aws-cdk-lib 2.158.0__py3-none-any.whl → 2.159.1__py3-none-any.whl

aws_cdk/aws_secretsmanager/__init__.py

@@ -702,6 +702,8 @@ class CfnRotationSchedule(
 
     For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ .
 
+    For Amazon Redshift admin user credentials, see `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_ .
+
     For the rotation function, you have two options:
 
     - You can create a new rotation function based on one of the `Secrets Manager rotation function templates <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ by using ``HostedRotationLambda`` .
@@ -763,9 +765,9 @@ class CfnRotationSchedule(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param secret_id: The ARN or name of the secret to rotate. To reference a secret also created in this template, use the `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function with the secret's logical ID.
-        :param hosted_rotation_lambda: Creates a new Lambda rotation function based on one of the `Secrets Manager rotation function templates <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ . To use a rotation function that already exists, specify ``RotationLambdaARN`` instead. For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ .
+        :param hosted_rotation_lambda: Creates a new Lambda rotation function based on one of the `Secrets Manager rotation function templates <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ . To use a rotation function that already exists, specify ``RotationLambdaARN`` instead. For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ . For Amazon Redshift admin user credentials, see `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_ .
         :param rotate_immediately_on_update: Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. The rotation schedule is defined in ``RotationRules`` . If you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the ```testSecret`` step <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ of the Lambda rotation function. The test creates an ``AWSPENDING`` version of the secret and then removes it. If you don't specify this value, then by default, Secrets Manager rotates the secret immediately. Rotation is an asynchronous process. For more information, see `How rotation works <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ .
-        :param rotation_lambda_arn: The ARN of an existing Lambda rotation function. To specify a rotation function that is also defined in this template, use the `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function. For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ . To create a new rotation function based on one of the `Secrets Manager rotation function templates <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ , specify ``HostedRotationLambda`` instead.
+        :param rotation_lambda_arn: The ARN of an existing Lambda rotation function. To specify a rotation function that is also defined in this template, use the `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function. For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ . For Amazon Redshift admin user credentials, see `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_ . To create a new rotation function based on one of the `Secrets Manager rotation function templates <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ , specify ``HostedRotationLambda`` instead.
         :param rotation_rules: A structure that defines the rotation configuration for this secret.
         '''
         if __debug__:
@@ -944,6 +946,8 @@ class CfnRotationSchedule(
 
             For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ .
 
+            For Amazon Redshift admin user credentials, see `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_ .
+
             :param rotation_type: The rotation template to base the rotation function on, one of the following:. - ``Db2SingleUser`` to use the template `SecretsManagerRDSDb2RotationSingleUser <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-db2-singleuser>`_ . - ``Db2MultiUser`` to use the template `SecretsManagerRDSDb2RotationMultiUser <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-db2-multiuser>`_ . - ``MySQLSingleUser`` to use the template `SecretsManagerRDSMySQLRotationSingleUser <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-mysql-singleuser>`_ . - ``MySQLMultiUser`` to use the template `SecretsManagerRDSMySQLRotationMultiUser <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-mysql-multiuser>`_ . - ``PostgreSQLSingleUser`` to use the template `SecretsManagerRDSPostgreSQLRotationSingleUser <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-postgre-singleuser>`_ - ``PostgreSQLMultiUser`` to use the template `SecretsManagerRDSPostgreSQLRotationMultiUser <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-postgre-multiuser>`_ . - ``OracleSingleUser`` to use the template `SecretsManagerRDSOracleRotationSingleUser <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-oracle-singleuser>`_ . - ``OracleMultiUser`` to use the template `SecretsManagerRDSOracleRotationMultiUser <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-oracle-multiuser>`_ . - ``MariaDBSingleUser`` to use the template `SecretsManagerRDSMariaDBRotationSingleUser <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-mariadb-singleuser>`_ . - ``MariaDBMultiUser`` to use the template `SecretsManagerRDSMariaDBRotationMultiUser <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-mariadb-multiuser>`_ . - ``SQLServerSingleUser`` to use the template `SecretsManagerRDSSQLServerRotationSingleUser <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-sqlserver-singleuser>`_ . - ``SQLServerMultiUser`` to use the template `SecretsManagerRDSSQLServerRotationMultiUser <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-sqlserver-multiuser>`_ . - ``RedshiftSingleUser`` to use the template `SecretsManagerRedshiftRotationSingleUsr <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-redshift-singleuser>`_ . - ``RedshiftMultiUser`` to use the template `SecretsManagerRedshiftRotationMultiUser <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-redshift-multiuser>`_ . - ``MongoDBSingleUser`` to use the template `SecretsManagerMongoDBRotationSingleUser <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-mongodb-singleuser>`_ . - ``MongoDBMultiUser`` to use the template `SecretsManagerMongoDBRotationMultiUser <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-mongodb-multiuser>`_ .
             :param exclude_characters: A string of the characters that you don't want in the password.
             :param kms_key_arn: The ARN of the KMS key that Secrets Manager uses to encrypt the secret. If you don't specify this value, then Secrets Manager uses the key ``aws/secretsmanager`` . If ``aws/secretsmanager`` doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value.
@@ -1301,9 +1305,9 @@ class CfnRotationScheduleProps:
         '''Properties for defining a ``CfnRotationSchedule``.
 
         :param secret_id: The ARN or name of the secret to rotate. To reference a secret also created in this template, use the `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function with the secret's logical ID.
-        :param hosted_rotation_lambda: Creates a new Lambda rotation function based on one of the `Secrets Manager rotation function templates <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ . To use a rotation function that already exists, specify ``RotationLambdaARN`` instead. For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ .
+        :param hosted_rotation_lambda: Creates a new Lambda rotation function based on one of the `Secrets Manager rotation function templates <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ . To use a rotation function that already exists, specify ``RotationLambdaARN`` instead. For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ . For Amazon Redshift admin user credentials, see `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_ .
         :param rotate_immediately_on_update: Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. The rotation schedule is defined in ``RotationRules`` . If you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the ```testSecret`` step <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ of the Lambda rotation function. The test creates an ``AWSPENDING`` version of the secret and then removes it. If you don't specify this value, then by default, Secrets Manager rotates the secret immediately. Rotation is an asynchronous process. For more information, see `How rotation works <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ .
-        :param rotation_lambda_arn: The ARN of an existing Lambda rotation function. To specify a rotation function that is also defined in this template, use the `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function. For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ . To create a new rotation function based on one of the `Secrets Manager rotation function templates <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ , specify ``HostedRotationLambda`` instead.
+        :param rotation_lambda_arn: The ARN of an existing Lambda rotation function. To specify a rotation function that is also defined in this template, use the `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function. For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ . For Amazon Redshift admin user credentials, see `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_ . To create a new rotation function based on one of the `Secrets Manager rotation function templates <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ , specify ``HostedRotationLambda`` instead.
         :param rotation_rules: A structure that defines the rotation configuration for this secret.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-rotationschedule.html
@@ -1382,6 +1386,8 @@ class CfnRotationScheduleProps:
 
         For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ .
 
+        For Amazon Redshift admin user credentials, see `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_ .
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-rotationschedule.html#cfn-secretsmanager-rotationschedule-hostedrotationlambda
         '''
         result = self._values.get("hosted_rotation_lambda")
@@ -1414,6 +1420,8 @@ class CfnRotationScheduleProps:
 
         For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ .
 
+        For Amazon Redshift admin user credentials, see `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_ .
+
         To create a new rotation function based on one of the `Secrets Manager rotation function templates <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ , specify ``HostedRotationLambda`` instead.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-rotationschedule.html#cfn-secretsmanager-rotationschedule-rotationlambdaarn
@@ -1456,9 +1464,9 @@ class CfnSecret(
 
     For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ .
 
-    To retrieve a secret in a CloudFormation template, use a *dynamic reference* . For more information, see `Retrieve a secret in an AWS CloudFormation resource <https://docs.aws.amazon.com/secretsmanager/latest/userguide/cfn-example_reference-secret.html>`_ .
+    For Amazon Redshift admin user credentials, see `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_ .
 
-    A common scenario is to first create a secret with ``GenerateSecretString`` , which generates a password, and then use a dynamic reference to retrieve the username and password from the secret to use as credentials for a new database. See the example *Creating a Redshift cluster and a secret for the admin credentials* .
+    To retrieve a secret in a CloudFormation template, use a *dynamic reference* . For more information, see `Retrieve a secret in an AWS CloudFormation resource <https://docs.aws.amazon.com/secretsmanager/latest/userguide/cfn-example_reference-secret.html>`_ .
 
     For information about creating a secret in the console, see `Create a secret <https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html>`_ . For information about creating a secret using the CLI or SDK, see `CreateSecret <https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html>`_ .
 
@@ -2233,8 +2241,12 @@ class CfnSecretTargetAttachment(
 
     If you want to turn on automatic rotation for a database credential secret, the secret must contain the database connection information. For more information, see `JSON structure of Secrets Manager database credential secrets <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html>`_ .
 
+    When you remove a ``SecretTargetAttachment`` from a stack, Secrets Manager removes the database connection information from the secret with a ``PutSecretValue`` call.
+
     For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ .
 
+    For Amazon Redshift admin user credentials, see `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_ .
+
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html
     :cloudformationResource: AWS::SecretsManager::SecretTargetAttachment
     :exampleMetadata: fixture=_generated
@@ -2266,7 +2278,7 @@ class CfnSecretTargetAttachment(
         :param id: Construct identifier for this resource (unique in its scope).
         :param secret_id: The ARN or name of the secret. To reference a secret also created in this template, use the see `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function with the secret's logical ID.
         :param target_id: The ID of the database or cluster.
-        :param target_type: A string that defines the type of service or database associated with the secret. This value instructs Secrets Manager how to update the secret with the details of the service or database. This value must be one of the following: - AWS::RDS::DBInstance - AWS::RDS::DBCluster - AWS::Redshift::Cluster - AWS::DocDB::DBInstance - AWS::DocDB::DBCluster
+        :param target_type: A string that defines the type of service or database associated with the secret. This value instructs Secrets Manager how to update the secret with the details of the service or database. This value must be one of the following: - AWS::RDS::DBInstance - AWS::RDS::DBCluster - AWS::Redshift::Cluster - AWS::RedshiftServerless::Namespace - AWS::DocDB::DBInstance - AWS::DocDB::DBCluster - AWS::DocDBElastic::Cluster
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__f27548ced74eb3d06a9cd3710e7d562d307b5a2c264476a3e685fcb94ccdee58)
@@ -2382,7 +2394,7 @@ class CfnSecretTargetAttachmentProps:
 
         :param secret_id: The ARN or name of the secret. To reference a secret also created in this template, use the see `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function with the secret's logical ID.
         :param target_id: The ID of the database or cluster.
-        :param target_type: A string that defines the type of service or database associated with the secret. This value instructs Secrets Manager how to update the secret with the details of the service or database. This value must be one of the following: - AWS::RDS::DBInstance - AWS::RDS::DBCluster - AWS::Redshift::Cluster - AWS::DocDB::DBInstance - AWS::DocDB::DBCluster
+        :param target_type: A string that defines the type of service or database associated with the secret. This value instructs Secrets Manager how to update the secret with the details of the service or database. This value must be one of the following: - AWS::RDS::DBInstance - AWS::RDS::DBCluster - AWS::Redshift::Cluster - AWS::RedshiftServerless::Namespace - AWS::DocDB::DBInstance - AWS::DocDB::DBCluster - AWS::DocDBElastic::Cluster
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html
         :exampleMetadata: fixture=_generated
@@ -2441,8 +2453,10 @@ class CfnSecretTargetAttachmentProps:
         - AWS::RDS::DBInstance
         - AWS::RDS::DBCluster
         - AWS::Redshift::Cluster
+        - AWS::RedshiftServerless::Namespace
         - AWS::DocDB::DBInstance
         - AWS::DocDB::DBCluster
+        - AWS::DocDBElastic::Cluster
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html#cfn-secretsmanager-secrettargetattachment-targettype
         '''

aws_cdk/aws_securityhub/__init__.py

@@ -563,10 +563,10 @@ class CfnAutomationRule(
             finding_fields_update: typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRule.AutomationRulesFindingFieldsUpdateProperty", typing.Dict[builtins.str, typing.Any]]],
             type: builtins.str,
         ) -> None:
-            '''One or more actions to update finding fields if a finding matches the defined criteria of the rule.
+            '''One or more actions that AWS Security Hub takes when a finding matches the defined criteria of a rule.
 
             :param finding_fields_update: Specifies that the automation rule action is an update to a finding field.
-            :param type: Specifies that the rule action should update the ``Types`` finding field. The ``Types`` finding field classifies findings in the format of namespace/category/classifier. For more information, see `Types taxonomy for ASFF <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html>`_ in the *AWS Security Hub User Guide* .
+            :param type: Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesaction.html
             :exampleMetadata: fixture=_generated
@@ -632,9 +632,7 @@ class CfnAutomationRule(
 
         @builtins.property
         def type(self) -> builtins.str:
-            '''Specifies that the rule action should update the ``Types`` finding field.
-
-            The ``Types`` finding field classifies findings in the format of namespace/category/classifier. For more information, see `Types taxonomy for ASFF <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html>`_ in the *AWS Security Hub User Guide* .
+            '''Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesaction.html#cfn-securityhub-automationrule-automationrulesaction-type
             '''
@@ -970,7 +968,7 @@ class CfnAutomationRule(
             :param related_findings_id: The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param related_findings_product_arn: The ARN for the product that generated a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param resource_details_other: Custom fields and values about the resource that a finding pertains to. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-            :param resource_id: The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource. Array Members: Minimum number of 1 item. Maximum number of 100 items.
+            :param resource_id: The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource. Array Members: Minimum number of 1 item. Maximum number of 100 items.
             :param resource_partition: The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition. Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param resource_region: The AWS Region where the resource that a finding pertains to is located. Array Members: Minimum number of 1 item. Maximum number of 20 items.
             :param resource_tags: A list of AWS tags associated with a resource at the time the finding was processed. Array Members: Minimum number of 1 item. Maximum number of 20 items.
@@ -1602,7 +1600,7 @@ class CfnAutomationRule(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAutomationRule.StringFilterProperty"]]]]:
             '''The identifier for the given resource type.
 
-            For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.
+            For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.
 
             Array Members: Minimum number of 1 item. Maximum number of 100 items.
 
@@ -3463,7 +3461,7 @@ class CfnConfigurationPolicy(
 
             It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
 
-            :param security_hub: The AWS-service that the configuration policy applies to.
+            :param security_hub: The AWS service that the configuration policy applies to.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-configurationpolicy-policy.html
             :exampleMetadata: fixture=_generated
@@ -3516,7 +3514,7 @@ class CfnConfigurationPolicy(
         def security_hub(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnConfigurationPolicy.SecurityHubPolicyProperty"]]:
-            '''The AWS-service that the configuration policy applies to.
+            '''The AWS service that the configuration policy applies to.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-configurationpolicy-policy.html#cfn-securityhub-configurationpolicy-policy-securityhub
             '''
@@ -5576,7 +5574,7 @@ class CfnInsight(
             :param aws_account_name: The name of the AWS account in which a finding is generated.
             :param company_name: The name of the findings provider (company) that owns the solution (product) that generates findings.
             :param compliance_associated_standards_id: The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the `DescribeStandards <https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html>`_ API response.
-            :param compliance_security_control_id: The unique identifier of a control across standards. Values for this field typically consist of an AWS-service and a number, such as APIGateway.5.
+            :param compliance_security_control_id: The unique identifier of a control across standards. Values for this field typically consist of an AWS service and a number, such as APIGateway.5.
             :param compliance_security_control_parameters_name: The name of a security control parameter.
             :param compliance_security_control_parameters_value: The current value of a security control parameter.
             :param compliance_status: Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains security standard-related finding details.
@@ -6523,7 +6521,7 @@ class CfnInsight(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnInsight.StringFilterProperty"]]]]:
             '''The unique identifier of a control across standards.
 
-            Values for this field typically consist of an AWS-service and a number, such as APIGateway.5.
+            Values for this field typically consist of an AWS service and a number, such as APIGateway.5.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html#cfn-securityhub-insight-awssecurityfindingfilters-compliancesecuritycontrolid
             '''
@@ -9687,7 +9685,19 @@ class CfnSecurityControl(
         cfn_security_control = securityhub.CfnSecurityControl(self, "MyCfnSecurityControl",
             parameters={
                 "parameters_key": securityhub.CfnSecurityControl.ParameterConfigurationProperty(
-                    value_type="valueType"
+                    value_type="valueType",
+        
+                    # the properties below are optional
+                    value=securityhub.CfnSecurityControl.ParameterValueProperty(
+                        boolean=False,
+                        double=123,
+                        enum="enum",
+                        enum_list=["enumList"],
+                        integer=123,
+                        integer_list=[123],
+                        string="string",
+                        string_list=["stringList"]
+                    )
                 )
             },
         
@@ -9714,7 +9724,7 @@ class CfnSecurityControl(
         :param parameters: An object that identifies the name of a control parameter, its current value, and whether it has been customized.
         :param last_update_reason: The most recent reason for updating the customizable properties of a security control. This differs from the ``UpdateReason`` field of the ```BatchUpdateStandardsControlAssociations`` <https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html>`_ API, which tracks the reason for updating the enablement status of a control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores.
         :param security_control_arn: The Amazon Resource Name (ARN) for a security control across standards, such as ``arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1`` . This parameter doesn't mention a specific standard.
-        :param security_control_id: The unique identifier of a security control across standards. Values for this field typically consist of an AWS-service name and a number, such as APIGateway.3.
+        :param security_control_id: The unique identifier of a security control across standards. Values for this field typically consist of an AWS service name and a number, such as APIGateway.3.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__726fa705fd558de76e132e75c55b8475c62b8dc48c449b5a702f64b1f4bff214)
@@ -9824,13 +9834,19 @@ class CfnSecurityControl(
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_securityhub.CfnSecurityControl.ParameterConfigurationProperty",
         jsii_struct_bases=[],
-        name_mapping={"value_type": "valueType"},
+        name_mapping={"value_type": "valueType", "value": "value"},
     )
     class ParameterConfigurationProperty:
-        def __init__(self, *, value_type: builtins.str) -> None:
+        def __init__(
+            self,
+            *,
+            value_type: builtins.str,
+            value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnSecurityControl.ParameterValueProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
+        ) -> None:
             '''An object that provides the current value of a security control parameter and identifies whether it has been customized.
 
             :param value_type: Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior. When ``ValueType`` is set equal to ``DEFAULT`` , the default behavior can be a specific Security Hub default value, or the default behavior can be to ignore a specific parameter. When ``ValueType`` is set equal to ``DEFAULT`` , Security Hub ignores user-provided input for the ``Value`` field. When ``ValueType`` is set equal to ``CUSTOM`` , the ``Value`` field can't be empty.
+            :param value: The current value of a control parameter.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-securitycontrol-parameterconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -9842,15 +9858,30 @@ class CfnSecurityControl(
                 from aws_cdk import aws_securityhub as securityhub
                 
                 parameter_configuration_property = securityhub.CfnSecurityControl.ParameterConfigurationProperty(
-                    value_type="valueType"
+                    value_type="valueType",
+                
+                    # the properties below are optional
+                    value=securityhub.CfnSecurityControl.ParameterValueProperty(
+                        boolean=False,
+                        double=123,
+                        enum="enum",
+                        enum_list=["enumList"],
+                        integer=123,
+                        integer_list=[123],
+                        string="string",
+                        string_list=["stringList"]
+                    )
                 )
             '''
             if __debug__:
                 type_hints = typing.get_type_hints(_typecheckingstub__b4f8a75fb36fae6899e2291977edacf36a70ed147a49bd553150965029bec549)
                 check_type(argname="argument value_type", value=value_type, expected_type=type_hints["value_type"])
+                check_type(argname="argument value", value=value, expected_type=type_hints["value"])
             self._values: typing.Dict[builtins.str, typing.Any] = {
                 "value_type": value_type,
             }
+            if value is not None:
+                self._values["value"] = value
 
         @builtins.property
         def value_type(self) -> builtins.str:
@@ -9866,6 +9897,17 @@ class CfnSecurityControl(
             assert result is not None, "Required property 'value_type' is missing"
             return typing.cast(builtins.str, result)
 
+        @builtins.property
+        def value(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnSecurityControl.ParameterValueProperty"]]:
+            '''The current value of a control parameter.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-securitycontrol-parameterconfiguration.html#cfn-securityhub-securitycontrol-parameterconfiguration-value
+            '''
+            result = self._values.get("value")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnSecurityControl.ParameterValueProperty"]], result)
+
         def __eq__(self, rhs: typing.Any) -> builtins.bool:
             return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -9877,6 +9919,179 @@ class CfnSecurityControl(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_securityhub.CfnSecurityControl.ParameterValueProperty",
+        jsii_struct_bases=[],
+        name_mapping={
+            "boolean": "boolean",
+            "double": "double",
+            "enum": "enum",
+            "enum_list": "enumList",
+            "integer": "integer",
+            "integer_list": "integerList",
+            "string": "string",
+            "string_list": "stringList",
+        },
+    )
+    class ParameterValueProperty:
+        def __init__(
+            self,
+            *,
+            boolean: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+            double: typing.Optional[jsii.Number] = None,
+            enum: typing.Optional[builtins.str] = None,
+            enum_list: typing.Optional[typing.Sequence[builtins.str]] = None,
+            integer: typing.Optional[jsii.Number] = None,
+            integer_list: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[jsii.Number]]] = None,
+            string: typing.Optional[builtins.str] = None,
+            string_list: typing.Optional[typing.Sequence[builtins.str]] = None,
+        ) -> None:
+            '''An object that includes the data type of a security control parameter and its current value.
+
+            :param boolean: A control parameter that is a boolean.
+            :param double: A control parameter that is a double.
+            :param enum: A control parameter that is an enum.
+            :param enum_list: A control parameter that is a list of enums.
+            :param integer: A control parameter that is an integer.
+            :param integer_list: A control parameter that is a list of integers.
+            :param string: A control parameter that is a string.
+            :param string_list: A control parameter that is a list of strings.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-securitycontrol-parametervalue.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_securityhub as securityhub
+                
+                parameter_value_property = securityhub.CfnSecurityControl.ParameterValueProperty(
+                    boolean=False,
+                    double=123,
+                    enum="enum",
+                    enum_list=["enumList"],
+                    integer=123,
+                    integer_list=[123],
+                    string="string",
+                    string_list=["stringList"]
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__0cc6352822613fffa320be35bf75f34228be34d529ce2169c19a447dce31c967)
+                check_type(argname="argument boolean", value=boolean, expected_type=type_hints["boolean"])
+                check_type(argname="argument double", value=double, expected_type=type_hints["double"])
+                check_type(argname="argument enum", value=enum, expected_type=type_hints["enum"])
+                check_type(argname="argument enum_list", value=enum_list, expected_type=type_hints["enum_list"])
+                check_type(argname="argument integer", value=integer, expected_type=type_hints["integer"])
+                check_type(argname="argument integer_list", value=integer_list, expected_type=type_hints["integer_list"])
+                check_type(argname="argument string", value=string, expected_type=type_hints["string"])
+                check_type(argname="argument string_list", value=string_list, expected_type=type_hints["string_list"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if boolean is not None:
+                self._values["boolean"] = boolean
+            if double is not None:
+                self._values["double"] = double
+            if enum is not None:
+                self._values["enum"] = enum
+            if enum_list is not None:
+                self._values["enum_list"] = enum_list
+            if integer is not None:
+                self._values["integer"] = integer
+            if integer_list is not None:
+                self._values["integer_list"] = integer_list
+            if string is not None:
+                self._values["string"] = string
+            if string_list is not None:
+                self._values["string_list"] = string_list
+
+        @builtins.property
+        def boolean(
+            self,
+        ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+            '''A control parameter that is a boolean.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-securitycontrol-parametervalue.html#cfn-securityhub-securitycontrol-parametervalue-boolean
+            '''
+            result = self._values.get("boolean")
+            return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
+
+        @builtins.property
+        def double(self) -> typing.Optional[jsii.Number]:
+            '''A control parameter that is a double.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-securitycontrol-parametervalue.html#cfn-securityhub-securitycontrol-parametervalue-double
+            '''
+            result = self._values.get("double")
+            return typing.cast(typing.Optional[jsii.Number], result)
+
+        @builtins.property
+        def enum(self) -> typing.Optional[builtins.str]:
+            '''A control parameter that is an enum.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-securitycontrol-parametervalue.html#cfn-securityhub-securitycontrol-parametervalue-enum
+            '''
+            result = self._values.get("enum")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def enum_list(self) -> typing.Optional[typing.List[builtins.str]]:
+            '''A control parameter that is a list of enums.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-securitycontrol-parametervalue.html#cfn-securityhub-securitycontrol-parametervalue-enumlist
+            '''
+            result = self._values.get("enum_list")
+            return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
+        @builtins.property
+        def integer(self) -> typing.Optional[jsii.Number]:
+            '''A control parameter that is an integer.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-securitycontrol-parametervalue.html#cfn-securityhub-securitycontrol-parametervalue-integer
+            '''
+            result = self._values.get("integer")
+            return typing.cast(typing.Optional[jsii.Number], result)
+
+        @builtins.property
+        def integer_list(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[jsii.Number]]]:
+            '''A control parameter that is a list of integers.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-securitycontrol-parametervalue.html#cfn-securityhub-securitycontrol-parametervalue-integerlist
+            '''
+            result = self._values.get("integer_list")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[jsii.Number]]], result)
+
+        @builtins.property
+        def string(self) -> typing.Optional[builtins.str]:
+            '''A control parameter that is a string.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-securitycontrol-parametervalue.html#cfn-securityhub-securitycontrol-parametervalue-string
+            '''
+            result = self._values.get("string")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def string_list(self) -> typing.Optional[typing.List[builtins.str]]:
+            '''A control parameter that is a list of strings.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-securitycontrol-parametervalue.html#cfn-securityhub-securitycontrol-parametervalue-stringlist
+            '''
+            result = self._values.get("string_list")
+            return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "ParameterValueProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
 
 @jsii.data_type(
     jsii_type="aws-cdk-lib.aws_securityhub.CfnSecurityControlProps",
@@ -9902,7 +10117,7 @@ class CfnSecurityControlProps:
         :param parameters: An object that identifies the name of a control parameter, its current value, and whether it has been customized.
         :param last_update_reason: The most recent reason for updating the customizable properties of a security control. This differs from the ``UpdateReason`` field of the ```BatchUpdateStandardsControlAssociations`` <https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html>`_ API, which tracks the reason for updating the enablement status of a control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores.
         :param security_control_arn: The Amazon Resource Name (ARN) for a security control across standards, such as ``arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1`` . This parameter doesn't mention a specific standard.
-        :param security_control_id: The unique identifier of a security control across standards. Values for this field typically consist of an AWS-service name and a number, such as APIGateway.3.
+        :param security_control_id: The unique identifier of a security control across standards. Values for this field typically consist of an AWS service name and a number, such as APIGateway.3.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-securitycontrol.html
         :exampleMetadata: fixture=_generated
@@ -9916,7 +10131,19 @@ class CfnSecurityControlProps:
             cfn_security_control_props = securityhub.CfnSecurityControlProps(
                 parameters={
                     "parameters_key": securityhub.CfnSecurityControl.ParameterConfigurationProperty(
-                        value_type="valueType"
+                        value_type="valueType",
+            
+                        # the properties below are optional
+                        value=securityhub.CfnSecurityControl.ParameterValueProperty(
+                            boolean=False,
+                            double=123,
+                            enum="enum",
+                            enum_list=["enumList"],
+                            integer=123,
+                            integer_list=[123],
+                            string="string",
+                            string_list=["stringList"]
+                        )
                     )
                 },
             
@@ -9978,7 +10205,7 @@ class CfnSecurityControlProps:
     def security_control_id(self) -> typing.Optional[builtins.str]:
         '''The unique identifier of a security control across standards.
 
-        Values for this field typically consist of an AWS-service name and a number, such as APIGateway.3.
+        Values for this field typically consist of an AWS service name and a number, such as APIGateway.3.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-securitycontrol.html#cfn-securityhub-securitycontrol-securitycontrolid
         '''
@@ -11215,6 +11442,21 @@ def _typecheckingstub__ff55fd11201a4a7c92e4e58e9fa5bcdb6762a8ac0310ada761c3b9015
 def _typecheckingstub__b4f8a75fb36fae6899e2291977edacf36a70ed147a49bd553150965029bec549(
     *,
     value_type: builtins.str,
+    value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnSecurityControl.ParameterValueProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__0cc6352822613fffa320be35bf75f34228be34d529ce2169c19a447dce31c967(
+    *,
+    boolean: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+    double: typing.Optional[jsii.Number] = None,
+    enum: typing.Optional[builtins.str] = None,
+    enum_list: typing.Optional[typing.Sequence[builtins.str]] = None,
+    integer: typing.Optional[jsii.Number] = None,
+    integer_list: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[jsii.Number]]] = None,
+    string: typing.Optional[builtins.str] = None,
+    string_list: typing.Optional[typing.Sequence[builtins.str]] = None,
 ) -> None:
     """Type checking stubs"""
     pass