aws-cdk-lib 2.159.1__py3-none-any.whl → 2.161.0__py3-none-any.whl

aws_cdk/aws_lambda/__init__.py

@@ -1419,6 +1419,8 @@ When enabled, AWS Lambda checks every code deployment and verifies that the code
 For more information, see [Configuring code signing for AWS Lambda](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html).
 The following code configures a function with code signing.
 
+Please note the code will not be automatically signed before deployment. To ensure your code is properly signed, you'll need to conduct the code signing process either through the AWS CLI (Command Line Interface) [start-signing-job](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/signer/start-signing-job.html) or by accessing the AWS Signer console.
+
 ```python
 import aws_cdk.aws_signer as signer
 
@@ -3577,7 +3579,7 @@ class CfnCodeSigningConfig(
         :param allowed_publishers: List of allowed publishers.
         :param code_signing_policies: The code signing policy controls the validation failure action for signature mismatch or expiry.
         :param description: Code signing configuration description.
-        :param tags: A list of tags to apply to CodeSigningConfig resource.
+        :param tags: A list of tags to add to the code signing configuration. .. epigraph:: You must have the ``lambda:TagResource`` , ``lambda:UntagResource`` , and ``lambda:ListTags`` permissions for your `IAM principal <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html>`_ to manage the AWS CloudFormation stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__df94ded3fb87e8ca56187dcab5a6bf12d335e2671120df0386f527f736b58b76)
@@ -3703,7 +3705,7 @@ class CfnCodeSigningConfig(
     @builtins.property
     @jsii.member(jsii_name="tags")
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''A list of tags to apply to CodeSigningConfig resource.'''
+        '''A list of tags to add to the code signing configuration.'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tags"))
 
     @tags.setter
@@ -3856,7 +3858,7 @@ class CfnCodeSigningConfigProps:
         :param allowed_publishers: List of allowed publishers.
         :param code_signing_policies: The code signing policy controls the validation failure action for signature mismatch or expiry.
         :param description: Code signing configuration description.
-        :param tags: A list of tags to apply to CodeSigningConfig resource.
+        :param tags: A list of tags to add to the code signing configuration. .. epigraph:: You must have the ``lambda:TagResource`` , ``lambda:UntagResource`` , and ``lambda:ListTags`` permissions for your `IAM principal <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html>`_ to manage the AWS CloudFormation stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-codesigningconfig.html
         :exampleMetadata: fixture=_generated
@@ -3933,7 +3935,11 @@ class CfnCodeSigningConfigProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''A list of tags to apply to CodeSigningConfig resource.
+        '''A list of tags to add to the code signing configuration.
+
+        .. epigraph::
+
+           You must have the ``lambda:TagResource`` , ``lambda:UntagResource`` , and ``lambda:ListTags`` permissions for your `IAM principal <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html>`_ to manage the AWS CloudFormation stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-codesigningconfig.html#cfn-lambda-codesigningconfig-tags
         '''
@@ -4591,31 +4597,31 @@ class CfnEventSourceMapping(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param function_name: The name of the Lambda function.
-        :param amazon_managed_kafka_event_source_config: Specific configuration settings for an MSK event source.
-        :param batch_size: The maximum number of items to retrieve in a single batch.
-        :param bisect_batch_on_function_error: (Streams) If the function returns an error, split the batch in two and retry.
-        :param destination_config: A configuration object that specifies the destination of an event after Lambda processes it.
-        :param document_db_event_source_config: Document db event source config.
-        :param enabled: Disables the event source mapping to pause polling and invocation.
-        :param event_source_arn: The Amazon Resource Name (ARN) of the event source.
-        :param filter_criteria: The filter criteria to control event filtering.
-        :param function_response_types: (Streams) A list of response types supported by the function.
-        :param kms_key_arn: The Amazon Resource Name (ARN) of the KMS key.
-        :param maximum_batching_window_in_seconds: (Streams) The maximum amount of time to gather records before invoking the function, in seconds.
-        :param maximum_record_age_in_seconds: (Streams) The maximum age of a record that Lambda sends to a function for processing.
-        :param maximum_retry_attempts: (Streams) The maximum number of times to retry when the function returns an error.
-        :param parallelization_factor: (Streams) The number of batches to process from each shard concurrently.
-        :param queues: (ActiveMQ) A list of ActiveMQ queues.
-        :param scaling_config: The scaling configuration for the event source.
-        :param self_managed_event_source: The configuration used by AWS Lambda to access a self-managed event source.
-        :param self_managed_kafka_event_source_config: Specific configuration settings for a Self-Managed Apache Kafka event source.
-        :param source_access_configurations: A list of SourceAccessConfiguration.
-        :param starting_position: The position in a stream from which to start reading. Required for Amazon Kinesis and Amazon DynamoDB Streams sources.
-        :param starting_position_timestamp: With StartingPosition set to AT_TIMESTAMP, the time from which to start reading, in Unix time seconds.
-        :param tags: 
-        :param topics: (Kafka) A list of Kafka topics.
-        :param tumbling_window_in_seconds: (Streams) Tumbling window (non-overlapping time window) duration to perform aggregations.
+        :param function_name: The name or ARN of the Lambda function. **Name formats** - *Function name* – ``MyFunction`` . - *Function ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction`` . - *Version or Alias ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD`` . - *Partial ARN* – ``123456789012:function:MyFunction`` . The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.
+        :param amazon_managed_kafka_event_source_config: Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source.
+        :param batch_size: The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB). - *Amazon Kinesis* – Default 100. Max 10,000. - *Amazon DynamoDB Streams* – Default 100. Max 10,000. - *Amazon Simple Queue Service* – Default 10. For standard queues the max is 10,000. For FIFO queues the max is 10. - *Amazon Managed Streaming for Apache Kafka* – Default 100. Max 10,000. - *Self-managed Apache Kafka* – Default 100. Max 10,000. - *Amazon MQ (ActiveMQ and RabbitMQ)* – Default 100. Max 10,000. - *DocumentDB* – Default 100. Max 10,000.
+        :param bisect_batch_on_function_error: (Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry. The default value is false.
+        :param destination_config: (Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka event sources only) A configuration object that specifies the destination of an event after Lambda processes it.
+        :param document_db_event_source_config: Specific configuration settings for a DocumentDB event source.
+        :param enabled: When true, the event source mapping is active. When false, Lambda pauses polling and invocation. Default: True
+        :param event_source_arn: The Amazon Resource Name (ARN) of the event source. - *Amazon Kinesis* – The ARN of the data stream or a stream consumer. - *Amazon DynamoDB Streams* – The ARN of the stream. - *Amazon Simple Queue Service* – The ARN of the queue. - *Amazon Managed Streaming for Apache Kafka* – The ARN of the cluster or the ARN of the VPC connection (for `cross-account event source mappings <https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#msk-multi-vpc>`_ ). - *Amazon MQ* – The ARN of the broker. - *Amazon DocumentDB* – The ARN of the DocumentDB change stream.
+        :param filter_criteria: An object that defines the filter criteria that determine whether Lambda should process an event. For more information, see `Lambda event filtering <https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html>`_ .
+        :param function_response_types: (Kinesis, DynamoDB Streams, and SQS) A list of current response type enums applied to the event source mapping. Valid Values: ``ReportBatchItemFailures``
+        :param kms_key_arn: The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that Lambda uses to encrypt your function's `filter criteria <https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics>`_ .
+        :param maximum_batching_window_in_seconds: The maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function. *Default ( Kinesis , DynamoDB , Amazon SQS event sources)* : 0 *Default ( Amazon MSK , Kafka, Amazon MQ , Amazon DocumentDB event sources)* : 500 ms *Related setting:* For Amazon SQS event sources, when you set ``BatchSize`` to a value greater than 10, you must set ``MaximumBatchingWindowInSeconds`` to at least 1.
+        :param maximum_record_age_in_seconds: (Kinesis and DynamoDB Streams only) Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, Lambda never discards old records. .. epigraph:: The minimum valid value for maximum record age is 60s. Although values less than 60 and greater than -1 fall within the parameter's absolute range, they are not allowed
+        :param maximum_retry_attempts: (Kinesis and DynamoDB Streams only) Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, Lambda retries failed records until the record expires in the event source.
+        :param parallelization_factor: (Kinesis and DynamoDB Streams only) The number of batches to process concurrently from each shard. The default value is 1.
+        :param queues: (Amazon MQ) The name of the Amazon MQ broker destination queue to consume.
+        :param scaling_config: (Amazon SQS only) The scaling configuration for the event source. For more information, see `Configuring maximum concurrency for Amazon SQS event sources <https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-max-concurrency>`_ .
+        :param self_managed_event_source: The self-managed Apache Kafka cluster for your event source.
+        :param self_managed_kafka_event_source_config: Specific configuration settings for a self-managed Apache Kafka event source.
+        :param source_access_configurations: An array of the authentication protocol, VPC components, or virtual host to secure and define your event source.
+        :param starting_position: The position in a stream from which to start reading. Required for Amazon Kinesis and Amazon DynamoDB. - *LATEST* - Read only new records. - *TRIM_HORIZON* - Process all available records. - *AT_TIMESTAMP* - Specify a time from which to start reading records.
+        :param starting_position_timestamp: With ``StartingPosition`` set to ``AT_TIMESTAMP`` , the time from which to start reading, in Unix time seconds. ``StartingPositionTimestamp`` cannot be in the future.
+        :param tags: A list of tags to add to the event source mapping. .. epigraph:: You must have the ``lambda:TagResource`` , ``lambda:UntagResource`` , and ``lambda:ListTags`` permissions for your `IAM principal <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html>`_ to manage the AWS CloudFormation stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.
+        :param topics: The name of the Kafka topic.
+        :param tumbling_window_in_seconds: (Kinesis and DynamoDB Streams only) The duration in seconds of a processing window for DynamoDB and Kinesis Streams event sources. A value of 0 seconds indicates no tumbling window.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__2fc9432254acf5a7dbe3c68dcedbda61de1f0e804a81d20ae79e04857b83d419)
@@ -4684,7 +4690,8 @@ class CfnEventSourceMapping(
     @builtins.property
     @jsii.member(jsii_name="attrEventSourceMappingArn")
     def attr_event_source_mapping_arn(self) -> builtins.str:
-        '''
+        '''The Amazon Resource Name (ARN) of the event source mapping.
+
         :cloudformationAttribute: EventSourceMappingArn
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrEventSourceMappingArn"))
@@ -4692,7 +4699,7 @@ class CfnEventSourceMapping(
     @builtins.property
     @jsii.member(jsii_name="attrId")
     def attr_id(self) -> builtins.str:
-        '''Event Source Mapping Identifier UUID.
+        '''The event source mapping's ID.
 
         :cloudformationAttribute: Id
         '''
@@ -4712,7 +4719,7 @@ class CfnEventSourceMapping(
     @builtins.property
     @jsii.member(jsii_name="functionName")
     def function_name(self) -> builtins.str:
-        '''The name of the Lambda function.'''
+        '''The name or ARN of the Lambda function.'''
         return typing.cast(builtins.str, jsii.get(self, "functionName"))
 
     @function_name.setter
@@ -4727,7 +4734,7 @@ class CfnEventSourceMapping(
     def amazon_managed_kafka_event_source_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnEventSourceMapping.AmazonManagedKafkaEventSourceConfigProperty"]]:
-        '''Specific configuration settings for an MSK event source.'''
+        '''Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnEventSourceMapping.AmazonManagedKafkaEventSourceConfigProperty"]], jsii.get(self, "amazonManagedKafkaEventSourceConfig"))
 
     @amazon_managed_kafka_event_source_config.setter
@@ -4743,7 +4750,7 @@ class CfnEventSourceMapping(
     @builtins.property
     @jsii.member(jsii_name="batchSize")
     def batch_size(self) -> typing.Optional[jsii.Number]:
-        '''The maximum number of items to retrieve in a single batch.'''
+        '''The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function.'''
         return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "batchSize"))
 
     @batch_size.setter
@@ -4758,7 +4765,7 @@ class CfnEventSourceMapping(
     def bisect_batch_on_function_error(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''(Streams) If the function returns an error, split the batch in two and retry.'''
+        '''(Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry.'''
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "bisectBatchOnFunctionError"))
 
     @bisect_batch_on_function_error.setter
@@ -4776,7 +4783,7 @@ class CfnEventSourceMapping(
     def destination_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnEventSourceMapping.DestinationConfigProperty"]]:
-        '''A configuration object that specifies the destination of an event after Lambda processes it.'''
+        '''(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka event sources only) A configuration object that specifies the destination of an event after Lambda processes it.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnEventSourceMapping.DestinationConfigProperty"]], jsii.get(self, "destinationConfig"))
 
     @destination_config.setter
@@ -4794,7 +4801,7 @@ class CfnEventSourceMapping(
     def document_db_event_source_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnEventSourceMapping.DocumentDBEventSourceConfigProperty"]]:
-        '''Document db event source config.'''
+        '''Specific configuration settings for a DocumentDB event source.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnEventSourceMapping.DocumentDBEventSourceConfigProperty"]], jsii.get(self, "documentDbEventSourceConfig"))
 
     @document_db_event_source_config.setter
@@ -4812,7 +4819,10 @@ class CfnEventSourceMapping(
     def enabled(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''Disables the event source mapping to pause polling and invocation.'''
+        '''When true, the event source mapping is active.
+
+        When false, Lambda pauses polling and invocation.
+        '''
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "enabled"))
 
     @enabled.setter
@@ -4843,7 +4853,7 @@ class CfnEventSourceMapping(
     def filter_criteria(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnEventSourceMapping.FilterCriteriaProperty"]]:
-        '''The filter criteria to control event filtering.'''
+        '''An object that defines the filter criteria that determine whether Lambda should process an event.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnEventSourceMapping.FilterCriteriaProperty"]], jsii.get(self, "filterCriteria"))
 
     @filter_criteria.setter
@@ -4859,7 +4869,7 @@ class CfnEventSourceMapping(
     @builtins.property
     @jsii.member(jsii_name="functionResponseTypes")
     def function_response_types(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''(Streams) A list of response types supported by the function.'''
+        '''(Kinesis, DynamoDB Streams, and SQS) A list of current response type enums applied to the event source mapping.'''
         return typing.cast(typing.Optional[typing.List[builtins.str]], jsii.get(self, "functionResponseTypes"))
 
     @function_response_types.setter
@@ -4875,7 +4885,7 @@ class CfnEventSourceMapping(
     @builtins.property
     @jsii.member(jsii_name="kmsKeyArn")
     def kms_key_arn(self) -> typing.Optional[builtins.str]:
-        '''The Amazon Resource Name (ARN) of the KMS key.'''
+        '''The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that Lambda uses to encrypt your function's `filter criteria <https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics>`_ .'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "kmsKeyArn"))
 
     @kms_key_arn.setter
@@ -4888,7 +4898,7 @@ class CfnEventSourceMapping(
     @builtins.property
     @jsii.member(jsii_name="maximumBatchingWindowInSeconds")
     def maximum_batching_window_in_seconds(self) -> typing.Optional[jsii.Number]:
-        '''(Streams) The maximum amount of time to gather records before invoking the function, in seconds.'''
+        '''The maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function.'''
         return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "maximumBatchingWindowInSeconds"))
 
     @maximum_batching_window_in_seconds.setter
@@ -4904,7 +4914,7 @@ class CfnEventSourceMapping(
     @builtins.property
     @jsii.member(jsii_name="maximumRecordAgeInSeconds")
     def maximum_record_age_in_seconds(self) -> typing.Optional[jsii.Number]:
-        '''(Streams) The maximum age of a record that Lambda sends to a function for processing.'''
+        '''(Kinesis and DynamoDB Streams only) Discard records older than the specified age.'''
         return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "maximumRecordAgeInSeconds"))
 
     @maximum_record_age_in_seconds.setter
@@ -4920,7 +4930,7 @@ class CfnEventSourceMapping(
     @builtins.property
     @jsii.member(jsii_name="maximumRetryAttempts")
     def maximum_retry_attempts(self) -> typing.Optional[jsii.Number]:
-        '''(Streams) The maximum number of times to retry when the function returns an error.'''
+        '''(Kinesis and DynamoDB Streams only) Discard records after the specified number of retries.'''
         return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "maximumRetryAttempts"))
 
     @maximum_retry_attempts.setter
@@ -4933,7 +4943,7 @@ class CfnEventSourceMapping(
     @builtins.property
     @jsii.member(jsii_name="parallelizationFactor")
     def parallelization_factor(self) -> typing.Optional[jsii.Number]:
-        '''(Streams) The number of batches to process from each shard concurrently.'''
+        '''(Kinesis and DynamoDB Streams only) The number of batches to process concurrently from each shard.'''
         return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "parallelizationFactor"))
 
     @parallelization_factor.setter
@@ -4946,7 +4956,7 @@ class CfnEventSourceMapping(
     @builtins.property
     @jsii.member(jsii_name="queues")
     def queues(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''(ActiveMQ) A list of ActiveMQ queues.'''
+        '''(Amazon MQ) The name of the Amazon MQ broker destination queue to consume.'''
         return typing.cast(typing.Optional[typing.List[builtins.str]], jsii.get(self, "queues"))
 
     @queues.setter
@@ -4961,7 +4971,7 @@ class CfnEventSourceMapping(
     def scaling_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnEventSourceMapping.ScalingConfigProperty"]]:
-        '''The scaling configuration for the event source.'''
+        '''(Amazon SQS only) The scaling configuration for the event source.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnEventSourceMapping.ScalingConfigProperty"]], jsii.get(self, "scalingConfig"))
 
     @scaling_config.setter
@@ -4979,7 +4989,7 @@ class CfnEventSourceMapping(
     def self_managed_event_source(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnEventSourceMapping.SelfManagedEventSourceProperty"]]:
-        '''The configuration used by AWS Lambda to access a self-managed event source.'''
+        '''The self-managed Apache Kafka cluster for your event source.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnEventSourceMapping.SelfManagedEventSourceProperty"]], jsii.get(self, "selfManagedEventSource"))
 
     @self_managed_event_source.setter
@@ -4997,7 +5007,7 @@ class CfnEventSourceMapping(
     def self_managed_kafka_event_source_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnEventSourceMapping.SelfManagedKafkaEventSourceConfigProperty"]]:
-        '''Specific configuration settings for a Self-Managed Apache Kafka event source.'''
+        '''Specific configuration settings for a self-managed Apache Kafka event source.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnEventSourceMapping.SelfManagedKafkaEventSourceConfigProperty"]], jsii.get(self, "selfManagedKafkaEventSourceConfig"))
 
     @self_managed_kafka_event_source_config.setter
@@ -5015,7 +5025,7 @@ class CfnEventSourceMapping(
     def source_access_configurations(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnEventSourceMapping.SourceAccessConfigurationProperty"]]]]:
-        '''A list of SourceAccessConfiguration.'''
+        '''An array of the authentication protocol, VPC components, or virtual host to secure and define your event source.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnEventSourceMapping.SourceAccessConfigurationProperty"]]]], jsii.get(self, "sourceAccessConfigurations"))
 
     @source_access_configurations.setter
@@ -5031,7 +5041,10 @@ class CfnEventSourceMapping(
     @builtins.property
     @jsii.member(jsii_name="startingPosition")
     def starting_position(self) -> typing.Optional[builtins.str]:
-        '''The position in a stream from which to start reading.'''
+        '''The position in a stream from which to start reading.
+
+        Required for Amazon Kinesis and Amazon DynamoDB.
+        '''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "startingPosition"))
 
     @starting_position.setter
@@ -5044,7 +5057,7 @@ class CfnEventSourceMapping(
     @builtins.property
     @jsii.member(jsii_name="startingPositionTimestamp")
     def starting_position_timestamp(self) -> typing.Optional[jsii.Number]:
-        '''With StartingPosition set to AT_TIMESTAMP, the time from which to start reading, in Unix time seconds.'''
+        '''With ``StartingPosition`` set to ``AT_TIMESTAMP`` , the time from which to start reading, in Unix time seconds.'''
         return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "startingPositionTimestamp"))
 
     @starting_position_timestamp.setter
@@ -5057,6 +5070,7 @@ class CfnEventSourceMapping(
     @builtins.property
     @jsii.member(jsii_name="tags")
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
+        '''A list of tags to add to the event source mapping.'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tags"))
 
     @tags.setter
@@ -5069,7 +5083,7 @@ class CfnEventSourceMapping(
     @builtins.property
     @jsii.member(jsii_name="topics")
     def topics(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''(Kafka) A list of Kafka topics.'''
+        '''The name of the Kafka topic.'''
         return typing.cast(typing.Optional[typing.List[builtins.str]], jsii.get(self, "topics"))
 
     @topics.setter
@@ -5082,7 +5096,7 @@ class CfnEventSourceMapping(
     @builtins.property
     @jsii.member(jsii_name="tumblingWindowInSeconds")
     def tumbling_window_in_seconds(self) -> typing.Optional[jsii.Number]:
-        '''(Streams) Tumbling window (non-overlapping time window) duration to perform aggregations.'''
+        '''(Kinesis and DynamoDB Streams only) The duration in seconds of a processing window for DynamoDB and Kinesis Streams event sources.'''
         return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "tumblingWindowInSeconds"))
 
     @tumbling_window_in_seconds.setter
@@ -5103,9 +5117,9 @@ class CfnEventSourceMapping(
             *,
             consumer_group_id: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''Specific configuration settings for an MSK event source.
+            '''Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source.
 
-            :param consumer_group_id: The identifier for the Kafka Consumer Group to join.
+            :param consumer_group_id: The identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see `Customizable consumer group ID <https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-consumer-group-id>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-amazonmanagedkafkaeventsourceconfig.html
             :exampleMetadata: fixture=_generated
@@ -5129,7 +5143,9 @@ class CfnEventSourceMapping(
 
         @builtins.property
         def consumer_group_id(self) -> typing.Optional[builtins.str]:
-            '''The identifier for the Kafka Consumer Group to join.
+            '''The identifier for the Kafka consumer group to join.
+
+            The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see `Customizable consumer group ID <https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-consumer-group-id>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-amazonmanagedkafkaeventsourceconfig.html#cfn-lambda-eventsourcemapping-amazonmanagedkafkaeventsourceconfig-consumergroupid
             '''
@@ -5160,7 +5176,7 @@ class CfnEventSourceMapping(
         ) -> None:
             '''A configuration object that specifies the destination of an event after Lambda processes it.
 
-            :param on_failure: A destination for records of invocations that failed processing.
+            :param on_failure: The destination configuration for failed invocations.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-destinationconfig.html
             :exampleMetadata: fixture=_generated
@@ -5188,7 +5204,7 @@ class CfnEventSourceMapping(
         def on_failure(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnEventSourceMapping.OnFailureProperty"]]:
-            '''A destination for records of invocations that failed processing.
+            '''The destination configuration for failed invocations.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-destinationconfig.html#cfn-lambda-eventsourcemapping-destinationconfig-onfailure
             '''
@@ -5223,11 +5239,11 @@ class CfnEventSourceMapping(
             database_name: typing.Optional[builtins.str] = None,
             full_document: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''Document db event source config.
+            '''Specific configuration settings for a DocumentDB event source.
 
-            :param collection_name: The collection name to connect to.
-            :param database_name: The database name to connect to.
-            :param full_document: Include full document in change stream response. The default option will only send the changes made to documents to Lambda. If you want the complete document sent to Lambda, set this to UpdateLookup.
+            :param collection_name: The name of the collection to consume within the database. If you do not specify a collection, Lambda consumes all collections.
+            :param database_name: The name of the database to consume within the DocumentDB cluster.
+            :param full_document: Determines what DocumentDB sends to your event stream during document update operations. If set to UpdateLookup, DocumentDB sends a delta describing the changes, along with a copy of the entire document. Otherwise, DocumentDB sends only a partial document that contains the changes.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-documentdbeventsourceconfig.html
             :exampleMetadata: fixture=_generated
@@ -5259,7 +5275,9 @@ class CfnEventSourceMapping(
 
         @builtins.property
         def collection_name(self) -> typing.Optional[builtins.str]:
-            '''The collection name to connect to.
+            '''The name of the collection to consume within the database.
+
+            If you do not specify a collection, Lambda consumes all collections.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-documentdbeventsourceconfig.html#cfn-lambda-eventsourcemapping-documentdbeventsourceconfig-collectionname
             '''
@@ -5268,7 +5286,7 @@ class CfnEventSourceMapping(
 
         @builtins.property
         def database_name(self) -> typing.Optional[builtins.str]:
-            '''The database name to connect to.
+            '''The name of the database to consume within the DocumentDB cluster.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-documentdbeventsourceconfig.html#cfn-lambda-eventsourcemapping-documentdbeventsourceconfig-databasename
             '''
@@ -5277,9 +5295,9 @@ class CfnEventSourceMapping(
 
         @builtins.property
         def full_document(self) -> typing.Optional[builtins.str]:
-            '''Include full document in change stream response.
+            '''Determines what DocumentDB sends to your event stream during document update operations.
 
-            The default option will only send the changes made to documents to Lambda. If you want the complete document sent to Lambda, set this to UpdateLookup.
+            If set to UpdateLookup, DocumentDB sends a delta describing the changes, along with a copy of the entire document. Otherwise, DocumentDB sends only a partial document that contains the changes.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-documentdbeventsourceconfig.html#cfn-lambda-eventsourcemapping-documentdbeventsourceconfig-fulldocument
             '''
@@ -5308,9 +5326,9 @@ class CfnEventSourceMapping(
             *,
             kafka_bootstrap_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
         ) -> None:
-            '''The endpoints used by AWS Lambda to access a self-managed event source.
+            '''The list of bootstrap servers for your Kafka brokers in the following format: ``"KafkaBootstrapServers": ["abc.xyz.com:xxxx","abc2.xyz.com:xxxx"]`` .
 
-            :param kafka_bootstrap_servers: A list of Kafka server endpoints.
+            :param kafka_bootstrap_servers: The list of bootstrap servers for your Kafka brokers in the following format: ``"KafkaBootstrapServers": ["abc.xyz.com:xxxx","abc2.xyz.com:xxxx"]`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-endpoints.html
             :exampleMetadata: fixture=_generated
@@ -5334,7 +5352,7 @@ class CfnEventSourceMapping(
 
         @builtins.property
         def kafka_bootstrap_servers(self) -> typing.Optional[typing.List[builtins.str]]:
-            '''A list of Kafka server endpoints.
+            '''The list of bootstrap servers for your Kafka brokers in the following format: ``"KafkaBootstrapServers": ["abc.xyz.com:xxxx","abc2.xyz.com:xxxx"]`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-endpoints.html#cfn-lambda-eventsourcemapping-endpoints-kafkabootstrapservers
             '''
@@ -5363,9 +5381,9 @@ class CfnEventSourceMapping(
             *,
             filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnEventSourceMapping.FilterProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
         ) -> None:
-            '''The filter criteria to control event filtering.
+            '''An object that contains the filters for an event source.
 
-            :param filters: List of filters of this FilterCriteria.
+            :param filters: A list of filters.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html
             :exampleMetadata: fixture=_generated
@@ -5393,7 +5411,7 @@ class CfnEventSourceMapping(
         def filters(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnEventSourceMapping.FilterProperty"]]]]:
-            '''List of filters of this FilterCriteria.
+            '''A list of filters.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filtercriteria.html#cfn-lambda-eventsourcemapping-filtercriteria-filters
             '''
@@ -5418,9 +5436,9 @@ class CfnEventSourceMapping(
     )
     class FilterProperty:
         def __init__(self, *, pattern: typing.Optional[builtins.str] = None) -> None:
-            '''The filter object that defines parameters for ESM filtering.
+            '''A structure within a ``FilterCriteria`` object that defines an event filtering pattern.
 
-            :param pattern: The filter pattern that defines which events should be passed for invocations.
+            :param pattern: A filter pattern. For more information on the syntax of a filter pattern, see `Filter rule syntax <https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-syntax>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filter.html
             :exampleMetadata: fixture=_generated
@@ -5444,7 +5462,9 @@ class CfnEventSourceMapping(
 
         @builtins.property
         def pattern(self) -> typing.Optional[builtins.str]:
-            '''The filter pattern that defines which events should be passed for invocations.
+            '''A filter pattern.
+
+            For more information on the syntax of a filter pattern, see `Filter rule syntax <https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-syntax>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-filter.html#cfn-lambda-eventsourcemapping-filter-pattern
             '''
@@ -5473,9 +5493,9 @@ class CfnEventSourceMapping(
             *,
             destination: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''A destination for records of invocations that failed processing.
+            '''A destination for events that failed processing.
 
-            :param destination: The Amazon Resource Name (ARN) of the destination resource.
+            :param destination: The Amazon Resource Name (ARN) of the destination resource. To retain records of `asynchronous invocations <https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations>`_ , you can configure an Amazon SNS topic, Amazon SQS queue, Lambda function, or Amazon EventBridge event bus as the destination. To retain records of failed invocations from `Kinesis and DynamoDB event sources <https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html#event-source-mapping-destinations>`_ , you can configure an Amazon SNS topic or Amazon SQS queue as the destination. To retain records of failed invocations from `self-managed Kafka <https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination>`_ or `Amazon MSK <https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination>`_ , you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-onfailure.html
             :exampleMetadata: fixture=_generated
@@ -5501,6 +5521,12 @@ class CfnEventSourceMapping(
         def destination(self) -> typing.Optional[builtins.str]:
             '''The Amazon Resource Name (ARN) of the destination resource.
 
+            To retain records of `asynchronous invocations <https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations>`_ , you can configure an Amazon SNS topic, Amazon SQS queue, Lambda function, or Amazon EventBridge event bus as the destination.
+
+            To retain records of failed invocations from `Kinesis and DynamoDB event sources <https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html#event-source-mapping-destinations>`_ , you can configure an Amazon SNS topic or Amazon SQS queue as the destination.
+
+            To retain records of failed invocations from `self-managed Kafka <https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination>`_ or `Amazon MSK <https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination>`_ , you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-onfailure.html#cfn-lambda-eventsourcemapping-onfailure-destination
             '''
             result = self._values.get("destination")
@@ -5528,9 +5554,11 @@ class CfnEventSourceMapping(
             *,
             maximum_concurrency: typing.Optional[jsii.Number] = None,
         ) -> None:
-            '''The scaling configuration for the event source.
+            '''(Amazon SQS only) The scaling configuration for the event source.
+
+            To remove the configuration, pass an empty value.
 
-            :param maximum_concurrency: The maximum number of concurrent functions that an event source can invoke.
+            :param maximum_concurrency: Limits the number of concurrent instances that the Amazon SQS event source can invoke.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-scalingconfig.html
             :exampleMetadata: fixture=_generated
@@ -5554,7 +5582,7 @@ class CfnEventSourceMapping(
 
         @builtins.property
         def maximum_concurrency(self) -> typing.Optional[jsii.Number]:
-            '''The maximum number of concurrent functions that an event source can invoke.
+            '''Limits the number of concurrent instances that the Amazon SQS event source can invoke.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-scalingconfig.html#cfn-lambda-eventsourcemapping-scalingconfig-maximumconcurrency
             '''
@@ -5583,9 +5611,9 @@ class CfnEventSourceMapping(
             *,
             endpoints: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnEventSourceMapping.EndpointsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         ) -> None:
-            '''The configuration used by AWS Lambda to access a self-managed event source.
+            '''The self-managed Apache Kafka cluster for your event source.
 
-            :param endpoints: The endpoints used by AWS Lambda to access a self-managed event source.
+            :param endpoints: The list of bootstrap servers for your Kafka brokers in the following format: ``"KafkaBootstrapServers": ["abc.xyz.com:xxxx","abc2.xyz.com:xxxx"]`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-selfmanagedeventsource.html
             :exampleMetadata: fixture=_generated
@@ -5613,7 +5641,7 @@ class CfnEventSourceMapping(
         def endpoints(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnEventSourceMapping.EndpointsProperty"]]:
-            '''The endpoints used by AWS Lambda to access a self-managed event source.
+            '''The list of bootstrap servers for your Kafka brokers in the following format: ``"KafkaBootstrapServers": ["abc.xyz.com:xxxx","abc2.xyz.com:xxxx"]`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-selfmanagedeventsource.html#cfn-lambda-eventsourcemapping-selfmanagedeventsource-endpoints
             '''
@@ -5642,9 +5670,9 @@ class CfnEventSourceMapping(
             *,
             consumer_group_id: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''Specific configuration settings for a Self-Managed Apache Kafka event source.
+            '''Specific configuration settings for a self-managed Apache Kafka event source.
 
-            :param consumer_group_id: The identifier for the Kafka Consumer Group to join.
+            :param consumer_group_id: The identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see `Customizable consumer group ID <https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-consumer-group-id>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-selfmanagedkafkaeventsourceconfig.html
             :exampleMetadata: fixture=_generated
@@ -5668,7 +5696,9 @@ class CfnEventSourceMapping(
 
         @builtins.property
         def consumer_group_id(self) -> typing.Optional[builtins.str]:
-            '''The identifier for the Kafka Consumer Group to join.
+            '''The identifier for the Kafka consumer group to join.
+
+            The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see `Customizable consumer group ID <https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-consumer-group-id>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-selfmanagedkafkaeventsourceconfig.html#cfn-lambda-eventsourcemapping-selfmanagedkafkaeventsourceconfig-consumergroupid
             '''
@@ -5698,10 +5728,10 @@ class CfnEventSourceMapping(
             type: typing.Optional[builtins.str] = None,
             uri: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''The configuration used by AWS Lambda to access event source.
+            '''An array of the authentication protocol, VPC components, or virtual host to secure and define your event source.
 
-            :param type: The type of source access configuration.
-            :param uri: The URI for the source access configuration resource.
+            :param type: The type of authentication protocol, VPC components, or virtual host for your event source. For example: ``"Type":"SASL_SCRAM_512_AUTH"`` . - ``BASIC_AUTH`` – (Amazon MQ) The AWS Secrets Manager secret that stores your broker credentials. - ``BASIC_AUTH`` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL/PLAIN authentication of your Apache Kafka brokers. - ``VPC_SUBNET`` – (Self-managed Apache Kafka) The subnets associated with your VPC. Lambda connects to these subnets to fetch data from your self-managed Apache Kafka cluster. - ``VPC_SECURITY_GROUP`` – (Self-managed Apache Kafka) The VPC security group used to manage access to your self-managed Apache Kafka brokers. - ``SASL_SCRAM_256_AUTH`` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-256 authentication of your self-managed Apache Kafka brokers. - ``SASL_SCRAM_512_AUTH`` – (Amazon MSK, Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-512 authentication of your self-managed Apache Kafka brokers. - ``VIRTUAL_HOST`` –- (RabbitMQ) The name of the virtual host in your RabbitMQ broker. Lambda uses this RabbitMQ host as the event source. This property cannot be specified in an UpdateEventSourceMapping API call. - ``CLIENT_CERTIFICATE_TLS_AUTH`` – (Amazon MSK, self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the certificate chain (X.509 PEM), private key (PKCS#8 PEM), and private key password (optional) used for mutual TLS authentication of your MSK/Apache Kafka brokers. - ``SERVER_ROOT_CA_CERTIFICATE`` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the root CA certificate (X.509 PEM) used for TLS encryption of your Apache Kafka brokers.
+            :param uri: The value for your chosen configuration in ``Type`` . For example: ``"URI": "arn:aws:secretsmanager:us-east-1:01234567890:secret:MyBrokerSecretName"`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -5729,7 +5759,17 @@ class CfnEventSourceMapping(
 
         @builtins.property
         def type(self) -> typing.Optional[builtins.str]:
-            '''The type of source access configuration.
+            '''The type of authentication protocol, VPC components, or virtual host for your event source. For example: ``"Type":"SASL_SCRAM_512_AUTH"`` .
+
+            - ``BASIC_AUTH`` – (Amazon MQ) The AWS Secrets Manager secret that stores your broker credentials.
+            - ``BASIC_AUTH`` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL/PLAIN authentication of your Apache Kafka brokers.
+            - ``VPC_SUBNET`` – (Self-managed Apache Kafka) The subnets associated with your VPC. Lambda connects to these subnets to fetch data from your self-managed Apache Kafka cluster.
+            - ``VPC_SECURITY_GROUP`` – (Self-managed Apache Kafka) The VPC security group used to manage access to your self-managed Apache Kafka brokers.
+            - ``SASL_SCRAM_256_AUTH`` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-256 authentication of your self-managed Apache Kafka brokers.
+            - ``SASL_SCRAM_512_AUTH`` – (Amazon MSK, Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-512 authentication of your self-managed Apache Kafka brokers.
+            - ``VIRTUAL_HOST`` –- (RabbitMQ) The name of the virtual host in your RabbitMQ broker. Lambda uses this RabbitMQ host as the event source. This property cannot be specified in an UpdateEventSourceMapping API call.
+            - ``CLIENT_CERTIFICATE_TLS_AUTH`` – (Amazon MSK, self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the certificate chain (X.509 PEM), private key (PKCS#8 PEM), and private key password (optional) used for mutual TLS authentication of your MSK/Apache Kafka brokers.
+            - ``SERVER_ROOT_CA_CERTIFICATE`` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the root CA certificate (X.509 PEM) used for TLS encryption of your Apache Kafka brokers.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration.html#cfn-lambda-eventsourcemapping-sourceaccessconfiguration-type
             '''
@@ -5738,7 +5778,9 @@ class CfnEventSourceMapping(
 
         @builtins.property
         def uri(self) -> typing.Optional[builtins.str]:
-            '''The URI for the source access configuration resource.
+            '''The value for your chosen configuration in ``Type`` .
+
+            For example: ``"URI": "arn:aws:secretsmanager:us-east-1:01234567890:secret:MyBrokerSecretName"`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration.html#cfn-lambda-eventsourcemapping-sourceaccessconfiguration-uri
             '''
@@ -5820,31 +5862,31 @@ class CfnEventSourceMappingProps:
     ) -> None:
         '''Properties for defining a ``CfnEventSourceMapping``.
 
-        :param function_name: The name of the Lambda function.
-        :param amazon_managed_kafka_event_source_config: Specific configuration settings for an MSK event source.
-        :param batch_size: The maximum number of items to retrieve in a single batch.
-        :param bisect_batch_on_function_error: (Streams) If the function returns an error, split the batch in two and retry.
-        :param destination_config: A configuration object that specifies the destination of an event after Lambda processes it.
-        :param document_db_event_source_config: Document db event source config.
-        :param enabled: Disables the event source mapping to pause polling and invocation.
-        :param event_source_arn: The Amazon Resource Name (ARN) of the event source.
-        :param filter_criteria: The filter criteria to control event filtering.
-        :param function_response_types: (Streams) A list of response types supported by the function.
-        :param kms_key_arn: The Amazon Resource Name (ARN) of the KMS key.
-        :param maximum_batching_window_in_seconds: (Streams) The maximum amount of time to gather records before invoking the function, in seconds.
-        :param maximum_record_age_in_seconds: (Streams) The maximum age of a record that Lambda sends to a function for processing.
-        :param maximum_retry_attempts: (Streams) The maximum number of times to retry when the function returns an error.
-        :param parallelization_factor: (Streams) The number of batches to process from each shard concurrently.
-        :param queues: (ActiveMQ) A list of ActiveMQ queues.
-        :param scaling_config: The scaling configuration for the event source.
-        :param self_managed_event_source: The configuration used by AWS Lambda to access a self-managed event source.
-        :param self_managed_kafka_event_source_config: Specific configuration settings for a Self-Managed Apache Kafka event source.
-        :param source_access_configurations: A list of SourceAccessConfiguration.
-        :param starting_position: The position in a stream from which to start reading. Required for Amazon Kinesis and Amazon DynamoDB Streams sources.
-        :param starting_position_timestamp: With StartingPosition set to AT_TIMESTAMP, the time from which to start reading, in Unix time seconds.
-        :param tags: 
-        :param topics: (Kafka) A list of Kafka topics.
-        :param tumbling_window_in_seconds: (Streams) Tumbling window (non-overlapping time window) duration to perform aggregations.
+        :param function_name: The name or ARN of the Lambda function. **Name formats** - *Function name* – ``MyFunction`` . - *Function ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction`` . - *Version or Alias ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD`` . - *Partial ARN* – ``123456789012:function:MyFunction`` . The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.
+        :param amazon_managed_kafka_event_source_config: Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source.
+        :param batch_size: The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB). - *Amazon Kinesis* – Default 100. Max 10,000. - *Amazon DynamoDB Streams* – Default 100. Max 10,000. - *Amazon Simple Queue Service* – Default 10. For standard queues the max is 10,000. For FIFO queues the max is 10. - *Amazon Managed Streaming for Apache Kafka* – Default 100. Max 10,000. - *Self-managed Apache Kafka* – Default 100. Max 10,000. - *Amazon MQ (ActiveMQ and RabbitMQ)* – Default 100. Max 10,000. - *DocumentDB* – Default 100. Max 10,000.
+        :param bisect_batch_on_function_error: (Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry. The default value is false.
+        :param destination_config: (Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka event sources only) A configuration object that specifies the destination of an event after Lambda processes it.
+        :param document_db_event_source_config: Specific configuration settings for a DocumentDB event source.
+        :param enabled: When true, the event source mapping is active. When false, Lambda pauses polling and invocation. Default: True
+        :param event_source_arn: The Amazon Resource Name (ARN) of the event source. - *Amazon Kinesis* – The ARN of the data stream or a stream consumer. - *Amazon DynamoDB Streams* – The ARN of the stream. - *Amazon Simple Queue Service* – The ARN of the queue. - *Amazon Managed Streaming for Apache Kafka* – The ARN of the cluster or the ARN of the VPC connection (for `cross-account event source mappings <https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#msk-multi-vpc>`_ ). - *Amazon MQ* – The ARN of the broker. - *Amazon DocumentDB* – The ARN of the DocumentDB change stream.
+        :param filter_criteria: An object that defines the filter criteria that determine whether Lambda should process an event. For more information, see `Lambda event filtering <https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html>`_ .
+        :param function_response_types: (Kinesis, DynamoDB Streams, and SQS) A list of current response type enums applied to the event source mapping. Valid Values: ``ReportBatchItemFailures``
+        :param kms_key_arn: The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that Lambda uses to encrypt your function's `filter criteria <https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics>`_ .
+        :param maximum_batching_window_in_seconds: The maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function. *Default ( Kinesis , DynamoDB , Amazon SQS event sources)* : 0 *Default ( Amazon MSK , Kafka, Amazon MQ , Amazon DocumentDB event sources)* : 500 ms *Related setting:* For Amazon SQS event sources, when you set ``BatchSize`` to a value greater than 10, you must set ``MaximumBatchingWindowInSeconds`` to at least 1.
+        :param maximum_record_age_in_seconds: (Kinesis and DynamoDB Streams only) Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, Lambda never discards old records. .. epigraph:: The minimum valid value for maximum record age is 60s. Although values less than 60 and greater than -1 fall within the parameter's absolute range, they are not allowed
+        :param maximum_retry_attempts: (Kinesis and DynamoDB Streams only) Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, Lambda retries failed records until the record expires in the event source.
+        :param parallelization_factor: (Kinesis and DynamoDB Streams only) The number of batches to process concurrently from each shard. The default value is 1.
+        :param queues: (Amazon MQ) The name of the Amazon MQ broker destination queue to consume.
+        :param scaling_config: (Amazon SQS only) The scaling configuration for the event source. For more information, see `Configuring maximum concurrency for Amazon SQS event sources <https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-max-concurrency>`_ .
+        :param self_managed_event_source: The self-managed Apache Kafka cluster for your event source.
+        :param self_managed_kafka_event_source_config: Specific configuration settings for a self-managed Apache Kafka event source.
+        :param source_access_configurations: An array of the authentication protocol, VPC components, or virtual host to secure and define your event source.
+        :param starting_position: The position in a stream from which to start reading. Required for Amazon Kinesis and Amazon DynamoDB. - *LATEST* - Read only new records. - *TRIM_HORIZON* - Process all available records. - *AT_TIMESTAMP* - Specify a time from which to start reading records.
+        :param starting_position_timestamp: With ``StartingPosition`` set to ``AT_TIMESTAMP`` , the time from which to start reading, in Unix time seconds. ``StartingPositionTimestamp`` cannot be in the future.
+        :param tags: A list of tags to add to the event source mapping. .. epigraph:: You must have the ``lambda:TagResource`` , ``lambda:UntagResource`` , and ``lambda:ListTags`` permissions for your `IAM principal <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html>`_ to manage the AWS CloudFormation stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.
+        :param topics: The name of the Kafka topic.
+        :param tumbling_window_in_seconds: (Kinesis and DynamoDB Streams only) The duration in seconds of a processing window for DynamoDB and Kinesis Streams event sources. A value of 0 seconds indicates no tumbling window.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html
         :exampleMetadata: fixture=_generated
@@ -5994,7 +6036,15 @@ class CfnEventSourceMappingProps:
 
     @builtins.property
     def function_name(self) -> builtins.str:
-        '''The name of the Lambda function.
+        '''The name or ARN of the Lambda function.
+
+        **Name formats** - *Function name* – ``MyFunction`` .
+
+        - *Function ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction`` .
+        - *Version or Alias ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD`` .
+        - *Partial ARN* – ``123456789012:function:MyFunction`` .
+
+        The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-functionname
         '''
@@ -6006,7 +6056,7 @@ class CfnEventSourceMappingProps:
     def amazon_managed_kafka_event_source_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnEventSourceMapping.AmazonManagedKafkaEventSourceConfigProperty]]:
-        '''Specific configuration settings for an MSK event source.
+        '''Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-amazonmanagedkafkaeventsourceconfig
         '''
@@ -6015,7 +6065,17 @@ class CfnEventSourceMappingProps:
 
     @builtins.property
     def batch_size(self) -> typing.Optional[jsii.Number]:
-        '''The maximum number of items to retrieve in a single batch.
+        '''The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function.
+
+        Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB).
+
+        - *Amazon Kinesis* – Default 100. Max 10,000.
+        - *Amazon DynamoDB Streams* – Default 100. Max 10,000.
+        - *Amazon Simple Queue Service* – Default 10. For standard queues the max is 10,000. For FIFO queues the max is 10.
+        - *Amazon Managed Streaming for Apache Kafka* – Default 100. Max 10,000.
+        - *Self-managed Apache Kafka* – Default 100. Max 10,000.
+        - *Amazon MQ (ActiveMQ and RabbitMQ)* – Default 100. Max 10,000.
+        - *DocumentDB* – Default 100. Max 10,000.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-batchsize
         '''
@@ -6026,7 +6086,9 @@ class CfnEventSourceMappingProps:
     def bisect_batch_on_function_error(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''(Streams) If the function returns an error, split the batch in two and retry.
+        '''(Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry.
+
+        The default value is false.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-bisectbatchonfunctionerror
         '''
@@ -6037,7 +6099,7 @@ class CfnEventSourceMappingProps:
     def destination_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnEventSourceMapping.DestinationConfigProperty]]:
-        '''A configuration object that specifies the destination of an event after Lambda processes it.
+        '''(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka event sources only) A configuration object that specifies the destination of an event after Lambda processes it.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-destinationconfig
         '''
@@ -6048,7 +6110,7 @@ class CfnEventSourceMappingProps:
     def document_db_event_source_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnEventSourceMapping.DocumentDBEventSourceConfigProperty]]:
-        '''Document db event source config.
+        '''Specific configuration settings for a DocumentDB event source.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-documentdbeventsourceconfig
         '''
@@ -6059,7 +6121,9 @@ class CfnEventSourceMappingProps:
     def enabled(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''Disables the event source mapping to pause polling and invocation.
+        '''When true, the event source mapping is active. When false, Lambda pauses polling and invocation.
+
+        Default: True
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-enabled
         '''
@@ -6070,6 +6134,13 @@ class CfnEventSourceMappingProps:
     def event_source_arn(self) -> typing.Optional[builtins.str]:
         '''The Amazon Resource Name (ARN) of the event source.
 
+        - *Amazon Kinesis* – The ARN of the data stream or a stream consumer.
+        - *Amazon DynamoDB Streams* – The ARN of the stream.
+        - *Amazon Simple Queue Service* – The ARN of the queue.
+        - *Amazon Managed Streaming for Apache Kafka* – The ARN of the cluster or the ARN of the VPC connection (for `cross-account event source mappings <https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#msk-multi-vpc>`_ ).
+        - *Amazon MQ* – The ARN of the broker.
+        - *Amazon DocumentDB* – The ARN of the DocumentDB change stream.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-eventsourcearn
         '''
         result = self._values.get("event_source_arn")
@@ -6079,7 +6150,9 @@ class CfnEventSourceMappingProps:
     def filter_criteria(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnEventSourceMapping.FilterCriteriaProperty]]:
-        '''The filter criteria to control event filtering.
+        '''An object that defines the filter criteria that determine whether Lambda should process an event.
+
+        For more information, see `Lambda event filtering <https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-filtercriteria
         '''
@@ -6088,7 +6161,9 @@ class CfnEventSourceMappingProps:
 
     @builtins.property
     def function_response_types(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''(Streams) A list of response types supported by the function.
+        '''(Kinesis, DynamoDB Streams, and SQS) A list of current response type enums applied to the event source mapping.
+
+        Valid Values: ``ReportBatchItemFailures``
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-functionresponsetypes
         '''
@@ -6097,7 +6172,7 @@ class CfnEventSourceMappingProps:
 
     @builtins.property
     def kms_key_arn(self) -> typing.Optional[builtins.str]:
-        '''The Amazon Resource Name (ARN) of the KMS key.
+        '''The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that Lambda uses to encrypt your function's `filter criteria <https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-kmskeyarn
         '''
@@ -6106,7 +6181,13 @@ class CfnEventSourceMappingProps:
 
     @builtins.property
     def maximum_batching_window_in_seconds(self) -> typing.Optional[jsii.Number]:
-        '''(Streams) The maximum amount of time to gather records before invoking the function, in seconds.
+        '''The maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function.
+
+        *Default ( Kinesis , DynamoDB , Amazon SQS event sources)* : 0
+
+        *Default ( Amazon MSK , Kafka, Amazon MQ , Amazon DocumentDB event sources)* : 500 ms
+
+        *Related setting:* For Amazon SQS event sources, when you set ``BatchSize`` to a value greater than 10, you must set ``MaximumBatchingWindowInSeconds`` to at least 1.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumbatchingwindowinseconds
         '''
@@ -6115,7 +6196,13 @@ class CfnEventSourceMappingProps:
 
     @builtins.property
     def maximum_record_age_in_seconds(self) -> typing.Optional[jsii.Number]:
-        '''(Streams) The maximum age of a record that Lambda sends to a function for processing.
+        '''(Kinesis and DynamoDB Streams only) Discard records older than the specified age.
+
+        The default value is -1,
+        which sets the maximum age to infinite. When the value is set to infinite, Lambda never discards old records.
+        .. epigraph::
+
+           The minimum valid value for maximum record age is 60s. Although values less than 60 and greater than -1 fall within the parameter's absolute range, they are not allowed
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumrecordageinseconds
         '''
@@ -6124,7 +6211,10 @@ class CfnEventSourceMappingProps:
 
     @builtins.property
     def maximum_retry_attempts(self) -> typing.Optional[jsii.Number]:
-        '''(Streams) The maximum number of times to retry when the function returns an error.
+        '''(Kinesis and DynamoDB Streams only) Discard records after the specified number of retries.
+
+        The default value is -1,
+        which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, Lambda retries failed records until the record expires in the event source.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-maximumretryattempts
         '''
@@ -6133,7 +6223,9 @@ class CfnEventSourceMappingProps:
 
     @builtins.property
     def parallelization_factor(self) -> typing.Optional[jsii.Number]:
-        '''(Streams) The number of batches to process from each shard concurrently.
+        '''(Kinesis and DynamoDB Streams only) The number of batches to process concurrently from each shard.
+
+        The default value is 1.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-parallelizationfactor
         '''
@@ -6142,7 +6234,7 @@ class CfnEventSourceMappingProps:
 
     @builtins.property
     def queues(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''(ActiveMQ) A list of ActiveMQ queues.
+        '''(Amazon MQ) The name of the Amazon MQ broker destination queue to consume.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-queues
         '''
@@ -6153,7 +6245,9 @@ class CfnEventSourceMappingProps:
     def scaling_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnEventSourceMapping.ScalingConfigProperty]]:
-        '''The scaling configuration for the event source.
+        '''(Amazon SQS only) The scaling configuration for the event source.
+
+        For more information, see `Configuring maximum concurrency for Amazon SQS event sources <https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-max-concurrency>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-scalingconfig
         '''
@@ -6164,7 +6258,7 @@ class CfnEventSourceMappingProps:
     def self_managed_event_source(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnEventSourceMapping.SelfManagedEventSourceProperty]]:
-        '''The configuration used by AWS Lambda to access a self-managed event source.
+        '''The self-managed Apache Kafka cluster for your event source.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-selfmanagedeventsource
         '''
@@ -6175,7 +6269,7 @@ class CfnEventSourceMappingProps:
     def self_managed_kafka_event_source_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnEventSourceMapping.SelfManagedKafkaEventSourceConfigProperty]]:
-        '''Specific configuration settings for a Self-Managed Apache Kafka event source.
+        '''Specific configuration settings for a self-managed Apache Kafka event source.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-selfmanagedkafkaeventsourceconfig
         '''
@@ -6186,7 +6280,7 @@ class CfnEventSourceMappingProps:
     def source_access_configurations(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnEventSourceMapping.SourceAccessConfigurationProperty]]]]:
-        '''A list of SourceAccessConfiguration.
+        '''An array of the authentication protocol, VPC components, or virtual host to secure and define your event source.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-sourceaccessconfigurations
         '''
@@ -6195,9 +6289,11 @@ class CfnEventSourceMappingProps:
 
     @builtins.property
     def starting_position(self) -> typing.Optional[builtins.str]:
-        '''The position in a stream from which to start reading.
+        '''The position in a stream from which to start reading. Required for Amazon Kinesis and Amazon DynamoDB.
 
-        Required for Amazon Kinesis and Amazon DynamoDB Streams sources.
+        - *LATEST* - Read only new records.
+        - *TRIM_HORIZON* - Process all available records.
+        - *AT_TIMESTAMP* - Specify a time from which to start reading records.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingposition
         '''
@@ -6206,7 +6302,9 @@ class CfnEventSourceMappingProps:
 
     @builtins.property
     def starting_position_timestamp(self) -> typing.Optional[jsii.Number]:
-        '''With StartingPosition set to AT_TIMESTAMP, the time from which to start reading, in Unix time seconds.
+        '''With ``StartingPosition`` set to ``AT_TIMESTAMP`` , the time from which to start reading, in Unix time seconds.
+
+        ``StartingPositionTimestamp`` cannot be in the future.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingpositiontimestamp
         '''
@@ -6215,7 +6313,12 @@ class CfnEventSourceMappingProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''
+        '''A list of tags to add to the event source mapping.
+
+        .. epigraph::
+
+           You must have the ``lambda:TagResource`` , ``lambda:UntagResource`` , and ``lambda:ListTags`` permissions for your `IAM principal <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html>`_ to manage the AWS CloudFormation stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-tags
         '''
         result = self._values.get("tags")
@@ -6223,7 +6326,7 @@ class CfnEventSourceMappingProps:
 
     @builtins.property
     def topics(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''(Kafka) A list of Kafka topics.
+        '''The name of the Kafka topic.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-topics
         '''
@@ -6232,7 +6335,9 @@ class CfnEventSourceMappingProps:
 
     @builtins.property
     def tumbling_window_in_seconds(self) -> typing.Optional[jsii.Number]:
-        '''(Streams) Tumbling window (non-overlapping time window) duration to perform aggregations.
+        '''(Kinesis and DynamoDB Streams only) The duration in seconds of a processing window for DynamoDB and Kinesis Streams event sources.
+
+        A value of 0 seconds indicates no tumbling window.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-tumblingwindowinseconds
         '''
@@ -6393,32 +6498,32 @@ class CfnFunction(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param code: The `deployment package <https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html>`_ for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template. Changes to a deployment package in Amazon S3 or a container image in ECR are not detected automatically during stack updates. To update the function code, change the object key or version in the template.
+        :param code: The code for the function. You can define your function code in multiple ways:. - For .zip deployment packages, you can specify the Amazon S3 location of the .zip file in the ``S3Bucket`` , ``S3Key`` , and ``S3ObjectVersion`` properties. - For .zip deployment packages, you can alternatively define the function code inline in the ``ZipFile`` property. This method works only for Node.js and Python functions. - For container images, specify the URI of your container image in the Amazon ECR registry in the ``ImageUri`` property.
         :param role: The Amazon Resource Name (ARN) of the function's execution role.
-        :param architectures: The instruction set architecture that the function supports. Enter a string array with one of the valid values (arm64 or x86_64). The default value is ``x86_64``.
+        :param architectures: The instruction set architecture that the function supports. Enter a string array with one of the valid values (arm64 or x86_64). The default value is ``x86_64`` .
         :param code_signing_config_arn: To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
-        :param dead_letter_config: The `dead-letter queue <https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#dlq>`_ for failed asynchronous invocations.
+        :param dead_letter_config: A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing. For more information, see `Dead-letter queues <https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-dlq>`_ .
         :param description: A description of the function.
-        :param environment: A function's environment variable settings. You can use environment variables to adjust your function's behavior without updating code. An environment variable is a pair of strings that are stored in a function's version-specific configuration.
+        :param environment: Environment variables that are accessible from function code during execution.
         :param ephemeral_storage: The size of the function's ``/tmp`` directory in MB. The default value is 512, but it can be any whole number between 512 and 10,240 MB.
-        :param file_system_configs: Connection settings for an Amazon EFS file system. To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an `AWS::EFS::MountTarget <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html>`_ resource, you must also specify a ``DependsOn`` attribute to ensure that the mount target is created or updated before the function. For more information about using the ``DependsOn`` attribute, see `DependsOn Attribute <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html>`_.
-        :param function_name: The name of the Lambda function, up to 64 characters in length. If you don't specify a name, CFN generates one. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
-        :param handler: The name of the method within your code that Lambda calls to run your function. Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see `Lambda programming model <https://docs.aws.amazon.com/lambda/latest/dg/foundation-progmodel.html>`_.
-        :param image_config: Configuration values that override the container image Dockerfile settings. For more information, see `Container image settings <https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-parms>`_.
-        :param kms_key_arn: The ARN of the KMSlong (KMS) customer managed key that's used to encrypt your function's `environment variables <https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption>`_. When `Lambda SnapStart <https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html>`_ is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don't provide a customer managed key, Lambda uses a default service key.
+        :param file_system_configs: Connection settings for an Amazon EFS file system. To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an `AWS::EFS::MountTarget <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html>`_ resource, you must also specify a ``DependsOn`` attribute to ensure that the mount target is created or updated before the function. For more information about using the ``DependsOn`` attribute, see `DependsOn Attribute <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html>`_ .
+        :param function_name: The name of the Lambda function, up to 64 characters in length. If you don't specify a name, AWS CloudFormation generates one. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
+        :param handler: The name of the method within your code that Lambda calls to run your function. Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see `Lambda programming model <https://docs.aws.amazon.com/lambda/latest/dg/foundation-progmodel.html>`_ .
+        :param image_config: Configuration values that override the container image Dockerfile settings. For more information, see `Container image settings <https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-parms>`_ .
+        :param kms_key_arn: The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that's used to encrypt your function's `environment variables <https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption>`_ . When `Lambda SnapStart <https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html>`_ is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry ( Amazon ECR ). If you don't provide a customer managed key, Lambda uses a default service key.
         :param layers: A list of `function layers <https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html>`_ to add to the function's execution environment. Specify each layer by its ARN, including the version.
         :param logging_config: The function's Amazon CloudWatch Logs configuration settings.
         :param memory_size: The amount of `memory available to the function <https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html#configuration-memory-console>`_ at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB. Note that new AWS accounts have reduced concurrency and memory quotas. AWS raises these quotas automatically based on your usage. You can also request a quota increase.
         :param package_type: The type of deployment package. Set to ``Image`` for container image and set ``Zip`` for .zip file archive.
-        :param recursive_loop: This property is set to terminate unintended recursions. If set to ``Terminate``, Lambda detects and terminates unitended recursive loops. If set to ``Allow`` Lambda lets recursions be and does not terminate it.
+        :param recursive_loop: The status of your function's recursive loop detection configuration. When this value is set to ``Allow`` and Lambda detects your function being invoked as part of a recursive loop, it doesn't take any action. When this value is set to ``Terminate`` and Lambda detects your function being invoked as part of a recursive loop, it stops your function being invoked and notifies you.
         :param reserved_concurrent_executions: The number of simultaneous executions to reserve for the function.
-        :param runtime: The identifier of the function's `runtime <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html>`_. Runtime is required if the deployment package is a .zip file archive. Specifying a runtime results in an error if you're deploying a function using a container image. The following list includes deprecated runtimes. Lambda blocks creating new functions and updating existing functions shortly after each runtime is deprecated. For more information, see `Runtime use after deprecation <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-deprecation-levels>`_. For a list of all currently supported runtimes, see `Supported runtimes <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtimes-supported>`_.
-        :param runtime_management_config: Sets the runtime management configuration for a function's version. For more information, see `Runtime updates <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html>`_.
-        :param snap_start: The function's `SnapStart <https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html>`_ setting.
-        :param tags: A list of `tags <https://docs.aws.amazon.com/lambda/latest/dg/tagging.html>`_ to apply to the function.
-        :param timeout: The amount of time (in seconds) that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For more information, see `Lambda execution environment <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-context.html>`_.
-        :param tracing_config: The function's ` <https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html>`_ tracing configuration. To sample and record incoming requests, set ``Mode`` to ``Active``.
-        :param vpc_config: The VPC security groups and subnets that are attached to a Lambda function. When you connect a function to a VPC, Lambda creates an elastic network interface for each combination of security group and subnet in the function's VPC configuration. The function can only access resources and the internet through that VPC. For more information, see `VPC Settings <https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html>`_. When you delete a function, CFN monitors the state of its network interfaces and waits for Lambda to delete them before proceeding. If the VPC is defined in the same stack, the network interfaces need to be deleted by Lambda before CFN can delete the VPC's resources. To monitor network interfaces, CFN needs the ``ec2:DescribeNetworkInterfaces`` permission. It obtains this from the user or role that modifies the stack. If you don't provide this permission, CFN does not wait for network interfaces to be deleted.
+        :param runtime: The identifier of the function's `runtime <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html>`_ . Runtime is required if the deployment package is a .zip file archive. Specifying a runtime results in an error if you're deploying a function using a container image. The following list includes deprecated runtimes. Lambda blocks creating new functions and updating existing functions shortly after each runtime is deprecated. For more information, see `Runtime use after deprecation <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-deprecation-levels>`_ . For a list of all currently supported runtimes, see `Supported runtimes <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtimes-supported>`_ .
+        :param runtime_management_config: Sets the runtime management configuration for a function's version. For more information, see `Runtime updates <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html>`_ .
+        :param snap_start: The function's `AWS Lambda SnapStart <https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html>`_ setting.
+        :param tags: A list of `tags <https://docs.aws.amazon.com/lambda/latest/dg/tagging.html>`_ to apply to the function. .. epigraph:: You must have the ``lambda:TagResource`` , ``lambda:UntagResource`` , and ``lambda:ListTags`` permissions for your `IAM principal <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html>`_ to manage the AWS CloudFormation stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.
+        :param timeout: The amount of time (in seconds) that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For more information, see `Lambda execution environment <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-context.html>`_ .
+        :param tracing_config: Set ``Mode`` to ``Active`` to sample and trace a subset of incoming requests with `X-Ray <https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html>`_ .
+        :param vpc_config: For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC. When you connect a function to a VPC, it can access resources and the internet only through that VPC. For more information, see `Configuring a Lambda function to access resources in a VPC <https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html>`_ .
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__d971f3872acf20816e6da364ff9e6bec83fe2e68bbb9a7debc845b40036ee553)
@@ -6488,7 +6593,8 @@ class CfnFunction(
     @builtins.property
     @jsii.member(jsii_name="attrArn")
     def attr_arn(self) -> builtins.str:
-        '''
+        '''The Amazon Resource Name (ARN) of the function.
+
         :cloudformationAttribute: Arn
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrArn"))
@@ -6534,7 +6640,10 @@ class CfnFunction(
     @builtins.property
     @jsii.member(jsii_name="code")
     def code(self) -> typing.Union[_IResolvable_da3f097b, "CfnFunction.CodeProperty"]:
-        '''The `deployment package <https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html>`_ for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template.  Changes to a deployment package in Amazon S3 or a container image in ECR are not detected automatically during stack updates. To update the function code, change the object key or version in the template.'''
+        '''The code for the function.
+
+        You can define your function code in multiple ways:.
+        '''
         return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnFunction.CodeProperty"], jsii.get(self, "code"))
 
     @code.setter
@@ -6591,7 +6700,7 @@ class CfnFunction(
     def dead_letter_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnFunction.DeadLetterConfigProperty"]]:
-        '''The `dead-letter queue <https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#dlq>`_ for failed asynchronous invocations.'''
+        '''A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnFunction.DeadLetterConfigProperty"]], jsii.get(self, "deadLetterConfig"))
 
     @dead_letter_config.setter
@@ -6622,7 +6731,7 @@ class CfnFunction(
     def environment(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnFunction.EnvironmentProperty"]]:
-        '''A function's environment variable settings.'''
+        '''Environment variables that are accessible from function code during execution.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnFunction.EnvironmentProperty"]], jsii.get(self, "environment"))
 
     @environment.setter
@@ -6718,7 +6827,7 @@ class CfnFunction(
     @builtins.property
     @jsii.member(jsii_name="kmsKeyArn")
     def kms_key_arn(self) -> typing.Optional[builtins.str]:
-        '''The ARN of the KMSlong (KMS) customer managed key that's used to encrypt your function's `environment variables <https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption>`_. When `Lambda SnapStart <https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html>`_ is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don't provide a customer managed key, Lambda uses a default service key.'''
+        '''The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that's used to encrypt your function's `environment variables <https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption>`_ . When `Lambda SnapStart <https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html>`_ is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry ( Amazon ECR ). If you don't provide a customer managed key, Lambda uses a default service key.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "kmsKeyArn"))
 
     @kms_key_arn.setter
@@ -6788,7 +6897,7 @@ class CfnFunction(
     @builtins.property
     @jsii.member(jsii_name="recursiveLoop")
     def recursive_loop(self) -> typing.Optional[builtins.str]:
-        '''This property is set to terminate unintended recursions.'''
+        '''The status of your function's recursive loop detection configuration.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "recursiveLoop"))
 
     @recursive_loop.setter
@@ -6817,7 +6926,7 @@ class CfnFunction(
     @builtins.property
     @jsii.member(jsii_name="runtime")
     def runtime(self) -> typing.Optional[builtins.str]:
-        '''The identifier of the function's `runtime <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html>`_. Runtime is required if the deployment package is a .zip file archive. Specifying a runtime results in an error if you're deploying a function using a container image.  The following list includes deprecated runtimes. Lambda blocks creating new functions and updating existing functions shortly after each runtime is deprecated. For more information, see `Runtime use after deprecation <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-deprecation-levels>`_.  For a list of all currently supported runtimes, see `Supported runtimes <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtimes-supported>`_.'''
+        '''The identifier of the function's `runtime <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html>`_ . Runtime is required if the deployment package is a .zip file archive. Specifying a runtime results in an error if you're deploying a function using a container image.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "runtime"))
 
     @runtime.setter
@@ -6850,7 +6959,7 @@ class CfnFunction(
     def snap_start(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnFunction.SnapStartProperty"]]:
-        '''The function's `SnapStart <https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html>`_ setting.'''
+        '''The function's `AWS Lambda SnapStart <https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html>`_ setting.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnFunction.SnapStartProperty"]], jsii.get(self, "snapStart"))
 
     @snap_start.setter
@@ -6894,7 +7003,7 @@ class CfnFunction(
     def tracing_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnFunction.TracingConfigProperty"]]:
-        '''The function's ` <https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html>`_ tracing configuration. To sample and record incoming requests, set ``Mode`` to ``Active``.'''
+        '''Set ``Mode`` to ``Active`` to sample and trace a subset of incoming requests with `X-Ray <https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html>`_ .'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnFunction.TracingConfigProperty"]], jsii.get(self, "tracingConfig"))
 
     @tracing_config.setter
@@ -6912,7 +7021,7 @@ class CfnFunction(
     def vpc_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnFunction.VpcConfigProperty"]]:
-        '''The VPC security groups and subnets that are attached to a Lambda function.'''
+        '''For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnFunction.VpcConfigProperty"]], jsii.get(self, "vpcConfig"))
 
     @vpc_config.setter
@@ -6948,14 +7057,16 @@ class CfnFunction(
             source_kms_key_arn: typing.Optional[builtins.str] = None,
             zip_file: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''The `deployment package <https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html>`_ for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template.  Changes to a deployment package in Amazon S3 or a container image in ECR are not detected automatically during stack updates. To update the function code, change the object key or version in the template.
+            '''The `deployment package <https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html>`_ for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template.
+
+            Changes to a deployment package in Amazon S3 or a container image in ECR are not detected automatically during stack updates. To update the function code, change the object key or version in the template.
 
             :param image_uri: URI of a `container image <https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html>`_ in the Amazon ECR registry.
-            :param s3_bucket: An Amazon S3 bucket in the same AWS-Region as your function. The bucket can be in a different AWS-account.
+            :param s3_bucket: An Amazon S3 bucket in the same AWS Region as your function. The bucket can be in a different AWS account .
             :param s3_key: The Amazon S3 key of the deployment package.
             :param s3_object_version: For versioned objects, the version of the deployment package object to use.
             :param source_kms_key_arn: 
-            :param zip_file: (Node.js and Python) The source code of your Lambda function. If you include your function source inline with this parameter, CFN places it in a file named ``index`` and zips it to create a `deployment package <https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html>`_. This zip file cannot exceed 4MB. For the ``Handler`` property, the first part of the handler identifier must be ``index``. For example, ``index.handler``. For JSON, you must escape quotes and special characters such as newline (``\\n``) with a backslash. If you specify a function that interacts with an AWS CloudFormation custom resource, you don't have to write your own functions to send responses to the custom resource that invoked the function. AWS CloudFormation provides a response module (`cfn-response <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-lambda-function-code-cfnresponsemodule.html>`_) that simplifies sending responses. See `Using Lambda with CloudFormation <https://docs.aws.amazon.com/lambda/latest/dg/services-cloudformation.html>`_ for details.
+            :param zip_file: (Node.js and Python) The source code of your Lambda function. If you include your function source inline with this parameter, AWS CloudFormation places it in a file named ``index`` and zips it to create a `deployment package <https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html>`_ . This zip file cannot exceed 4MB. For the ``Handler`` property, the first part of the handler identifier must be ``index`` . For example, ``index.handler`` . For JSON, you must escape quotes and special characters such as newline ( ``\\n`` ) with a backslash. If you specify a function that interacts with an AWS CloudFormation custom resource, you don't have to write your own functions to send responses to the custom resource that invoked the function. AWS CloudFormation provides a response module ( `cfn-response <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-lambda-function-code-cfnresponsemodule.html>`_ ) that simplifies sending responses. See `Using AWS Lambda with AWS CloudFormation <https://docs.aws.amazon.com/lambda/latest/dg/services-cloudformation.html>`_ for details.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html
             :exampleMetadata: fixture=_generated
@@ -7008,9 +7119,9 @@ class CfnFunction(
 
         @builtins.property
         def s3_bucket(self) -> typing.Optional[builtins.str]:
-            '''An Amazon S3 bucket in the same AWS-Region as your function.
+            '''An Amazon S3 bucket in the same AWS Region as your function.
 
-            The bucket can be in a different AWS-account.
+            The bucket can be in a different AWS account .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-s3bucket
             '''
@@ -7045,7 +7156,11 @@ class CfnFunction(
 
         @builtins.property
         def zip_file(self) -> typing.Optional[builtins.str]:
-            '''(Node.js and Python) The source code of your Lambda function. If you include your function source inline with this parameter, CFN places it in a file named ``index`` and zips it to create a `deployment package <https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html>`_. This zip file cannot exceed 4MB. For the ``Handler`` property, the first part of the handler identifier must be ``index``. For example, ``index.handler``.   For JSON, you must escape quotes and special characters such as newline (``\\n``) with a backslash.  If you specify a function that interacts with an AWS CloudFormation custom resource, you don't have to write your own functions to send responses to the custom resource that invoked the function. AWS CloudFormation provides a response module (`cfn-response <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-lambda-function-code-cfnresponsemodule.html>`_) that simplifies sending responses. See `Using Lambda with CloudFormation <https://docs.aws.amazon.com/lambda/latest/dg/services-cloudformation.html>`_ for details.
+            '''(Node.js and Python) The source code of your Lambda function. If you include your function source inline with this parameter, AWS CloudFormation places it in a file named ``index`` and zips it to create a `deployment package <https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html>`_ . This zip file cannot exceed 4MB. For the ``Handler`` property, the first part of the handler identifier must be ``index`` . For example, ``index.handler`` .
+
+            For JSON, you must escape quotes and special characters such as newline ( ``\\n`` ) with a backslash.
+
+            If you specify a function that interacts with an AWS CloudFormation custom resource, you don't have to write your own functions to send responses to the custom resource that invoked the function. AWS CloudFormation provides a response module ( `cfn-response <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-lambda-function-code-cfnresponsemodule.html>`_ ) that simplifies sending responses. See `Using AWS Lambda with AWS CloudFormation <https://docs.aws.amazon.com/lambda/latest/dg/services-cloudformation.html>`_ for details.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-zipfile
             '''
@@ -7129,7 +7244,7 @@ class CfnFunction(
 
             You can use environment variables to adjust your function's behavior without updating code. An environment variable is a pair of strings that are stored in a function's version-specific configuration.
 
-            :param variables: Environment variable key-value pairs. For more information, see `Using Lambda environment variables <https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html>`_.
+            :param variables: Environment variable key-value pairs. For more information, see `Using Lambda environment variables <https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-environment.html
             :exampleMetadata: fixture=_generated
@@ -7159,7 +7274,7 @@ class CfnFunction(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]]:
             '''Environment variable key-value pairs.
 
-            For more information, see `Using Lambda environment variables <https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html>`_.
+            For more information, see `Using Lambda environment variables <https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-environment.html#cfn-lambda-function-environment-variables
             '''
@@ -7243,10 +7358,10 @@ class CfnFunction(
             arn: builtins.str,
             local_mount_path: builtins.str,
         ) -> None:
-            '''Details about the connection between a Lambda function and an `Amazon EFS file system <https://docs.aws.amazon.com/lambda/latest/dg/configuration-filesystem.html>`_.
+            '''Details about the connection between a Lambda function and an `Amazon EFS file system <https://docs.aws.amazon.com/lambda/latest/dg/configuration-filesystem.html>`_ .
 
             :param arn: The Amazon Resource Name (ARN) of the Amazon EFS access point that provides access to the file system.
-            :param local_mount_path: The path where the function can access the file system, starting with ``/mnt/``.
+            :param local_mount_path: The path where the function can access the file system, starting with ``/mnt/`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-filesystemconfig.html
             :exampleMetadata: fixture=_generated
@@ -7283,7 +7398,7 @@ class CfnFunction(
 
         @builtins.property
         def local_mount_path(self) -> builtins.str:
-            '''The path where the function can access the file system, starting with ``/mnt/``.
+            '''The path where the function can access the file system, starting with ``/mnt/`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-filesystemconfig.html#cfn-lambda-function-filesystemconfig-localmountpath
             '''
@@ -7321,7 +7436,7 @@ class CfnFunction(
         ) -> None:
             '''Configuration values that override the container image Dockerfile settings.
 
-            For more information, see `Container image settings <https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-parms>`_.
+            For more information, see `Container image settings <https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-parms>`_ .
 
             :param command: Specifies parameters that you want to pass in with ENTRYPOINT. You can specify a maximum of 1,500 parameters in the list.
             :param entry_point: Specifies the entry point to their application, which is typically the location of the runtime executable. You can specify a maximum of 1,500 string entries in the list.
@@ -7422,7 +7537,7 @@ class CfnFunction(
 
             :param application_log_level: Set this property to filter the application logs for your function that Lambda sends to CloudWatch. Lambda only sends application logs at the selected level of detail and lower, where ``TRACE`` is the highest level and ``FATAL`` is the lowest.
             :param log_format: The format in which Lambda sends your function's application and system logs to CloudWatch. Select between plain text and structured JSON.
-            :param log_group: The name of the Amazon CloudWatch log group the function sends logs to. By default, Lambda functions send logs to a default log group named ``/aws/lambda/<function name>``. To use a different log group, enter an existing log group or enter a new log group name.
+            :param log_group: The name of the Amazon CloudWatch log group the function sends logs to. By default, Lambda functions send logs to a default log group named ``/aws/lambda/<function name>`` . To use a different log group, enter an existing log group or enter a new log group name.
             :param system_log_level: Set this property to filter the system logs for your function that Lambda sends to CloudWatch. Lambda only sends system logs at the selected level of detail and lower, where ``DEBUG`` is the highest level and ``WARN`` is the lowest.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-loggingconfig.html
@@ -7483,7 +7598,7 @@ class CfnFunction(
         def log_group(self) -> typing.Optional[builtins.str]:
             '''The name of the Amazon CloudWatch log group the function sends logs to.
 
-            By default, Lambda functions send logs to a default log group named ``/aws/lambda/<function name>``. To use a different log group, enter an existing log group or enter a new log group name.
+            By default, Lambda functions send logs to a default log group named ``/aws/lambda/<function name>`` . To use a different log group, enter an existing log group or enter a new log group name.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-loggingconfig.html#cfn-lambda-function-loggingconfig-loggroup
             '''
@@ -7529,10 +7644,10 @@ class CfnFunction(
         ) -> None:
             '''Sets the runtime management configuration for a function's version.
 
-            For more information, see `Runtime updates <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html>`_.
+            For more information, see `Runtime updates <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html>`_ .
 
-            :param update_runtime_on: Specify the runtime update mode. - *Auto (default)* - Automatically update to the most recent and secure runtime version using a `Two-phase runtime version rollout <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html#runtime-management-two-phase>`_. This is the best choice for most customers to ensure they always benefit from runtime updates. - *FunctionUpdate* - LAM updates the runtime of you function to the most recent and secure runtime version when you update your function. This approach synchronizes runtime updates with function deployments, giving you control over when runtime updates are applied and allowing you to detect and mitigate rare runtime update incompatibilities early. When using this setting, you need to regularly update your functions to keep their runtime up-to-date. - *Manual* - You specify a runtime version in your function configuration. The function will use this runtime version indefinitely. In the rare case where a new runtime version is incompatible with an existing function, this allows you to roll back your function to an earlier runtime version. For more information, see `Roll back a runtime version <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html#runtime-management-rollback>`_. *Valid Values*: ``Auto`` | ``FunctionUpdate`` | ``Manual``
-            :param runtime_version_arn: The ARN of the runtime version you want the function to use. This is only required if you're using the *Manual* runtime update mode.
+            :param update_runtime_on: Specify the runtime update mode. - *Auto (default)* - Automatically update to the most recent and secure runtime version using a `Two-phase runtime version rollout <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html#runtime-management-two-phase>`_ . This is the best choice for most customers to ensure they always benefit from runtime updates. - *FunctionUpdate* - Lambda updates the runtime of you function to the most recent and secure runtime version when you update your function. This approach synchronizes runtime updates with function deployments, giving you control over when runtime updates are applied and allowing you to detect and mitigate rare runtime update incompatibilities early. When using this setting, you need to regularly update your functions to keep their runtime up-to-date. - *Manual* - You specify a runtime version in your function configuration. The function will use this runtime version indefinitely. In the rare case where a new runtime version is incompatible with an existing function, this allows you to roll back your function to an earlier runtime version. For more information, see `Roll back a runtime version <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html#runtime-management-rollback>`_ . *Valid Values* : ``Auto`` | ``FunctionUpdate`` | ``Manual``
+            :param runtime_version_arn: The ARN of the runtime version you want the function to use. .. epigraph:: This is only required if you're using the *Manual* runtime update mode.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-runtimemanagementconfig.html
             :exampleMetadata: fixture=_generated
@@ -7564,11 +7679,11 @@ class CfnFunction(
         def update_runtime_on(self) -> builtins.str:
             '''Specify the runtime update mode.
 
-            - *Auto (default)* - Automatically update to the most recent and secure runtime version using a `Two-phase runtime version rollout <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html#runtime-management-two-phase>`_. This is the best choice for most customers to ensure they always benefit from runtime updates.
-            - *FunctionUpdate* - LAM updates the runtime of you function to the most recent and secure runtime version when you update your function. This approach synchronizes runtime updates with function deployments, giving you control over when runtime updates are applied and allowing you to detect and mitigate rare runtime update incompatibilities early. When using this setting, you need to regularly update your functions to keep their runtime up-to-date.
-            - *Manual* - You specify a runtime version in your function configuration. The function will use this runtime version indefinitely. In the rare case where a new runtime version is incompatible with an existing function, this allows you to roll back your function to an earlier runtime version. For more information, see `Roll back a runtime version <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html#runtime-management-rollback>`_.
+            - *Auto (default)* - Automatically update to the most recent and secure runtime version using a `Two-phase runtime version rollout <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html#runtime-management-two-phase>`_ . This is the best choice for most customers to ensure they always benefit from runtime updates.
+            - *FunctionUpdate* - Lambda updates the runtime of you function to the most recent and secure runtime version when you update your function. This approach synchronizes runtime updates with function deployments, giving you control over when runtime updates are applied and allowing you to detect and mitigate rare runtime update incompatibilities early. When using this setting, you need to regularly update your functions to keep their runtime up-to-date.
+            - *Manual* - You specify a runtime version in your function configuration. The function will use this runtime version indefinitely. In the rare case where a new runtime version is incompatible with an existing function, this allows you to roll back your function to an earlier runtime version. For more information, see `Roll back a runtime version <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html#runtime-management-rollback>`_ .
 
-            *Valid Values*: ``Auto`` | ``FunctionUpdate`` | ``Manual``
+            *Valid Values* : ``Auto`` | ``FunctionUpdate`` | ``Manual``
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-runtimemanagementconfig.html#cfn-lambda-function-runtimemanagementconfig-updateruntimeon
             '''
@@ -7580,7 +7695,9 @@ class CfnFunction(
         def runtime_version_arn(self) -> typing.Optional[builtins.str]:
             '''The ARN of the runtime version you want the function to use.
 
-            This is only required if you're using the *Manual* runtime update mode.
+            .. epigraph::
+
+               This is only required if you're using the *Manual* runtime update mode.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-runtimemanagementconfig.html#cfn-lambda-function-runtimemanagementconfig-runtimeversionarn
             '''
@@ -7605,7 +7722,7 @@ class CfnFunction(
     )
     class SnapStartProperty:
         def __init__(self, *, apply_on: builtins.str) -> None:
-            '''The function's `SnapStart <https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html>`_ setting.
+            '''The function's `AWS Lambda SnapStart <https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html>`_ setting.
 
             :param apply_on: Set ``ApplyOn`` to ``PublishedVersions`` to create a snapshot of the initialized execution environment when you publish a function version.
 
@@ -7667,8 +7784,8 @@ class CfnFunction(
         ) -> None:
             '''The function's `SnapStart <https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html>`_ setting.
 
-            :param apply_on: When set to ``PublishedVersions``, Lambda creates a snapshot of the execution environment when you publish a function version.
-            :param optimization_status: When you provide a `qualified Amazon Resource Name (ARN) <https://docs.aws.amazon.com/lambda/latest/dg/configuration-versions.html#versioning-versions-using>`_, this response element indicates whether SnapStart is activated for the specified function version.
+            :param apply_on: When set to ``PublishedVersions`` , Lambda creates a snapshot of the execution environment when you publish a function version.
+            :param optimization_status: When you provide a `qualified Amazon Resource Name (ARN) <https://docs.aws.amazon.com/lambda/latest/dg/configuration-versions.html#versioning-versions-using>`_ , this response element indicates whether SnapStart is activated for the specified function version.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstartresponse.html
             :exampleMetadata: fixture=_generated
@@ -7696,7 +7813,7 @@ class CfnFunction(
 
         @builtins.property
         def apply_on(self) -> typing.Optional[builtins.str]:
-            '''When set to ``PublishedVersions``, Lambda creates a snapshot of the execution environment when you publish a function version.
+            '''When set to ``PublishedVersions`` , Lambda creates a snapshot of the execution environment when you publish a function version.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstartresponse.html#cfn-lambda-function-snapstartresponse-applyon
             '''
@@ -7705,7 +7822,7 @@ class CfnFunction(
 
         @builtins.property
         def optimization_status(self) -> typing.Optional[builtins.str]:
-            '''When you provide a `qualified Amazon Resource Name (ARN) <https://docs.aws.amazon.com/lambda/latest/dg/configuration-versions.html#versioning-versions-using>`_, this response element indicates whether SnapStart is activated for the specified function version.
+            '''When you provide a `qualified Amazon Resource Name (ARN) <https://docs.aws.amazon.com/lambda/latest/dg/configuration-versions.html#versioning-versions-using>`_ , this response element indicates whether SnapStart is activated for the specified function version.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-snapstartresponse.html#cfn-lambda-function-snapstartresponse-optimizationstatus
             '''
@@ -7730,7 +7847,7 @@ class CfnFunction(
     )
     class TracingConfigProperty:
         def __init__(self, *, mode: typing.Optional[builtins.str] = None) -> None:
-            '''The function's ` <https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html>`_ tracing configuration. To sample and record incoming requests, set ``Mode`` to ``Active``.
+            '''The function's `AWS X-Ray <https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html>`_ tracing configuration. To sample and record incoming requests, set ``Mode`` to ``Active`` .
 
             :param mode: The tracing mode.
 
@@ -7793,9 +7910,12 @@ class CfnFunction(
         ) -> None:
             '''The VPC security groups and subnets that are attached to a Lambda function.
 
-            When you connect a function to a VPC, Lambda creates an elastic network interface for each combination of security group and subnet in the function's VPC configuration. The function can only access resources and the internet through that VPC. For more information, see `VPC Settings <https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html>`_.
-            When you delete a function, CFN monitors the state of its network interfaces and waits for Lambda to delete them before proceeding. If the VPC is defined in the same stack, the network interfaces need to be deleted by Lambda before CFN can delete the VPC's resources.
-            To monitor network interfaces, CFN needs the ``ec2:DescribeNetworkInterfaces`` permission. It obtains this from the user or role that modifies the stack. If you don't provide this permission, CFN does not wait for network interfaces to be deleted.
+            When you connect a function to a VPC, Lambda creates an elastic network interface for each combination of security group and subnet in the function's VPC configuration. The function can only access resources and the internet through that VPC. For more information, see `VPC Settings <https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html>`_ .
+            .. epigraph::
+
+               When you delete a function, AWS CloudFormation monitors the state of its network interfaces and waits for Lambda to delete them before proceeding. If the VPC is defined in the same stack, the network interfaces need to be deleted by Lambda before AWS CloudFormation can delete the VPC's resources.
+
+               To monitor network interfaces, AWS CloudFormation needs the ``ec2:DescribeNetworkInterfaces`` permission. It obtains this from the user or role that modifies the stack. If you don't provide this permission, AWS CloudFormation does not wait for network interfaces to be deleted.
 
             :param ipv6_allowed_for_dual_stack: Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
             :param security_group_ids: A list of VPC security group IDs.
@@ -7935,32 +8055,32 @@ class CfnFunctionProps:
     ) -> None:
         '''Properties for defining a ``CfnFunction``.
 
-        :param code: The `deployment package <https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html>`_ for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template. Changes to a deployment package in Amazon S3 or a container image in ECR are not detected automatically during stack updates. To update the function code, change the object key or version in the template.
+        :param code: The code for the function. You can define your function code in multiple ways:. - For .zip deployment packages, you can specify the Amazon S3 location of the .zip file in the ``S3Bucket`` , ``S3Key`` , and ``S3ObjectVersion`` properties. - For .zip deployment packages, you can alternatively define the function code inline in the ``ZipFile`` property. This method works only for Node.js and Python functions. - For container images, specify the URI of your container image in the Amazon ECR registry in the ``ImageUri`` property.
         :param role: The Amazon Resource Name (ARN) of the function's execution role.
-        :param architectures: The instruction set architecture that the function supports. Enter a string array with one of the valid values (arm64 or x86_64). The default value is ``x86_64``.
+        :param architectures: The instruction set architecture that the function supports. Enter a string array with one of the valid values (arm64 or x86_64). The default value is ``x86_64`` .
         :param code_signing_config_arn: To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
-        :param dead_letter_config: The `dead-letter queue <https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#dlq>`_ for failed asynchronous invocations.
+        :param dead_letter_config: A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing. For more information, see `Dead-letter queues <https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-dlq>`_ .
         :param description: A description of the function.
-        :param environment: A function's environment variable settings. You can use environment variables to adjust your function's behavior without updating code. An environment variable is a pair of strings that are stored in a function's version-specific configuration.
+        :param environment: Environment variables that are accessible from function code during execution.
         :param ephemeral_storage: The size of the function's ``/tmp`` directory in MB. The default value is 512, but it can be any whole number between 512 and 10,240 MB.
-        :param file_system_configs: Connection settings for an Amazon EFS file system. To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an `AWS::EFS::MountTarget <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html>`_ resource, you must also specify a ``DependsOn`` attribute to ensure that the mount target is created or updated before the function. For more information about using the ``DependsOn`` attribute, see `DependsOn Attribute <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html>`_.
-        :param function_name: The name of the Lambda function, up to 64 characters in length. If you don't specify a name, CFN generates one. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
-        :param handler: The name of the method within your code that Lambda calls to run your function. Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see `Lambda programming model <https://docs.aws.amazon.com/lambda/latest/dg/foundation-progmodel.html>`_.
-        :param image_config: Configuration values that override the container image Dockerfile settings. For more information, see `Container image settings <https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-parms>`_.
-        :param kms_key_arn: The ARN of the KMSlong (KMS) customer managed key that's used to encrypt your function's `environment variables <https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption>`_. When `Lambda SnapStart <https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html>`_ is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don't provide a customer managed key, Lambda uses a default service key.
+        :param file_system_configs: Connection settings for an Amazon EFS file system. To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an `AWS::EFS::MountTarget <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html>`_ resource, you must also specify a ``DependsOn`` attribute to ensure that the mount target is created or updated before the function. For more information about using the ``DependsOn`` attribute, see `DependsOn Attribute <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html>`_ .
+        :param function_name: The name of the Lambda function, up to 64 characters in length. If you don't specify a name, AWS CloudFormation generates one. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
+        :param handler: The name of the method within your code that Lambda calls to run your function. Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see `Lambda programming model <https://docs.aws.amazon.com/lambda/latest/dg/foundation-progmodel.html>`_ .
+        :param image_config: Configuration values that override the container image Dockerfile settings. For more information, see `Container image settings <https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-parms>`_ .
+        :param kms_key_arn: The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that's used to encrypt your function's `environment variables <https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption>`_ . When `Lambda SnapStart <https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html>`_ is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry ( Amazon ECR ). If you don't provide a customer managed key, Lambda uses a default service key.
         :param layers: A list of `function layers <https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html>`_ to add to the function's execution environment. Specify each layer by its ARN, including the version.
         :param logging_config: The function's Amazon CloudWatch Logs configuration settings.
         :param memory_size: The amount of `memory available to the function <https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html#configuration-memory-console>`_ at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB. Note that new AWS accounts have reduced concurrency and memory quotas. AWS raises these quotas automatically based on your usage. You can also request a quota increase.
         :param package_type: The type of deployment package. Set to ``Image`` for container image and set ``Zip`` for .zip file archive.
-        :param recursive_loop: This property is set to terminate unintended recursions. If set to ``Terminate``, Lambda detects and terminates unitended recursive loops. If set to ``Allow`` Lambda lets recursions be and does not terminate it.
+        :param recursive_loop: The status of your function's recursive loop detection configuration. When this value is set to ``Allow`` and Lambda detects your function being invoked as part of a recursive loop, it doesn't take any action. When this value is set to ``Terminate`` and Lambda detects your function being invoked as part of a recursive loop, it stops your function being invoked and notifies you.
         :param reserved_concurrent_executions: The number of simultaneous executions to reserve for the function.
-        :param runtime: The identifier of the function's `runtime <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html>`_. Runtime is required if the deployment package is a .zip file archive. Specifying a runtime results in an error if you're deploying a function using a container image. The following list includes deprecated runtimes. Lambda blocks creating new functions and updating existing functions shortly after each runtime is deprecated. For more information, see `Runtime use after deprecation <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-deprecation-levels>`_. For a list of all currently supported runtimes, see `Supported runtimes <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtimes-supported>`_.
-        :param runtime_management_config: Sets the runtime management configuration for a function's version. For more information, see `Runtime updates <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html>`_.
-        :param snap_start: The function's `SnapStart <https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html>`_ setting.
-        :param tags: A list of `tags <https://docs.aws.amazon.com/lambda/latest/dg/tagging.html>`_ to apply to the function.
-        :param timeout: The amount of time (in seconds) that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For more information, see `Lambda execution environment <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-context.html>`_.
-        :param tracing_config: The function's ` <https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html>`_ tracing configuration. To sample and record incoming requests, set ``Mode`` to ``Active``.
-        :param vpc_config: The VPC security groups and subnets that are attached to a Lambda function. When you connect a function to a VPC, Lambda creates an elastic network interface for each combination of security group and subnet in the function's VPC configuration. The function can only access resources and the internet through that VPC. For more information, see `VPC Settings <https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html>`_. When you delete a function, CFN monitors the state of its network interfaces and waits for Lambda to delete them before proceeding. If the VPC is defined in the same stack, the network interfaces need to be deleted by Lambda before CFN can delete the VPC's resources. To monitor network interfaces, CFN needs the ``ec2:DescribeNetworkInterfaces`` permission. It obtains this from the user or role that modifies the stack. If you don't provide this permission, CFN does not wait for network interfaces to be deleted.
+        :param runtime: The identifier of the function's `runtime <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html>`_ . Runtime is required if the deployment package is a .zip file archive. Specifying a runtime results in an error if you're deploying a function using a container image. The following list includes deprecated runtimes. Lambda blocks creating new functions and updating existing functions shortly after each runtime is deprecated. For more information, see `Runtime use after deprecation <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-deprecation-levels>`_ . For a list of all currently supported runtimes, see `Supported runtimes <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtimes-supported>`_ .
+        :param runtime_management_config: Sets the runtime management configuration for a function's version. For more information, see `Runtime updates <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html>`_ .
+        :param snap_start: The function's `AWS Lambda SnapStart <https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html>`_ setting.
+        :param tags: A list of `tags <https://docs.aws.amazon.com/lambda/latest/dg/tagging.html>`_ to apply to the function. .. epigraph:: You must have the ``lambda:TagResource`` , ``lambda:UntagResource`` , and ``lambda:ListTags`` permissions for your `IAM principal <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html>`_ to manage the AWS CloudFormation stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.
+        :param timeout: The amount of time (in seconds) that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For more information, see `Lambda execution environment <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-context.html>`_ .
+        :param tracing_config: Set ``Mode`` to ``Active`` to sample and trace a subset of incoming requests with `X-Ray <https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html>`_ .
+        :param vpc_config: For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC. When you connect a function to a VPC, it can access resources and the internet only through that VPC. For more information, see `Configuring a Lambda function to access resources in a VPC <https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html
         :exampleMetadata: fixture=_generated
@@ -8128,7 +8248,11 @@ class CfnFunctionProps:
 
     @builtins.property
     def code(self) -> typing.Union[_IResolvable_da3f097b, CfnFunction.CodeProperty]:
-        '''The `deployment package <https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html>`_ for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template.  Changes to a deployment package in Amazon S3 or a container image in ECR are not detected automatically during stack updates. To update the function code, change the object key or version in the template.
+        '''The code for the function. You can define your function code in multiple ways:.
+
+        - For .zip deployment packages, you can specify the Amazon S3 location of the .zip file in the ``S3Bucket`` , ``S3Key`` , and ``S3ObjectVersion`` properties.
+        - For .zip deployment packages, you can alternatively define the function code inline in the ``ZipFile`` property. This method works only for Node.js and Python functions.
+        - For container images, specify the URI of your container image in the Amazon ECR registry in the ``ImageUri`` property.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-code
         '''
@@ -8150,7 +8274,7 @@ class CfnFunctionProps:
     def architectures(self) -> typing.Optional[typing.List[builtins.str]]:
         '''The instruction set architecture that the function supports.
 
-        Enter a string array with one of the valid values (arm64 or x86_64). The default value is ``x86_64``.
+        Enter a string array with one of the valid values (arm64 or x86_64). The default value is ``x86_64`` .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-architectures
         '''
@@ -8161,7 +8285,8 @@ class CfnFunctionProps:
     def code_signing_config_arn(self) -> typing.Optional[builtins.str]:
         '''To enable code signing for this function, specify the ARN of a code-signing configuration.
 
-        A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
+        A code-signing configuration
+        includes a set of signing profiles, which define the trusted publishers for this function.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-codesigningconfigarn
         '''
@@ -8172,7 +8297,9 @@ class CfnFunctionProps:
     def dead_letter_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnFunction.DeadLetterConfigProperty]]:
-        '''The `dead-letter queue <https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#dlq>`_ for failed asynchronous invocations.
+        '''A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing.
+
+        For more information, see `Dead-letter queues <https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-dlq>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-deadletterconfig
         '''
@@ -8192,9 +8319,7 @@ class CfnFunctionProps:
     def environment(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnFunction.EnvironmentProperty]]:
-        '''A function's environment variable settings.
-
-        You can use environment variables to adjust your function's behavior without updating code. An environment variable is a pair of strings that are stored in a function's version-specific configuration.
+        '''Environment variables that are accessible from function code during execution.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-environment
         '''
@@ -8221,7 +8346,8 @@ class CfnFunctionProps:
         '''Connection settings for an Amazon EFS file system.
 
         To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an `AWS::EFS::MountTarget <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html>`_ resource, you must also specify a ``DependsOn`` attribute to ensure that the mount target is created or updated before the function.
-        For more information about using the ``DependsOn`` attribute, see `DependsOn Attribute <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html>`_.
+
+        For more information about using the ``DependsOn`` attribute, see `DependsOn Attribute <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-filesystemconfigs
         '''
@@ -8232,7 +8358,8 @@ class CfnFunctionProps:
     def function_name(self) -> typing.Optional[builtins.str]:
         '''The name of the Lambda function, up to 64 characters in length.
 
-        If you don't specify a name, CFN generates one.
+        If you don't specify a name, AWS CloudFormation generates one.
+
         If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-functionname
@@ -8244,7 +8371,7 @@ class CfnFunctionProps:
     def handler(self) -> typing.Optional[builtins.str]:
         '''The name of the method within your code that Lambda calls to run your function.
 
-        Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see `Lambda programming model <https://docs.aws.amazon.com/lambda/latest/dg/foundation-progmodel.html>`_.
+        Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see `Lambda programming model <https://docs.aws.amazon.com/lambda/latest/dg/foundation-progmodel.html>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-handler
         '''
@@ -8257,7 +8384,7 @@ class CfnFunctionProps:
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnFunction.ImageConfigProperty]]:
         '''Configuration values that override the container image Dockerfile settings.
 
-        For more information, see `Container image settings <https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-parms>`_.
+        For more information, see `Container image settings <https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-parms>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-imageconfig
         '''
@@ -8266,7 +8393,7 @@ class CfnFunctionProps:
 
     @builtins.property
     def kms_key_arn(self) -> typing.Optional[builtins.str]:
-        '''The ARN of the KMSlong (KMS) customer managed key that's used to encrypt your function's `environment variables <https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption>`_. When `Lambda SnapStart <https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html>`_ is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don't provide a customer managed key, Lambda uses a default service key.
+        '''The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that's used to encrypt your function's `environment variables <https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption>`_ . When `Lambda SnapStart <https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html>`_ is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry ( Amazon ECR ). If you don't provide a customer managed key, Lambda uses a default service key.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-kmskeyarn
         '''
@@ -8315,9 +8442,11 @@ class CfnFunctionProps:
 
     @builtins.property
     def recursive_loop(self) -> typing.Optional[builtins.str]:
-        '''This property is set to terminate unintended recursions.
+        '''The status of your function's recursive loop detection configuration.
+
+        When this value is set to ``Allow`` and Lambda detects your function being invoked as part of a recursive loop, it doesn't take any action.
 
-        If set to ``Terminate``, Lambda detects and terminates unitended recursive loops. If set to ``Allow`` Lambda lets recursions be and does not terminate it.
+        When this value is set to ``Terminate`` and Lambda detects your function being invoked as part of a recursive loop, it stops your function being invoked and notifies you.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-recursiveloop
         '''
@@ -8335,7 +8464,11 @@ class CfnFunctionProps:
 
     @builtins.property
     def runtime(self) -> typing.Optional[builtins.str]:
-        '''The identifier of the function's `runtime <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html>`_. Runtime is required if the deployment package is a .zip file archive. Specifying a runtime results in an error if you're deploying a function using a container image.  The following list includes deprecated runtimes. Lambda blocks creating new functions and updating existing functions shortly after each runtime is deprecated. For more information, see `Runtime use after deprecation <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-deprecation-levels>`_.  For a list of all currently supported runtimes, see `Supported runtimes <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtimes-supported>`_.
+        '''The identifier of the function's `runtime <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html>`_ . Runtime is required if the deployment package is a .zip file archive. Specifying a runtime results in an error if you're deploying a function using a container image.
+
+        The following list includes deprecated runtimes. Lambda blocks creating new functions and updating existing functions shortly after each runtime is deprecated. For more information, see `Runtime use after deprecation <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-deprecation-levels>`_ .
+
+        For a list of all currently supported runtimes, see `Supported runtimes <https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtimes-supported>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-runtime
         '''
@@ -8348,7 +8481,7 @@ class CfnFunctionProps:
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnFunction.RuntimeManagementConfigProperty]]:
         '''Sets the runtime management configuration for a function's version.
 
-        For more information, see `Runtime updates <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html>`_.
+        For more information, see `Runtime updates <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-runtimemanagementconfig
         '''
@@ -8359,7 +8492,7 @@ class CfnFunctionProps:
     def snap_start(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnFunction.SnapStartProperty]]:
-        '''The function's `SnapStart <https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html>`_ setting.
+        '''The function's `AWS Lambda SnapStart <https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html>`_ setting.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-snapstart
         '''
@@ -8370,6 +8503,10 @@ class CfnFunctionProps:
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
         '''A list of `tags <https://docs.aws.amazon.com/lambda/latest/dg/tagging.html>`_ to apply to the function.
 
+        .. epigraph::
+
+           You must have the ``lambda:TagResource`` , ``lambda:UntagResource`` , and ``lambda:ListTags`` permissions for your `IAM principal <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html>`_ to manage the AWS CloudFormation stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-tags
         '''
         result = self._values.get("tags")
@@ -8379,7 +8516,7 @@ class CfnFunctionProps:
     def timeout(self) -> typing.Optional[jsii.Number]:
         '''The amount of time (in seconds) that Lambda allows a function to run before stopping it.
 
-        The default is 3 seconds. The maximum allowed value is 900 seconds. For more information, see `Lambda execution environment <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-context.html>`_.
+        The default is 3 seconds. The maximum allowed value is 900 seconds. For more information, see `Lambda execution environment <https://docs.aws.amazon.com/lambda/latest/dg/runtimes-context.html>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-timeout
         '''
@@ -8390,7 +8527,7 @@ class CfnFunctionProps:
     def tracing_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnFunction.TracingConfigProperty]]:
-        '''The function's ` <https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html>`_ tracing configuration. To sample and record incoming requests, set ``Mode`` to ``Active``.
+        '''Set ``Mode`` to ``Active`` to sample and trace a subset of incoming requests with `X-Ray <https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-tracingconfig
         '''
@@ -8401,11 +8538,9 @@ class CfnFunctionProps:
     def vpc_config(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnFunction.VpcConfigProperty]]:
-        '''The VPC security groups and subnets that are attached to a Lambda function.
+        '''For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC.
 
-        When you connect a function to a VPC, Lambda creates an elastic network interface for each combination of security group and subnet in the function's VPC configuration. The function can only access resources and the internet through that VPC. For more information, see `VPC Settings <https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html>`_.
-        When you delete a function, CFN monitors the state of its network interfaces and waits for Lambda to delete them before proceeding. If the VPC is defined in the same stack, the network interfaces need to be deleted by Lambda before CFN can delete the VPC's resources.
-        To monitor network interfaces, CFN needs the ``ec2:DescribeNetworkInterfaces`` permission. It obtains this from the user or role that modifies the stack. If you don't provide this permission, CFN does not wait for network interfaces to be deleted.
+        When you connect a function to a VPC, it can access resources and the internet only through that VPC. For more information, see `Configuring a Lambda function to access resources in a VPC <https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-vpcconfig
         '''
@@ -9291,7 +9426,7 @@ class CfnPermission(
         :param id: Construct identifier for this resource (unique in its scope).
         :param action: The action that the principal can use on the function. For example, ``lambda:InvokeFunction`` or ``lambda:GetFunction`` .
         :param function_name: The name or ARN of the Lambda function, version, or alias. **Name formats** - *Function name* – ``my-function`` (name-only), ``my-function:v1`` (with alias). - *Function ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:my-function`` . - *Partial ARN* – ``123456789012:function:my-function`` . You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
-        :param principal: The AWS service or AWS account that invokes the function. If you specify a service, use ``SourceArn`` or ``SourceAccount`` to limit who can invoke the function through that service.
+        :param principal: The AWS service , AWS account , IAM user, or IAM role that invokes the function. If you specify a service, use ``SourceArn`` or ``SourceAccount`` to limit who can invoke the function through that service.
         :param event_source_token: For Alexa Smart Home functions, a token that the invoker must supply.
         :param function_url_auth_type: The type of authentication that your function URL uses. Set to ``AWS_IAM`` if you want to restrict access to authenticated users only. Set to ``NONE`` if you want to bypass IAM authentication to create a public endpoint. For more information, see `Security and auth model for Lambda function URLs <https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html>`_ .
         :param principal_org_id: The identifier for your organization in AWS Organizations . Use this to grant permissions to all the AWS accounts under this organization.
@@ -9387,7 +9522,7 @@ class CfnPermission(
     @builtins.property
     @jsii.member(jsii_name="principal")
     def principal(self) -> builtins.str:
-        '''The AWS service or AWS account that invokes the function.'''
+        '''The AWS service , AWS account , IAM user, or IAM role that invokes the function.'''
         return typing.cast(builtins.str, jsii.get(self, "principal"))
 
     @principal.setter
@@ -9494,7 +9629,7 @@ class CfnPermissionProps:
 
         :param action: The action that the principal can use on the function. For example, ``lambda:InvokeFunction`` or ``lambda:GetFunction`` .
         :param function_name: The name or ARN of the Lambda function, version, or alias. **Name formats** - *Function name* – ``my-function`` (name-only), ``my-function:v1`` (with alias). - *Function ARN* – ``arn:aws:lambda:us-west-2:123456789012:function:my-function`` . - *Partial ARN* – ``123456789012:function:my-function`` . You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
-        :param principal: The AWS service or AWS account that invokes the function. If you specify a service, use ``SourceArn`` or ``SourceAccount`` to limit who can invoke the function through that service.
+        :param principal: The AWS service , AWS account , IAM user, or IAM role that invokes the function. If you specify a service, use ``SourceArn`` or ``SourceAccount`` to limit who can invoke the function through that service.
         :param event_source_token: For Alexa Smart Home functions, a token that the invoker must supply.
         :param function_url_auth_type: The type of authentication that your function URL uses. Set to ``AWS_IAM`` if you want to restrict access to authenticated users only. Set to ``NONE`` if you want to bypass IAM authentication to create a public endpoint. For more information, see `Security and auth model for Lambda function URLs <https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html>`_ .
         :param principal_org_id: The identifier for your organization in AWS Organizations . Use this to grant permissions to all the AWS accounts under this organization.
@@ -9580,7 +9715,7 @@ class CfnPermissionProps:
 
     @builtins.property
     def principal(self) -> builtins.str:
-        '''The AWS service or AWS account that invokes the function.
+        '''The AWS service , AWS account , IAM user, or IAM role that invokes the function.
 
         If you specify a service, use ``SourceArn`` or ``SourceAccount`` to limit who can invoke the function through that service.
 
@@ -25619,6 +25754,12 @@ class FunctionUrl(
             check_type(argname="argument grantee", value=grantee, expected_type=type_hints["grantee"])
         return typing.cast(_Grant_a7ae64f8, jsii.invoke(self, "grantInvokeUrl", [grantee]))
 
+    @builtins.property
+    @jsii.member(jsii_name="authType")
+    def auth_type(self) -> FunctionUrlAuthType:
+        '''The authentication type used for this Function URL.'''
+        return typing.cast(FunctionUrlAuthType, jsii.get(self, "authType"))
+
     @builtins.property
     @jsii.member(jsii_name="functionArn")
     def function_arn(self) -> builtins.str: