aws-cdk-lib 2.160.0__py3-none-any.whl → 2.161.0__py3-none-any.whl

aws_cdk/aws_sagemaker/__init__.py

@@ -15436,7 +15436,8 @@ class CfnImageVersion(
             processor="processor",
             programming_lang="programmingLang",
             release_notes="releaseNotes",
-            vendor_guidance="vendorGuidance"
+            vendor_guidance="vendorGuidance",
+            version=123
         )
     '''
 
@@ -15456,6 +15457,7 @@ class CfnImageVersion(
         programming_lang: typing.Optional[builtins.str] = None,
         release_notes: typing.Optional[builtins.str] = None,
         vendor_guidance: typing.Optional[builtins.str] = None,
+        version: typing.Optional[jsii.Number] = None,
     ) -> None:
         '''
         :param scope: Scope in which this resource is defined.
@@ -15471,6 +15473,7 @@ class CfnImageVersion(
         :param programming_lang: The supported programming language and its version.
         :param release_notes: The maintainer description of the image version.
         :param vendor_guidance: The availability of the image version specified by the maintainer.
+        :param version: The version number.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__1ad8c361f2876657ea1cf0f0f9f7356de06575f95ad80d7a587da19094ecd39f)
@@ -15488,6 +15491,7 @@ class CfnImageVersion(
             programming_lang=programming_lang,
             release_notes=release_notes,
             vendor_guidance=vendor_guidance,
+            version=version,
         )
 
         jsii.create(self.__class__, self, [scope, id, props])
@@ -15558,8 +15562,7 @@ class CfnImageVersion(
     @builtins.property
     @jsii.member(jsii_name="attrVersion")
     def attr_version(self) -> jsii.Number:
-        '''The version of the image.
-
+        '''
         :cloudformationAttribute: Version
         '''
         return typing.cast(jsii.Number, jsii.get(self, "attrVersion"))
@@ -15717,6 +15720,19 @@ class CfnImageVersion(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "vendorGuidance", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="version")
+    def version(self) -> typing.Optional[jsii.Number]:
+        '''The version number.'''
+        return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "version"))
+
+    @version.setter
+    def version(self, value: typing.Optional[jsii.Number]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__dbae2e45ceac204e4cf39ca16d43059237d821690a48fcb3456dbcd9ef6f1aef)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "version", value) # pyright: ignore[reportArgumentType]
+
 
 @jsii.data_type(
     jsii_type="aws-cdk-lib.aws_sagemaker.CfnImageVersionProps",
@@ -15733,6 +15749,7 @@ class CfnImageVersion(
         "programming_lang": "programmingLang",
         "release_notes": "releaseNotes",
         "vendor_guidance": "vendorGuidance",
+        "version": "version",
     },
 )
 class CfnImageVersionProps:
@@ -15750,6 +15767,7 @@ class CfnImageVersionProps:
         programming_lang: typing.Optional[builtins.str] = None,
         release_notes: typing.Optional[builtins.str] = None,
         vendor_guidance: typing.Optional[builtins.str] = None,
+        version: typing.Optional[jsii.Number] = None,
     ) -> None:
         '''Properties for defining a ``CfnImageVersion``.
 
@@ -15764,6 +15782,7 @@ class CfnImageVersionProps:
         :param programming_lang: The supported programming language and its version.
         :param release_notes: The maintainer description of the image version.
         :param vendor_guidance: The availability of the image version specified by the maintainer.
+        :param version: The version number.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-imageversion.html
         :exampleMetadata: fixture=_generated
@@ -15787,7 +15806,8 @@ class CfnImageVersionProps:
                 processor="processor",
                 programming_lang="programmingLang",
                 release_notes="releaseNotes",
-                vendor_guidance="vendorGuidance"
+                vendor_guidance="vendorGuidance",
+                version=123
             )
         '''
         if __debug__:
@@ -15803,6 +15823,7 @@ class CfnImageVersionProps:
             check_type(argname="argument programming_lang", value=programming_lang, expected_type=type_hints["programming_lang"])
             check_type(argname="argument release_notes", value=release_notes, expected_type=type_hints["release_notes"])
             check_type(argname="argument vendor_guidance", value=vendor_guidance, expected_type=type_hints["vendor_guidance"])
+            check_type(argname="argument version", value=version, expected_type=type_hints["version"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "base_image": base_image,
             "image_name": image_name,
@@ -15825,6 +15846,8 @@ class CfnImageVersionProps:
             self._values["release_notes"] = release_notes
         if vendor_guidance is not None:
             self._values["vendor_guidance"] = vendor_guidance
+        if version is not None:
+            self._values["version"] = version
 
     @builtins.property
     def base_image(self) -> builtins.str:
@@ -15933,6 +15956,15 @@ class CfnImageVersionProps:
         result = self._values.get("vendor_guidance")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def version(self) -> typing.Optional[jsii.Number]:
+        '''The version number.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-imageversion.html#cfn-sagemaker-imageversion-version
+        '''
+        result = self._values.get("version")
+        return typing.cast(typing.Optional[jsii.Number], result)
+
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -49816,6 +49848,7 @@ def _typecheckingstub__1ad8c361f2876657ea1cf0f0f9f7356de06575f95ad80d7a587da1909
     programming_lang: typing.Optional[builtins.str] = None,
     release_notes: typing.Optional[builtins.str] = None,
     vendor_guidance: typing.Optional[builtins.str] = None,
+    version: typing.Optional[jsii.Number] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -49898,6 +49931,12 @@ def _typecheckingstub__5382fea0d28fb1b1a6c04307334e93f65dd93058c962443126e577604
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__dbae2e45ceac204e4cf39ca16d43059237d821690a48fcb3456dbcd9ef6f1aef(
+    value: typing.Optional[jsii.Number],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__eb1cf2f49fa3a5bb0e6e9fdd2097a7a9401edb65fabfda045235c1b04b02fbf1(
     *,
     base_image: builtins.str,
@@ -49911,6 +49950,7 @@ def _typecheckingstub__eb1cf2f49fa3a5bb0e6e9fdd2097a7a9401edb65fabfda045235c1b04
     programming_lang: typing.Optional[builtins.str] = None,
     release_notes: typing.Optional[builtins.str] = None,
     vendor_guidance: typing.Optional[builtins.str] = None,
+    version: typing.Optional[jsii.Number] = None,
 ) -> None:
     """Type checking stubs"""
     pass

aws_cdk/aws_secretsmanager/__init__.py

@@ -711,6 +711,8 @@ class CfnRotationSchedule(
 
     For database secrets, if you define both the secret and the database or service in the AWS CloudFormation template, then you need to define the `AWS::SecretsManager::SecretTargetAttachment <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html>`_ resource to populate the secret with the connection details of the database or service before you attempt to configure rotation.
 
+    For a single secret, you can only define one rotation schedule with it.
+
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-rotationschedule.html
     :cloudformationResource: AWS::SecretsManager::RotationSchedule
     :exampleMetadata: fixture=_generated
@@ -764,7 +766,7 @@ class CfnRotationSchedule(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param secret_id: The ARN or name of the secret to rotate. To reference a secret also created in this template, use the `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function with the secret's logical ID.
+        :param secret_id: The ARN or name of the secret to rotate. This is unique for each rotation schedule definition. To reference a secret also created in this template, use the `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function with the secret's logical ID.
         :param hosted_rotation_lambda: Creates a new Lambda rotation function based on one of the `Secrets Manager rotation function templates <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ . To use a rotation function that already exists, specify ``RotationLambdaARN`` instead. For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ . For Amazon Redshift admin user credentials, see `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_ .
         :param rotate_immediately_on_update: Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. The rotation schedule is defined in ``RotationRules`` . If you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the ```testSecret`` step <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ of the Lambda rotation function. The test creates an ``AWSPENDING`` version of the secret and then removes it. If you don't specify this value, then by default, Secrets Manager rotates the secret immediately. Rotation is an asynchronous process. For more information, see `How rotation works <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ .
         :param rotation_lambda_arn: The ARN of an existing Lambda rotation function. To specify a rotation function that is also defined in this template, use the `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function. For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ . For Amazon Redshift admin user credentials, see `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_ . To create a new rotation function based on one of the `Secrets Manager rotation function templates <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ , specify ``HostedRotationLambda`` instead.
@@ -830,7 +832,10 @@ class CfnRotationSchedule(
     @builtins.property
     @jsii.member(jsii_name="secretId")
     def secret_id(self) -> builtins.str:
-        '''The ARN or name of the secret to rotate.'''
+        '''The ARN or name of the secret to rotate.
+
+        This is unique for each rotation schedule definition.
+        '''
         return typing.cast(builtins.str, jsii.get(self, "secretId"))
 
     @secret_id.setter
@@ -1304,7 +1309,7 @@ class CfnRotationScheduleProps:
     ) -> None:
         '''Properties for defining a ``CfnRotationSchedule``.
 
-        :param secret_id: The ARN or name of the secret to rotate. To reference a secret also created in this template, use the `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function with the secret's logical ID.
+        :param secret_id: The ARN or name of the secret to rotate. This is unique for each rotation schedule definition. To reference a secret also created in this template, use the `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function with the secret's logical ID.
         :param hosted_rotation_lambda: Creates a new Lambda rotation function based on one of the `Secrets Manager rotation function templates <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ . To use a rotation function that already exists, specify ``RotationLambdaARN`` instead. For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ . For Amazon Redshift admin user credentials, see `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_ .
         :param rotate_immediately_on_update: Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. The rotation schedule is defined in ``RotationRules`` . If you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the ```testSecret`` step <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ of the Lambda rotation function. The test creates an ``AWSPENDING`` version of the secret and then removes it. If you don't specify this value, then by default, Secrets Manager rotates the secret immediately. Rotation is an asynchronous process. For more information, see `How rotation works <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ .
         :param rotation_lambda_arn: The ARN of an existing Lambda rotation function. To specify a rotation function that is also defined in this template, use the `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function. For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ . For Amazon Redshift admin user credentials, see `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_ . To create a new rotation function based on one of the `Secrets Manager rotation function templates <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ , specify ``HostedRotationLambda`` instead.
@@ -1368,7 +1373,7 @@ class CfnRotationScheduleProps:
 
     @builtins.property
     def secret_id(self) -> builtins.str:
-        '''The ARN or name of the secret to rotate.
+        '''The ARN or name of the secret to rotate. This is unique for each rotation schedule definition.
 
         To reference a secret also created in this template, use the `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function with the secret's logical ID.
 
@@ -2241,6 +2246,8 @@ class CfnSecretTargetAttachment(
 
     If you want to turn on automatic rotation for a database credential secret, the secret must contain the database connection information. For more information, see `JSON structure of Secrets Manager database credential secrets <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html>`_ .
 
+    A single secret resource can only have one target attached to it.
+
     When you remove a ``SecretTargetAttachment`` from a stack, Secrets Manager removes the database connection information from the secret with a ``PutSecretValue`` call.
 
     For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ .
@@ -2276,7 +2283,7 @@ class CfnSecretTargetAttachment(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param secret_id: The ARN or name of the secret. To reference a secret also created in this template, use the see `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function with the secret's logical ID.
+        :param secret_id: The ARN or name of the secret. To reference a secret also created in this template, use the see `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function with the secret's logical ID. This field is unique for each target attachment definition.
         :param target_id: The ID of the database or cluster.
         :param target_type: A string that defines the type of service or database associated with the secret. This value instructs Secrets Manager how to update the secret with the details of the service or database. This value must be one of the following: - AWS::RDS::DBInstance - AWS::RDS::DBCluster - AWS::Redshift::Cluster - AWS::RedshiftServerless::Namespace - AWS::DocDB::DBInstance - AWS::DocDB::DBCluster - AWS::DocDBElastic::Cluster
         '''
@@ -2392,7 +2399,7 @@ class CfnSecretTargetAttachmentProps:
     ) -> None:
         '''Properties for defining a ``CfnSecretTargetAttachment``.
 
-        :param secret_id: The ARN or name of the secret. To reference a secret also created in this template, use the see `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function with the secret's logical ID.
+        :param secret_id: The ARN or name of the secret. To reference a secret also created in this template, use the see `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function with the secret's logical ID. This field is unique for each target attachment definition.
         :param target_id: The ID of the database or cluster.
         :param target_type: A string that defines the type of service or database associated with the secret. This value instructs Secrets Manager how to update the secret with the details of the service or database. This value must be one of the following: - AWS::RDS::DBInstance - AWS::RDS::DBCluster - AWS::Redshift::Cluster - AWS::RedshiftServerless::Namespace - AWS::DocDB::DBInstance - AWS::DocDB::DBCluster - AWS::DocDBElastic::Cluster
 
@@ -2426,7 +2433,7 @@ class CfnSecretTargetAttachmentProps:
     def secret_id(self) -> builtins.str:
         '''The ARN or name of the secret.
 
-        To reference a secret also created in this template, use the see `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function with the secret's logical ID.
+        To reference a secret also created in this template, use the see `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function with the secret's logical ID. This field is unique for each target attachment definition.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html#cfn-secretsmanager-secrettargetattachment-secretid
         '''

aws_cdk/aws_securityhub/__init__.py

@@ -2315,7 +2315,7 @@ class CfnAutomationRule(
             '''Updates to the severity information for a finding.
 
             :param label: The severity value of the finding. The allowed values are the following. - ``INFORMATIONAL`` - No issue was found. - ``LOW`` - The issue does not require action on its own. - ``MEDIUM`` - The issue must be addressed but not urgently. - ``HIGH`` - The issue must be addressed as a priority. - ``CRITICAL`` - The issue must be remediated immediately to avoid it escalating.
-            :param normalized: The normalized severity for the finding. This attribute is to be deprecated in favor of ``Label`` . If you provide ``Normalized`` and do not provide ``Label`` , ``Label`` is set automatically as follows. - 0 - ``INFORMATIONAL`` - 1–39 - ``LOW`` - 40–69 - ``MEDIUM`` - 70–89 - ``HIGH`` - 90–100 - ``CRITICAL``
+            :param normalized: The normalized severity for the finding. This attribute is to be deprecated in favor of ``Label`` . If you provide ``Normalized`` and don't provide ``Label`` , ``Label`` is set automatically as follows. - 0 - ``INFORMATIONAL`` - 1–39 - ``LOW`` - 40–69 - ``MEDIUM`` - 70–89 - ``HIGH`` - 90–100 - ``CRITICAL``
             :param product: The native severity as defined by the AWS service or integrated partner product that generated the finding.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-severityupdate.html
@@ -2365,7 +2365,7 @@ class CfnAutomationRule(
         def normalized(self) -> typing.Optional[jsii.Number]:
             '''The normalized severity for the finding. This attribute is to be deprecated in favor of ``Label`` .
 
-            If you provide ``Normalized`` and do not provide ``Label`` , ``Label`` is set automatically as follows.
+            If you provide ``Normalized`` and don't provide ``Label`` , ``Label`` is set automatically as follows.
 
             - 0 - ``INFORMATIONAL``
             - 1–39 - ``LOW``
@@ -2504,7 +2504,7 @@ class CfnAutomationRule(
         def __init__(self, *, status: builtins.str) -> None:
             '''Used to update information about the investigation into the finding.
 
-            :param status: The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to ``SUPPRESSED`` or ``RESOLVED`` does not prevent a new finding for the same issue. The allowed values are the following. - ``NEW`` - The initial state of a finding, before it is reviewed. Security Hub also resets ``WorkFlowStatus`` from ``NOTIFIED`` or ``RESOLVED`` to ``NEW`` in the following cases: - The record state changes from ``ARCHIVED`` to ``ACTIVE`` . - The compliance status changes from ``PASSED`` to either ``WARNING`` , ``FAILED`` , or ``NOT_AVAILABLE`` . - ``NOTIFIED`` - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner. - ``RESOLVED`` - The finding was reviewed and remediated and is now considered resolved. - ``SUPPRESSED`` - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.
+            :param status: The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to ``SUPPRESSED`` or ``RESOLVED`` does not prevent a new finding for the same issue. The allowed values are the following. - ``NEW`` - The initial state of a finding, before it is reviewed. Security Hub also resets ``WorkFlowStatus`` from ``NOTIFIED`` or ``RESOLVED`` to ``NEW`` in the following cases: - The record state changes from ``ARCHIVED`` to ``ACTIVE`` . - The compliance status changes from ``PASSED`` to either ``WARNING`` , ``FAILED`` , or ``NOT_AVAILABLE`` . - ``NOTIFIED`` - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner. - ``RESOLVED`` - The finding was reviewed and remediated and is now considered resolved. - ``SUPPRESSED`` - Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-workflowupdate.html
             :exampleMetadata: fixture=_generated
@@ -2542,7 +2542,7 @@ class CfnAutomationRule(
             - The compliance status changes from ``PASSED`` to either ``WARNING`` , ``FAILED`` , or ``NOT_AVAILABLE`` .
             - ``NOTIFIED`` - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
             - ``RESOLVED`` - The finding was reviewed and remediated and is now considered resolved.
-            - ``SUPPRESSED`` - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.
+            - ``SUPPRESSED`` - Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-workflowupdate.html#cfn-securityhub-automationrule-workflowupdate-status
             '''
@@ -4239,7 +4239,7 @@ class CfnFindingAggregator(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param region_linking_mode: Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them. The selected option also determines how to use the Regions provided in the Regions list. The options are as follows: - ``ALL_REGIONS`` - Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. - ``ALL_REGIONS_EXCEPT_SPECIFIED`` - Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the ``Regions`` parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. - ``SPECIFIED_REGIONS`` - Aggregates findings only from the Regions listed in the ``Regions`` parameter. Security Hub does not automatically aggregate findings from new Regions. - ``NO_REGIONS`` - Aggregates no data because no Regions are selected as linked Regions.
-        :param regions: If ``RegionLinkingMode`` is ``ALL_REGIONS_EXCEPT_SPECIFIED`` , then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region. If ``RegionLinkingMode`` is ``SPECIFIED_REGIONS`` , then this is a space-separated list of Regions that do aggregate findings to the aggregation Region. An ``InvalidInputException`` error results if you populate this field while ``RegionLinkingMode`` is ``NO_REGIONS`` .
+        :param regions: If ``RegionLinkingMode`` is ``ALL_REGIONS_EXCEPT_SPECIFIED`` , then this is a space-separated list of Regions that don't replicate and send findings to the home Region. If ``RegionLinkingMode`` is ``SPECIFIED_REGIONS`` , then this is a space-separated list of Regions that do replicate and send findings to the home Region. An ``InvalidInputException`` error results if you populate this field while ``RegionLinkingMode`` is ``NO_REGIONS`` .
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__def955d28b5fec6358172b72efd12a764fe7f7be8d0ea9076bc99608ed72dd3c)
@@ -4284,7 +4284,9 @@ class CfnFindingAggregator(
     @builtins.property
     @jsii.member(jsii_name="attrFindingAggregationRegion")
     def attr_finding_aggregation_region(self) -> builtins.str:
-        '''The aggregation Region.
+        '''The home Region.
+
+        Findings generated in linked Regions are replicated and sent to the home Region.
 
         :cloudformationAttribute: FindingAggregationRegion
         '''
@@ -4322,7 +4324,7 @@ class CfnFindingAggregator(
     @builtins.property
     @jsii.member(jsii_name="regions")
     def regions(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''If ``RegionLinkingMode`` is ``ALL_REGIONS_EXCEPT_SPECIFIED`` , then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.'''
+        '''If ``RegionLinkingMode`` is ``ALL_REGIONS_EXCEPT_SPECIFIED`` , then this is a space-separated list of Regions that don't replicate and send findings to the home Region.'''
         return typing.cast(typing.Optional[typing.List[builtins.str]], jsii.get(self, "regions"))
 
     @regions.setter
@@ -4348,7 +4350,7 @@ class CfnFindingAggregatorProps:
         '''Properties for defining a ``CfnFindingAggregator``.
 
         :param region_linking_mode: Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them. The selected option also determines how to use the Regions provided in the Regions list. The options are as follows: - ``ALL_REGIONS`` - Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. - ``ALL_REGIONS_EXCEPT_SPECIFIED`` - Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the ``Regions`` parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. - ``SPECIFIED_REGIONS`` - Aggregates findings only from the Regions listed in the ``Regions`` parameter. Security Hub does not automatically aggregate findings from new Regions. - ``NO_REGIONS`` - Aggregates no data because no Regions are selected as linked Regions.
-        :param regions: If ``RegionLinkingMode`` is ``ALL_REGIONS_EXCEPT_SPECIFIED`` , then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region. If ``RegionLinkingMode`` is ``SPECIFIED_REGIONS`` , then this is a space-separated list of Regions that do aggregate findings to the aggregation Region. An ``InvalidInputException`` error results if you populate this field while ``RegionLinkingMode`` is ``NO_REGIONS`` .
+        :param regions: If ``RegionLinkingMode`` is ``ALL_REGIONS_EXCEPT_SPECIFIED`` , then this is a space-separated list of Regions that don't replicate and send findings to the home Region. If ``RegionLinkingMode`` is ``SPECIFIED_REGIONS`` , then this is a space-separated list of Regions that do replicate and send findings to the home Region. An ``InvalidInputException`` error results if you populate this field while ``RegionLinkingMode`` is ``NO_REGIONS`` .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-findingaggregator.html
         :exampleMetadata: fixture=_generated
@@ -4399,9 +4401,9 @@ class CfnFindingAggregatorProps:
 
     @builtins.property
     def regions(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''If ``RegionLinkingMode`` is ``ALL_REGIONS_EXCEPT_SPECIFIED`` , then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.
+        '''If ``RegionLinkingMode`` is ``ALL_REGIONS_EXCEPT_SPECIFIED`` , then this is a space-separated list of Regions that don't replicate and send findings to the home Region.
 
-        If ``RegionLinkingMode`` is ``SPECIFIED_REGIONS`` , then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.
+        If ``RegionLinkingMode`` is ``SPECIFIED_REGIONS`` , then this is a space-separated list of Regions that do replicate and send findings to the home Region.
 
         An ``InvalidInputException`` error results if you populate this field while ``RegionLinkingMode`` is ``NO_REGIONS`` .
 
@@ -5656,7 +5658,7 @@ class CfnInsight(
             :param resource_type: Specifies the type of the resource that details are provided for.
             :param sample: Indicates whether or not sample findings are included in the filter results.
             :param severity_label: The label of a finding's severity.
-            :param severity_normalized: Deprecated. The normalized severity of a finding. Instead of providing ``Normalized`` , provide ``Label`` . The value of ``Normalized`` can be an integer between ``0`` and ``100`` . If you provide ``Label`` and do not provide ``Normalized`` , then ``Normalized`` is set automatically as follows. - ``INFORMATIONAL`` - 0 - ``LOW`` - 1 - ``MEDIUM`` - 40 - ``HIGH`` - 70 - ``CRITICAL`` - 90
+            :param severity_normalized: Deprecated. The normalized severity of a finding. Instead of providing ``Normalized`` , provide ``Label`` . The value of ``Normalized`` can be an integer between ``0`` and ``100`` . If you provide ``Label`` and don't provide ``Normalized`` , then ``Normalized`` is set automatically as follows. - ``INFORMATIONAL`` - 0 - ``LOW`` - 1 - ``MEDIUM`` - 40 - ``HIGH`` - 70 - ``CRITICAL`` - 90
             :param severity_product: Deprecated. This attribute isn't included in findings. Instead of providing ``Product`` , provide ``Original`` . The native severity as defined by the AWS service or integrated partner product that generated the finding.
             :param source_url: A URL that links to a page about the current finding in the security findings provider's solution.
             :param threat_intel_indicator_category: The category of a threat intelligence indicator.
@@ -5673,7 +5675,7 @@ class CfnInsight(
             :param vulnerabilities_exploit_available: Indicates whether a software vulnerability in your environment has a known exploit. You can filter findings by this field only if you use Security Hub and Amazon Inspector.
             :param vulnerabilities_fix_available: Indicates whether a vulnerability is fixed in a newer version of the affected software packages. You can filter findings by this field only if you use Security Hub and Amazon Inspector.
             :param workflow_state: The workflow state of a finding. Note that this field is deprecated. To search for a finding based on its workflow status, use ``WorkflowStatus`` .
-            :param workflow_status: The status of the investigation into a finding. Allowed values are the following. - ``NEW`` - The initial state of a finding, before it is reviewed. Security Hub also resets the workflow status from ``NOTIFIED`` or ``RESOLVED`` to ``NEW`` in the following cases: - ``RecordState`` changes from ``ARCHIVED`` to ``ACTIVE`` . - ``Compliance.Status`` changes from ``PASSED`` to either ``WARNING`` , ``FAILED`` , or ``NOT_AVAILABLE`` . - ``NOTIFIED`` - Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner. If one of the following occurs, the workflow status is changed automatically from ``NOTIFIED`` to ``NEW`` : - ``RecordState`` changes from ``ARCHIVED`` to ``ACTIVE`` . - ``Compliance.Status`` changes from ``PASSED`` to ``FAILED`` , ``WARNING`` , or ``NOT_AVAILABLE`` . - ``SUPPRESSED`` - Indicates that you reviewed the finding and do not believe that any action is needed. The workflow status of a ``SUPPRESSED`` finding does not change if ``RecordState`` changes from ``ARCHIVED`` to ``ACTIVE`` . - ``RESOLVED`` - The finding was reviewed and remediated and is now considered resolved. The finding remains ``RESOLVED`` unless one of the following occurs: - ``RecordState`` changes from ``ARCHIVED`` to ``ACTIVE`` . - ``Compliance.Status`` changes from ``PASSED`` to ``FAILED`` , ``WARNING`` , or ``NOT_AVAILABLE`` . In those cases, the workflow status is automatically reset to ``NEW`` . For findings from controls, if ``Compliance.Status`` is ``PASSED`` , then Security Hub automatically sets the workflow status to ``RESOLVED`` .
+            :param workflow_status: The status of the investigation into a finding. Allowed values are the following. - ``NEW`` - The initial state of a finding, before it is reviewed. Security Hub also resets the workflow status from ``NOTIFIED`` or ``RESOLVED`` to ``NEW`` in the following cases: - ``RecordState`` changes from ``ARCHIVED`` to ``ACTIVE`` . - ``Compliance.Status`` changes from ``PASSED`` to either ``WARNING`` , ``FAILED`` , or ``NOT_AVAILABLE`` . - ``NOTIFIED`` - Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner. If one of the following occurs, the workflow status is changed automatically from ``NOTIFIED`` to ``NEW`` : - ``RecordState`` changes from ``ARCHIVED`` to ``ACTIVE`` . - ``Compliance.Status`` changes from ``PASSED`` to ``FAILED`` , ``WARNING`` , or ``NOT_AVAILABLE`` . - ``SUPPRESSED`` - Indicates that you reviewed the finding and don't believe that any action is needed. The workflow status of a ``SUPPRESSED`` finding does not change if ``RecordState`` changes from ``ARCHIVED`` to ``ACTIVE`` . - ``RESOLVED`` - The finding was reviewed and remediated and is now considered resolved. The finding remains ``RESOLVED`` unless one of the following occurs: - ``RecordState`` changes from ``ARCHIVED`` to ``ACTIVE`` . - ``Compliance.Status`` changes from ``PASSED`` to ``FAILED`` , ``WARNING`` , or ``NOT_AVAILABLE`` . In those cases, the workflow status is automatically reset to ``NEW`` . For findings from controls, if ``Compliance.Status`` is ``PASSED`` , then Security Hub automatically sets the workflow status to ``RESOLVED`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-awssecurityfindingfilters.html
             :exampleMetadata: fixture=_generated
@@ -7501,7 +7503,7 @@ class CfnInsight(
 
             The value of ``Normalized`` can be an integer between ``0`` and ``100`` .
 
-            If you provide ``Label`` and do not provide ``Normalized`` , then ``Normalized`` is set automatically as follows.
+            If you provide ``Label`` and don't provide ``Normalized`` , then ``Normalized`` is set automatically as follows.
 
             - ``INFORMATIONAL`` - 0
             - ``LOW`` - 1
@@ -7726,7 +7728,7 @@ class CfnInsight(
 
             - ``RecordState`` changes from ``ARCHIVED`` to ``ACTIVE`` .
             - ``Compliance.Status`` changes from ``PASSED`` to ``FAILED`` , ``WARNING`` , or ``NOT_AVAILABLE`` .
-            - ``SUPPRESSED`` - Indicates that you reviewed the finding and do not believe that any action is needed.
+            - ``SUPPRESSED`` - Indicates that you reviewed the finding and don't believe that any action is needed.
 
             The workflow status of a ``SUPPRESSED`` finding does not change if ``RecordState`` changes from ``ARCHIVED`` to ``ACTIVE`` .
 

aws_cdk/aws_ses/__init__.py

@@ -5671,7 +5671,8 @@ class CfnMailManagerRuleSet(
                     ),
                     string_expression=ses.CfnMailManagerRuleSet.RuleStringExpressionProperty(
                         evaluate=ses.CfnMailManagerRuleSet.RuleStringToEvaluateProperty(
-                            attribute="attribute"
+                            attribute="attribute",
+                            mime_header_attribute="mimeHeaderAttribute"
                         ),
                         operator="operator",
                         values=["values"]
@@ -5716,7 +5717,8 @@ class CfnMailManagerRuleSet(
                     ),
                     string_expression=ses.CfnMailManagerRuleSet.RuleStringExpressionProperty(
                         evaluate=ses.CfnMailManagerRuleSet.RuleStringToEvaluateProperty(
-                            attribute="attribute"
+                            attribute="attribute",
+                            mime_header_attribute="mimeHeaderAttribute"
                         ),
                         operator="operator",
                         values=["values"]
@@ -6773,7 +6775,8 @@ class CfnMailManagerRuleSet(
                     ),
                     string_expression=ses.CfnMailManagerRuleSet.RuleStringExpressionProperty(
                         evaluate=ses.CfnMailManagerRuleSet.RuleStringToEvaluateProperty(
-                            attribute="attribute"
+                            attribute="attribute",
+                            mime_header_attribute="mimeHeaderAttribute"
                         ),
                         operator="operator",
                         values=["values"]
@@ -7371,7 +7374,8 @@ class CfnMailManagerRuleSet(
                         ),
                         string_expression=ses.CfnMailManagerRuleSet.RuleStringExpressionProperty(
                             evaluate=ses.CfnMailManagerRuleSet.RuleStringToEvaluateProperty(
-                                attribute="attribute"
+                                attribute="attribute",
+                                mime_header_attribute="mimeHeaderAttribute"
                             ),
                             operator="operator",
                             values=["values"]
@@ -7416,7 +7420,8 @@ class CfnMailManagerRuleSet(
                         ),
                         string_expression=ses.CfnMailManagerRuleSet.RuleStringExpressionProperty(
                             evaluate=ses.CfnMailManagerRuleSet.RuleStringToEvaluateProperty(
-                                attribute="attribute"
+                                attribute="attribute",
+                                mime_header_attribute="mimeHeaderAttribute"
                             ),
                             operator="operator",
                             values=["values"]
@@ -7543,7 +7548,8 @@ class CfnMailManagerRuleSet(
                 
                 rule_string_expression_property = ses.CfnMailManagerRuleSet.RuleStringExpressionProperty(
                     evaluate=ses.CfnMailManagerRuleSet.RuleStringToEvaluateProperty(
-                        attribute="attribute"
+                        attribute="attribute",
+                        mime_header_attribute="mimeHeaderAttribute"
                     ),
                     operator="operator",
                     values=["values"]
@@ -7608,13 +7614,26 @@ class CfnMailManagerRuleSet(
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_ses.CfnMailManagerRuleSet.RuleStringToEvaluateProperty",
         jsii_struct_bases=[],
-        name_mapping={"attribute": "attribute"},
+        name_mapping={
+            "attribute": "attribute",
+            "mime_header_attribute": "mimeHeaderAttribute",
+        },
     )
     class RuleStringToEvaluateProperty:
-        def __init__(self, *, attribute: builtins.str) -> None:
+        def __init__(
+            self,
+            *,
+            attribute: typing.Optional[builtins.str] = None,
+            mime_header_attribute: typing.Optional[builtins.str] = None,
+        ) -> None:
             '''The string to evaluate in a string condition expression.
 
+            .. epigraph::
+
+               This data type is a UNION, so only one of the following members can be specified when used or returned.
+
             :param attribute: The email attribute to evaluate in a string condition expression.
+            :param mime_header_attribute: The email MIME X-Header attribute to evaluate in a string condition expression.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-mailmanagerruleset-rulestringtoevaluate.html
             :exampleMetadata: fixture=_generated
@@ -7626,25 +7645,37 @@ class CfnMailManagerRuleSet(
                 from aws_cdk import aws_ses as ses
                 
                 rule_string_to_evaluate_property = ses.CfnMailManagerRuleSet.RuleStringToEvaluateProperty(
-                    attribute="attribute"
+                    attribute="attribute",
+                    mime_header_attribute="mimeHeaderAttribute"
                 )
             '''
             if __debug__:
                 type_hints = typing.get_type_hints(_typecheckingstub__2da4d9d015f3b7cc8e8bc228c621ebc8b1b100adb32a59eb61a9ceba92a64fd5)
                 check_type(argname="argument attribute", value=attribute, expected_type=type_hints["attribute"])
-            self._values: typing.Dict[builtins.str, typing.Any] = {
-                "attribute": attribute,
-            }
+                check_type(argname="argument mime_header_attribute", value=mime_header_attribute, expected_type=type_hints["mime_header_attribute"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if attribute is not None:
+                self._values["attribute"] = attribute
+            if mime_header_attribute is not None:
+                self._values["mime_header_attribute"] = mime_header_attribute
 
         @builtins.property
-        def attribute(self) -> builtins.str:
+        def attribute(self) -> typing.Optional[builtins.str]:
             '''The email attribute to evaluate in a string condition expression.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-mailmanagerruleset-rulestringtoevaluate.html#cfn-ses-mailmanagerruleset-rulestringtoevaluate-attribute
             '''
             result = self._values.get("attribute")
-            assert result is not None, "Required property 'attribute' is missing"
-            return typing.cast(builtins.str, result)
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def mime_header_attribute(self) -> typing.Optional[builtins.str]:
+            '''The email MIME X-Header attribute to evaluate in a string condition expression.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-mailmanagerruleset-rulestringtoevaluate.html#cfn-ses-mailmanagerruleset-rulestringtoevaluate-mimeheaderattribute
+            '''
+            result = self._values.get("mime_header_attribute")
+            return typing.cast(typing.Optional[builtins.str], result)
 
         def __eq__(self, rhs: typing.Any) -> builtins.bool:
             return isinstance(rhs, self.__class__) and rhs._values == self._values
@@ -8151,7 +8182,8 @@ class CfnMailManagerRuleSetProps:
                         ),
                         string_expression=ses.CfnMailManagerRuleSet.RuleStringExpressionProperty(
                             evaluate=ses.CfnMailManagerRuleSet.RuleStringToEvaluateProperty(
-                                attribute="attribute"
+                                attribute="attribute",
+                                mime_header_attribute="mimeHeaderAttribute"
                             ),
                             operator="operator",
                             values=["values"]
@@ -8196,7 +8228,8 @@ class CfnMailManagerRuleSetProps:
                         ),
                         string_expression=ses.CfnMailManagerRuleSet.RuleStringExpressionProperty(
                             evaluate=ses.CfnMailManagerRuleSet.RuleStringToEvaluateProperty(
-                                attribute="attribute"
+                                attribute="attribute",
+                                mime_header_attribute="mimeHeaderAttribute"
                             ),
                             operator="operator",
                             values=["values"]
@@ -17367,7 +17400,8 @@ def _typecheckingstub__ac58a8ffbfedfd8a37ee59f94996c3194a29e1aa4e2893a82291934e7
 
 def _typecheckingstub__2da4d9d015f3b7cc8e8bc228c621ebc8b1b100adb32a59eb61a9ceba92a64fd5(
     *,
-    attribute: builtins.str,
+    attribute: typing.Optional[builtins.str] = None,
+    mime_header_attribute: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
     pass