATCH`` For more information, see `Semantic Versioning 2.0.0 <https://docs.aws.amazon.com/https://semver.org/>`_ . If you don't specify a version number, CloudFormation increments the version number by one minor version release. You cannot specify a version number the first time you publish a type. AWS CloudFormation automatically sets the first version number to be ``1.0.0`` .
+        :param public_version_number: The version number to assign to this version of the extension. Use the following format, and adhere to semantic versioning when assigning a version number to your extension: ``MAJOR.MINOR.PATCH`` For more information, see `Semantic Versioning 2.0.0 <https://docs.aws.amazon.com/https://semver.org/>`_ . If you don't specify a version number, CloudFormation increments the version number by one minor version release. You cannot specify a version number the first time you publish a type. CloudFormation automatically sets the first version number to be ``1.0.0`` .
         :param type: The type of the extension to test. Conditional: You must specify ``Arn`` , or ``TypeName`` and ``Type`` .
         :param type_name: The name of the extension to test. Conditional: You must specify ``Arn`` , or ``TypeName`` and ``Type`` .
 
@@ -6815,7 +6830,7 @@ class CfnPublicTypeVersionProps:
 
         If you don't specify a version number, CloudFormation increments the version number by one minor version release.
 
-        You cannot specify a version number the first time you publish a type. AWS CloudFormation automatically sets the first version number to be ``1.0.0`` .
+        You cannot specify a version number the first time you publish a type. CloudFormation automatically sets the first version number to be ``1.0.0`` .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-publictypeversion.html#cfn-cloudformation-publictypeversion-publicversionnumber
         '''
@@ -6874,7 +6889,7 @@ class CfnPublisherProps:
         '''Properties for defining a ``CfnPublisher``.
 
         :param accept_terms_and_conditions: Whether you accept the `Terms and Conditions <https://docs.aws.amazon.com/https://cloudformation-registry-documents.s3.amazonaws.com/Terms_and_Conditions_for_AWS_CloudFormation_Registry_Publishers.pdf>`_ for publishing extensions in the CloudFormation registry. You must accept the terms and conditions in order to register to publish public extensions to the CloudFormation registry. The default is ``false`` .
-        :param connection_arn: If you are using a Bitbucket or GitHub account for identity verification, the Amazon Resource Name (ARN) for your connection to that account. For more information, see `Registering your account to publish CloudFormation extensions <https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-prereqs>`_ in the *CloudFormation CLI User Guide* .
+        :param connection_arn: If you are using a Bitbucket or GitHub account for identity verification, the Amazon Resource Name (ARN) for your connection to that account. For more information, see `Registering your account to publish CloudFormation extensions <https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-prereqs>`_ in the *AWS CloudFormation Command Line Interface (CLI) User Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-publisher.html
         :exampleMetadata: fixture=_generated
@@ -6918,7 +6933,7 @@ class CfnPublisherProps:
     def connection_arn(self) -> typing.Optional[builtins.str]:
         '''If you are using a Bitbucket or GitHub account for identity verification, the Amazon Resource Name (ARN) for your connection to that account.
 
-        For more information, see `Registering your account to publish CloudFormation extensions <https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-prereqs>`_ in the *CloudFormation CLI User Guide* .
+        For more information, see `Registering your account to publish CloudFormation extensions <https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-prereqs>`_ in the *AWS CloudFormation Command Line Interface (CLI) User Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-publisher.html#cfn-cloudformation-publisher-connectionarn
         '''
@@ -8090,9 +8105,9 @@ class CfnStackProps:
     ) -> None:
         '''Properties for defining a ``CfnStack``.
 
-        :param notification_arns: The Amazon Simple Notification Service (Amazon SNS) topic ARNs to publish stack related events. You can find your Amazon SNS topic ARNs using the Amazon SNS console or your Command Line Interface (CLI).
+        :param notification_arns: The Amazon SNS topic ARNs to publish stack related events. You can find your Amazon SNS topic ARNs using the Amazon SNS console or your Command Line Interface (CLI).
         :param parameters: The set value pairs that represent the parameters passed to CloudFormation when this nested stack is created. Each parameter has a name corresponding to a parameter defined in the embedded template and a value representing the value that you want to set for the parameter. .. epigraph:: If you use the ``Ref`` function to pass a parameter value to a nested stack, comma-delimited list parameters must be of type ``String`` . In other words, you can't pass values that are of type ``CommaDelimitedList`` to nested stacks. Conditional. Required if the nested stack requires input parameters. Whether an update causes interruptions depends on the resources that are being updated. An update never causes a nested stack to be replaced.
-        :param tags: Key-value pairs to associate with this stack. AWS CloudFormation also propagates these tags to the resources created in the stack. A maximum number of 50 tags can be specified.
+        :param tags: Key-value pairs to associate with this stack. CloudFormation also propagates these tags to the resources created in the stack. A maximum number of 50 tags can be specified.
         :param template_url: Location of file containing the template body. The URL must point to a template (max size: 460,800 bytes) that's located in an Amazon S3 bucket. For more information, see `Template anatomy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html>`_ . Whether an update causes interruptions depends on the resources that are being updated. An update never causes a nested stack to be replaced.
         :param timeout_in_minutes: The length of time, in minutes, that CloudFormation waits for the nested stack to reach the ``CREATE_COMPLETE`` state. The default is no timeout. When CloudFormation detects that the nested stack has reached the ``CREATE_COMPLETE`` state, it marks the nested stack resource as ``CREATE_COMPLETE`` in the parent stack and resumes creating the parent stack. If the timeout period expires before the nested stack reaches ``CREATE_COMPLETE`` , CloudFormation marks the nested stack as failed and rolls back both the nested stack and parent stack. Updates aren't supported.
 
@@ -8139,7 +8154,7 @@ class CfnStackProps:
 
     @builtins.property
     def notification_arns(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''The Amazon Simple Notification Service (Amazon SNS) topic ARNs to publish stack related events.
+        '''The Amazon SNS topic ARNs to publish stack related events.
 
         You can find your Amazon SNS topic ARNs using the Amazon SNS console or your Command Line Interface (CLI).
 
@@ -8172,7 +8187,7 @@ class CfnStackProps:
     def tags(self) -> typing.Optional[typing.List["CfnTag"]]:
         '''Key-value pairs to associate with this stack.
 
-        AWS CloudFormation also propagates these tags to the resources created in the stack. A maximum number of 50 tags can be specified.
+        CloudFormation also propagates these tags to the resources created in the stack. A maximum number of 50 tags can be specified.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stack.html#cfn-cloudformation-stack-tags
         '''
@@ -8272,7 +8287,7 @@ class CfnStackSetProps:
         :param operation_preferences: The user-specified preferences for how AWS CloudFormation performs a stack set operation.
         :param parameters: The input parameters for the stack set template.
         :param stack_instances_group: A group of stack instances with parameters in some specific accounts and Regions.
-        :param tags: Key-value pairs to associate with this stack. AWS CloudFormation also propagates these tags to supported resources in the stack. You can specify a maximum number of 50 tags. If you don't specify this parameter, AWS CloudFormation doesn't modify the stack's tags. If you specify an empty value, AWS CloudFormation removes all associated tags.
+        :param tags: Key-value pairs to associate with this stack. CloudFormation also propagates these tags to supported resources in the stack. You can specify a maximum number of 50 tags. If you don't specify this parameter, CloudFormation doesn't modify the stack's tags. If you specify an empty value, CloudFormation removes all associated tags.
         :param template_body: The structure that contains the template body, with a minimum length of 1 byte and a maximum length of 51,200 bytes. You must include either ``TemplateURL`` or ``TemplateBody`` in a StackSet, but you can't use both. Dynamic references in the ``TemplateBody`` may not work correctly in all cases. It's recommended to pass templates containing dynamic references through ``TemplateUrl`` instead.
         :param template_url: Location of file containing the template body. The URL must point to a template that's located in an Amazon S3 bucket or a Systems Manager document. For more information, go to `Template Anatomy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html>`_ in the AWS CloudFormation User Guide. Conditional: You must specify only one of the following parameters: ``TemplateBody`` , ``TemplateURL`` .
 
@@ -8558,9 +8573,9 @@ class CfnStackSetProps:
     def tags(self) -> typing.Optional[typing.List["CfnTag"]]:
         '''Key-value pairs to associate with this stack.
 
-        AWS CloudFormation also propagates these tags to supported resources in the stack. You can specify a maximum number of 50 tags.
+        CloudFormation also propagates these tags to supported resources in the stack. You can specify a maximum number of 50 tags.
 
-        If you don't specify this parameter, AWS CloudFormation doesn't modify the stack's tags. If you specify an empty value, AWS CloudFormation removes all associated tags.
+        If you don't specify this parameter, CloudFormation doesn't modify the stack's tags. If you specify an empty value, CloudFormation removes all associated tags.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-stackset.html#cfn-cloudformation-stackset-tags
         '''
@@ -28324,7 +28339,7 @@ class CfnModuleVersion(
     def attr_schema(self) -> builtins.str:
         '''The schema that defines the extension.
 
-        For more information about extension schemas, see `Resource Provider Schema <https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-schema.html>`_ in the *CloudFormation CLI User Guide* .
+        For more information about extension schemas, see `Resource Provider Schema <https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-schema.html>`_ in the *AWS CloudFormation Command Line Interface (CLI) User Guide* .
 
         :cloudformationAttribute: Schema
         '''
@@ -28355,7 +28370,7 @@ class CfnModuleVersion(
 
         Valid values include:
 
-        - ``PRIVATE`` : The extension is only visible and usable within the account in which it is registered. AWS CloudFormation marks any extensions you register as ``PRIVATE`` .
+        - ``PRIVATE`` : The extension is only visible and usable within the account in which it is registered. CloudFormation marks any extensions you register as ``PRIVATE`` .
         - ``PUBLIC`` : The extension is publicly visible and usable within any AWS account.
 
         :cloudformationAttribute: Visibility
@@ -28450,7 +28465,7 @@ class CfnPublicTypeVersion(
         :param id: Construct identifier for this resource (unique in its scope).
         :param arn: The Amazon Resource Number (ARN) of the extension. Conditional: You must specify ``Arn`` , or ``TypeName`` and ``Type`` .
         :param log_delivery_bucket: The S3 bucket to which CloudFormation delivers the contract test execution logs. CloudFormation delivers the logs by the time contract testing has completed and the extension has been assigned a test type status of ``PASSED`` or ``FAILED`` . The user initiating the stack operation must be able to access items in the specified S3 bucket. Specifically, the user needs the following permissions: - GetObject - PutObject For more information, see `Actions, Resources, and Condition Keys for Amazon S3 <https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html>`_ in the *AWS Identity and Access Management User Guide* .
-        :param public_version_number: The version number to assign to this version of the extension. Use the following format, and adhere to semantic versioning when assigning a version number to your extension: ``MAJOR.MINOR.PATCH`` For more information, see `Semantic Versioning 2.0.0 <https://docs.aws.amazon.com/https://semver.org/>`_ . If you don't specify a version number, CloudFormation increments the version number by one minor version release. You cannot specify a version number the first time you publish a type. AWS CloudFormation automatically sets the first version number to be ``1.0.0`` .
+        :param public_version_number: The version number to assign to this version of the extension. Use the following format, and adhere to semantic versioning when assigning a version number to your extension: ``MAJOR.MINOR.PATCH`` For more information, see `Semantic Versioning 2.0.0 <https://docs.aws.amazon.com/https://semver.org/>`_ . If you don't specify a version number, CloudFormation increments the version number by one minor version release. You cannot specify a version number the first time you publish a type. CloudFormation automatically sets the first version number to be ``1.0.0`` .
         :param type: The type of the extension to test. Conditional: You must specify ``Arn`` , or ``TypeName`` and ``Type`` .
         :param type_name: The name of the extension to test. Conditional: You must specify ``Arn`` , or ``TypeName`` and ``Type`` .
         '''
@@ -28640,7 +28655,7 @@ class CfnPublisher(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param accept_terms_and_conditions: Whether you accept the `Terms and Conditions <https://docs.aws.amazon.com/https://cloudformation-registry-documents.s3.amazonaws.com/Terms_and_Conditions_for_AWS_CloudFormation_Registry_Publishers.pdf>`_ for publishing extensions in the CloudFormation registry. You must accept the terms and conditions in order to register to publish public extensions to the CloudFormation registry. The default is ``false`` .
-        :param connection_arn: If you are using a Bitbucket or GitHub account for identity verification, the Amazon Resource Name (ARN) for your connection to that account. For more information, see `Registering your account to publish CloudFormation extensions <https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-prereqs>`_ in the *CloudFormation CLI User Guide* .
+        :param connection_arn: If you are using a Bitbucket or GitHub account for identity verification, the Amazon Resource Name (ARN) for your connection to that account. For more information, see `Registering your account to publish CloudFormation extensions <https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-prereqs>`_ in the *AWS CloudFormation Command Line Interface (CLI) User Guide* .
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__5fe0cee8381373f35262956f781df87f6ffe5ce00d266fa1a0f22ce9b68aaac6)
@@ -29022,7 +29037,7 @@ class CfnResourceVersion(
     def attr_provisioning_type(self) -> builtins.str:
         '''For resource type extensions, the provisioning behavior of the resource type.
 
-        AWS CloudFormation determines the provisioning type during registration, based on the types of handlers in the schema handler package submitted.
+        CloudFormation determines the provisioning type during registration, based on the types of handlers in the schema handler package submitted.
 
         Valid values include:
 
@@ -29066,7 +29081,7 @@ class CfnResourceVersion(
 
         Valid values include:
 
-        - ``PRIVATE`` : The extension is only visible and usable within the account in which it is registered. AWS CloudFormation marks any extensions you register as ``PRIVATE`` .
+        - ``PRIVATE`` : The extension is only visible and usable within the account in which it is registered. CloudFormation marks any extensions you register as ``PRIVATE`` .
         - ``PUBLIC`` : The extension is publicly visible and usable within any AWS account.
 
         :cloudformationAttribute: Visibility
@@ -29290,9 +29305,9 @@ class CfnStack(CfnResource, metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.CfnS
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param notification_arns: The Amazon Simple Notification Service (Amazon SNS) topic ARNs to publish stack related events. You can find your Amazon SNS topic ARNs using the Amazon SNS console or your Command Line Interface (CLI).
+        :param notification_arns: The Amazon SNS topic ARNs to publish stack related events. You can find your Amazon SNS topic ARNs using the Amazon SNS console or your Command Line Interface (CLI).
         :param parameters: The set value pairs that represent the parameters passed to CloudFormation when this nested stack is created. Each parameter has a name corresponding to a parameter defined in the embedded template and a value representing the value that you want to set for the parameter. .. epigraph:: If you use the ``Ref`` function to pass a parameter value to a nested stack, comma-delimited list parameters must be of type ``String`` . In other words, you can't pass values that are of type ``CommaDelimitedList`` to nested stacks. Conditional. Required if the nested stack requires input parameters. Whether an update causes interruptions depends on the resources that are being updated. An update never causes a nested stack to be replaced.
-        :param tags: Key-value pairs to associate with this stack. AWS CloudFormation also propagates these tags to the resources created in the stack. A maximum number of 50 tags can be specified.
+        :param tags: Key-value pairs to associate with this stack. CloudFormation also propagates these tags to the resources created in the stack. A maximum number of 50 tags can be specified.
         :param template_url: Location of file containing the template body. The URL must point to a template (max size: 460,800 bytes) that's located in an Amazon S3 bucket. For more information, see `Template anatomy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html>`_ . Whether an update causes interruptions depends on the resources that are being updated. An update never causes a nested stack to be replaced.
         :param timeout_in_minutes: The length of time, in minutes, that CloudFormation waits for the nested stack to reach the ``CREATE_COMPLETE`` state. The default is no timeout. When CloudFormation detects that the nested stack has reached the ``CREATE_COMPLETE`` state, it marks the nested stack resource as ``CREATE_COMPLETE`` in the parent stack and resumes creating the parent stack. If the timeout period expires before the nested stack reaches ``CREATE_COMPLETE`` , CloudFormation marks the nested stack as failed and rolls back both the nested stack and parent stack. Updates aren't supported.
         '''
@@ -29434,7 +29449,7 @@ class CfnStack(CfnResource, metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.CfnS
     @builtins.property
     @jsii.member(jsii_name="notificationArns")
     def notification_arns(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''The Amazon Simple Notification Service (Amazon SNS) topic ARNs to publish stack related events.'''
+        '''The Amazon SNS topic ARNs to publish stack related events.'''
         return typing.cast(typing.Optional[typing.List[builtins.str]], jsii.get(self, "notificationArns"))
 
     @notification_arns.setter
@@ -29723,7 +29738,7 @@ class CfnStackSet(
         :param operation_preferences: The user-specified preferences for how AWS CloudFormation performs a stack set operation.
         :param parameters: The input parameters for the stack set template.
         :param stack_instances_group: A group of stack instances with parameters in some specific accounts and Regions.
-        :param tags: Key-value pairs to associate with this stack. AWS CloudFormation also propagates these tags to supported resources in the stack. You can specify a maximum number of 50 tags. If you don't specify this parameter, AWS CloudFormation doesn't modify the stack's tags. If you specify an empty value, AWS CloudFormation removes all associated tags.
+        :param tags: Key-value pairs to associate with this stack. CloudFormation also propagates these tags to supported resources in the stack. You can specify a maximum number of 50 tags. If you don't specify this parameter, CloudFormation doesn't modify the stack's tags. If you specify an empty value, CloudFormation removes all associated tags.
         :param template_body: The structure that contains the template body, with a minimum length of 1 byte and a maximum length of 51,200 bytes. You must include either ``TemplateURL`` or ``TemplateBody`` in a StackSet, but you can't use both. Dynamic references in the ``TemplateBody`` may not work correctly in all cases. It's recommended to pass templates containing dynamic references through ``TemplateUrl`` instead.
         :param template_url: Location of file containing the template body. The URL must point to a template that's located in an Amazon S3 bucket or a Systems Manager document. For more information, go to `Template Anatomy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html>`_ in the AWS CloudFormation User Guide. Conditional: You must specify only one of the following parameters: ``TemplateBody`` , ``TemplateURL`` .
         '''
@@ -30652,7 +30667,7 @@ class CfnTypeActivation(
 
     For more information, see `Using public extensions <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html>`_ in the *AWS CloudFormation User Guide* .
 
-    Once you have activated a public third-party extension in your account and Region, use `SetTypeConfiguration <https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html>`_ to specify configuration properties for the extension. For more information, see `Configuring extensions at the account level <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-private.html#registry-set-configuration>`_ in the *CloudFormation User Guide* .
+    Once you have activated a public third-party extension in your account and Region, use `SetTypeConfiguration <https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html>`_ to specify configuration properties for the extension. For more information, see `Configuring extensions at the account level <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-private.html#registry-set-configuration>`_ in the *AWS CloudFormation User Guide* .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-typeactivation.html
     :cloudformationResource: AWS::CloudFormation::TypeActivation
@@ -33931,6 +33946,7 @@ __all__ = [
     "aws_panorama",
     "aws_paymentcryptography",
     "aws_pcaconnectorad",
+    "aws_pcaconnectorscep",
     "aws_personalize",
     "aws_pinpoint",
     "aws_pinpointemail",
@@ -33986,6 +34002,7 @@ __all__ = [
     "aws_ssm",
     "aws_ssmcontacts",
     "aws_ssmincidents",
+    "aws_ssmquicksetup",
     "aws_sso",
     "aws_stepfunctions",
     "aws_stepfunctions_tasks",
@@ -34217,6 +34234,7 @@ from . import aws_osis
 from . import aws_panorama
 from . import aws_paymentcryptography
 from . import aws_pcaconnectorad
+from . import aws_pcaconnectorscep
 from . import aws_personalize
 from . import aws_pinpoint
 from . import aws_pinpointemail
@@ -34272,6 +34290,7 @@ from . import aws_sqs
 from . import aws_ssm
 from . import aws_ssmcontacts
 from . import aws_ssmincidents
+from . import aws_ssmquicksetup
 from . import aws_sso
 from . import aws_stepfunctions
 from . import aws_stepfunctions_tasks

aws_cdk/_jsii/__init__.py

@@ -11,7 +11,22 @@ import jsii
 import publication
 import typing_extensions
 
-from typeguard import check_type
+import typeguard
+from importlib.metadata import version as _metadata_package_version
+TYPEGUARD_MAJOR_VERSION = int(_metadata_package_version('typeguard').split('.')[0])
+
+def check_type(argname: str, value: object, expected_type: typing.Any) -> typing.Any:
+    if TYPEGUARD_MAJOR_VERSION <= 2:
+        return typeguard.check_type(argname=argname, value=value, expected_type=expected_type) # type:ignore
+    else:
+        if isinstance(value, jsii._reference_map.InterfaceDynamicProxy): # pyright: ignore [reportAttributeAccessIssue]
+           pass
+        else:
+            if TYPEGUARD_MAJOR_VERSION == 3:
+                typeguard.config.collection_check_strategy = typeguard.CollectionCheckStrategy.ALL_ITEMS # type:ignore
+                typeguard.check_type(value=value, expected_type=expected_type) # type:ignore
+            else:
+                typeguard.check_type(value=value, expected_type=expected_type, collection_check_strategy=typeguard.CollectionCheckStrategy.ALL_ITEMS) # type:ignore
 
 import aws_cdk.asset_awscli_v1._jsii
 import aws_cdk.asset_kubectl_v20._jsii
@@ -20,7 +35,7 @@ import aws_cdk.cloud_assembly_schema._jsii
 import constructs._jsii
 
 __jsii_assembly__ = jsii.JSIIAssembly.load(
-    "aws-cdk-lib", "2.156.0", __name__[0:-6], "aws-cdk-lib@2.156.0.jsii.tgz"
+    "aws-cdk-lib", "2.158.0", __name__[0:-6], "aws-cdk-lib@2.158.0.jsii.tgz"
 )
 
 __all__ = [

aws_cdk/alexa_ask/__init__.py

@@ -38,7 +38,22 @@ import jsii
 import publication
 import typing_extensions
 
-from typeguard import check_type
+import typeguard
+from importlib.metadata import version as _metadata_package_version
+TYPEGUARD_MAJOR_VERSION = int(_metadata_package_version('typeguard').split('.')[0])
+
+def check_type(argname: str, value: object, expected_type: typing.Any) -> typing.Any:
+    if TYPEGUARD_MAJOR_VERSION <= 2:
+        return typeguard.check_type(argname=argname, value=value, expected_type=expected_type) # type:ignore
+    else:
+        if isinstance(value, jsii._reference_map.InterfaceDynamicProxy): # pyright: ignore [reportAttributeAccessIssue]
+           pass
+        else:
+            if TYPEGUARD_MAJOR_VERSION == 3:
+                typeguard.config.collection_check_strategy = typeguard.CollectionCheckStrategy.ALL_ITEMS # type:ignore
+                typeguard.check_type(value=value, expected_type=expected_type) # type:ignore
+            else:
+                typeguard.check_type(value=value, expected_type=expected_type, collection_check_strategy=typeguard.CollectionCheckStrategy.ALL_ITEMS) # type:ignore
 
 from .._jsii import *
 

aws_cdk/assertions/__init__.py

@@ -650,7 +650,22 @@ import jsii
 import publication
 import typing_extensions
 
-from typeguard import check_type
+import typeguard
+from importlib.metadata import version as _metadata_package_version
+TYPEGUARD_MAJOR_VERSION = int(_metadata_package_version('typeguard').split('.')[0])
+
+def check_type(argname: str, value: object, expected_type: typing.Any) -> typing.Any:
+    if TYPEGUARD_MAJOR_VERSION <= 2:
+        return typeguard.check_type(argname=argname, value=value, expected_type=expected_type) # type:ignore
+    else:
+        if isinstance(value, jsii._reference_map.InterfaceDynamicProxy): # pyright: ignore [reportAttributeAccessIssue]
+           pass
+        else:
+            if TYPEGUARD_MAJOR_VERSION == 3:
+                typeguard.config.collection_check_strategy = typeguard.CollectionCheckStrategy.ALL_ITEMS # type:ignore
+                typeguard.check_type(value=value, expected_type=expected_type) # type:ignore
+            else:
+                typeguard.check_type(value=value, expected_type=expected_type, collection_check_strategy=typeguard.CollectionCheckStrategy.ALL_ITEMS) # type:ignore
 
 from .._jsii import *
 

aws_cdk/aws_accessanalyzer/__init__.py

@@ -38,7 +38,22 @@ import jsii
 import publication
 import typing_extensions
 
-from typeguard import check_type
+import typeguard
+from importlib.metadata import version as _metadata_package_version
+TYPEGUARD_MAJOR_VERSION = int(_metadata_package_version('typeguard').split('.')[0])
+
+def check_type(argname: str, value: object, expected_type: typing.Any) -> typing.Any:
+    if TYPEGUARD_MAJOR_VERSION <= 2:
+        return typeguard.check_type(argname=argname, value=value, expected_type=expected_type) # type:ignore
+    else:
+        if isinstance(value, jsii._reference_map.InterfaceDynamicProxy): # pyright: ignore [reportAttributeAccessIssue]
+           pass
+        else:
+            if TYPEGUARD_MAJOR_VERSION == 3:
+                typeguard.config.collection_check_strategy = typeguard.CollectionCheckStrategy.ALL_ITEMS # type:ignore
+                typeguard.check_type(value=value, expected_type=expected_type) # type:ignore
+            else:
+                typeguard.check_type(value=value, expected_type=expected_type, collection_check_strategy=typeguard.CollectionCheckStrategy.ALL_ITEMS) # type:ignore
 
 from .._jsii import *
 

aws_cdk/aws_acmpca/__init__.py

@@ -69,7 +69,22 @@ import jsii
 import publication
 import typing_extensions
 
-from typeguard import check_type
+import typeguard
+from importlib.metadata import version as _metadata_package_version
+TYPEGUARD_MAJOR_VERSION = int(_metadata_package_version('typeguard').split('.')[0])
+
+def check_type(argname: str, value: object, expected_type: typing.Any) -> typing.Any:
+    if TYPEGUARD_MAJOR_VERSION <= 2:
+        return typeguard.check_type(argname=argname, value=value, expected_type=expected_type) # type:ignore
+    else:
+        if isinstance(value, jsii._reference_map.InterfaceDynamicProxy): # pyright: ignore [reportAttributeAccessIssue]
+           pass
+        else:
+            if TYPEGUARD_MAJOR_VERSION == 3:
+                typeguard.config.collection_check_strategy = typeguard.CollectionCheckStrategy.ALL_ITEMS # type:ignore
+                typeguard.check_type(value=value, expected_type=expected_type) # type:ignore
+            else:
+                typeguard.check_type(value=value, expected_type=expected_type, collection_check_strategy=typeguard.CollectionCheckStrategy.ALL_ITEMS) # type:ignore
 
 from .._jsii import *
 
@@ -2297,7 +2312,7 @@ class CfnCertificateAuthority(
         :param type: Type of your private CA.
         :param csr_extensions: Specifies information to be added to the extension section of the certificate signing request (CSR).
         :param key_storage_security_standard: Specifies a cryptographic key management compliance standard used for handling CA keys. Default: FIPS_140_2_LEVEL_3_OR_HIGHER .. epigraph:: Some AWS Regions do not support the default. When creating a CA in these Regions, you must provide ``FIPS_140_2_LEVEL_2_OR_HIGHER`` as the argument for ``KeyStorageSecurityStandard`` . Failure to do this results in an ``InvalidArgsException`` with the message, "A certificate authority cannot be created in this region with the specified security standard." For information about security standard support in various Regions, see `Storage and security compliance of AWS Private CA private keys <https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys>`_ .
-        :param revocation_configuration: Certificate revocation information used by the `CreateCertificateAuthority <https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html>`_ and `UpdateCertificateAuthority <https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html>`_ actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see `RevokeCertificate <https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html>`_ in the *AWS Private CA API Reference* and `Setting up a certificate revocation method <https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html>`_ in the *AWS Private CA User Guide* . .. epigraph:: The following requirements apply to revocation configurations. - A configuration disabling CRLs or OCSP must contain only the ``Enabled=False`` parameter, and will fail if other parameters such as ``CustomCname`` or ``ExpirationInDays`` are included. - In a CRL configuration, the ``S3BucketName`` parameter must conform to the `Amazon S3 bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html>`_ . - A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to `RFC2396 <https://docs.aws.amazon.com/https://www.ietf.org/rfc/rfc2396.txt>`_ restrictions on the use of special characters in a CNAME. - In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://".
+        :param revocation_configuration: Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.
         :param tags: Key-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see `Controlling Access Using IAM Tags <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html>`_ .
         :param usage_mode: Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. The default value is GENERAL_PURPOSE.
         '''
@@ -2474,7 +2489,7 @@ class CfnCertificateAuthority(
     def revocation_configuration(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnCertificateAuthority.RevocationConfigurationProperty"]]:
-        '''Certificate revocation information used by the `CreateCertificateAuthority <https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html>`_ and `UpdateCertificateAuthority <https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html>`_ actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see `RevokeCertificate <https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html>`_ in the *AWS Private CA API Reference* and `Setting up a certificate revocation method <https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html>`_ in the *AWS Private CA User Guide* .'''
+        '''Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnCertificateAuthority.RevocationConfigurationProperty"]], jsii.get(self, "revocationConfiguration"))
 
     @revocation_configuration.setter
@@ -2714,10 +2729,7 @@ class CfnCertificateAuthority(
             "enabled": "enabled",
             "crl_distribution_point_extension_configuration": "crlDistributionPointExtensionConfiguration",
             "custom_cname": "customCname",
-            "custom_path": "customPath",
             "expiration_in_days": "expirationInDays",
-            "partitioning_enabled": "partitioningEnabled",
-            "retain_expired_certificates": "retainExpiredCertificates",
             "s3_bucket_name": "s3BucketName",
             "s3_object_acl": "s3ObjectAcl",
         },
@@ -2729,10 +2741,7 @@ class CfnCertificateAuthority(
             enabled: typing.Union[builtins.bool, _IResolvable_da3f097b],
             crl_distribution_point_extension_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnCertificateAuthority.CrlDistributionPointExtensionConfigurationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             custom_cname: typing.Optional[builtins.str] = None,
-            custom_path: typing.Optional[builtins.str] = None,
             expiration_in_days: typing.Optional[jsii.Number] = None,
-            partitioning_enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
-            retain_expired_certificates: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
             s3_bucket_name: typing.Optional[builtins.str] = None,
             s3_object_acl: typing.Optional[builtins.str] = None,
         ) -> None:
@@ -2773,10 +2782,7 @@ class CfnCertificateAuthority(
             :param enabled: Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this value to enable certificate revocation for a new CA when you call the ``CreateCertificateAuthority`` operation or for an existing CA when you call the ``UpdateCertificateAuthority`` operation.
             :param crl_distribution_point_extension_configuration: Configures the default behavior of the CRL Distribution Point extension for certificates issued by your CA. If this field is not provided, then the CRL Distribution Point extension will be present and contain the default CRL URL.
             :param custom_cname: Name inserted into the certificate *CRL Distribution Points* extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. .. epigraph:: The content of a Canonical Name (CNAME) record must conform to `RFC2396 <https://docs.aws.amazon.com/https://www.ietf.org/rfc/rfc2396.txt>`_ restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".
-            :param custom_path: 
             :param expiration_in_days: Validity period of the CRL in days.
-            :param partitioning_enabled: 
-            :param retain_expired_certificates: 
             :param s3_bucket_name: Name of the S3 bucket that contains the CRL. If you do not provide a value for the *CustomCname* argument, the name of your S3 bucket is placed into the *CRL Distribution Points* extension of the issued certificate. You can change the name of your bucket by calling the `UpdateCertificateAuthority <https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html>`_ operation. You must specify a `bucket policy <https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-policies>`_ that allows AWS Private CA to write the CRL to your bucket. .. epigraph:: The ``S3BucketName`` parameter must conform to the `S3 bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html>`_ .
             :param s3_object_acl: Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access. If no value is specified, the default is PUBLIC_READ. *Note:* This default can cause CA creation to fail in some circumstances. If you have have enabled the Block Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as ``BUCKET_OWNER_FULL_CONTROL`` , and not doing so results in an error. If you have disabled BPA in S3, then you can specify either ``BUCKET_OWNER_FULL_CONTROL`` or ``PUBLIC_READ`` as the value. For more information, see `Blocking public access to the S3 bucket <https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-bpa>`_ .
 
@@ -2797,10 +2803,7 @@ class CfnCertificateAuthority(
                         omit_extension=False
                     ),
                     custom_cname="customCname",
-                    custom_path="customPath",
                     expiration_in_days=123,
-                    partitioning_enabled=False,
-                    retain_expired_certificates=False,
                     s3_bucket_name="s3BucketName",
                     s3_object_acl="s3ObjectAcl"
                 )
@@ -2810,10 +2813,7 @@ class CfnCertificateAuthority(
                 check_type(argname="argument enabled", value=enabled, expected_type=type_hints["enabled"])
                 check_type(argname="argument crl_distribution_point_extension_configuration", value=crl_distribution_point_extension_configuration, expected_type=type_hints["crl_distribution_point_extension_configuration"])
                 check_type(argname="argument custom_cname", value=custom_cname, expected_type=type_hints["custom_cname"])
-                check_type(argname="argument custom_path", value=custom_path, expected_type=type_hints["custom_path"])
                 check_type(argname="argument expiration_in_days", value=expiration_in_days, expected_type=type_hints["expiration_in_days"])
-                check_type(argname="argument partitioning_enabled", value=partitioning_enabled, expected_type=type_hints["partitioning_enabled"])
-                check_type(argname="argument retain_expired_certificates", value=retain_expired_certificates, expected_type=type_hints["retain_expired_certificates"])
                 check_type(argname="argument s3_bucket_name", value=s3_bucket_name, expected_type=type_hints["s3_bucket_name"])
                 check_type(argname="argument s3_object_acl", value=s3_object_acl, expected_type=type_hints["s3_object_acl"])
             self._values: typing.Dict[builtins.str, typing.Any] = {
@@ -2823,14 +2823,8 @@ class CfnCertificateAuthority(
                 self._values["crl_distribution_point_extension_configuration"] = crl_distribution_point_extension_configuration
             if custom_cname is not None:
                 self._values["custom_cname"] = custom_cname
-            if custom_path is not None:
-                self._values["custom_path"] = custom_path
             if expiration_in_days is not None:
                 self._values["expiration_in_days"] = expiration_in_days
-            if partitioning_enabled is not None:
-                self._values["partitioning_enabled"] = partitioning_enabled
-            if retain_expired_certificates is not None:
-                self._values["retain_expired_certificates"] = retain_expired_certificates
             if s3_bucket_name is not None:
                 self._values["s3_bucket_name"] = s3_bucket_name
             if s3_object_acl is not None:
@@ -2875,14 +2869,6 @@ class CfnCertificateAuthority(
             result = self._values.get("custom_cname")
             return typing.cast(typing.Optional[builtins.str], result)
 
-        @builtins.property
-        def custom_path(self) -> typing.Optional[builtins.str]:
-            '''
-            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-crlconfiguration.html#cfn-acmpca-certificateauthority-crlconfiguration-custompath
-            '''
-            result = self._values.get("custom_path")
-            return typing.cast(typing.Optional[builtins.str], result)
-
         @builtins.property
         def expiration_in_days(self) -> typing.Optional[jsii.Number]:
             '''Validity period of the CRL in days.
@@ -2892,26 +2878,6 @@ class CfnCertificateAuthority(
             result = self._values.get("expiration_in_days")
             return typing.cast(typing.Optional[jsii.Number], result)
 
-        @builtins.property
-        def partitioning_enabled(
-            self,
-        ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-            '''
-            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-crlconfiguration.html#cfn-acmpca-certificateauthority-crlconfiguration-partitioningenabled
-            '''
-            result = self._values.get("partitioning_enabled")
-            return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
-
-        @builtins.property
-        def retain_expired_certificates(
-            self,
-        ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-            '''
-            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-crlconfiguration.html#cfn-acmpca-certificateauthority-crlconfiguration-retainexpiredcertificates
-            '''
-            result = self._values.get("retain_expired_certificates")
-            return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
-
         @builtins.property
         def s3_bucket_name(self) -> typing.Optional[builtins.str]:
             '''Name of the S3 bucket that contains the CRL.
@@ -3882,14 +3848,13 @@ class CfnCertificateAuthority(
         ) -> None:
             '''Certificate revocation information used by the `CreateCertificateAuthority <https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html>`_ and `UpdateCertificateAuthority <https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html>`_ actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see `RevokeCertificate <https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html>`_ in the *AWS Private CA API Reference* and `Setting up a certificate revocation method <https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html>`_ in the *AWS Private CA User Guide* .
 
-            .. epigraph::
-
-               The following requirements apply to revocation configurations.
+            The following requirements and constraints apply to revocation configurations.
 
-               - A configuration disabling CRLs or OCSP must contain only the ``Enabled=False`` parameter, and will fail if other parameters such as ``CustomCname`` or ``ExpirationInDays`` are included.
-               - In a CRL configuration, the ``S3BucketName`` parameter must conform to the `Amazon S3 bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html>`_ .
-               - A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to `RFC2396 <https://docs.aws.amazon.com/https://www.ietf.org/rfc/rfc2396.txt>`_ restrictions on the use of special characters in a CNAME.
-               - In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://".
+            - A configuration disabling CRLs or OCSP must contain only the ``Enabled=False`` parameter, and will fail if other parameters such as ``CustomCname`` or ``ExpirationInDays`` are included.
+            - In a CRL configuration, the ``S3BucketName`` parameter must conform to the `Amazon S3 bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html>`_ .
+            - A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to `RFC2396 <https://docs.aws.amazon.com/https://www.ietf.org/rfc/rfc2396.txt>`_ restrictions on the use of special characters in a CNAME.
+            - In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://".
+            - To revoke a certificate, delete the resource from your template, and call the AWS Private CA `RevokeCertificate <https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html>`_ API and specify the resource's certificate authority ARN.
 
             :param crl_configuration: Configuration of the certificate revocation list (CRL), if any, maintained by your private CA.
             :param ocsp_configuration: Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by your private CA.
@@ -3912,10 +3877,7 @@ class CfnCertificateAuthority(
                             omit_extension=False
                         ),
                         custom_cname="customCname",
-                        custom_path="customPath",
                         expiration_in_days=123,
-                        partitioning_enabled=False,
-                        retain_expired_certificates=False,
                         s3_bucket_name="s3BucketName",
                         s3_object_acl="s3ObjectAcl"
                     ),
@@ -4569,7 +4531,7 @@ class CfnCertificateAuthorityProps:
         :param type: Type of your private CA.
         :param csr_extensions: Specifies information to be added to the extension section of the certificate signing request (CSR).
         :param key_storage_security_standard: Specifies a cryptographic key management compliance standard used for handling CA keys. Default: FIPS_140_2_LEVEL_3_OR_HIGHER .. epigraph:: Some AWS Regions do not support the default. When creating a CA in these Regions, you must provide ``FIPS_140_2_LEVEL_2_OR_HIGHER`` as the argument for ``KeyStorageSecurityStandard`` . Failure to do this results in an ``InvalidArgsException`` with the message, "A certificate authority cannot be created in this region with the specified security standard." For information about security standard support in various Regions, see `Storage and security compliance of AWS Private CA private keys <https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys>`_ .
-        :param revocation_configuration: Certificate revocation information used by the `CreateCertificateAuthority <https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html>`_ and `UpdateCertificateAuthority <https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html>`_ actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see `RevokeCertificate <https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html>`_ in the *AWS Private CA API Reference* and `Setting up a certificate revocation method <https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html>`_ in the *AWS Private CA User Guide* . .. epigraph:: The following requirements apply to revocation configurations. - A configuration disabling CRLs or OCSP must contain only the ``Enabled=False`` parameter, and will fail if other parameters such as ``CustomCname`` or ``ExpirationInDays`` are included. - In a CRL configuration, the ``S3BucketName`` parameter must conform to the `Amazon S3 bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html>`_ . - A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to `RFC2396 <https://docs.aws.amazon.com/https://www.ietf.org/rfc/rfc2396.txt>`_ restrictions on the use of special characters in a CNAME. - In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://".
+        :param revocation_configuration: Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.
         :param tags: Key-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see `Controlling Access Using IAM Tags <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html>`_ .
         :param usage_mode: Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. The default value is GENERAL_PURPOSE.
 
@@ -4705,16 +4667,7 @@ class CfnCertificateAuthorityProps:
     def revocation_configuration(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnCertificateAuthority.RevocationConfigurationProperty]]:
-        '''Certificate revocation information used by the `CreateCertificateAuthority <https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html>`_ and `UpdateCertificateAuthority <https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html>`_ actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see `RevokeCertificate <https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html>`_ in the *AWS Private CA API Reference* and `Setting up a certificate revocation method <https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html>`_ in the *AWS Private CA User Guide* .
-
-        .. epigraph::
-
-           The following requirements apply to revocation configurations.
-
-           - A configuration disabling CRLs or OCSP must contain only the ``Enabled=False`` parameter, and will fail if other parameters such as ``CustomCname`` or ``ExpirationInDays`` are included.
-           - In a CRL configuration, the ``S3BucketName`` parameter must conform to the `Amazon S3 bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html>`_ .
-           - A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to `RFC2396 <https://docs.aws.amazon.com/https://www.ietf.org/rfc/rfc2396.txt>`_ restrictions on the use of special characters in a CNAME.
-           - In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://".
+        '''Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificateauthority.html#cfn-acmpca-certificateauthority-revocationconfiguration
         '''
@@ -5672,10 +5625,7 @@ def _typecheckingstub__de72782a3b3117c1f101c2c6c2fad457863e581a5bdcd67a1280a825d
     enabled: typing.Union[builtins.bool, _IResolvable_da3f097b],
     crl_distribution_point_extension_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnCertificateAuthority.CrlDistributionPointExtensionConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     custom_cname: typing.Optional[builtins.str] = None,
-    custom_path: typing.Optional[builtins.str] = None,
     expiration_in_days: typing.Optional[jsii.Number] = None,
-    partitioning_enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
-    retain_expired_certificates: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     s3_bucket_name: typing.Optional[builtins.str] = None,
     s3_object_acl: typing.Optional[builtins.str] = None,
 ) -> None: