aws-cdk-lib 2.159.1__py3-none-any.whl → 2.161.0__py3-none-any.whl

aws_cdk/aws_s3express/__init__.py

@@ -71,6 +71,7 @@ import constructs as _constructs_77d1e7e8
 from .. import (
     CfnResource as _CfnResource_9df397a6,
     IInspectable as _IInspectable_c2943556,
+    IResolvable as _IResolvable_da3f097b,
     TreeInspector as _TreeInspector_488e0dd5,
 )
 
@@ -307,11 +308,19 @@ class CfnDirectoryBucket(
     - s3express:ListAllMyDirectoryBuckets
     - Read
     - s3express:ListAllMyDirectoryBuckets
+    - ec2:DescribeAvailabilityZones
     - Delete
     - s3express:DeleteBucket
     - s3express:ListAllMyDirectoryBuckets
     - List
     - s3express:ListAllMyDirectoryBuckets
+    - PutBucketEncryption
+    - s3express:PutEncryptionConfiguration
+    - To set a directory bucket default encryption with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and AWS KMS key policies for the target AWS KMS key.
+    - GetBucketEncryption
+    - s3express:GetBucketEncryption
+    - DeleteBucketEncryption
+    - s3express:PutEncryptionConfiguration
 
     The following operations are related to ``AWS::S3Express::DirectoryBucket`` :
 
@@ -334,6 +343,14 @@ class CfnDirectoryBucket(
             location_name="locationName",
         
             # the properties below are optional
+            bucket_encryption=s3express.CfnDirectoryBucket.BucketEncryptionProperty(
+                server_side_encryption_configuration=[s3express.CfnDirectoryBucket.ServerSideEncryptionRuleProperty(
+                    bucket_key_enabled=False,
+                    server_side_encryption_by_default=s3express.CfnDirectoryBucket.ServerSideEncryptionByDefaultProperty(
+                        sse_algorithm="sseAlgorithm"
+                    )
+                )]
+            ),
             bucket_name="bucketName"
         )
     '''
@@ -345,6 +362,7 @@ class CfnDirectoryBucket(
         *,
         data_redundancy: builtins.str,
         location_name: builtins.str,
+        bucket_encryption: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnDirectoryBucket.BucketEncryptionProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         bucket_name: typing.Optional[builtins.str] = None,
     ) -> None:
         '''
@@ -352,7 +370,8 @@ class CfnDirectoryBucket(
         :param id: Construct identifier for this resource (unique in its scope).
         :param data_redundancy: The number of Availability Zone that's used for redundancy for the bucket.
         :param location_name: The name of the location where the bucket will be created. For directory buckets, the name of the location is the AZ ID of the Availability Zone where the bucket will be created. An example AZ ID value is ``usw2-az1`` .
-        :param bucket_name: A name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone. The bucket name must also follow the format ``*bucket_base_name* -- *az_id* --x-s3`` (for example, ``*DOC-EXAMPLE-BUCKET* -- *usw2-az1* --x-s3`` ). If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. For information about bucket naming restrictions, see `Directory bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html>`_ in the *Amazon S3 User Guide* . .. epigraph:: If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
+        :param bucket_encryption: Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS). For information about default encryption for directory buckets, see `Setting and monitoring default encryption for directory buckets <https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html>`_ in the *Amazon S3 User Guide* .
+        :param bucket_name: A name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone. The bucket name must also follow the format ``*bucket_base_name* -- *az_id* --x-s3`` (for example, ``*bucket_base_name* -- *usw2-az1* --x-s3`` ). If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. For information about bucket naming restrictions, see `Directory bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html>`_ in the *Amazon S3 User Guide* . .. epigraph:: If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__ea5a1e5897b0467fb93393ad6ea2dbcd3916f27713079e8bef3badf71ce2bb20)
@@ -361,6 +380,7 @@ class CfnDirectoryBucket(
         props = CfnDirectoryBucketProps(
             data_redundancy=data_redundancy,
             location_name=location_name,
+            bucket_encryption=bucket_encryption,
             bucket_name=bucket_name,
         )
 
@@ -401,12 +421,26 @@ class CfnDirectoryBucket(
     def attr_arn(self) -> builtins.str:
         '''Returns the Amazon Resource Name (ARN) of the specified bucket.
 
-        Example: ``arn:aws:s3express: *us-west-2* : *account_id* :bucket/ *DOC-EXAMPLE-BUCKET* -- *usw2-az1* --x-s3``
+        Example: ``arn:aws:s3express: *us-west-2* : *account_id* :bucket/ *bucket_base_name* -- *usw2-az1* --x-s3``
 
         :cloudformationAttribute: Arn
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrArn"))
 
+    @builtins.property
+    @jsii.member(jsii_name="attrAvailabilityZoneName")
+    def attr_availability_zone_name(self) -> builtins.str:
+        '''Returns the code for the Availability Zone where the directory bucket was created.
+
+        Example: *us-east-1f*
+        .. epigraph::
+
+           An Availability Zone code might not represent the same physical location for different AWS accounts. For more information, see `Availability Zones and Regions <https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Endpoints.html>`_ in the *Amazon S3 User Guide* .
+
+        :cloudformationAttribute: AvailabilityZoneName
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrAvailabilityZoneName"))
+
     @builtins.property
     @jsii.member(jsii_name="cfnProperties")
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
@@ -438,6 +472,24 @@ class CfnDirectoryBucket(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "locationName", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="bucketEncryption")
+    def bucket_encryption(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDirectoryBucket.BucketEncryptionProperty"]]:
+        '''Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS).'''
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDirectoryBucket.BucketEncryptionProperty"]], jsii.get(self, "bucketEncryption"))
+
+    @bucket_encryption.setter
+    def bucket_encryption(
+        self,
+        value: typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDirectoryBucket.BucketEncryptionProperty"]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__ec12f12e4471077fcc9afe2e16208df6b915dc349584d6784410dc28aeaa9ac3)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "bucketEncryption", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="bucketName")
     def bucket_name(self) -> typing.Optional[builtins.str]:
@@ -451,6 +503,207 @@ class CfnDirectoryBucket(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "bucketName", value) # pyright: ignore[reportArgumentType]
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_s3express.CfnDirectoryBucket.BucketEncryptionProperty",
+        jsii_struct_bases=[],
+        name_mapping={
+            "server_side_encryption_configuration": "serverSideEncryptionConfiguration",
+        },
+    )
+    class BucketEncryptionProperty:
+        def __init__(
+            self,
+            *,
+            server_side_encryption_configuration: typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnDirectoryBucket.ServerSideEncryptionRuleProperty", typing.Dict[builtins.str, typing.Any]]]]],
+        ) -> None:
+            '''Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS).
+
+            :param server_side_encryption_configuration: Specifies the default server-side-encryption configuration.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3express-directorybucket-bucketencryption.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_s3express as s3express
+                
+                bucket_encryption_property = s3express.CfnDirectoryBucket.BucketEncryptionProperty(
+                    server_side_encryption_configuration=[s3express.CfnDirectoryBucket.ServerSideEncryptionRuleProperty(
+                        bucket_key_enabled=False,
+                        server_side_encryption_by_default=s3express.CfnDirectoryBucket.ServerSideEncryptionByDefaultProperty(
+                            sse_algorithm="sseAlgorithm"
+                        )
+                    )]
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__2bda13f500a0910d95ef795cf250698cc9bc399a6809500b0318dd2399fa0dfc)
+                check_type(argname="argument server_side_encryption_configuration", value=server_side_encryption_configuration, expected_type=type_hints["server_side_encryption_configuration"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "server_side_encryption_configuration": server_side_encryption_configuration,
+            }
+
+        @builtins.property
+        def server_side_encryption_configuration(
+            self,
+        ) -> typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnDirectoryBucket.ServerSideEncryptionRuleProperty"]]]:
+            '''Specifies the default server-side-encryption configuration.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3express-directorybucket-bucketencryption.html#cfn-s3express-directorybucket-bucketencryption-serversideencryptionconfiguration
+            '''
+            result = self._values.get("server_side_encryption_configuration")
+            assert result is not None, "Required property 'server_side_encryption_configuration' is missing"
+            return typing.cast(typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnDirectoryBucket.ServerSideEncryptionRuleProperty"]]], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "BucketEncryptionProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_s3express.CfnDirectoryBucket.ServerSideEncryptionByDefaultProperty",
+        jsii_struct_bases=[],
+        name_mapping={"sse_algorithm": "sseAlgorithm"},
+    )
+    class ServerSideEncryptionByDefaultProperty:
+        def __init__(self, *, sse_algorithm: builtins.str) -> None:
+            '''Specifies the default server-side encryption to apply to new objects in the bucket.
+
+            If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied.
+
+            :param sse_algorithm: 
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3express-directorybucket-serversideencryptionbydefault.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_s3express as s3express
+                
+                server_side_encryption_by_default_property = s3express.CfnDirectoryBucket.ServerSideEncryptionByDefaultProperty(
+                    sse_algorithm="sseAlgorithm"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__5104b7dd2a8f7d075aebe34991fe63f5722d4515b7d5df7eadca88aa065daee9)
+                check_type(argname="argument sse_algorithm", value=sse_algorithm, expected_type=type_hints["sse_algorithm"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "sse_algorithm": sse_algorithm,
+            }
+
+        @builtins.property
+        def sse_algorithm(self) -> builtins.str:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3express-directorybucket-serversideencryptionbydefault.html#cfn-s3express-directorybucket-serversideencryptionbydefault-ssealgorithm
+            '''
+            result = self._values.get("sse_algorithm")
+            assert result is not None, "Required property 'sse_algorithm' is missing"
+            return typing.cast(builtins.str, result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "ServerSideEncryptionByDefaultProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_s3express.CfnDirectoryBucket.ServerSideEncryptionRuleProperty",
+        jsii_struct_bases=[],
+        name_mapping={
+            "bucket_key_enabled": "bucketKeyEnabled",
+            "server_side_encryption_by_default": "serverSideEncryptionByDefault",
+        },
+    )
+    class ServerSideEncryptionRuleProperty:
+        def __init__(
+            self,
+            *,
+            bucket_key_enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+            server_side_encryption_by_default: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnDirectoryBucket.ServerSideEncryptionByDefaultProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
+        ) -> None:
+            '''Specifies the default server-side encryption configuration.
+
+            :param bucket_key_enabled: Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Amazon S3 Express One Zone uses an S3 Bucket Key with SSE-KMS and S3 Bucket Key cannot be disabled. It's only allowed to set the BucketKeyEnabled element to true.
+            :param server_side_encryption_by_default: Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3express-directorybucket-serversideencryptionrule.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_s3express as s3express
+                
+                server_side_encryption_rule_property = s3express.CfnDirectoryBucket.ServerSideEncryptionRuleProperty(
+                    bucket_key_enabled=False,
+                    server_side_encryption_by_default=s3express.CfnDirectoryBucket.ServerSideEncryptionByDefaultProperty(
+                        sse_algorithm="sseAlgorithm"
+                    )
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__cb4bc307ba12040c7d9910685d8ea50fd2f9f3f34fdecd3ca61c34ccd69e3dbf)
+                check_type(argname="argument bucket_key_enabled", value=bucket_key_enabled, expected_type=type_hints["bucket_key_enabled"])
+                check_type(argname="argument server_side_encryption_by_default", value=server_side_encryption_by_default, expected_type=type_hints["server_side_encryption_by_default"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if bucket_key_enabled is not None:
+                self._values["bucket_key_enabled"] = bucket_key_enabled
+            if server_side_encryption_by_default is not None:
+                self._values["server_side_encryption_by_default"] = server_side_encryption_by_default
+
+        @builtins.property
+        def bucket_key_enabled(
+            self,
+        ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+            '''Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket.
+
+            Existing objects are not affected. Amazon S3 Express One Zone uses an S3 Bucket Key with SSE-KMS and S3 Bucket Key cannot be disabled. It's only allowed to set the BucketKeyEnabled element to true.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3express-directorybucket-serversideencryptionrule.html#cfn-s3express-directorybucket-serversideencryptionrule-bucketkeyenabled
+            '''
+            result = self._values.get("bucket_key_enabled")
+            return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
+
+        @builtins.property
+        def server_side_encryption_by_default(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDirectoryBucket.ServerSideEncryptionByDefaultProperty"]]:
+            '''Specifies the default server-side encryption to apply to new objects in the bucket.
+
+            If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3express-directorybucket-serversideencryptionrule.html#cfn-s3express-directorybucket-serversideencryptionrule-serversideencryptionbydefault
+            '''
+            result = self._values.get("server_side_encryption_by_default")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDirectoryBucket.ServerSideEncryptionByDefaultProperty"]], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "ServerSideEncryptionRuleProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
 
 @jsii.data_type(
     jsii_type="aws-cdk-lib.aws_s3express.CfnDirectoryBucketProps",
@@ -458,6 +711,7 @@ class CfnDirectoryBucket(
     name_mapping={
         "data_redundancy": "dataRedundancy",
         "location_name": "locationName",
+        "bucket_encryption": "bucketEncryption",
         "bucket_name": "bucketName",
     },
 )
@@ -467,13 +721,15 @@ class CfnDirectoryBucketProps:
         *,
         data_redundancy: builtins.str,
         location_name: builtins.str,
+        bucket_encryption: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDirectoryBucket.BucketEncryptionProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         bucket_name: typing.Optional[builtins.str] = None,
     ) -> None:
         '''Properties for defining a ``CfnDirectoryBucket``.
 
         :param data_redundancy: The number of Availability Zone that's used for redundancy for the bucket.
         :param location_name: The name of the location where the bucket will be created. For directory buckets, the name of the location is the AZ ID of the Availability Zone where the bucket will be created. An example AZ ID value is ``usw2-az1`` .
-        :param bucket_name: A name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone. The bucket name must also follow the format ``*bucket_base_name* -- *az_id* --x-s3`` (for example, ``*DOC-EXAMPLE-BUCKET* -- *usw2-az1* --x-s3`` ). If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. For information about bucket naming restrictions, see `Directory bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html>`_ in the *Amazon S3 User Guide* . .. epigraph:: If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
+        :param bucket_encryption: Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS). For information about default encryption for directory buckets, see `Setting and monitoring default encryption for directory buckets <https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html>`_ in the *Amazon S3 User Guide* .
+        :param bucket_name: A name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone. The bucket name must also follow the format ``*bucket_base_name* -- *az_id* --x-s3`` (for example, ``*bucket_base_name* -- *usw2-az1* --x-s3`` ). If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. For information about bucket naming restrictions, see `Directory bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html>`_ in the *Amazon S3 User Guide* . .. epigraph:: If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3express-directorybucket.html
         :exampleMetadata: fixture=_generated
@@ -489,6 +745,14 @@ class CfnDirectoryBucketProps:
                 location_name="locationName",
             
                 # the properties below are optional
+                bucket_encryption=s3express.CfnDirectoryBucket.BucketEncryptionProperty(
+                    server_side_encryption_configuration=[s3express.CfnDirectoryBucket.ServerSideEncryptionRuleProperty(
+                        bucket_key_enabled=False,
+                        server_side_encryption_by_default=s3express.CfnDirectoryBucket.ServerSideEncryptionByDefaultProperty(
+                            sse_algorithm="sseAlgorithm"
+                        )
+                    )]
+                ),
                 bucket_name="bucketName"
             )
         '''
@@ -496,11 +760,14 @@ class CfnDirectoryBucketProps:
             type_hints = typing.get_type_hints(_typecheckingstub__997b2abc28c849393aef2f13f43682b271277998e07114f1b224078949985e6e)
             check_type(argname="argument data_redundancy", value=data_redundancy, expected_type=type_hints["data_redundancy"])
             check_type(argname="argument location_name", value=location_name, expected_type=type_hints["location_name"])
+            check_type(argname="argument bucket_encryption", value=bucket_encryption, expected_type=type_hints["bucket_encryption"])
             check_type(argname="argument bucket_name", value=bucket_name, expected_type=type_hints["bucket_name"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "data_redundancy": data_redundancy,
             "location_name": location_name,
         }
+        if bucket_encryption is not None:
+            self._values["bucket_encryption"] = bucket_encryption
         if bucket_name is not None:
             self._values["bucket_name"] = bucket_name
 
@@ -526,11 +793,24 @@ class CfnDirectoryBucketProps:
         assert result is not None, "Required property 'location_name' is missing"
         return typing.cast(builtins.str, result)
 
+    @builtins.property
+    def bucket_encryption(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnDirectoryBucket.BucketEncryptionProperty]]:
+        '''Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS).
+
+        For information about default encryption for directory buckets, see `Setting and monitoring default encryption for directory buckets <https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html>`_ in the *Amazon S3 User Guide* .
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3express-directorybucket.html#cfn-s3express-directorybucket-bucketencryption
+        '''
+        result = self._values.get("bucket_encryption")
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, CfnDirectoryBucket.BucketEncryptionProperty]], result)
+
     @builtins.property
     def bucket_name(self) -> typing.Optional[builtins.str]:
         '''A name for the bucket.
 
-        The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone. The bucket name must also follow the format ``*bucket_base_name* -- *az_id* --x-s3`` (for example, ``*DOC-EXAMPLE-BUCKET* -- *usw2-az1* --x-s3`` ). If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. For information about bucket naming restrictions, see `Directory bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html>`_ in the *Amazon S3 User Guide* .
+        The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone. The bucket name must also follow the format ``*bucket_base_name* -- *az_id* --x-s3`` (for example, ``*bucket_base_name* -- *usw2-az1* --x-s3`` ). If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. For information about bucket naming restrictions, see `Directory bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html>`_ in the *Amazon S3 User Guide* .
         .. epigraph::
 
            If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
@@ -609,6 +889,7 @@ def _typecheckingstub__ea5a1e5897b0467fb93393ad6ea2dbcd3916f27713079e8bef3badf71
     *,
     data_redundancy: builtins.str,
     location_name: builtins.str,
+    bucket_encryption: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDirectoryBucket.BucketEncryptionProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     bucket_name: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
@@ -638,16 +919,45 @@ def _typecheckingstub__352b4b43cbbf4d81310eac7a66fd236d34a92a5af6e8099d48e6ec1e7
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__ec12f12e4471077fcc9afe2e16208df6b915dc349584d6784410dc28aeaa9ac3(
+    value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnDirectoryBucket.BucketEncryptionProperty]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__678dc679eb1daf10bbced208f7ef85b8fe01f1ae8ea62c5354ac80b289edc1ed(
     value: typing.Optional[builtins.str],
 ) -> None:
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__2bda13f500a0910d95ef795cf250698cc9bc399a6809500b0318dd2399fa0dfc(
+    *,
+    server_side_encryption_configuration: typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDirectoryBucket.ServerSideEncryptionRuleProperty, typing.Dict[builtins.str, typing.Any]]]]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__5104b7dd2a8f7d075aebe34991fe63f5722d4515b7d5df7eadca88aa065daee9(
+    *,
+    sse_algorithm: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__cb4bc307ba12040c7d9910685d8ea50fd2f9f3f34fdecd3ca61c34ccd69e3dbf(
+    *,
+    bucket_key_enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+    server_side_encryption_by_default: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDirectoryBucket.ServerSideEncryptionByDefaultProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__997b2abc28c849393aef2f13f43682b271277998e07114f1b224078949985e6e(
     *,
     data_redundancy: builtins.str,
     location_name: builtins.str,
+    bucket_encryption: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDirectoryBucket.BucketEncryptionProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     bucket_name: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""

aws_cdk/aws_sagemaker/__init__.py

@@ -15436,7 +15436,8 @@ class CfnImageVersion(
             processor="processor",
             programming_lang="programmingLang",
             release_notes="releaseNotes",
-            vendor_guidance="vendorGuidance"
+            vendor_guidance="vendorGuidance",
+            version=123
         )
     '''
 
@@ -15456,6 +15457,7 @@ class CfnImageVersion(
         programming_lang: typing.Optional[builtins.str] = None,
         release_notes: typing.Optional[builtins.str] = None,
         vendor_guidance: typing.Optional[builtins.str] = None,
+        version: typing.Optional[jsii.Number] = None,
     ) -> None:
         '''
         :param scope: Scope in which this resource is defined.
@@ -15471,6 +15473,7 @@ class CfnImageVersion(
         :param programming_lang: The supported programming language and its version.
         :param release_notes: The maintainer description of the image version.
         :param vendor_guidance: The availability of the image version specified by the maintainer.
+        :param version: The version number.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__1ad8c361f2876657ea1cf0f0f9f7356de06575f95ad80d7a587da19094ecd39f)
@@ -15488,6 +15491,7 @@ class CfnImageVersion(
             programming_lang=programming_lang,
             release_notes=release_notes,
             vendor_guidance=vendor_guidance,
+            version=version,
         )
 
         jsii.create(self.__class__, self, [scope, id, props])
@@ -15558,8 +15562,7 @@ class CfnImageVersion(
     @builtins.property
     @jsii.member(jsii_name="attrVersion")
     def attr_version(self) -> jsii.Number:
-        '''The version of the image.
-
+        '''
         :cloudformationAttribute: Version
         '''
         return typing.cast(jsii.Number, jsii.get(self, "attrVersion"))
@@ -15717,6 +15720,19 @@ class CfnImageVersion(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "vendorGuidance", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="version")
+    def version(self) -> typing.Optional[jsii.Number]:
+        '''The version number.'''
+        return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "version"))
+
+    @version.setter
+    def version(self, value: typing.Optional[jsii.Number]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__dbae2e45ceac204e4cf39ca16d43059237d821690a48fcb3456dbcd9ef6f1aef)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "version", value) # pyright: ignore[reportArgumentType]
+
 
 @jsii.data_type(
     jsii_type="aws-cdk-lib.aws_sagemaker.CfnImageVersionProps",
@@ -15733,6 +15749,7 @@ class CfnImageVersion(
         "programming_lang": "programmingLang",
         "release_notes": "releaseNotes",
         "vendor_guidance": "vendorGuidance",
+        "version": "version",
     },
 )
 class CfnImageVersionProps:
@@ -15750,6 +15767,7 @@ class CfnImageVersionProps:
         programming_lang: typing.Optional[builtins.str] = None,
         release_notes: typing.Optional[builtins.str] = None,
         vendor_guidance: typing.Optional[builtins.str] = None,
+        version: typing.Optional[jsii.Number] = None,
     ) -> None:
         '''Properties for defining a ``CfnImageVersion``.
 
@@ -15764,6 +15782,7 @@ class CfnImageVersionProps:
         :param programming_lang: The supported programming language and its version.
         :param release_notes: The maintainer description of the image version.
         :param vendor_guidance: The availability of the image version specified by the maintainer.
+        :param version: The version number.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-imageversion.html
         :exampleMetadata: fixture=_generated
@@ -15787,7 +15806,8 @@ class CfnImageVersionProps:
                 processor="processor",
                 programming_lang="programmingLang",
                 release_notes="releaseNotes",
-                vendor_guidance="vendorGuidance"
+                vendor_guidance="vendorGuidance",
+                version=123
             )
         '''
         if __debug__:
@@ -15803,6 +15823,7 @@ class CfnImageVersionProps:
             check_type(argname="argument programming_lang", value=programming_lang, expected_type=type_hints["programming_lang"])
             check_type(argname="argument release_notes", value=release_notes, expected_type=type_hints["release_notes"])
             check_type(argname="argument vendor_guidance", value=vendor_guidance, expected_type=type_hints["vendor_guidance"])
+            check_type(argname="argument version", value=version, expected_type=type_hints["version"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "base_image": base_image,
             "image_name": image_name,
@@ -15825,6 +15846,8 @@ class CfnImageVersionProps:
             self._values["release_notes"] = release_notes
         if vendor_guidance is not None:
             self._values["vendor_guidance"] = vendor_guidance
+        if version is not None:
+            self._values["version"] = version
 
     @builtins.property
     def base_image(self) -> builtins.str:
@@ -15933,6 +15956,15 @@ class CfnImageVersionProps:
         result = self._values.get("vendor_guidance")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def version(self) -> typing.Optional[jsii.Number]:
+        '''The version number.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-imageversion.html#cfn-sagemaker-imageversion-version
+        '''
+        result = self._values.get("version")
+        return typing.cast(typing.Optional[jsii.Number], result)
+
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -49816,6 +49848,7 @@ def _typecheckingstub__1ad8c361f2876657ea1cf0f0f9f7356de06575f95ad80d7a587da1909
     programming_lang: typing.Optional[builtins.str] = None,
     release_notes: typing.Optional[builtins.str] = None,
     vendor_guidance: typing.Optional[builtins.str] = None,
+    version: typing.Optional[jsii.Number] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -49898,6 +49931,12 @@ def _typecheckingstub__5382fea0d28fb1b1a6c04307334e93f65dd93058c962443126e577604
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__dbae2e45ceac204e4cf39ca16d43059237d821690a48fcb3456dbcd9ef6f1aef(
+    value: typing.Optional[jsii.Number],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__eb1cf2f49fa3a5bb0e6e9fdd2097a7a9401edb65fabfda045235c1b04b02fbf1(
     *,
     base_image: builtins.str,
@@ -49911,6 +49950,7 @@ def _typecheckingstub__eb1cf2f49fa3a5bb0e6e9fdd2097a7a9401edb65fabfda045235c1b04
     programming_lang: typing.Optional[builtins.str] = None,
     release_notes: typing.Optional[builtins.str] = None,
     vendor_guidance: typing.Optional[builtins.str] = None,
+    version: typing.Optional[jsii.Number] = None,
 ) -> None:
     """Type checking stubs"""
     pass