aws-cdk-lib 2.158.0__py3-none-any.whl → 2.159.0__py3-none-any.whl

aws_cdk/aws_docdb/__init__.py

@@ -487,7 +487,12 @@ class CaCertificate(
     @jsii.python.classproperty
     @jsii.member(jsii_name="RDS_CA_2019")
     def RDS_CA_2019(cls) -> _CaCertificate_e77d2630:
-        '''rds-ca-2019 certificate authority.'''
+        '''(deprecated) rds-ca-2019 certificate authority.
+
+        :deprecated: rds-ca-2019 expired in August, 2024.
+
+        :stability: deprecated
+        '''
         return typing.cast(_CaCertificate_e77d2630, jsii.sget(cls, "RDS_CA_2019"))
 
     @jsii.python.classproperty

aws_cdk/aws_dynamodb/__init__.py

@@ -11592,7 +11592,7 @@ class TableOptions(SchemaOptions):
         :param stream: When an item in the table is modified, StreamViewType determines what information is written to the stream for this table. Default: - streams are disabled unless ``replicationRegions`` is specified
         :param table_class: Specify the table class. Default: STANDARD
         :param time_to_live_attribute: The name of TTL attribute. Default: - TTL is disabled
-        :param wait_for_replication_to_finish: Indicates whether CloudFormation stack waits for replication to finish. If set to false, the CloudFormation resource will mark the resource as created and replication will be completed asynchronously. This property is ignored if replicationRegions property is not set. WARNING: DO NOT UNSET this property if adding/removing multiple replicationRegions in one deployment, as CloudFormation only supports one region replication at a time. CDK overcomes this limitation by waiting for replication to finish before starting new replicationRegion. If the custom resource which handles replication has a physical resource ID with the format ``region`` instead of ``tablename-region`` (this would happen if the custom resource hasn't received an event since v1.91.0), DO NOT SET this property to false without making a change to the table name. This will cause the existing replicas to be deleted. Default: true
+        :param wait_for_replication_to_finish: [WARNING: Use this flag with caution, misusing this flag may cause deleting existing replicas, refer to the detailed documentation for more information] Indicates whether CloudFormation stack waits for replication to finish. If set to false, the CloudFormation resource will mark the resource as created and replication will be completed asynchronously. This property is ignored if replicationRegions property is not set. WARNING: DO NOT UNSET this property if adding/removing multiple replicationRegions in one deployment, as CloudFormation only supports one region replication at a time. CDK overcomes this limitation by waiting for replication to finish before starting new replicationRegion. If the custom resource which handles replication has a physical resource ID with the format ``region`` instead of ``tablename-region`` (this would happen if the custom resource hasn't received an event since v1.91.0), DO NOT SET this property to false without making a change to the table name. This will cause the existing replicas to be deleted. Default: true
         :param write_capacity: The write capacity for the table. Careful if you add Global Secondary Indexes, as those will share the table's provisioned throughput. Can only be provided if billingMode is Provisioned. Default: 5
 
         :exampleMetadata: fixture=_generated
@@ -11930,7 +11930,7 @@ class TableOptions(SchemaOptions):
 
     @builtins.property
     def wait_for_replication_to_finish(self) -> typing.Optional[builtins.bool]:
-        '''Indicates whether CloudFormation stack waits for replication to finish.
+        '''[WARNING: Use this flag with caution, misusing this flag may cause deleting existing replicas, refer to the detailed documentation for more information] Indicates whether CloudFormation stack waits for replication to finish.
 
         If set to false, the CloudFormation resource will mark the resource as
         created and replication will be completed asynchronously. This property is
@@ -12222,7 +12222,7 @@ class TableProps(TableOptions):
         :param stream: When an item in the table is modified, StreamViewType determines what information is written to the stream for this table. Default: - streams are disabled unless ``replicationRegions`` is specified
         :param table_class: Specify the table class. Default: STANDARD
         :param time_to_live_attribute: The name of TTL attribute. Default: - TTL is disabled
-        :param wait_for_replication_to_finish: Indicates whether CloudFormation stack waits for replication to finish. If set to false, the CloudFormation resource will mark the resource as created and replication will be completed asynchronously. This property is ignored if replicationRegions property is not set. WARNING: DO NOT UNSET this property if adding/removing multiple replicationRegions in one deployment, as CloudFormation only supports one region replication at a time. CDK overcomes this limitation by waiting for replication to finish before starting new replicationRegion. If the custom resource which handles replication has a physical resource ID with the format ``region`` instead of ``tablename-region`` (this would happen if the custom resource hasn't received an event since v1.91.0), DO NOT SET this property to false without making a change to the table name. This will cause the existing replicas to be deleted. Default: true
+        :param wait_for_replication_to_finish: [WARNING: Use this flag with caution, misusing this flag may cause deleting existing replicas, refer to the detailed documentation for more information] Indicates whether CloudFormation stack waits for replication to finish. If set to false, the CloudFormation resource will mark the resource as created and replication will be completed asynchronously. This property is ignored if replicationRegions property is not set. WARNING: DO NOT UNSET this property if adding/removing multiple replicationRegions in one deployment, as CloudFormation only supports one region replication at a time. CDK overcomes this limitation by waiting for replication to finish before starting new replicationRegion. If the custom resource which handles replication has a physical resource ID with the format ``region`` instead of ``tablename-region`` (this would happen if the custom resource hasn't received an event since v1.91.0), DO NOT SET this property to false without making a change to the table name. This will cause the existing replicas to be deleted. Default: true
         :param write_capacity: The write capacity for the table. Careful if you add Global Secondary Indexes, as those will share the table's provisioned throughput. Can only be provided if billingMode is Provisioned. Default: 5
         :param kinesis_stream: Kinesis Data Stream to capture item-level changes for the table. Default: - no Kinesis Data Stream
         :param table_name: Enforces a particular physical table name. Default: 
@@ -12537,7 +12537,7 @@ class TableProps(TableOptions):
 
     @builtins.property
     def wait_for_replication_to_finish(self) -> typing.Optional[builtins.bool]:
-        '''Indicates whether CloudFormation stack waits for replication to finish.
+        '''[WARNING: Use this flag with caution, misusing this flag may cause deleting existing replicas, refer to the detailed documentation for more information] Indicates whether CloudFormation stack waits for replication to finish.
 
         If set to false, the CloudFormation resource will mark the resource as
         created and replication will be completed asynchronously. This property is
@@ -14565,7 +14565,7 @@ class Table(
         :param stream: When an item in the table is modified, StreamViewType determines what information is written to the stream for this table. Default: - streams are disabled unless ``replicationRegions`` is specified
         :param table_class: Specify the table class. Default: STANDARD
         :param time_to_live_attribute: The name of TTL attribute. Default: - TTL is disabled
-        :param wait_for_replication_to_finish: Indicates whether CloudFormation stack waits for replication to finish. If set to false, the CloudFormation resource will mark the resource as created and replication will be completed asynchronously. This property is ignored if replicationRegions property is not set. WARNING: DO NOT UNSET this property if adding/removing multiple replicationRegions in one deployment, as CloudFormation only supports one region replication at a time. CDK overcomes this limitation by waiting for replication to finish before starting new replicationRegion. If the custom resource which handles replication has a physical resource ID with the format ``region`` instead of ``tablename-region`` (this would happen if the custom resource hasn't received an event since v1.91.0), DO NOT SET this property to false without making a change to the table name. This will cause the existing replicas to be deleted. Default: true
+        :param wait_for_replication_to_finish: [WARNING: Use this flag with caution, misusing this flag may cause deleting existing replicas, refer to the detailed documentation for more information] Indicates whether CloudFormation stack waits for replication to finish. If set to false, the CloudFormation resource will mark the resource as created and replication will be completed asynchronously. This property is ignored if replicationRegions property is not set. WARNING: DO NOT UNSET this property if adding/removing multiple replicationRegions in one deployment, as CloudFormation only supports one region replication at a time. CDK overcomes this limitation by waiting for replication to finish before starting new replicationRegion. If the custom resource which handles replication has a physical resource ID with the format ``region`` instead of ``tablename-region`` (this would happen if the custom resource hasn't received an event since v1.91.0), DO NOT SET this property to false without making a change to the table name. This will cause the existing replicas to be deleted. Default: true
         :param write_capacity: The write capacity for the table. Careful if you add Global Secondary Indexes, as those will share the table's provisioned throughput. Can only be provided if billingMode is Provisioned. Default: 5
         :param partition_key: Partition key attribute definition.
         :param sort_key: Sort key attribute definition. Default: no sort key

aws_cdk/aws_ec2/__init__.py

@@ -23965,7 +23965,7 @@ class CfnLaunchTemplate(
         :param id: Construct identifier for this resource (unique in its scope).
         :param launch_template_data: The information for the launch template.
         :param launch_template_name: A name for the launch template.
-        :param tag_specifications: The tags to apply to the launch template on creation. To tag the launch template, the resource type must be ``launch-template`` . To specify the tags for the resources that are created when an instance is launched, you must use `TagSpecifications <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications>`_ .
+        :param tag_specifications: The tags to apply to the launch template on creation. To tag the launch template, the resource type must be ``launch-template`` . To specify the tags for resources that are created during instance launch, use `TagSpecifications <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications>`_ .
         :param version_description: A description for the first version of the launch template.
         '''
         if __debug__:
@@ -26481,7 +26481,7 @@ class CfnLaunchTemplate(
             :param ram_disk_id: The ID of the RAM disk. .. epigraph:: We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see `User provided kernels <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html>`_ in the *Amazon EC2 User Guide* .
             :param security_group_ids: The IDs of the security groups. You can specify the IDs of existing security groups and references to resources created by the stack template. If you specify a network interface, you must specify any security groups as part of the network interface instead.
             :param security_groups: The names of the security groups. For a nondefault VPC, you must use security group IDs instead. If you specify a network interface, you must specify any security groups as part of the network interface instead of using this parameter.
-            :param tag_specifications: The tags to apply to the resources that are created during instance launch. To tag a resource after it has been created, see `CreateTags <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html>`_ . To tag the launch template itself, use `TagSpecifications <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-tagspecifications>`_ .
+            :param tag_specifications: The tags to apply to resources that are created during instance launch. To tag the launch template itself, use `TagSpecifications <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-tagspecifications>`_ .
             :param user_data: The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see `Run commands on your Amazon EC2 instance at launch <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html>`_ in the *Amazon EC2 User Guide* . If you are creating the launch template for use with AWS Batch , the user data must be provided in the `MIME multi-part archive format <https://docs.aws.amazon.com/https://cloudinit.readthedocs.io/en/latest/topics/format.html#mime-multi-part-archive>`_ . For more information, see `Amazon EC2 user data in launch templates <https://docs.aws.amazon.com/batch/latest/userguide/launch-templates.html>`_ in the *AWS Batch User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html
@@ -27186,9 +27186,7 @@ class CfnLaunchTemplate(
         def tag_specifications(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnLaunchTemplate.TagSpecificationProperty"]]]]:
-            '''The tags to apply to the resources that are created during instance launch.
-
-            To tag a resource after it has been created, see `CreateTags <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html>`_ .
+            '''The tags to apply to resources that are created during instance launch.
 
             To tag the launch template itself, use `TagSpecifications <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-tagspecifications>`_ .
 
@@ -27311,6 +27309,8 @@ class CfnLaunchTemplate(
         ) -> None:
             '''Specifies the tags to apply to the launch template during creation.
 
+            To specify the tags for the resources that are created during instance launch, use `AWS::EC2::LaunchTemplate TagSpecification <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-tagspecification.html>`_ .
+
             ``LaunchTemplateTagSpecification`` is a property of `AWS::EC2::LaunchTemplate <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html>`_ .
 
             :param resource_type: The type of resource. To tag a launch template, ``ResourceType`` must be ``launch-template`` .
@@ -28974,7 +28974,7 @@ class CfnLaunchTemplate(
             resource_type: typing.Optional[builtins.str] = None,
             tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
         ) -> None:
-            '''Specifies the tags to apply to a resource when the resource is created for the launch template.
+            '''Specifies the tags to apply to resources that are created during instance launch.
 
             ``TagSpecification`` is a property type of ```TagSpecifications`` <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications>`_ . ```TagSpecifications`` <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications>`_ is a property of `AWS::EC2::LaunchTemplate LaunchTemplateData <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html>`_ .
 
@@ -29213,7 +29213,7 @@ class CfnLaunchTemplateProps:
 
         :param launch_template_data: The information for the launch template.
         :param launch_template_name: A name for the launch template.
-        :param tag_specifications: The tags to apply to the launch template on creation. To tag the launch template, the resource type must be ``launch-template`` . To specify the tags for the resources that are created when an instance is launched, you must use `TagSpecifications <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications>`_ .
+        :param tag_specifications: The tags to apply to the launch template on creation. To tag the launch template, the resource type must be ``launch-template`` . To specify the tags for resources that are created during instance launch, use `TagSpecifications <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications>`_ .
         :param version_description: A description for the first version of the launch template.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html
@@ -29294,7 +29294,7 @@ class CfnLaunchTemplateProps:
 
         To tag the launch template, the resource type must be ``launch-template`` .
 
-        To specify the tags for the resources that are created when an instance is launched, you must use `TagSpecifications <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications>`_ .
+        To specify the tags for resources that are created during instance launch, use `TagSpecifications <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-tagspecifications>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-tagspecifications
         '''
@@ -56499,7 +56499,7 @@ class CfnVPCEndpoint(
 
     A VPC endpoint provides a private connection between your VPC and an endpoint service. You can use an endpoint service provided by AWS , an AWS Marketplace Partner, or another AWS accounts in your organization. For more information, see the `AWS PrivateLink User Guide <https://docs.aws.amazon.com/vpc/latest/privatelink/>`_ .
 
-    An endpoint of type ``Interface`` establishes connections between the subnets in your VPC and an  , your own service, or a service hosted by another AWS account . With an interface VPC endpoint, you specify the subnets in which to create the endpoint and the security groups to associate with the endpoint network interfaces.
+    An endpoint of type ``Interface`` establishes connections between the subnets in your VPC and an AWS service , your own service, or a service hosted by another AWS account . With an interface VPC endpoint, you specify the subnets in which to create the endpoint and the security groups to associate with the endpoint network interfaces.
 
     An endpoint of type ``gateway`` serves as a target for a route in your route table for traffic destined for Amazon S3 or DynamoDB . You can specify an endpoint policy for the endpoint, which controls access to the service from your VPC. You can also specify the VPC route tables that use the endpoint. For more information about connectivity to Amazon S3 , see `Why can't I connect to an S3 bucket using a gateway VPC endpoint? <https://docs.aws.amazon.com/premiumsupport/knowledge-center/connect-s3-vpc-endpoint>`_
 
@@ -58614,16 +58614,16 @@ class CfnVPNConnection(
         :param customer_gateway_id: The ID of the customer gateway at your end of the VPN connection.
         :param type: The type of VPN connection.
         :param enable_acceleration: Indicate whether to enable acceleration for the VPN connection. Default: ``false``
-        :param local_ipv4_network_cidr: 
-        :param local_ipv6_network_cidr: 
-        :param outside_ip_address_type: 
-        :param remote_ipv4_network_cidr: 
-        :param remote_ipv6_network_cidr: 
+        :param local_ipv4_network_cidr: The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection. Default: ``0.0.0.0/0``
+        :param local_ipv6_network_cidr: The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection. Default: ``::/0``
+        :param outside_ip_address_type: The type of IPv4 address assigned to the outside interface of the customer gateway device. Valid values: ``PrivateIpv4`` | ``PublicIpv4`` Default: ``PublicIpv4``
+        :param remote_ipv4_network_cidr: The IPv4 CIDR on the AWS side of the VPN connection. Default: ``0.0.0.0/0``
+        :param remote_ipv6_network_cidr: The IPv6 CIDR on the AWS side of the VPN connection. Default: ``::/0``
         :param static_routes_only: Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP. If you are creating a VPN connection for a device that does not support Border Gateway Protocol (BGP), you must specify ``true`` .
         :param tags: Any tags assigned to the VPN connection.
         :param transit_gateway_id: The ID of the transit gateway associated with the VPN connection. You must specify either ``TransitGatewayId`` or ``VpnGatewayId`` , but not both.
-        :param transport_transit_gateway_attachment_id: 
-        :param tunnel_inside_ip_version: 
+        :param transport_transit_gateway_attachment_id: The transit gateway attachment ID to use for the VPN tunnel. Required if ``OutsideIpAddressType`` is set to ``PrivateIpv4`` .
+        :param tunnel_inside_ip_version: Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Default: ``ipv4``
         :param vpn_gateway_id: The ID of the virtual private gateway at the AWS side of the VPN connection. You must specify either ``TransitGatewayId`` or ``VpnGatewayId`` , but not both.
         :param vpn_tunnel_options_specifications: The tunnel options for the VPN connection.
         '''
@@ -58748,6 +58748,7 @@ class CfnVPNConnection(
     @builtins.property
     @jsii.member(jsii_name="localIpv4NetworkCidr")
     def local_ipv4_network_cidr(self) -> typing.Optional[builtins.str]:
+        '''The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "localIpv4NetworkCidr"))
 
     @local_ipv4_network_cidr.setter
@@ -58760,6 +58761,7 @@ class CfnVPNConnection(
     @builtins.property
     @jsii.member(jsii_name="localIpv6NetworkCidr")
     def local_ipv6_network_cidr(self) -> typing.Optional[builtins.str]:
+        '''The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "localIpv6NetworkCidr"))
 
     @local_ipv6_network_cidr.setter
@@ -58772,6 +58774,7 @@ class CfnVPNConnection(
     @builtins.property
     @jsii.member(jsii_name="outsideIpAddressType")
     def outside_ip_address_type(self) -> typing.Optional[builtins.str]:
+        '''The type of IPv4 address assigned to the outside interface of the customer gateway device.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "outsideIpAddressType"))
 
     @outside_ip_address_type.setter
@@ -58784,6 +58787,7 @@ class CfnVPNConnection(
     @builtins.property
     @jsii.member(jsii_name="remoteIpv4NetworkCidr")
     def remote_ipv4_network_cidr(self) -> typing.Optional[builtins.str]:
+        '''The IPv4 CIDR on the AWS side of the VPN connection.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "remoteIpv4NetworkCidr"))
 
     @remote_ipv4_network_cidr.setter
@@ -58796,6 +58800,7 @@ class CfnVPNConnection(
     @builtins.property
     @jsii.member(jsii_name="remoteIpv6NetworkCidr")
     def remote_ipv6_network_cidr(self) -> typing.Optional[builtins.str]:
+        '''The IPv6 CIDR on the AWS side of the VPN connection.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "remoteIpv6NetworkCidr"))
 
     @remote_ipv6_network_cidr.setter
@@ -58852,6 +58857,7 @@ class CfnVPNConnection(
     @builtins.property
     @jsii.member(jsii_name="transportTransitGatewayAttachmentId")
     def transport_transit_gateway_attachment_id(self) -> typing.Optional[builtins.str]:
+        '''The transit gateway attachment ID to use for the VPN tunnel.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "transportTransitGatewayAttachmentId"))
 
     @transport_transit_gateway_attachment_id.setter
@@ -58867,6 +58873,7 @@ class CfnVPNConnection(
     @builtins.property
     @jsii.member(jsii_name="tunnelInsideIpVersion")
     def tunnel_inside_ip_version(self) -> typing.Optional[builtins.str]:
+        '''Indicate whether the VPN tunnels process IPv4 or IPv6 traffic.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "tunnelInsideIpVersion"))
 
     @tunnel_inside_ip_version.setter
@@ -59041,16 +59048,16 @@ class CfnVPNConnectionProps:
         :param customer_gateway_id: The ID of the customer gateway at your end of the VPN connection.
         :param type: The type of VPN connection.
         :param enable_acceleration: Indicate whether to enable acceleration for the VPN connection. Default: ``false``
-        :param local_ipv4_network_cidr: 
-        :param local_ipv6_network_cidr: 
-        :param outside_ip_address_type: 
-        :param remote_ipv4_network_cidr: 
-        :param remote_ipv6_network_cidr: 
+        :param local_ipv4_network_cidr: The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection. Default: ``0.0.0.0/0``
+        :param local_ipv6_network_cidr: The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection. Default: ``::/0``
+        :param outside_ip_address_type: The type of IPv4 address assigned to the outside interface of the customer gateway device. Valid values: ``PrivateIpv4`` | ``PublicIpv4`` Default: ``PublicIpv4``
+        :param remote_ipv4_network_cidr: The IPv4 CIDR on the AWS side of the VPN connection. Default: ``0.0.0.0/0``
+        :param remote_ipv6_network_cidr: The IPv6 CIDR on the AWS side of the VPN connection. Default: ``::/0``
         :param static_routes_only: Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP. If you are creating a VPN connection for a device that does not support Border Gateway Protocol (BGP), you must specify ``true`` .
         :param tags: Any tags assigned to the VPN connection.
         :param transit_gateway_id: The ID of the transit gateway associated with the VPN connection. You must specify either ``TransitGatewayId`` or ``VpnGatewayId`` , but not both.
-        :param transport_transit_gateway_attachment_id: 
-        :param tunnel_inside_ip_version: 
+        :param transport_transit_gateway_attachment_id: The transit gateway attachment ID to use for the VPN tunnel. Required if ``OutsideIpAddressType`` is set to ``PrivateIpv4`` .
+        :param tunnel_inside_ip_version: Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Default: ``ipv4``
         :param vpn_gateway_id: The ID of the virtual private gateway at the AWS side of the VPN connection. You must specify either ``TransitGatewayId`` or ``VpnGatewayId`` , but not both.
         :param vpn_tunnel_options_specifications: The tunnel options for the VPN connection.
 
@@ -59172,7 +59179,10 @@ class CfnVPNConnectionProps:
 
     @builtins.property
     def local_ipv4_network_cidr(self) -> typing.Optional[builtins.str]:
-        '''
+        '''The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.
+
+        Default: ``0.0.0.0/0``
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpnconnection.html#cfn-ec2-vpnconnection-localipv4networkcidr
         '''
         result = self._values.get("local_ipv4_network_cidr")
@@ -59180,7 +59190,10 @@ class CfnVPNConnectionProps:
 
     @builtins.property
     def local_ipv6_network_cidr(self) -> typing.Optional[builtins.str]:
-        '''
+        '''The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.
+
+        Default: ``::/0``
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpnconnection.html#cfn-ec2-vpnconnection-localipv6networkcidr
         '''
         result = self._values.get("local_ipv6_network_cidr")
@@ -59188,7 +59201,12 @@ class CfnVPNConnectionProps:
 
     @builtins.property
     def outside_ip_address_type(self) -> typing.Optional[builtins.str]:
-        '''
+        '''The type of IPv4 address assigned to the outside interface of the customer gateway device.
+
+        Valid values: ``PrivateIpv4`` | ``PublicIpv4``
+
+        Default: ``PublicIpv4``
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpnconnection.html#cfn-ec2-vpnconnection-outsideipaddresstype
         '''
         result = self._values.get("outside_ip_address_type")
@@ -59196,7 +59214,10 @@ class CfnVPNConnectionProps:
 
     @builtins.property
     def remote_ipv4_network_cidr(self) -> typing.Optional[builtins.str]:
-        '''
+        '''The IPv4 CIDR on the AWS side of the VPN connection.
+
+        Default: ``0.0.0.0/0``
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpnconnection.html#cfn-ec2-vpnconnection-remoteipv4networkcidr
         '''
         result = self._values.get("remote_ipv4_network_cidr")
@@ -59204,7 +59225,10 @@ class CfnVPNConnectionProps:
 
     @builtins.property
     def remote_ipv6_network_cidr(self) -> typing.Optional[builtins.str]:
-        '''
+        '''The IPv6 CIDR on the AWS side of the VPN connection.
+
+        Default: ``::/0``
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpnconnection.html#cfn-ec2-vpnconnection-remoteipv6networkcidr
         '''
         result = self._values.get("remote_ipv6_network_cidr")
@@ -59247,7 +59271,10 @@ class CfnVPNConnectionProps:
 
     @builtins.property
     def transport_transit_gateway_attachment_id(self) -> typing.Optional[builtins.str]:
-        '''
+        '''The transit gateway attachment ID to use for the VPN tunnel.
+
+        Required if ``OutsideIpAddressType`` is set to ``PrivateIpv4`` .
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpnconnection.html#cfn-ec2-vpnconnection-transporttransitgatewayattachmentid
         '''
         result = self._values.get("transport_transit_gateway_attachment_id")
@@ -59255,7 +59282,10 @@ class CfnVPNConnectionProps:
 
     @builtins.property
     def tunnel_inside_ip_version(self) -> typing.Optional[builtins.str]:
-        '''
+        '''Indicate whether the VPN tunnels process IPv4 or IPv6 traffic.
+
+        Default: ``ipv4``
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpnconnection.html#cfn-ec2-vpnconnection-tunnelinsideipversion
         '''
         result = self._values.get("tunnel_inside_ip_version")
@@ -67758,15 +67788,16 @@ class GatewayVpcEndpointProps(GatewayVpcEndpointOptions):
 
         Example::
 
-            my_vpc = vpc_v2.VpcV2(self, "Vpc")
-            route_table = vpc_v2.RouteTable(self, "RouteTable",
+            stack = Stack()
+            my_vpc = VpcV2(self, "Vpc")
+            route_table = RouteTable(self, "RouteTable",
                 vpc=my_vpc
             )
-            subnet = vpc_v2.SubnetV2(self, "Subnet",
+            subnet = SubnetV2(self, "Subnet",
                 vpc=my_vpc,
                 availability_zone="eu-west-2a",
                 ipv4_cidr_block=IpCidr("10.0.0.0/24"),
-                subnet_type=ec2.SubnetType.PRIVATE
+                subnet_type=SubnetType.PRIVATE
             )
             
             dynamo_endpoint = ec2.GatewayVpcEndpoint(self, "DynamoEndpoint",
@@ -67774,7 +67805,7 @@ class GatewayVpcEndpointProps(GatewayVpcEndpointOptions):
                 vpc=my_vpc,
                 subnets=[subnet]
             )
-            vpc_v2.Route(self, "DynamoDBRoute",
+            Route(self, "DynamoDBRoute",
                 route_table=route_table,
                 destination="0.0.0.0/0",
                 target={"endpoint": dynamo_endpoint}
@@ -75344,6 +75375,11 @@ class InterfaceVpcEndpointAwsService(
     def HEALTHLAKE(cls) -> "InterfaceVpcEndpointAwsService":
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "HEALTHLAKE"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="IAM")
+    def IAM(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "IAM"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="IAM_IDENTITY_CENTER")
     def IAM_IDENTITY_CENTER(cls) -> "InterfaceVpcEndpointAwsService":
@@ -75494,6 +75530,11 @@ class InterfaceVpcEndpointAwsService(
     def LAMBDA_(cls) -> "InterfaceVpcEndpointAwsService":
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "LAMBDA"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="LAUNCH_WIZARD")
+    def LAUNCH_WIZARD(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "LAUNCH_WIZARD"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="LEX_MODELS")
     def LEX_MODELS(cls) -> "InterfaceVpcEndpointAwsService":
@@ -75616,6 +75657,16 @@ class InterfaceVpcEndpointAwsService(
     def NEPTUNE_ANALYTICS(cls) -> "InterfaceVpcEndpointAwsService":
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "NEPTUNE_ANALYTICS"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="NETWORK_FIREWALL")
+    def NETWORK_FIREWALL(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "NETWORK_FIREWALL"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="NETWORK_FIREWALL_FIPS")
+    def NETWORK_FIREWALL_FIPS(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "NETWORK_FIREWALL_FIPS"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="NIMBLE_STUDIO")
     def NIMBLE_STUDIO(cls) -> "InterfaceVpcEndpointAwsService":
@@ -75758,6 +75809,13 @@ class InterfaceVpcEndpointAwsService(
     ) -> "InterfaceVpcEndpointAwsService":
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "PRIVATE_CERTIFICATE_AUTHORITY_CONNECTOR_AD"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="PRIVATE_CERTIFICATE_AUTHORITY_CONNECTOR_SCEP")
+    def PRIVATE_CERTIFICATE_AUTHORITY_CONNECTOR_SCEP(
+        cls,
+    ) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "PRIVATE_CERTIFICATE_AUTHORITY_CONNECTOR_SCEP"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="PROMETHEUS")
     def PROMETHEUS(cls) -> "InterfaceVpcEndpointAwsService":
@@ -75888,6 +75946,11 @@ class InterfaceVpcEndpointAwsService(
     def REPOST_SPACE(cls) -> "InterfaceVpcEndpointAwsService":
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "REPOST_SPACE"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="RESOURCE_ACCESS_MANAGER")
+    def RESOURCE_ACCESS_MANAGER(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "RESOURCE_ACCESS_MANAGER"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="ROBOMAKER")
     def ROBOMAKER(cls) -> "InterfaceVpcEndpointAwsService":
@@ -89008,7 +89071,29 @@ class VpnConnectionProps(VpnConnectionOptions):
 
 @jsii.enum(jsii_type="aws-cdk-lib.aws_ec2.VpnConnectionType")
 class VpnConnectionType(enum.Enum):
-    '''The VPN connection type.'''
+    '''The VPN connection type.
+
+    :exampleMetadata: infused
+
+    Example::
+
+        stack = Stack()
+        my_vpc = VpcV2(self, "Vpc")
+        vpn_gateway = my_vpc.enable_vpn_gateway_v2(
+            vpn_route_propagation=[ec2.SubnetSelection(subnet_type=SubnetType.PUBLIC)],
+            type=VpnConnectionType.IPSEC_1
+        )
+        
+        route_table = RouteTable(stack, "routeTable",
+            vpc=my_vpc
+        )
+        
+        Route(stack, "route",
+            destination="172.31.0.0/24",
+            target={"gateway": vpn_gateway},
+            route_table=route_table
+        )
+    '''
 
     IPSEC_1 = "IPSEC_1"
     '''The IPsec 1 VPN connection type.'''

aws_cdk/aws_ecr/__init__.py

@@ -1952,7 +1952,7 @@ class CfnRepository(
 
             For more control over the encryption of the contents of your repository, you can use server-side encryption with AWS Key Management Service key stored in AWS Key Management Service ( AWS KMS ) to encrypt your images. For more information, see `Amazon ECR encryption at rest <https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html>`_ in the *Amazon Elastic Container Registry User Guide* .
 
-            :param encryption_type: The encryption type to use. If you use the ``KMS`` encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created. For more information, see `Protecting data using server-side encryption with an AWS KMS key stored in AWS Key Management Service (SSE-KMS) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* . If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see `Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* .
+            :param encryption_type: The encryption type to use. If you use the ``KMS`` encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created. If you use the ``KMS_DSSE`` encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS KMS Management Service key stored in AWS KMS . Similar to the ``KMS`` encryption type, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you've already created. If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see `Amazon ECR encryption at rest <https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html>`_ in the *Amazon Elastic Container Registry User Guide* .
             :param kms_key: If you use the ``KMS`` encryption type, specify the AWS KMS key to use for encryption. The alias, key ID, or full ARN of the AWS KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed AWS KMS key for Amazon ECR will be used.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-encryptionconfiguration.html
@@ -1985,9 +1985,13 @@ class CfnRepository(
         def encryption_type(self) -> builtins.str:
             '''The encryption type to use.
 
-            If you use the ``KMS`` encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created. For more information, see `Protecting data using server-side encryption with an AWS KMS key stored in AWS Key Management Service (SSE-KMS) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* .
+            If you use the ``KMS`` encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created.
 
-            If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see `Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* .
+            If you use the ``KMS_DSSE`` encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS KMS Management Service key stored in AWS KMS . Similar to the ``KMS`` encryption type, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you've already created.
+
+            If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.
+
+            For more information, see `Amazon ECR encryption at rest <https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html>`_ in the *Amazon Elastic Container Registry User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-encryptionconfiguration.html#cfn-ecr-repository-encryptionconfiguration-encryptiontype
             '''
@@ -2439,7 +2443,7 @@ class CfnRepositoryCreationTemplate(
 
             For more control over the encryption of the contents of your repository, you can use server-side encryption with AWS Key Management Service key stored in AWS Key Management Service ( AWS KMS ) to encrypt your images. For more information, see `Amazon ECR encryption at rest <https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html>`_ in the *Amazon Elastic Container Registry User Guide* .
 
-            :param encryption_type: The encryption type to use. If you use the ``KMS`` encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created. For more information, see `Protecting data using server-side encryption with an AWS KMS key stored in AWS Key Management Service (SSE-KMS) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* . If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see `Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* .
+            :param encryption_type: The encryption type to use. If you use the ``KMS`` encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created. If you use the ``KMS_DSSE`` encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS KMS Management Service key stored in AWS KMS . Similar to the ``KMS`` encryption type, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you've already created. If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see `Amazon ECR encryption at rest <https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html>`_ in the *Amazon Elastic Container Registry User Guide* .
             :param kms_key: If you use the ``KMS`` encryption type, specify the AWS KMS key to use for encryption. The alias, key ID, or full ARN of the AWS KMS key can be specified. The key must exist in the same Region as the repository. If no key is specified, the default AWS managed AWS KMS key for Amazon ECR will be used.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repositorycreationtemplate-encryptionconfiguration.html
@@ -2472,9 +2476,13 @@ class CfnRepositoryCreationTemplate(
         def encryption_type(self) -> builtins.str:
             '''The encryption type to use.
 
-            If you use the ``KMS`` encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created. For more information, see `Protecting data using server-side encryption with an AWS KMS key stored in AWS Key Management Service (SSE-KMS) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* .
+            If you use the ``KMS`` encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created.
+
+            If you use the ``KMS_DSSE`` encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS KMS Management Service key stored in AWS KMS . Similar to the ``KMS`` encryption type, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you've already created.
+
+            If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.
 
-            If you use the ``AES256`` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see `Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html>`_ in the *Amazon Simple Storage Service Console Developer Guide* .
+            For more information, see `Amazon ECR encryption at rest <https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html>`_ in the *Amazon Elastic Container Registry User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repositorycreationtemplate-encryptionconfiguration.html#cfn-ecr-repositorycreationtemplate-encryptionconfiguration-encryptiontype
             '''