aws-cdk-lib 2.158.0__py3-none-any.whl → 2.159.0__py3-none-any.whl

aws_cdk/aws_ssm/__init__.py

@@ -3036,7 +3036,7 @@ class CfnMaintenanceWindowTask(
         :param max_concurrency: The maximum number of targets this task can be run for, in parallel. .. epigraph:: Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a `targetless task <https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html>`_ You must provide a value in all other cases. For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of ``1`` . This value doesn't affect the running of your task.
         :param max_errors: The maximum number of errors allowed before this task stops being scheduled. .. epigraph:: Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a `targetless task <https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html>`_ You must provide a value in all other cases. For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of ``1`` . This value doesn't affect the running of your task.
         :param name: The task name.
-        :param service_role_arn: The Amazon Resource Name (ARN) of the IAM service role for AWS Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run ``RegisterTaskWithMaintenanceWindow`` . However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see `Setting up maintenance windows <https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-permissions.html>`_ in the in the *AWS Systems Manager User Guide* .
+        :param service_role_arn: The Amazon Resource Name (ARN) of the IAM service role for AWS Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run ``RegisterTaskWithMaintenanceWindow`` . However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see `Setting up Maintenance Windows <https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-permissions.html>`_ in the in the *AWS Systems Manager User Guide* .
         :param targets: The targets, either instances or window target IDs. - Specify instances using ``Key=InstanceIds,Values= *instanceid1* , *instanceid2*`` . - Specify window target IDs using ``Key=WindowTargetIds,Values= *window-target-id-1* , *window-target-id-2*`` .
         :param task_invocation_parameters: The parameters to pass to the task when it runs. Populate only the fields that match the task type. All other fields should be empty. .. epigraph:: When you update a maintenance window task that has options specified in ``TaskInvocationParameters`` , you must provide again all the ``TaskInvocationParameters`` values that you want to retain. The values you do not specify again are removed. For example, suppose that when you registered a Run Command task, you specified ``TaskInvocationParameters`` values for ``Comment`` , ``NotificationConfig`` , and ``OutputS3BucketName`` . If you update the maintenance window task and specify only a different ``OutputS3BucketName`` value, the values for ``Comment`` and ``NotificationConfig`` are removed.
         :param task_parameters: The parameters to pass to the task when it runs. .. epigraph:: ``TaskParameters`` has been deprecated. To specify parameters to pass to a task when it runs, instead use the ``Parameters`` option in the ``TaskInvocationParameters`` structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see `MaintenanceWindowTaskInvocationParameters <https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_MaintenanceWindowTaskInvocationParameters.html>`_ .
@@ -3710,7 +3710,7 @@ class CfnMaintenanceWindowTask(
             :param output_s3_bucket_name: The name of the Amazon Simple Storage Service (Amazon S3) bucket.
             :param output_s3_key_prefix: The S3 bucket subfolder.
             :param parameters: The parameters for the ``RUN_COMMAND`` task execution. The supported parameters are the same as those for the ``SendCommand`` API call. For more information, see `SendCommand <https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_SendCommand.html>`_ in the *AWS Systems Manager API Reference* .
-            :param service_role_arn: The Amazon Resource Name (ARN) of the IAM service role for AWS Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run ``RegisterTaskWithMaintenanceWindow`` . However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see `Setting up maintenance windows <https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-permissions.html>`_ in the in the *AWS Systems Manager User Guide* .
+            :param service_role_arn: The Amazon Resource Name (ARN) of the IAM service role for AWS Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run ``RegisterTaskWithMaintenanceWindow`` . However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see `Setting up Maintenance Windows <https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-permissions.html>`_ in the in the *AWS Systems Manager User Guide* .
             :param timeout_seconds: If this time is reached and the command hasn't already started running, it doesn't run.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssm-maintenancewindowtask-maintenancewindowruncommandparameters.html
@@ -3889,7 +3889,7 @@ class CfnMaintenanceWindowTask(
 
             If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run ``RegisterTaskWithMaintenanceWindow`` .
 
-            However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see `Setting up maintenance windows <https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-permissions.html>`_ in the in the *AWS Systems Manager User Guide* .
+            However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see `Setting up Maintenance Windows <https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-permissions.html>`_ in the in the *AWS Systems Manager User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssm-maintenancewindowtask-maintenancewindowruncommandparameters.html#cfn-ssm-maintenancewindowtask-maintenancewindowruncommandparameters-servicerolearn
             '''
@@ -4371,7 +4371,7 @@ class CfnMaintenanceWindowTaskProps:
         :param max_concurrency: The maximum number of targets this task can be run for, in parallel. .. epigraph:: Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a `targetless task <https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html>`_ You must provide a value in all other cases. For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of ``1`` . This value doesn't affect the running of your task.
         :param max_errors: The maximum number of errors allowed before this task stops being scheduled. .. epigraph:: Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a `targetless task <https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html>`_ You must provide a value in all other cases. For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of ``1`` . This value doesn't affect the running of your task.
         :param name: The task name.
-        :param service_role_arn: The Amazon Resource Name (ARN) of the IAM service role for AWS Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run ``RegisterTaskWithMaintenanceWindow`` . However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see `Setting up maintenance windows <https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-permissions.html>`_ in the in the *AWS Systems Manager User Guide* .
+        :param service_role_arn: The Amazon Resource Name (ARN) of the IAM service role for AWS Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run ``RegisterTaskWithMaintenanceWindow`` . However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see `Setting up Maintenance Windows <https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-permissions.html>`_ in the in the *AWS Systems Manager User Guide* .
         :param targets: The targets, either instances or window target IDs. - Specify instances using ``Key=InstanceIds,Values= *instanceid1* , *instanceid2*`` . - Specify window target IDs using ``Key=WindowTargetIds,Values= *window-target-id-1* , *window-target-id-2*`` .
         :param task_invocation_parameters: The parameters to pass to the task when it runs. Populate only the fields that match the task type. All other fields should be empty. .. epigraph:: When you update a maintenance window task that has options specified in ``TaskInvocationParameters`` , you must provide again all the ``TaskInvocationParameters`` values that you want to retain. The values you do not specify again are removed. For example, suppose that when you registered a Run Command task, you specified ``TaskInvocationParameters`` values for ``Comment`` , ``NotificationConfig`` , and ``OutputS3BucketName`` . If you update the maintenance window task and specify only a different ``OutputS3BucketName`` value, the values for ``Comment`` and ``NotificationConfig`` are removed.
         :param task_parameters: The parameters to pass to the task when it runs. .. epigraph:: ``TaskParameters`` has been deprecated. To specify parameters to pass to a task when it runs, instead use the ``Parameters`` option in the ``TaskInvocationParameters`` structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see `MaintenanceWindowTaskInvocationParameters <https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_MaintenanceWindowTaskInvocationParameters.html>`_ .
@@ -4623,7 +4623,7 @@ class CfnMaintenanceWindowTaskProps:
 
         If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run ``RegisterTaskWithMaintenanceWindow`` .
 
-        However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see `Setting up maintenance windows <https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-permissions.html>`_ in the in the *AWS Systems Manager User Guide* .
+        However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see `Setting up Maintenance Windows <https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-permissions.html>`_ in the in the *AWS Systems Manager User Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-servicerolearn
         '''
@@ -5255,7 +5255,7 @@ class CfnPatchBaseline(
         :param id: Construct identifier for this resource (unique in its scope).
         :param name: The name of the patch baseline.
         :param approval_rules: A set of rules used to include patches in the baseline.
-        :param approved_patches: A list of explicitly approved patches for the baseline. For information about accepted formats for lists of approved patches and rejected patches, see `About package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
+        :param approved_patches: A list of explicitly approved patches for the baseline. For information about accepted formats for lists of approved patches and rejected patches, see `Package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
         :param approved_patches_compliance_level: Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is ``UNSPECIFIED`` . Default: - "UNSPECIFIED"
         :param approved_patches_enable_non_security: Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is ``false`` . Applies to Linux managed nodes only. Default: - false
         :param default_baseline: Set the baseline as default baseline. Only registering to default patch baseline is allowed. Default: - false
@@ -5263,7 +5263,7 @@ class CfnPatchBaseline(
         :param global_filters: A set of global filters used to include patches in the baseline.
         :param operating_system: Defines the operating system the patch baseline applies to. The default value is ``WINDOWS`` . Default: - "WINDOWS"
         :param patch_groups: The name of the patch group to be registered with the patch baseline.
-        :param rejected_patches: A list of explicitly rejected patches for the baseline. For information about accepted formats for lists of approved patches and rejected patches, see `About package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
+        :param rejected_patches: A list of explicitly rejected patches for the baseline. For information about accepted formats for lists of approved patches and rejected patches, see `Package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
         :param rejected_patches_action: The action for Patch Manager to take on patches included in the ``RejectedPackages`` list. - **ALLOW_AS_DEPENDENCY** - *Linux and macOS* : A package in the rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as ``INSTALLED_OTHER`` . This is the default action if no option is specified. *Windows Server* : Windows Server doesn't support the concept of package dependencies. If a package in the rejected patches list and already installed on the node, its status is reported as ``INSTALLED_OTHER`` . Any package not already installed on the node is skipped. This is the default action if no option is specified. - **BLOCK** - *All OSs* : Packages in the rejected patches list, and packages that include them as dependencies, aren't installed by Patch Manager under any circumstances. If a package was installed before it was added to the rejected patches list, or is installed outside of Patch Manager afterward, it's considered noncompliant with the patch baseline and its status is reported as ``INSTALLED_REJECTED`` . Default: - "ALLOW_AS_DEPENDENCY"
         :param sources: Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.
         :param tags: Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to.
@@ -6071,7 +6071,7 @@ class CfnPatchBaselineProps:
 
         :param name: The name of the patch baseline.
         :param approval_rules: A set of rules used to include patches in the baseline.
-        :param approved_patches: A list of explicitly approved patches for the baseline. For information about accepted formats for lists of approved patches and rejected patches, see `About package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
+        :param approved_patches: A list of explicitly approved patches for the baseline. For information about accepted formats for lists of approved patches and rejected patches, see `Package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
         :param approved_patches_compliance_level: Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is ``UNSPECIFIED`` . Default: - "UNSPECIFIED"
         :param approved_patches_enable_non_security: Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is ``false`` . Applies to Linux managed nodes only. Default: - false
         :param default_baseline: Set the baseline as default baseline. Only registering to default patch baseline is allowed. Default: - false
@@ -6079,7 +6079,7 @@ class CfnPatchBaselineProps:
         :param global_filters: A set of global filters used to include patches in the baseline.
         :param operating_system: Defines the operating system the patch baseline applies to. The default value is ``WINDOWS`` . Default: - "WINDOWS"
         :param patch_groups: The name of the patch group to be registered with the patch baseline.
-        :param rejected_patches: A list of explicitly rejected patches for the baseline. For information about accepted formats for lists of approved patches and rejected patches, see `About package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
+        :param rejected_patches: A list of explicitly rejected patches for the baseline. For information about accepted formats for lists of approved patches and rejected patches, see `Package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
         :param rejected_patches_action: The action for Patch Manager to take on patches included in the ``RejectedPackages`` list. - **ALLOW_AS_DEPENDENCY** - *Linux and macOS* : A package in the rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as ``INSTALLED_OTHER`` . This is the default action if no option is specified. *Windows Server* : Windows Server doesn't support the concept of package dependencies. If a package in the rejected patches list and already installed on the node, its status is reported as ``INSTALLED_OTHER`` . Any package not already installed on the node is skipped. This is the default action if no option is specified. - **BLOCK** - *All OSs* : Packages in the rejected patches list, and packages that include them as dependencies, aren't installed by Patch Manager under any circumstances. If a package was installed before it was added to the rejected patches list, or is installed outside of Patch Manager afterward, it's considered noncompliant with the patch baseline and its status is reported as ``INSTALLED_REJECTED`` . Default: - "ALLOW_AS_DEPENDENCY"
         :param sources: Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.
         :param tags: Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to.
@@ -6208,7 +6208,7 @@ class CfnPatchBaselineProps:
     def approved_patches(self) -> typing.Optional[typing.List[builtins.str]]:
         '''A list of explicitly approved patches for the baseline.
 
-        For information about accepted formats for lists of approved patches and rejected patches, see `About package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
+        For information about accepted formats for lists of approved patches and rejected patches, see `Package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-approvedpatches
         '''
@@ -6304,7 +6304,7 @@ class CfnPatchBaselineProps:
     def rejected_patches(self) -> typing.Optional[typing.List[builtins.str]]:
         '''A list of explicitly rejected patches for the baseline.
 
-        For information about accepted formats for lists of approved patches and rejected patches, see `About package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
+        For information about accepted formats for lists of approved patches and rejected patches, see `Package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-rejectedpatches
         '''
@@ -8817,20 +8817,27 @@ class StringParameter(
         cls,
         scope: _constructs_77d1e7e8.Construct,
         parameter_name: builtins.str,
+        default_value: typing.Optional[builtins.str] = None,
     ) -> builtins.str:
         '''Reads the value of an SSM parameter during synthesis through an environmental context provider.
 
         Requires that the stack this scope is defined in will have explicit
         account/region information. Otherwise, it will fail during synthesis.
 
+        If defaultValue is provided, it will be used as the dummyValue
+        and the ContextProvider will be told NOT to raise an error on synthesis
+        if the SSM Parameter is not found in the account at synth time.
+
         :param scope: -
         :param parameter_name: -
+        :param default_value: -
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__352ba5506c7762dcb469028a7b0515dc3daed2b43c5a8ff339ed16372f650250)
             check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
             check_type(argname="argument parameter_name", value=parameter_name, expected_type=type_hints["parameter_name"])
-        return typing.cast(builtins.str, jsii.sinvoke(cls, "valueFromLookup", [scope, parameter_name]))
+            check_type(argname="argument default_value", value=default_value, expected_type=type_hints["default_value"])
+        return typing.cast(builtins.str, jsii.sinvoke(cls, "valueFromLookup", [scope, parameter_name, default_value]))
 
     @jsii.member(jsii_name="grantRead")
     def grant_read(self, grantee: _IGrantable_71c4f5de) -> _Grant_a7ae64f8:
@@ -10692,6 +10699,7 @@ def _typecheckingstub__f4ec30255f3ac830ba0695e062a34e2012e0542d68a61c236b791945a
 def _typecheckingstub__352ba5506c7762dcb469028a7b0515dc3daed2b43c5a8ff339ed16372f650250(
     scope: _constructs_77d1e7e8.Construct,
     parameter_name: builtins.str,
+    default_value: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
     pass

aws_cdk/aws_stepfunctions_tasks/__init__.py

@@ -900,6 +900,18 @@ tasks.EmrCreateCluster(self, "Create Cluster",
 )
 ```
 
+If you want to use an [auto-termination policy](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-auto-termination-policy.html),
+you can specify the `autoTerminationPolicyIdleTimeout` property.
+Specifies the amount of idle time after which the cluster automatically terminates. You can specify a minimum of 60 seconds and a maximum of 604800 seconds (seven days).
+
+```python
+tasks.EmrCreateCluster(self, "Create Cluster",
+    instances=tasks.EmrCreateCluster.InstancesConfigProperty(),
+    name="ClusterName",
+    auto_termination_policy_idle_timeout=Duration.seconds(100)
+)
+```
+
 ### Termination Protection
 
 Locks a cluster (job flow) so the EC2 instances in the cluster cannot be
@@ -16198,6 +16210,7 @@ class EmrCreateCluster(
         additional_info: typing.Optional[builtins.str] = None,
         applications: typing.Optional[typing.Sequence[typing.Union["EmrCreateCluster.ApplicationConfigProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         auto_scaling_role: typing.Optional[_IRole_235f5d8e] = None,
+        auto_termination_policy_idle_timeout: typing.Optional[_Duration_4839e8c3] = None,
         bootstrap_actions: typing.Optional[typing.Sequence[typing.Union["EmrCreateCluster.BootstrapActionConfigProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         cluster_role: typing.Optional[_IRole_235f5d8e] = None,
         configurations: typing.Optional[typing.Sequence[typing.Union["EmrCreateCluster.ConfigurationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -16233,6 +16246,7 @@ class EmrCreateCluster(
         :param additional_info: A JSON string for selecting additional features. Default: - None
         :param applications: A case-insensitive list of applications for Amazon EMR to install and configure when launching the cluster. Default: - EMR selected default
         :param auto_scaling_role: An IAM role for automatic scaling policies. Default: - A role will be created.
+        :param auto_termination_policy_idle_timeout: The amount of idle time after which the cluster automatically terminates. You can specify a minimum of 60 seconds and a maximum of 604800 seconds (seven days). Default: - No timeout
         :param bootstrap_actions: A list of bootstrap actions to run before Hadoop starts on the cluster nodes. Default: - None
         :param cluster_role: Also called instance profile and EC2 role. An IAM role for an EMR cluster. The EC2 instances of the cluster assume this role. This attribute has been renamed from jobFlowRole to clusterRole to align with other ERM/StepFunction integration parameters. Default: - - A Role will be created
         :param configurations: The list of configurations supplied for the EMR cluster you are creating. Default: - None
@@ -16270,6 +16284,7 @@ class EmrCreateCluster(
             additional_info=additional_info,
             applications=applications,
             auto_scaling_role=auto_scaling_role,
+            auto_termination_policy_idle_timeout=auto_termination_policy_idle_timeout,
             bootstrap_actions=bootstrap_actions,
             cluster_role=cluster_role,
             configurations=configurations,
@@ -19725,6 +19740,7 @@ class EmrCreateCluster(
         "additional_info": "additionalInfo",
         "applications": "applications",
         "auto_scaling_role": "autoScalingRole",
+        "auto_termination_policy_idle_timeout": "autoTerminationPolicyIdleTimeout",
         "bootstrap_actions": "bootstrapActions",
         "cluster_role": "clusterRole",
         "configurations": "configurations",
@@ -19762,6 +19778,7 @@ class EmrCreateClusterProps(_TaskStateBaseProps_3a62b6d0):
         additional_info: typing.Optional[builtins.str] = None,
         applications: typing.Optional[typing.Sequence[typing.Union[EmrCreateCluster.ApplicationConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         auto_scaling_role: typing.Optional[_IRole_235f5d8e] = None,
+        auto_termination_policy_idle_timeout: typing.Optional[_Duration_4839e8c3] = None,
         bootstrap_actions: typing.Optional[typing.Sequence[typing.Union[EmrCreateCluster.BootstrapActionConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         cluster_role: typing.Optional[_IRole_235f5d8e] = None,
         configurations: typing.Optional[typing.Sequence[typing.Union[EmrCreateCluster.ConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -19798,6 +19815,7 @@ class EmrCreateClusterProps(_TaskStateBaseProps_3a62b6d0):
         :param additional_info: A JSON string for selecting additional features. Default: - None
         :param applications: A case-insensitive list of applications for Amazon EMR to install and configure when launching the cluster. Default: - EMR selected default
         :param auto_scaling_role: An IAM role for automatic scaling policies. Default: - A role will be created.
+        :param auto_termination_policy_idle_timeout: The amount of idle time after which the cluster automatically terminates. You can specify a minimum of 60 seconds and a maximum of 604800 seconds (seven days). Default: - No timeout
         :param bootstrap_actions: A list of bootstrap actions to run before Hadoop starts on the cluster nodes. Default: - None
         :param cluster_role: Also called instance profile and EC2 role. An IAM role for an EMR cluster. The EC2 instances of the cluster assume this role. This attribute has been renamed from jobFlowRole to clusterRole to align with other ERM/StepFunction integration parameters. Default: - - A Role will be created
         :param configurations: The list of configurations supplied for the EMR cluster you are creating. Default: - None
@@ -19873,6 +19891,7 @@ class EmrCreateClusterProps(_TaskStateBaseProps_3a62b6d0):
             check_type(argname="argument additional_info", value=additional_info, expected_type=type_hints["additional_info"])
             check_type(argname="argument applications", value=applications, expected_type=type_hints["applications"])
             check_type(argname="argument auto_scaling_role", value=auto_scaling_role, expected_type=type_hints["auto_scaling_role"])
+            check_type(argname="argument auto_termination_policy_idle_timeout", value=auto_termination_policy_idle_timeout, expected_type=type_hints["auto_termination_policy_idle_timeout"])
             check_type(argname="argument bootstrap_actions", value=bootstrap_actions, expected_type=type_hints["bootstrap_actions"])
             check_type(argname="argument cluster_role", value=cluster_role, expected_type=type_hints["cluster_role"])
             check_type(argname="argument configurations", value=configurations, expected_type=type_hints["configurations"])
@@ -19921,6 +19940,8 @@ class EmrCreateClusterProps(_TaskStateBaseProps_3a62b6d0):
             self._values["applications"] = applications
         if auto_scaling_role is not None:
             self._values["auto_scaling_role"] = auto_scaling_role
+        if auto_termination_policy_idle_timeout is not None:
+            self._values["auto_termination_policy_idle_timeout"] = auto_termination_policy_idle_timeout
         if bootstrap_actions is not None:
             self._values["bootstrap_actions"] = bootstrap_actions
         if cluster_role is not None:
@@ -20148,6 +20169,19 @@ class EmrCreateClusterProps(_TaskStateBaseProps_3a62b6d0):
         result = self._values.get("auto_scaling_role")
         return typing.cast(typing.Optional[_IRole_235f5d8e], result)
 
+    @builtins.property
+    def auto_termination_policy_idle_timeout(
+        self,
+    ) -> typing.Optional[_Duration_4839e8c3]:
+        '''The amount of idle time after which the cluster automatically terminates.
+
+        You can specify a minimum of 60 seconds and a maximum of 604800 seconds (seven days).
+
+        :default: - No timeout
+        '''
+        result = self._values.get("auto_termination_policy_idle_timeout")
+        return typing.cast(typing.Optional[_Duration_4839e8c3], result)
+
     @builtins.property
     def bootstrap_actions(
         self,
@@ -36036,6 +36070,7 @@ def _typecheckingstub__cea19fa2105afe952446f5bd0f605c16f7727beccef02df2d7846fc03
     additional_info: typing.Optional[builtins.str] = None,
     applications: typing.Optional[typing.Sequence[typing.Union[EmrCreateCluster.ApplicationConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     auto_scaling_role: typing.Optional[_IRole_235f5d8e] = None,
+    auto_termination_policy_idle_timeout: typing.Optional[_Duration_4839e8c3] = None,
     bootstrap_actions: typing.Optional[typing.Sequence[typing.Union[EmrCreateCluster.BootstrapActionConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     cluster_role: typing.Optional[_IRole_235f5d8e] = None,
     configurations: typing.Optional[typing.Sequence[typing.Union[EmrCreateCluster.ConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -36324,6 +36359,7 @@ def _typecheckingstub__47264d4efff2249070476b1432ca851665096bb89026c6d6564ff3c77
     additional_info: typing.Optional[builtins.str] = None,
     applications: typing.Optional[typing.Sequence[typing.Union[EmrCreateCluster.ApplicationConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     auto_scaling_role: typing.Optional[_IRole_235f5d8e] = None,
+    auto_termination_policy_idle_timeout: typing.Optional[_Duration_4839e8c3] = None,
     bootstrap_actions: typing.Optional[typing.Sequence[typing.Union[EmrCreateCluster.BootstrapActionConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     cluster_role: typing.Optional[_IRole_235f5d8e] = None,
     configurations: typing.Optional[typing.Sequence[typing.Union[EmrCreateCluster.ConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,

aws_cdk/cx_api/__init__.py

@@ -393,6 +393,23 @@ When this feature flag is enabled, use newly introduced props `s3InputUri` and `
   }
 }
 ```
+
+* `@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions`
+
+Currently, we will automatically add a number of cloudwatch permissions to the task role when no cloudwatch log group is
+specified as logConfiguration and it will grant 'Resources': ['*'] to the task role.
+
+When this feature flag is enabled, we will only grant the necessary permissions when users specify cloudwatch log group.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions": true
+  }
+}
+```
 '''
 from pkgutil import extend_path
 __path__ = extend_path(__path__, __name__)
@@ -2071,6 +2088,8 @@ class LoadBalancerIpAddressType(enum.Enum):
     '''IPV4 ip address.'''
     DUAL_STACK = "DUAL_STACK"
     '''Dual stack address.'''
+    DUAL_STACK_WITHOUT_PUBLIC_IPV4 = "DUAL_STACK_WITHOUT_PUBLIC_IPV4"
+    '''IPv6 only public addresses, with private IPv4 and IPv6 addresses.'''
 
 
 @jsii.data_type(

{aws_cdk_lib-2.158.0.dist-info → aws_cdk_lib-2.159.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aws-cdk-lib
-Version: 2.158.0
+Version: 2.159.0
 Summary: Version 2 of the AWS Cloud Development Kit library
 Home-page: https://github.com/aws/aws-cdk
 Author: Amazon Web Services