aws-cdk-lib 2.159.1__py3-none-any.whl → 2.160.0__py3-none-any.whl

aws_cdk/__init__.py

@@ -173,8 +173,8 @@ class MyNestedStack(cfn.NestedStack):
         s3.Bucket(self, "NestedBucket")
 
 class MyParentStack(Stack):
-    def __init__(self, scope, id, *, description=None, env=None, stackName=None, tags=None, synthesizer=None, terminationProtection=None, analyticsReporting=None, crossRegionReferences=None, permissionsBoundary=None, suppressTemplateIndentation=None):
-        super().__init__(scope, id, description=description, env=env, stackName=stackName, tags=tags, synthesizer=synthesizer, terminationProtection=terminationProtection, analyticsReporting=analyticsReporting, crossRegionReferences=crossRegionReferences, permissionsBoundary=permissionsBoundary, suppressTemplateIndentation=suppressTemplateIndentation)
+    def __init__(self, scope, id, *, description=None, env=None, stackName=None, tags=None, notificationArns=None, synthesizer=None, terminationProtection=None, analyticsReporting=None, crossRegionReferences=None, permissionsBoundary=None, suppressTemplateIndentation=None):
+        super().__init__(scope, id, description=description, env=env, stackName=stackName, tags=tags, notificationArns=notificationArns, synthesizer=synthesizer, terminationProtection=terminationProtection, analyticsReporting=analyticsReporting, crossRegionReferences=crossRegionReferences, permissionsBoundary=permissionsBoundary, suppressTemplateIndentation=suppressTemplateIndentation)
 
         MyNestedStack(self, "Nested1")
         MyNestedStack(self, "Nested2")
@@ -2074,26 +2074,38 @@ class ArnComponents:
 
         Example::
 
-            sub_zone = route53.PublicHostedZone(self, "SubZone",
-                zone_name="sub.someexample.com"
-            )
+            from aws_cdk.aws_apigatewayv2_authorizers import WebSocketIamAuthorizer
+            from aws_cdk.aws_apigatewayv2_integrations import WebSocketLambdaIntegration
+            
+            # This function handles your connect route
+            # connect_handler: lambda.Function
+            
             
-            # import the delegation role by constructing the roleArn
-            delegation_role_arn = Stack.of(self).format_arn(
-                region="",  # IAM is global in each partition
-                service="iam",
-                account="parent-account-id",
-                resource="role",
-                resource_name="MyDelegationRole"
+            web_socket_api = apigwv2.WebSocketApi(self, "WebSocketApi")
+            
+            web_socket_api.add_route("$connect",
+                integration=WebSocketLambdaIntegration("Integration", connect_handler),
+                authorizer=WebSocketIamAuthorizer()
             )
-            delegation_role = iam.Role.from_role_arn(self, "DelegationRole", delegation_role_arn)
             
-            route53.CrossAccountZoneDelegationRecord(self, "delegate",
-                delegated_zone=sub_zone,
-                parent_hosted_zone_name="someexample.com",  # or you can use parentHostedZoneId
-                delegation_role=delegation_role,
-                assume_role_region="us-east-1"
+            # Create an IAM user (identity)
+            user = iam.User(self, "User")
+            
+            web_socket_arn = Stack.of(self).format_arn(
+                service="execute-api",
+                resource=web_socket_api.api_id
             )
+            
+            # Grant access to the IAM user
+            user.attach_inline_policy(iam.Policy(self, "AllowInvoke",
+                statements=[
+                    iam.PolicyStatement(
+                        actions=["execute-api:Invoke"],
+                        effect=iam.Effect.ALLOW,
+                        resources=[web_socket_arn]
+                    )
+                ]
+            ))
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__4565cb9b5469dd4d4c1d23e54f8933087065a599bfce16e56da30ffbcbeccfc0)
@@ -2373,6 +2385,7 @@ class AssetManifestBuilder(
         *,
         image_tag: builtins.str,
         repository_name: builtins.str,
+        assume_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
         assume_role_arn: typing.Optional[builtins.str] = None,
         assume_role_external_id: typing.Optional[builtins.str] = None,
         region: typing.Optional[builtins.str] = None,
@@ -2386,6 +2399,7 @@ class AssetManifestBuilder(
         :param source: -
         :param image_tag: Tag of the image to publish.
         :param repository_name: Name of the ECR repository to publish to.
+        :param assume_role_additional_options: Additional options to pass to STS when assuming the role. - ``RoleArn`` should not be used. Use the dedicated ``assumeRoleArn`` property instead. - ``ExternalId`` should not be used. Use the dedicated ``assumeRoleExternalId`` instead. Default: - No additional options.
         :param assume_role_arn: The role that needs to be assumed while publishing this asset. Default: - No role will be assumed
         :param assume_role_external_id: The ExternalId that needs to be supplied while assuming this role. Default: - No ExternalId will be supplied
         :param region: The region where this asset will need to be published. Default: - Current region
@@ -2398,6 +2412,7 @@ class AssetManifestBuilder(
         dest = _DockerImageDestination_132046c7(
             image_tag=image_tag,
             repository_name=repository_name,
+            assume_role_additional_options=assume_role_additional_options,
             assume_role_arn=assume_role_arn,
             assume_role_external_id=assume_role_external_id,
             region=region,
@@ -2414,6 +2429,7 @@ class AssetManifestBuilder(
         *,
         bucket_name: builtins.str,
         object_key: builtins.str,
+        assume_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
         assume_role_arn: typing.Optional[builtins.str] = None,
         assume_role_external_id: typing.Optional[builtins.str] = None,
         region: typing.Optional[builtins.str] = None,
@@ -2427,6 +2443,7 @@ class AssetManifestBuilder(
         :param source: -
         :param bucket_name: The name of the bucket.
         :param object_key: The destination object key.
+        :param assume_role_additional_options: Additional options to pass to STS when assuming the role. - ``RoleArn`` should not be used. Use the dedicated ``assumeRoleArn`` property instead. - ``ExternalId`` should not be used. Use the dedicated ``assumeRoleExternalId`` instead. Default: - No additional options.
         :param assume_role_arn: The role that needs to be assumed while publishing this asset. Default: - No role will be assumed
         :param assume_role_external_id: The ExternalId that needs to be supplied while assuming this role. Default: - No ExternalId will be supplied
         :param region: The region where this asset will need to be published. Default: - Current region
@@ -2439,6 +2456,7 @@ class AssetManifestBuilder(
         dest = _FileDestination_7d285b38(
             bucket_name=bucket_name,
             object_key=object_key,
+            assume_role_additional_options=assume_role_additional_options,
             assume_role_arn=assume_role_arn,
             assume_role_external_id=assume_role_external_id,
             region=region,
@@ -2573,6 +2591,8 @@ class AssetManifestDockerImageDestination:
             # The values are placeholders you should change.
             import aws_cdk as cdk
             
+            # assume_role_additional_options: Any
+            
             asset_manifest_docker_image_destination = cdk.AssetManifestDockerImageDestination(
                 repository_name="repositoryName",
             
@@ -2582,6 +2602,9 @@ class AssetManifestDockerImageDestination:
                     assume_role_arn="assumeRoleArn",
             
                     # the properties below are optional
+                    assume_role_additional_options={
+                        "assume_role_additional_options_key": assume_role_additional_options
+                    },
                     assume_role_external_id="assumeRoleExternalId"
                 )
             )
@@ -2669,6 +2692,8 @@ class AssetManifestFileDestination:
             # The values are placeholders you should change.
             import aws_cdk as cdk
             
+            # assume_role_additional_options: Any
+            
             asset_manifest_file_destination = cdk.AssetManifestFileDestination(
                 bucket_name="bucketName",
             
@@ -2678,6 +2703,9 @@ class AssetManifestFileDestination:
                     assume_role_arn="assumeRoleArn",
             
                     # the properties below are optional
+                    assume_role_additional_options={
+                        "assume_role_additional_options_key": assume_role_additional_options
+                    },
                     assume_role_external_id="assumeRoleExternalId"
                 )
             )
@@ -10607,16 +10635,20 @@ class CustomResourceProviderRuntime(enum.Enum):
         "bootstrap_stack_version_ssm_parameter": "bootstrapStackVersionSsmParameter",
         "bucket_prefix": "bucketPrefix",
         "cloud_formation_execution_role": "cloudFormationExecutionRole",
+        "deploy_role_additional_options": "deployRoleAdditionalOptions",
         "deploy_role_arn": "deployRoleArn",
         "deploy_role_external_id": "deployRoleExternalId",
         "docker_tag_prefix": "dockerTagPrefix",
         "file_asset_publishing_external_id": "fileAssetPublishingExternalId",
+        "file_asset_publishing_role_additional_options": "fileAssetPublishingRoleAdditionalOptions",
         "file_asset_publishing_role_arn": "fileAssetPublishingRoleArn",
         "file_assets_bucket_name": "fileAssetsBucketName",
         "generate_bootstrap_version_rule": "generateBootstrapVersionRule",
         "image_asset_publishing_external_id": "imageAssetPublishingExternalId",
+        "image_asset_publishing_role_additional_options": "imageAssetPublishingRoleAdditionalOptions",
         "image_asset_publishing_role_arn": "imageAssetPublishingRoleArn",
         "image_assets_repository_name": "imageAssetsRepositoryName",
+        "lookup_role_additional_options": "lookupRoleAdditionalOptions",
         "lookup_role_arn": "lookupRoleArn",
         "lookup_role_external_id": "lookupRoleExternalId",
         "qualifier": "qualifier",
@@ -10630,16 +10662,20 @@ class DefaultStackSynthesizerProps:
         bootstrap_stack_version_ssm_parameter: typing.Optional[builtins.str] = None,
         bucket_prefix: typing.Optional[builtins.str] = None,
         cloud_formation_execution_role: typing.Optional[builtins.str] = None,
+        deploy_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
         deploy_role_arn: typing.Optional[builtins.str] = None,
         deploy_role_external_id: typing.Optional[builtins.str] = None,
         docker_tag_prefix: typing.Optional[builtins.str] = None,
         file_asset_publishing_external_id: typing.Optional[builtins.str] = None,
+        file_asset_publishing_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
         file_asset_publishing_role_arn: typing.Optional[builtins.str] = None,
         file_assets_bucket_name: typing.Optional[builtins.str] = None,
         generate_bootstrap_version_rule: typing.Optional[builtins.bool] = None,
         image_asset_publishing_external_id: typing.Optional[builtins.str] = None,
+        image_asset_publishing_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
         image_asset_publishing_role_arn: typing.Optional[builtins.str] = None,
         image_assets_repository_name: typing.Optional[builtins.str] = None,
+        lookup_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
         lookup_role_arn: typing.Optional[builtins.str] = None,
         lookup_role_external_id: typing.Optional[builtins.str] = None,
         qualifier: typing.Optional[builtins.str] = None,
@@ -10650,16 +10686,20 @@ class DefaultStackSynthesizerProps:
         :param bootstrap_stack_version_ssm_parameter: Bootstrap stack version SSM parameter. The placeholder ``${Qualifier}`` will be replaced with the value of qualifier. Default: DefaultStackSynthesizer.DEFAULT_BOOTSTRAP_STACK_VERSION_SSM_PARAMETER
         :param bucket_prefix: bucketPrefix to use while storing S3 Assets. Default: - DefaultStackSynthesizer.DEFAULT_FILE_ASSET_PREFIX
         :param cloud_formation_execution_role: The role CloudFormation will assume when deploying the Stack. You must supply this if you have given a non-standard name to the execution role. The placeholders ``${Qualifier}``, ``${AWS::AccountId}`` and ``${AWS::Region}`` will be replaced with the values of qualifier and the stack's account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_CLOUDFORMATION_ROLE_ARN
+        :param deploy_role_additional_options: Additional options to pass to STS when assuming the deploy role. - ``RoleArn`` should not be used. Use the dedicated ``deployRoleArn`` property instead. - ``ExternalId`` should not be used. Use the dedicated ``deployRoleExternalId`` instead. - ``TransitiveTagKeys`` defaults to use all keys (if any) specified in ``Tags``. E.g, all tags are transitive by default. Default: - No additional options.
         :param deploy_role_arn: The role to assume to initiate a deployment in this environment. You must supply this if you have given a non-standard name to the publishing role. The placeholders ``${Qualifier}``, ``${AWS::AccountId}`` and ``${AWS::Region}`` will be replaced with the values of qualifier and the stack's account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_DEPLOY_ROLE_ARN
         :param deploy_role_external_id: External ID to use when assuming role for cloudformation deployments. Default: - No external ID
         :param docker_tag_prefix: A prefix to use while tagging and uploading Docker images to ECR. This does not add any separators - the source hash will be appended to this string directly. Default: - DefaultStackSynthesizer.DEFAULT_DOCKER_ASSET_PREFIX
         :param file_asset_publishing_external_id: External ID to use when assuming role for file asset publishing. Default: - No external ID
+        :param file_asset_publishing_role_additional_options: Additional options to pass to STS when assuming the file asset publishing. - ``RoleArn`` should not be used. Use the dedicated ``fileAssetPublishingRoleArn`` property instead. - ``ExternalId`` should not be used. Use the dedicated ``fileAssetPublishingExternalId`` instead. - ``TransitiveTagKeys`` defaults to use all keys (if any) specified in ``Tags``. E.g, all tags are transitive by default. Default: - No additional options.
         :param file_asset_publishing_role_arn: The role to use to publish file assets to the S3 bucket in this environment. You must supply this if you have given a non-standard name to the publishing role. The placeholders ``${Qualifier}``, ``${AWS::AccountId}`` and ``${AWS::Region}`` will be replaced with the values of qualifier and the stack's account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_FILE_ASSET_PUBLISHING_ROLE_ARN
         :param file_assets_bucket_name: Name of the S3 bucket to hold file assets. You must supply this if you have given a non-standard name to the staging bucket. The placeholders ``${Qualifier}``, ``${AWS::AccountId}`` and ``${AWS::Region}`` will be replaced with the values of qualifier and the stack's account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_FILE_ASSETS_BUCKET_NAME
         :param generate_bootstrap_version_rule: Whether to add a Rule to the stack template verifying the bootstrap stack version. This generally should be left set to ``true``, unless you explicitly want to be able to deploy to an unbootstrapped environment. Default: true
         :param image_asset_publishing_external_id: External ID to use when assuming role for image asset publishing. Default: - No external ID
+        :param image_asset_publishing_role_additional_options: Additional options to pass to STS when assuming the image asset publishing. - ``RoleArn`` should not be used. Use the dedicated ``imageAssetPublishingRoleArn`` property instead. - ``ExternalId`` should not be used. Use the dedicated ``imageAssetPublishingExternalId`` instead. - ``TransitiveTagKeys`` defaults to use all keys (if any) specified in ``Tags``. E.g, all tags are transitive by default. Default: - No additional options.
         :param image_asset_publishing_role_arn: The role to use to publish image assets to the ECR repository in this environment. You must supply this if you have given a non-standard name to the publishing role. The placeholders ``${Qualifier}``, ``${AWS::AccountId}`` and ``${AWS::Region}`` will be replaced with the values of qualifier and the stack's account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_IMAGE_ASSET_PUBLISHING_ROLE_ARN
         :param image_assets_repository_name: Name of the ECR repository to hold Docker Image assets. You must supply this if you have given a non-standard name to the ECR repository. The placeholders ``${Qualifier}``, ``${AWS::AccountId}`` and ``${AWS::Region}`` will be replaced with the values of qualifier and the stack's account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_IMAGE_ASSETS_REPOSITORY_NAME
+        :param lookup_role_additional_options: Additional options to pass to STS when assuming the lookup role. - ``RoleArn`` should not be used. Use the dedicated ``lookupRoleArn`` property instead. - ``ExternalId`` should not be used. Use the dedicated ``lookupRoleExternalId`` instead. - ``TransitiveTagKeys`` defaults to use all keys (if any) specified in ``Tags``. E.g, all tags are transitive by default. Default: - No additional options.
         :param lookup_role_arn: The role to use to look up values from the target AWS account during synthesis. Default: - None
         :param lookup_role_external_id: External ID to use when assuming lookup role. Default: - No external ID
         :param qualifier: Qualifier to disambiguate multiple environments in the same account. You can use this and leave the other naming properties empty if you have deployed the bootstrap environment with standard names but only different qualifiers. Default: - Value of context key '@aws-cdk/core:bootstrapQualifier' if set, otherwise ``DefaultStackSynthesizer.DEFAULT_QUALIFIER``
@@ -10680,16 +10720,20 @@ class DefaultStackSynthesizerProps:
             check_type(argname="argument bootstrap_stack_version_ssm_parameter", value=bootstrap_stack_version_ssm_parameter, expected_type=type_hints["bootstrap_stack_version_ssm_parameter"])
             check_type(argname="argument bucket_prefix", value=bucket_prefix, expected_type=type_hints["bucket_prefix"])
             check_type(argname="argument cloud_formation_execution_role", value=cloud_formation_execution_role, expected_type=type_hints["cloud_formation_execution_role"])
+            check_type(argname="argument deploy_role_additional_options", value=deploy_role_additional_options, expected_type=type_hints["deploy_role_additional_options"])
             check_type(argname="argument deploy_role_arn", value=deploy_role_arn, expected_type=type_hints["deploy_role_arn"])
             check_type(argname="argument deploy_role_external_id", value=deploy_role_external_id, expected_type=type_hints["deploy_role_external_id"])
             check_type(argname="argument docker_tag_prefix", value=docker_tag_prefix, expected_type=type_hints["docker_tag_prefix"])
             check_type(argname="argument file_asset_publishing_external_id", value=file_asset_publishing_external_id, expected_type=type_hints["file_asset_publishing_external_id"])
+            check_type(argname="argument file_asset_publishing_role_additional_options", value=file_asset_publishing_role_additional_options, expected_type=type_hints["file_asset_publishing_role_additional_options"])
             check_type(argname="argument file_asset_publishing_role_arn", value=file_asset_publishing_role_arn, expected_type=type_hints["file_asset_publishing_role_arn"])
             check_type(argname="argument file_assets_bucket_name", value=file_assets_bucket_name, expected_type=type_hints["file_assets_bucket_name"])
             check_type(argname="argument generate_bootstrap_version_rule", value=generate_bootstrap_version_rule, expected_type=type_hints["generate_bootstrap_version_rule"])
             check_type(argname="argument image_asset_publishing_external_id", value=image_asset_publishing_external_id, expected_type=type_hints["image_asset_publishing_external_id"])
+            check_type(argname="argument image_asset_publishing_role_additional_options", value=image_asset_publishing_role_additional_options, expected_type=type_hints["image_asset_publishing_role_additional_options"])
             check_type(argname="argument image_asset_publishing_role_arn", value=image_asset_publishing_role_arn, expected_type=type_hints["image_asset_publishing_role_arn"])
             check_type(argname="argument image_assets_repository_name", value=image_assets_repository_name, expected_type=type_hints["image_assets_repository_name"])
+            check_type(argname="argument lookup_role_additional_options", value=lookup_role_additional_options, expected_type=type_hints["lookup_role_additional_options"])
             check_type(argname="argument lookup_role_arn", value=lookup_role_arn, expected_type=type_hints["lookup_role_arn"])
             check_type(argname="argument lookup_role_external_id", value=lookup_role_external_id, expected_type=type_hints["lookup_role_external_id"])
             check_type(argname="argument qualifier", value=qualifier, expected_type=type_hints["qualifier"])
@@ -10701,6 +10745,8 @@ class DefaultStackSynthesizerProps:
             self._values["bucket_prefix"] = bucket_prefix
         if cloud_formation_execution_role is not None:
             self._values["cloud_formation_execution_role"] = cloud_formation_execution_role
+        if deploy_role_additional_options is not None:
+            self._values["deploy_role_additional_options"] = deploy_role_additional_options
         if deploy_role_arn is not None:
             self._values["deploy_role_arn"] = deploy_role_arn
         if deploy_role_external_id is not None:
@@ -10709,6 +10755,8 @@ class DefaultStackSynthesizerProps:
             self._values["docker_tag_prefix"] = docker_tag_prefix
         if file_asset_publishing_external_id is not None:
             self._values["file_asset_publishing_external_id"] = file_asset_publishing_external_id
+        if file_asset_publishing_role_additional_options is not None:
+            self._values["file_asset_publishing_role_additional_options"] = file_asset_publishing_role_additional_options
         if file_asset_publishing_role_arn is not None:
             self._values["file_asset_publishing_role_arn"] = file_asset_publishing_role_arn
         if file_assets_bucket_name is not None:
@@ -10717,10 +10765,14 @@ class DefaultStackSynthesizerProps:
             self._values["generate_bootstrap_version_rule"] = generate_bootstrap_version_rule
         if image_asset_publishing_external_id is not None:
             self._values["image_asset_publishing_external_id"] = image_asset_publishing_external_id
+        if image_asset_publishing_role_additional_options is not None:
+            self._values["image_asset_publishing_role_additional_options"] = image_asset_publishing_role_additional_options
         if image_asset_publishing_role_arn is not None:
             self._values["image_asset_publishing_role_arn"] = image_asset_publishing_role_arn
         if image_assets_repository_name is not None:
             self._values["image_assets_repository_name"] = image_assets_repository_name
+        if lookup_role_additional_options is not None:
+            self._values["lookup_role_additional_options"] = lookup_role_additional_options
         if lookup_role_arn is not None:
             self._values["lookup_role_arn"] = lookup_role_arn
         if lookup_role_external_id is not None:
@@ -10765,6 +10817,23 @@ class DefaultStackSynthesizerProps:
         result = self._values.get("cloud_formation_execution_role")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def deploy_role_additional_options(
+        self,
+    ) -> typing.Optional[typing.Mapping[builtins.str, typing.Any]]:
+        '''Additional options to pass to STS when assuming the deploy role.
+
+        - ``RoleArn`` should not be used. Use the dedicated ``deployRoleArn`` property instead.
+        - ``ExternalId`` should not be used. Use the dedicated ``deployRoleExternalId`` instead.
+        - ``TransitiveTagKeys`` defaults to use all keys (if any) specified in ``Tags``. E.g, all tags are transitive by default.
+
+        :default: - No additional options.
+
+        :see: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property
+        '''
+        result = self._values.get("deploy_role_additional_options")
+        return typing.cast(typing.Optional[typing.Mapping[builtins.str, typing.Any]], result)
+
     @builtins.property
     def deploy_role_arn(self) -> typing.Optional[builtins.str]:
         '''The role to assume to initiate a deployment in this environment.
@@ -10810,6 +10879,23 @@ class DefaultStackSynthesizerProps:
         result = self._values.get("file_asset_publishing_external_id")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def file_asset_publishing_role_additional_options(
+        self,
+    ) -> typing.Optional[typing.Mapping[builtins.str, typing.Any]]:
+        '''Additional options to pass to STS when assuming the file asset publishing.
+
+        - ``RoleArn`` should not be used. Use the dedicated ``fileAssetPublishingRoleArn`` property instead.
+        - ``ExternalId`` should not be used. Use the dedicated ``fileAssetPublishingExternalId`` instead.
+        - ``TransitiveTagKeys`` defaults to use all keys (if any) specified in ``Tags``. E.g, all tags are transitive by default.
+
+        :default: - No additional options.
+
+        :see: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property
+        '''
+        result = self._values.get("file_asset_publishing_role_additional_options")
+        return typing.cast(typing.Optional[typing.Mapping[builtins.str, typing.Any]], result)
+
     @builtins.property
     def file_asset_publishing_role_arn(self) -> typing.Optional[builtins.str]:
         '''The role to use to publish file assets to the S3 bucket in this environment.
@@ -10861,6 +10947,23 @@ class DefaultStackSynthesizerProps:
         result = self._values.get("image_asset_publishing_external_id")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def image_asset_publishing_role_additional_options(
+        self,
+    ) -> typing.Optional[typing.Mapping[builtins.str, typing.Any]]:
+        '''Additional options to pass to STS when assuming the image asset publishing.
+
+        - ``RoleArn`` should not be used. Use the dedicated ``imageAssetPublishingRoleArn`` property instead.
+        - ``ExternalId`` should not be used. Use the dedicated ``imageAssetPublishingExternalId`` instead.
+        - ``TransitiveTagKeys`` defaults to use all keys (if any) specified in ``Tags``. E.g, all tags are transitive by default.
+
+        :default: - No additional options.
+
+        :see: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property
+        '''
+        result = self._values.get("image_asset_publishing_role_additional_options")
+        return typing.cast(typing.Optional[typing.Mapping[builtins.str, typing.Any]], result)
+
     @builtins.property
     def image_asset_publishing_role_arn(self) -> typing.Optional[builtins.str]:
         '''The role to use to publish image assets to the ECR repository in this environment.
@@ -10891,6 +10994,23 @@ class DefaultStackSynthesizerProps:
         result = self._values.get("image_assets_repository_name")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def lookup_role_additional_options(
+        self,
+    ) -> typing.Optional[typing.Mapping[builtins.str, typing.Any]]:
+        '''Additional options to pass to STS when assuming the lookup role.
+
+        - ``RoleArn`` should not be used. Use the dedicated ``lookupRoleArn`` property instead.
+        - ``ExternalId`` should not be used. Use the dedicated ``lookupRoleExternalId`` instead.
+        - ``TransitiveTagKeys`` defaults to use all keys (if any) specified in ``Tags``. E.g, all tags are transitive by default.
+
+        :default: - No additional options.
+
+        :see: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property
+        '''
+        result = self._values.get("lookup_role_additional_options")
+        return typing.cast(typing.Optional[typing.Mapping[builtins.str, typing.Any]], result)
+
     @builtins.property
     def lookup_role_arn(self) -> typing.Optional[builtins.str]:
         '''The role to use to look up values from the target AWS account during synthesis.
@@ -18967,6 +19087,7 @@ class ReverseOptions:
     jsii_struct_bases=[],
     name_mapping={
         "assume_role_arn": "assumeRoleArn",
+        "assume_role_additional_options": "assumeRoleAdditionalOptions",
         "assume_role_external_id": "assumeRoleExternalId",
     },
 )
@@ -18975,11 +19096,13 @@ class RoleOptions:
         self,
         *,
         assume_role_arn: builtins.str,
+        assume_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
         assume_role_external_id: typing.Optional[builtins.str] = None,
     ) -> None:
         '''Options for specifying a role.
 
         :param assume_role_arn: ARN of the role to assume.
+        :param assume_role_additional_options: Additional options to pass to STS when assuming the role for cloudformation deployments. - ``RoleArn`` should not be used. Use the dedicated ``assumeRoleArn`` property instead. - ``ExternalId`` should not be used. Use the dedicated ``assumeRoleExternalId`` instead. - ``TransitiveTagKeys`` defaults to use all keys (if any) specified in ``Tags``. E.g, all tags are transitive by default. Default: - No additional options.
         :param assume_role_external_id: External ID to use when assuming the role. Default: - No external ID
 
         :exampleMetadata: fixture=_generated
@@ -18990,20 +19113,28 @@ class RoleOptions:
             # The values are placeholders you should change.
             import aws_cdk as cdk
             
+            # assume_role_additional_options: Any
+            
             role_options = cdk.RoleOptions(
                 assume_role_arn="assumeRoleArn",
             
                 # the properties below are optional
+                assume_role_additional_options={
+                    "assume_role_additional_options_key": assume_role_additional_options
+                },
                 assume_role_external_id="assumeRoleExternalId"
             )
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__350c3eeb771368884765de415edb2b16931d742fbdb5253af2222e0e84a150c0)
             check_type(argname="argument assume_role_arn", value=assume_role_arn, expected_type=type_hints["assume_role_arn"])
+            check_type(argname="argument assume_role_additional_options", value=assume_role_additional_options, expected_type=type_hints["assume_role_additional_options"])
             check_type(argname="argument assume_role_external_id", value=assume_role_external_id, expected_type=type_hints["assume_role_external_id"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "assume_role_arn": assume_role_arn,
         }
+        if assume_role_additional_options is not None:
+            self._values["assume_role_additional_options"] = assume_role_additional_options
         if assume_role_external_id is not None:
             self._values["assume_role_external_id"] = assume_role_external_id
 
@@ -19014,6 +19145,23 @@ class RoleOptions:
         assert result is not None, "Required property 'assume_role_arn' is missing"
         return typing.cast(builtins.str, result)
 
+    @builtins.property
+    def assume_role_additional_options(
+        self,
+    ) -> typing.Optional[typing.Mapping[builtins.str, typing.Any]]:
+        '''Additional options to pass to STS when assuming the role for cloudformation deployments.
+
+        - ``RoleArn`` should not be used. Use the dedicated ``assumeRoleArn`` property instead.
+        - ``ExternalId`` should not be used. Use the dedicated ``assumeRoleExternalId`` instead.
+        - ``TransitiveTagKeys`` defaults to use all keys (if any) specified in ``Tags``. E.g, all tags are transitive by default.
+
+        :default: - No additional options.
+
+        :see: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property
+        '''
+        result = self._values.get("assume_role_additional_options")
+        return typing.cast(typing.Optional[typing.Mapping[builtins.str, typing.Any]], result)
+
     @builtins.property
     def assume_role_external_id(self) -> typing.Optional[builtins.str]:
         '''External ID to use when assuming the role.
@@ -19802,6 +19950,7 @@ class Stack(
         cross_region_references: typing.Optional[builtins.bool] = None,
         description: typing.Optional[builtins.str] = None,
         env: typing.Optional[typing.Union[Environment, typing.Dict[builtins.str, typing.Any]]] = None,
+        notification_arns: typing.Optional[typing.Sequence[builtins.str]] = None,
         permissions_boundary: typing.Optional[PermissionsBoundary] = None,
         stack_name: typing.Optional[builtins.str] = None,
         suppress_template_indentation: typing.Optional[builtins.bool] = None,
@@ -19817,6 +19966,7 @@ class Stack(
         :param cross_region_references: Enable this flag to allow native cross region stack references. Enabling this will create a CloudFormation custom resource in both the producing stack and consuming stack in order to perform the export/import This feature is currently experimental Default: false
         :param description: A description of the stack. Default: - No description.
         :param env: The AWS environment (account/region) where this stack will be deployed. Set the ``region``/``account`` fields of ``env`` to either a concrete value to select the indicated environment (recommended for production stacks), or to the values of environment variables ``CDK_DEFAULT_REGION``/``CDK_DEFAULT_ACCOUNT`` to let the target environment depend on the AWS credentials/configuration that the CDK CLI is executed under (recommended for development stacks). If the ``Stack`` is instantiated inside a ``Stage``, any undefined ``region``/``account`` fields from ``env`` will default to the same field on the encompassing ``Stage``, if configured there. If either ``region`` or ``account`` are not set nor inherited from ``Stage``, the Stack will be considered "*environment-agnostic*"". Environment-agnostic stacks can be deployed to any environment but may not be able to take advantage of all features of the CDK. For example, they will not be able to use environmental context lookups such as ``ec2.Vpc.fromLookup`` and will not automatically translate Service Principals to the right format based on the environment's AWS partition, and other such enhancements. Default: - The environment of the containing ``Stage`` if available, otherwise create the stack will be environment-agnostic.
+        :param notification_arns: SNS Topic ARNs that will receive stack events. Default: - no notfication arns.
         :param permissions_boundary: Options for applying a permissions boundary to all IAM Roles and Users created within this Stage. Default: - no permissions boundary is applied
         :param stack_name: Name to deploy the stack with. Default: - Derived from construct path.
         :param suppress_template_indentation: Enable this flag to suppress indentation in generated CloudFormation templates. If not specified, the value of the ``@aws-cdk/core:suppressTemplateIndentation`` context key will be used. If that is not specified, then the default value ``false`` will be used. Default: - the value of ``@aws-cdk/core:suppressTemplateIndentation``, or ``false`` if that is not set.
@@ -19833,6 +19983,7 @@ class Stack(
             cross_region_references=cross_region_references,
             description=description,
             env=env,
+            notification_arns=notification_arns,
             permissions_boundary=permissions_boundary,
             stack_name=stack_name,
             suppress_template_indentation=suppress_template_indentation,
@@ -20492,6 +20643,7 @@ class Stack(
         "cross_region_references": "crossRegionReferences",
         "description": "description",
         "env": "env",
+        "notification_arns": "notificationArns",
         "permissions_boundary": "permissionsBoundary",
         "stack_name": "stackName",
         "suppress_template_indentation": "suppressTemplateIndentation",
@@ -20508,6 +20660,7 @@ class StackProps:
         cross_region_references: typing.Optional[builtins.bool] = None,
         description: typing.Optional[builtins.str] = None,
         env: typing.Optional[typing.Union[Environment, typing.Dict[builtins.str, typing.Any]]] = None,
+        notification_arns: typing.Optional[typing.Sequence[builtins.str]] = None,
         permissions_boundary: typing.Optional[PermissionsBoundary] = None,
         stack_name: typing.Optional[builtins.str] = None,
         suppress_template_indentation: typing.Optional[builtins.bool] = None,
@@ -20520,6 +20673,7 @@ class StackProps:
         :param cross_region_references: Enable this flag to allow native cross region stack references. Enabling this will create a CloudFormation custom resource in both the producing stack and consuming stack in order to perform the export/import This feature is currently experimental Default: false
         :param description: A description of the stack. Default: - No description.
         :param env: The AWS environment (account/region) where this stack will be deployed. Set the ``region``/``account`` fields of ``env`` to either a concrete value to select the indicated environment (recommended for production stacks), or to the values of environment variables ``CDK_DEFAULT_REGION``/``CDK_DEFAULT_ACCOUNT`` to let the target environment depend on the AWS credentials/configuration that the CDK CLI is executed under (recommended for development stacks). If the ``Stack`` is instantiated inside a ``Stage``, any undefined ``region``/``account`` fields from ``env`` will default to the same field on the encompassing ``Stage``, if configured there. If either ``region`` or ``account`` are not set nor inherited from ``Stage``, the Stack will be considered "*environment-agnostic*"". Environment-agnostic stacks can be deployed to any environment but may not be able to take advantage of all features of the CDK. For example, they will not be able to use environmental context lookups such as ``ec2.Vpc.fromLookup`` and will not automatically translate Service Principals to the right format based on the environment's AWS partition, and other such enhancements. Default: - The environment of the containing ``Stage`` if available, otherwise create the stack will be environment-agnostic.
+        :param notification_arns: SNS Topic ARNs that will receive stack events. Default: - no notfication arns.
         :param permissions_boundary: Options for applying a permissions boundary to all IAM Roles and Users created within this Stage. Default: - no permissions boundary is applied
         :param stack_name: Name to deploy the stack with. Default: - Derived from construct path.
         :param suppress_template_indentation: Enable this flag to suppress indentation in generated CloudFormation templates. If not specified, the value of the ``@aws-cdk/core:suppressTemplateIndentation`` context key will be used. If that is not specified, then the default value ``false`` will be used. Default: - the value of ``@aws-cdk/core:suppressTemplateIndentation``, or ``false`` if that is not set.
@@ -20564,6 +20718,7 @@ class StackProps:
             check_type(argname="argument cross_region_references", value=cross_region_references, expected_type=type_hints["cross_region_references"])
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
             check_type(argname="argument env", value=env, expected_type=type_hints["env"])
+            check_type(argname="argument notification_arns", value=notification_arns, expected_type=type_hints["notification_arns"])
             check_type(argname="argument permissions_boundary", value=permissions_boundary, expected_type=type_hints["permissions_boundary"])
             check_type(argname="argument stack_name", value=stack_name, expected_type=type_hints["stack_name"])
             check_type(argname="argument suppress_template_indentation", value=suppress_template_indentation, expected_type=type_hints["suppress_template_indentation"])
@@ -20579,6 +20734,8 @@ class StackProps:
             self._values["description"] = description
         if env is not None:
             self._values["env"] = env
+        if notification_arns is not None:
+            self._values["notification_arns"] = notification_arns
         if permissions_boundary is not None:
             self._values["permissions_boundary"] = permissions_boundary
         if stack_name is not None:
@@ -20697,6 +20854,15 @@ class StackProps:
         result = self._values.get("env")
         return typing.cast(typing.Optional[Environment], result)
 
+    @builtins.property
+    def notification_arns(self) -> typing.Optional[typing.List[builtins.str]]:
+        '''SNS Topic ARNs that will receive stack events.
+
+        :default: - no notfication arns.
+        '''
+        result = self._values.get("notification_arns")
+        return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
     @builtins.property
     def permissions_boundary(self) -> typing.Optional[PermissionsBoundary]:
         '''Options for applying a permissions boundary to all IAM Roles and Users created within this Stage.
@@ -20913,6 +21079,7 @@ class StackSynthesizer(
         *,
         image_tag: builtins.str,
         repository_name: builtins.str,
+        assume_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
         assume_role_arn: typing.Optional[builtins.str] = None,
         assume_role_external_id: typing.Optional[builtins.str] = None,
         region: typing.Optional[builtins.str] = None,
@@ -20923,6 +21090,7 @@ class StackSynthesizer(
 
         :param image_tag: Tag of the image to publish.
         :param repository_name: Name of the ECR repository to publish to.
+        :param assume_role_additional_options: Additional options to pass to STS when assuming the role. - ``RoleArn`` should not be used. Use the dedicated ``assumeRoleArn`` property instead. - ``ExternalId`` should not be used. Use the dedicated ``assumeRoleExternalId`` instead. Default: - No additional options.
         :param assume_role_arn: The role that needs to be assumed while publishing this asset. Default: - No role will be assumed
         :param assume_role_external_id: The ExternalId that needs to be supplied while assuming this role. Default: - No ExternalId will be supplied
         :param region: The region where this asset will need to be published. Default: - Current region
@@ -20930,6 +21098,7 @@ class StackSynthesizer(
         dest = _DockerImageDestination_132046c7(
             image_tag=image_tag,
             repository_name=repository_name,
+            assume_role_additional_options=assume_role_additional_options,
             assume_role_arn=assume_role_arn,
             assume_role_external_id=assume_role_external_id,
             region=region,
@@ -20943,6 +21112,7 @@ class StackSynthesizer(
         *,
         bucket_name: builtins.str,
         object_key: builtins.str,
+        assume_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
         assume_role_arn: typing.Optional[builtins.str] = None,
         assume_role_external_id: typing.Optional[builtins.str] = None,
         region: typing.Optional[builtins.str] = None,
@@ -20953,6 +21123,7 @@ class StackSynthesizer(
 
         :param bucket_name: The name of the bucket.
         :param object_key: The destination object key.
+        :param assume_role_additional_options: Additional options to pass to STS when assuming the role. - ``RoleArn`` should not be used. Use the dedicated ``assumeRoleArn`` property instead. - ``ExternalId`` should not be used. Use the dedicated ``assumeRoleExternalId`` instead. Default: - No additional options.
         :param assume_role_arn: The role that needs to be assumed while publishing this asset. Default: - No role will be assumed
         :param assume_role_external_id: The ExternalId that needs to be supplied while assuming this role. Default: - No ExternalId will be supplied
         :param region: The region where this asset will need to be published. Default: - Current region
@@ -20960,6 +21131,7 @@ class StackSynthesizer(
         location = _FileDestination_7d285b38(
             bucket_name=bucket_name,
             object_key=object_key,
+            assume_role_additional_options=assume_role_additional_options,
             assume_role_arn=assume_role_arn,
             assume_role_external_id=assume_role_external_id,
             region=region,
@@ -20973,6 +21145,7 @@ class StackSynthesizer(
         session: ISynthesisSession,
         *,
         additional_dependencies: typing.Optional[typing.Sequence[builtins.str]] = None,
+        assume_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
         assume_role_arn: typing.Optional[builtins.str] = None,
         assume_role_external_id: typing.Optional[builtins.str] = None,
         bootstrap_stack_version_ssm_parameter: typing.Optional[builtins.str] = None,
@@ -20990,6 +21163,7 @@ class StackSynthesizer(
 
         :param session: -
         :param additional_dependencies: Identifiers of additional dependencies. Default: - No additional dependencies
+        :param assume_role_additional_options: Additional options to pass to STS when assuming the role for cloudformation deployments. - ``RoleArn`` should not be used. Use the dedicated ``assumeRoleArn`` property instead. - ``ExternalId`` should not be used. Use the dedicated ``assumeRoleExternalId`` instead. - ``TransitiveTagKeys`` defaults to use all keys (if any) specified in ``Tags``. E.g, all tags are transitive by default. Default: - No additional options.
         :param assume_role_arn: The role that needs to be assumed to deploy the stack. Default: - No role is assumed (current credentials are used)
         :param assume_role_external_id: The externalID to use with the assumeRoleArn. Default: - No externalID is used
         :param bootstrap_stack_version_ssm_parameter: SSM parameter where the bootstrap stack version number can be found. Only used if ``requiresBootstrapStackVersion`` is set. - If this value is not set, the bootstrap stack name must be known at deployment time so the stack version can be looked up from the stack outputs. - If this value is set, the bootstrap stack can have any name because we won't need to look it up. Default: - Bootstrap stack version number looked up
@@ -21004,6 +21178,7 @@ class StackSynthesizer(
             check_type(argname="argument session", value=session, expected_type=type_hints["session"])
         options = SynthesizeStackArtifactOptions(
             additional_dependencies=additional_dependencies,
+            assume_role_additional_options=assume_role_additional_options,
             assume_role_arn=assume_role_arn,
             assume_role_external_id=assume_role_external_id,
             bootstrap_stack_version_ssm_parameter=bootstrap_stack_version_ssm_parameter,
@@ -21023,6 +21198,7 @@ class StackSynthesizer(
         session: ISynthesisSession,
         *,
         additional_dependencies: typing.Optional[typing.Sequence[builtins.str]] = None,
+        assume_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
         assume_role_arn: typing.Optional[builtins.str] = None,
         assume_role_external_id: typing.Optional[builtins.str] = None,
         bootstrap_stack_version_ssm_parameter: typing.Optional[builtins.str] = None,
@@ -21040,6 +21216,7 @@ class StackSynthesizer(
         :param stack: -
         :param session: -
         :param additional_dependencies: Identifiers of additional dependencies. Default: - No additional dependencies
+        :param assume_role_additional_options: Additional options to pass to STS when assuming the role for cloudformation deployments. - ``RoleArn`` should not be used. Use the dedicated ``assumeRoleArn`` property instead. - ``ExternalId`` should not be used. Use the dedicated ``assumeRoleExternalId`` instead. - ``TransitiveTagKeys`` defaults to use all keys (if any) specified in ``Tags``. E.g, all tags are transitive by default. Default: - No additional options.
         :param assume_role_arn: The role that needs to be assumed to deploy the stack. Default: - No role is assumed (current credentials are used)
         :param assume_role_external_id: The externalID to use with the assumeRoleArn. Default: - No externalID is used
         :param bootstrap_stack_version_ssm_parameter: SSM parameter where the bootstrap stack version number can be found. Only used if ``requiresBootstrapStackVersion`` is set. - If this value is not set, the bootstrap stack name must be known at deployment time so the stack version can be looked up from the stack outputs. - If this value is set, the bootstrap stack can have any name because we won't need to look it up. Default: - Bootstrap stack version number looked up
@@ -21059,6 +21236,7 @@ class StackSynthesizer(
             check_type(argname="argument session", value=session, expected_type=type_hints["session"])
         options = SynthesizeStackArtifactOptions(
             additional_dependencies=additional_dependencies,
+            assume_role_additional_options=assume_role_additional_options,
             assume_role_arn=assume_role_arn,
             assume_role_external_id=assume_role_external_id,
             bootstrap_stack_version_ssm_parameter=bootstrap_stack_version_ssm_parameter,
@@ -21106,6 +21284,8 @@ class StackSynthesizer(
         self,
         session: ISynthesisSession,
         lookup_role_arn: typing.Optional[builtins.str] = None,
+        lookup_role_external_id: typing.Optional[builtins.str] = None,
+        lookup_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
     ) -> FileAssetSource:
         '''Write the stack template to the given session.
 
@@ -21125,12 +21305,16 @@ class StackSynthesizer(
 
         :param session: -
         :param lookup_role_arn: -
+        :param lookup_role_external_id: -
+        :param lookup_role_additional_options: -
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__62d696ba90df4decdd974f310bc9aa4c4febb6430ac2286452a198208b370d88)
             check_type(argname="argument session", value=session, expected_type=type_hints["session"])
             check_type(argname="argument lookup_role_arn", value=lookup_role_arn, expected_type=type_hints["lookup_role_arn"])
-        return typing.cast(FileAssetSource, jsii.invoke(self, "synthesizeTemplate", [session, lookup_role_arn]))
+            check_type(argname="argument lookup_role_external_id", value=lookup_role_external_id, expected_type=type_hints["lookup_role_external_id"])
+            check_type(argname="argument lookup_role_additional_options", value=lookup_role_additional_options, expected_type=type_hints["lookup_role_additional_options"])
+        return typing.cast(FileAssetSource, jsii.invoke(self, "synthesizeTemplate", [session, lookup_role_arn, lookup_role_external_id, lookup_role_additional_options]))
 
     @builtins.property
     @jsii.member(jsii_name="boundStack")
@@ -21776,6 +21960,7 @@ class SymlinkFollowMode(enum.Enum):
     jsii_struct_bases=[],
     name_mapping={
         "additional_dependencies": "additionalDependencies",
+        "assume_role_additional_options": "assumeRoleAdditionalOptions",
         "assume_role_arn": "assumeRoleArn",
         "assume_role_external_id": "assumeRoleExternalId",
         "bootstrap_stack_version_ssm_parameter": "bootstrapStackVersionSsmParameter",
@@ -21791,6 +21976,7 @@ class SynthesizeStackArtifactOptions:
         self,
         *,
         additional_dependencies: typing.Optional[typing.Sequence[builtins.str]] = None,
+        assume_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
         assume_role_arn: typing.Optional[builtins.str] = None,
         assume_role_external_id: typing.Optional[builtins.str] = None,
         bootstrap_stack_version_ssm_parameter: typing.Optional[builtins.str] = None,
@@ -21806,6 +21992,7 @@ class SynthesizeStackArtifactOptions:
         configurable by synthesizers, plus ``additionalDependencies``.
 
         :param additional_dependencies: Identifiers of additional dependencies. Default: - No additional dependencies
+        :param assume_role_additional_options: Additional options to pass to STS when assuming the role for cloudformation deployments. - ``RoleArn`` should not be used. Use the dedicated ``assumeRoleArn`` property instead. - ``ExternalId`` should not be used. Use the dedicated ``assumeRoleExternalId`` instead. - ``TransitiveTagKeys`` defaults to use all keys (if any) specified in ``Tags``. E.g, all tags are transitive by default. Default: - No additional options.
         :param assume_role_arn: The role that needs to be assumed to deploy the stack. Default: - No role is assumed (current credentials are used)
         :param assume_role_external_id: The externalID to use with the assumeRoleArn. Default: - No externalID is used
         :param bootstrap_stack_version_ssm_parameter: SSM parameter where the bootstrap stack version number can be found. Only used if ``requiresBootstrapStackVersion`` is set. - If this value is not set, the bootstrap stack name must be known at deployment time so the stack version can be looked up from the stack outputs. - If this value is set, the bootstrap stack can have any name because we won't need to look it up. Default: - Bootstrap stack version number looked up
@@ -21823,8 +22010,13 @@ class SynthesizeStackArtifactOptions:
             # The values are placeholders you should change.
             import aws_cdk as cdk
             
+            # assume_role_additional_options: Any
+            
             synthesize_stack_artifact_options = cdk.SynthesizeStackArtifactOptions(
                 additional_dependencies=["additionalDependencies"],
+                assume_role_additional_options={
+                    "assume_role_additional_options_key": assume_role_additional_options
+                },
                 assume_role_arn="assumeRoleArn",
                 assume_role_external_id="assumeRoleExternalId",
                 bootstrap_stack_version_ssm_parameter="bootstrapStackVersionSsmParameter",
@@ -21833,6 +22025,9 @@ class SynthesizeStackArtifactOptions:
                     arn="arn",
             
                     # the properties below are optional
+                    assume_role_additional_options={
+                        "assume_role_additional_options_key": assume_role_additional_options
+                    },
                     assume_role_external_id="assumeRoleExternalId",
                     bootstrap_stack_version_ssm_parameter="bootstrapStackVersionSsmParameter",
                     requires_bootstrap_stack_version=123
@@ -21849,6 +22044,7 @@ class SynthesizeStackArtifactOptions:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__e6e282c65acf49e595fc28dcbaa190dcad640aa58c70588087857d69dd7559b0)
             check_type(argname="argument additional_dependencies", value=additional_dependencies, expected_type=type_hints["additional_dependencies"])
+            check_type(argname="argument assume_role_additional_options", value=assume_role_additional_options, expected_type=type_hints["assume_role_additional_options"])
             check_type(argname="argument assume_role_arn", value=assume_role_arn, expected_type=type_hints["assume_role_arn"])
             check_type(argname="argument assume_role_external_id", value=assume_role_external_id, expected_type=type_hints["assume_role_external_id"])
             check_type(argname="argument bootstrap_stack_version_ssm_parameter", value=bootstrap_stack_version_ssm_parameter, expected_type=type_hints["bootstrap_stack_version_ssm_parameter"])
@@ -21860,6 +22056,8 @@ class SynthesizeStackArtifactOptions:
         self._values: typing.Dict[builtins.str, typing.Any] = {}
         if additional_dependencies is not None:
             self._values["additional_dependencies"] = additional_dependencies
+        if assume_role_additional_options is not None:
+            self._values["assume_role_additional_options"] = assume_role_additional_options
         if assume_role_arn is not None:
             self._values["assume_role_arn"] = assume_role_arn
         if assume_role_external_id is not None:
@@ -21886,6 +22084,23 @@ class SynthesizeStackArtifactOptions:
         result = self._values.get("additional_dependencies")
         return typing.cast(typing.Optional[typing.List[builtins.str]], result)
 
+    @builtins.property
+    def assume_role_additional_options(
+        self,
+    ) -> typing.Optional[typing.Mapping[builtins.str, typing.Any]]:
+        '''Additional options to pass to STS when assuming the role for cloudformation deployments.
+
+        - ``RoleArn`` should not be used. Use the dedicated ``assumeRoleArn`` property instead.
+        - ``ExternalId`` should not be used. Use the dedicated ``assumeRoleExternalId`` instead.
+        - ``TransitiveTagKeys`` defaults to use all keys (if any) specified in ``Tags``. E.g, all tags are transitive by default.
+
+        :default: - No additional options.
+
+        :see: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property
+        '''
+        result = self._values.get("assume_role_additional_options")
+        return typing.cast(typing.Optional[typing.Mapping[builtins.str, typing.Any]], result)
+
     @builtins.property
     def assume_role_arn(self) -> typing.Optional[builtins.str]:
         '''The role that needs to be assumed to deploy the stack.
@@ -33038,16 +33253,20 @@ class DefaultStackSynthesizer(
         bootstrap_stack_version_ssm_parameter: typing.Optional[builtins.str] = None,
         bucket_prefix: typing.Optional[builtins.str] = None,
         cloud_formation_execution_role: typing.Optional[builtins.str] = None,
+        deploy_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
         deploy_role_arn: typing.Optional[builtins.str] = None,
         deploy_role_external_id: typing.Optional[builtins.str] = None,
         docker_tag_prefix: typing.Optional[builtins.str] = None,
         file_asset_publishing_external_id: typing.Optional[builtins.str] = None,
+        file_asset_publishing_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
         file_asset_publishing_role_arn: typing.Optional[builtins.str] = None,
         file_assets_bucket_name: typing.Optional[builtins.str] = None,
         generate_bootstrap_version_rule: typing.Optional[builtins.bool] = None,
         image_asset_publishing_external_id: typing.Optional[builtins.str] = None,
+        image_asset_publishing_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
         image_asset_publishing_role_arn: typing.Optional[builtins.str] = None,
         image_assets_repository_name: typing.Optional[builtins.str] = None,
+        lookup_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
         lookup_role_arn: typing.Optional[builtins.str] = None,
         lookup_role_external_id: typing.Optional[builtins.str] = None,
         qualifier: typing.Optional[builtins.str] = None,
@@ -33057,16 +33276,20 @@ class DefaultStackSynthesizer(
         :param bootstrap_stack_version_ssm_parameter: Bootstrap stack version SSM parameter. The placeholder ``${Qualifier}`` will be replaced with the value of qualifier. Default: DefaultStackSynthesizer.DEFAULT_BOOTSTRAP_STACK_VERSION_SSM_PARAMETER
         :param bucket_prefix: bucketPrefix to use while storing S3 Assets. Default: - DefaultStackSynthesizer.DEFAULT_FILE_ASSET_PREFIX
         :param cloud_formation_execution_role: The role CloudFormation will assume when deploying the Stack. You must supply this if you have given a non-standard name to the execution role. The placeholders ``${Qualifier}``, ``${AWS::AccountId}`` and ``${AWS::Region}`` will be replaced with the values of qualifier and the stack's account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_CLOUDFORMATION_ROLE_ARN
+        :param deploy_role_additional_options: Additional options to pass to STS when assuming the deploy role. - ``RoleArn`` should not be used. Use the dedicated ``deployRoleArn`` property instead. - ``ExternalId`` should not be used. Use the dedicated ``deployRoleExternalId`` instead. - ``TransitiveTagKeys`` defaults to use all keys (if any) specified in ``Tags``. E.g, all tags are transitive by default. Default: - No additional options.
         :param deploy_role_arn: The role to assume to initiate a deployment in this environment. You must supply this if you have given a non-standard name to the publishing role. The placeholders ``${Qualifier}``, ``${AWS::AccountId}`` and ``${AWS::Region}`` will be replaced with the values of qualifier and the stack's account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_DEPLOY_ROLE_ARN
         :param deploy_role_external_id: External ID to use when assuming role for cloudformation deployments. Default: - No external ID
         :param docker_tag_prefix: A prefix to use while tagging and uploading Docker images to ECR. This does not add any separators - the source hash will be appended to this string directly. Default: - DefaultStackSynthesizer.DEFAULT_DOCKER_ASSET_PREFIX
         :param file_asset_publishing_external_id: External ID to use when assuming role for file asset publishing. Default: - No external ID
+        :param file_asset_publishing_role_additional_options: Additional options to pass to STS when assuming the file asset publishing. - ``RoleArn`` should not be used. Use the dedicated ``fileAssetPublishingRoleArn`` property instead. - ``ExternalId`` should not be used. Use the dedicated ``fileAssetPublishingExternalId`` instead. - ``TransitiveTagKeys`` defaults to use all keys (if any) specified in ``Tags``. E.g, all tags are transitive by default. Default: - No additional options.
         :param file_asset_publishing_role_arn: The role to use to publish file assets to the S3 bucket in this environment. You must supply this if you have given a non-standard name to the publishing role. The placeholders ``${Qualifier}``, ``${AWS::AccountId}`` and ``${AWS::Region}`` will be replaced with the values of qualifier and the stack's account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_FILE_ASSET_PUBLISHING_ROLE_ARN
         :param file_assets_bucket_name: Name of the S3 bucket to hold file assets. You must supply this if you have given a non-standard name to the staging bucket. The placeholders ``${Qualifier}``, ``${AWS::AccountId}`` and ``${AWS::Region}`` will be replaced with the values of qualifier and the stack's account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_FILE_ASSETS_BUCKET_NAME
         :param generate_bootstrap_version_rule: Whether to add a Rule to the stack template verifying the bootstrap stack version. This generally should be left set to ``true``, unless you explicitly want to be able to deploy to an unbootstrapped environment. Default: true
         :param image_asset_publishing_external_id: External ID to use when assuming role for image asset publishing. Default: - No external ID
+        :param image_asset_publishing_role_additional_options: Additional options to pass to STS when assuming the image asset publishing. - ``RoleArn`` should not be used. Use the dedicated ``imageAssetPublishingRoleArn`` property instead. - ``ExternalId`` should not be used. Use the dedicated ``imageAssetPublishingExternalId`` instead. - ``TransitiveTagKeys`` defaults to use all keys (if any) specified in ``Tags``. E.g, all tags are transitive by default. Default: - No additional options.
         :param image_asset_publishing_role_arn: The role to use to publish image assets to the ECR repository in this environment. You must supply this if you have given a non-standard name to the publishing role. The placeholders ``${Qualifier}``, ``${AWS::AccountId}`` and ``${AWS::Region}`` will be replaced with the values of qualifier and the stack's account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_IMAGE_ASSET_PUBLISHING_ROLE_ARN
         :param image_assets_repository_name: Name of the ECR repository to hold Docker Image assets. You must supply this if you have given a non-standard name to the ECR repository. The placeholders ``${Qualifier}``, ``${AWS::AccountId}`` and ``${AWS::Region}`` will be replaced with the values of qualifier and the stack's account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_IMAGE_ASSETS_REPOSITORY_NAME
+        :param lookup_role_additional_options: Additional options to pass to STS when assuming the lookup role. - ``RoleArn`` should not be used. Use the dedicated ``lookupRoleArn`` property instead. - ``ExternalId`` should not be used. Use the dedicated ``lookupRoleExternalId`` instead. - ``TransitiveTagKeys`` defaults to use all keys (if any) specified in ``Tags``. E.g, all tags are transitive by default. Default: - No additional options.
         :param lookup_role_arn: The role to use to look up values from the target AWS account during synthesis. Default: - None
         :param lookup_role_external_id: External ID to use when assuming lookup role. Default: - No external ID
         :param qualifier: Qualifier to disambiguate multiple environments in the same account. You can use this and leave the other naming properties empty if you have deployed the bootstrap environment with standard names but only different qualifiers. Default: - Value of context key '@aws-cdk/core:bootstrapQualifier' if set, otherwise ``DefaultStackSynthesizer.DEFAULT_QUALIFIER``
@@ -33076,16 +33299,20 @@ class DefaultStackSynthesizer(
             bootstrap_stack_version_ssm_parameter=bootstrap_stack_version_ssm_parameter,
             bucket_prefix=bucket_prefix,
             cloud_formation_execution_role=cloud_formation_execution_role,
+            deploy_role_additional_options=deploy_role_additional_options,
             deploy_role_arn=deploy_role_arn,
             deploy_role_external_id=deploy_role_external_id,
             docker_tag_prefix=docker_tag_prefix,
             file_asset_publishing_external_id=file_asset_publishing_external_id,
+            file_asset_publishing_role_additional_options=file_asset_publishing_role_additional_options,
             file_asset_publishing_role_arn=file_asset_publishing_role_arn,
             file_assets_bucket_name=file_assets_bucket_name,
             generate_bootstrap_version_rule=generate_bootstrap_version_rule,
             image_asset_publishing_external_id=image_asset_publishing_external_id,
+            image_asset_publishing_role_additional_options=image_asset_publishing_role_additional_options,
             image_asset_publishing_role_arn=image_asset_publishing_role_arn,
             image_assets_repository_name=image_assets_repository_name,
+            lookup_role_additional_options=lookup_role_additional_options,
             lookup_role_arn=lookup_role_arn,
             lookup_role_external_id=lookup_role_external_id,
             qualifier=qualifier,
@@ -34449,6 +34676,7 @@ def _typecheckingstub__e4e4609083793a8b31752be2f457b6b1f1220145a70469bafc48a1428
     *,
     image_tag: builtins.str,
     repository_name: builtins.str,
+    assume_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
     assume_role_arn: typing.Optional[builtins.str] = None,
     assume_role_external_id: typing.Optional[builtins.str] = None,
     region: typing.Optional[builtins.str] = None,
@@ -34463,6 +34691,7 @@ def _typecheckingstub__f12f649e9db582bca540895dead136ba4f8ce5c52abc11eb50e5224da
     *,
     bucket_name: builtins.str,
     object_key: builtins.str,
+    assume_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
     assume_role_arn: typing.Optional[builtins.str] = None,
     assume_role_external_id: typing.Optional[builtins.str] = None,
     region: typing.Optional[builtins.str] = None,
@@ -35404,16 +35633,20 @@ def _typecheckingstub__06784f4f0c2d983d957b0f4fbf46c4e4e85e842ac87bb6c7b582ce30b
     bootstrap_stack_version_ssm_parameter: typing.Optional[builtins.str] = None,
     bucket_prefix: typing.Optional[builtins.str] = None,
     cloud_formation_execution_role: typing.Optional[builtins.str] = None,
+    deploy_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
     deploy_role_arn: typing.Optional[builtins.str] = None,
     deploy_role_external_id: typing.Optional[builtins.str] = None,
     docker_tag_prefix: typing.Optional[builtins.str] = None,
     file_asset_publishing_external_id: typing.Optional[builtins.str] = None,
+    file_asset_publishing_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
     file_asset_publishing_role_arn: typing.Optional[builtins.str] = None,
     file_assets_bucket_name: typing.Optional[builtins.str] = None,
     generate_bootstrap_version_rule: typing.Optional[builtins.bool] = None,
     image_asset_publishing_external_id: typing.Optional[builtins.str] = None,
+    image_asset_publishing_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
     image_asset_publishing_role_arn: typing.Optional[builtins.str] = None,
     image_assets_repository_name: typing.Optional[builtins.str] = None,
+    lookup_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
     lookup_role_arn: typing.Optional[builtins.str] = None,
     lookup_role_external_id: typing.Optional[builtins.str] = None,
     qualifier: typing.Optional[builtins.str] = None,
@@ -36580,6 +36813,7 @@ def _typecheckingstub__55afe4d64fb4d5ea0191f49597eab03d77d7784d61bfdf374b068db65
 def _typecheckingstub__350c3eeb771368884765de415edb2b16931d742fbdb5253af2222e0e84a150c0(
     *,
     assume_role_arn: builtins.str,
+    assume_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
     assume_role_external_id: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
@@ -36719,6 +36953,7 @@ def _typecheckingstub__835828a2dac25cb8eb22f32985554296e8bd61463c8cc32bb2df4c1f4
     cross_region_references: typing.Optional[builtins.bool] = None,
     description: typing.Optional[builtins.str] = None,
     env: typing.Optional[typing.Union[Environment, typing.Dict[builtins.str, typing.Any]]] = None,
+    notification_arns: typing.Optional[typing.Sequence[builtins.str]] = None,
     permissions_boundary: typing.Optional[PermissionsBoundary] = None,
     stack_name: typing.Optional[builtins.str] = None,
     suppress_template_indentation: typing.Optional[builtins.bool] = None,
@@ -36843,6 +37078,7 @@ def _typecheckingstub__a36aaf4edf2967c8ed36d2cad24d023f14778db721379dffbd74eb6dd
     cross_region_references: typing.Optional[builtins.bool] = None,
     description: typing.Optional[builtins.str] = None,
     env: typing.Optional[typing.Union[Environment, typing.Dict[builtins.str, typing.Any]]] = None,
+    notification_arns: typing.Optional[typing.Sequence[builtins.str]] = None,
     permissions_boundary: typing.Optional[PermissionsBoundary] = None,
     stack_name: typing.Optional[builtins.str] = None,
     suppress_template_indentation: typing.Optional[builtins.bool] = None,
@@ -36870,6 +37106,7 @@ def _typecheckingstub__517af770e6da66daf1f297aec61d75cd37b7e192df2078e6838ab6e9e
     session: ISynthesisSession,
     *,
     additional_dependencies: typing.Optional[typing.Sequence[builtins.str]] = None,
+    assume_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
     assume_role_arn: typing.Optional[builtins.str] = None,
     assume_role_external_id: typing.Optional[builtins.str] = None,
     bootstrap_stack_version_ssm_parameter: typing.Optional[builtins.str] = None,
@@ -36887,6 +37124,7 @@ def _typecheckingstub__d6ef0ff2bae87721c597af1c828fef5eb405f9029af6b627795d5dc77
     session: ISynthesisSession,
     *,
     additional_dependencies: typing.Optional[typing.Sequence[builtins.str]] = None,
+    assume_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
     assume_role_arn: typing.Optional[builtins.str] = None,
     assume_role_external_id: typing.Optional[builtins.str] = None,
     bootstrap_stack_version_ssm_parameter: typing.Optional[builtins.str] = None,
@@ -36909,6 +37147,8 @@ def _typecheckingstub__aa781da9870510988087be48595677f995a2926d2a52d05d9e70b5990
 def _typecheckingstub__62d696ba90df4decdd974f310bc9aa4c4febb6430ac2286452a198208b370d88(
     session: ISynthesisSession,
     lookup_role_arn: typing.Optional[builtins.str] = None,
+    lookup_role_external_id: typing.Optional[builtins.str] = None,
+    lookup_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -36974,6 +37214,7 @@ def _typecheckingstub__beea6de86940403553075b97b7789646bdb961b01447c5f8021c6a665
 def _typecheckingstub__e6e282c65acf49e595fc28dcbaa190dcad640aa58c70588087857d69dd7559b0(
     *,
     additional_dependencies: typing.Optional[typing.Sequence[builtins.str]] = None,
+    assume_role_additional_options: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
     assume_role_arn: typing.Optional[builtins.str] = None,
     assume_role_external_id: typing.Optional[builtins.str] = None,
     bootstrap_stack_version_ssm_parameter: typing.Optional[builtins.str] = None,