aws-cdk-lib 2.160.0__py3-none-any.whl → 2.161.1__py3-none-any.whl

aws_cdk/aws_ec2/__init__.py

@@ -30492,7 +30492,7 @@ class CfnNatGateway(
         :param connectivity_type: Indicates whether the NAT gateway supports public or private connectivity. The default is public connectivity.
         :param max_drain_duration_seconds: The maximum amount of time to wait (in seconds) before forcibly releasing the IP addresses if connections are still in progress. Default value is 350 seconds.
         :param private_ip_address: The private IPv4 address to assign to the NAT gateway. If you don't provide an address, a private IPv4 address will be automatically assigned.
-        :param secondary_allocation_ids: Secondary EIP allocation IDs. For more information, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating>`_ in the *Amazon VPC User Guide* .
+        :param secondary_allocation_ids: Secondary EIP allocation IDs. For more information, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-working-with.html>`_ in the *Amazon VPC User Guide* .
         :param secondary_private_ip_address_count: [Private NAT gateway only] The number of secondary private IPv4 addresses you want to assign to the NAT gateway. For more information about secondary addresses, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating>`_ in the *Amazon Virtual Private Cloud User Guide* . ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time.
         :param secondary_private_ip_addresses: Secondary private IPv4 addresses. For more information about secondary addresses, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating>`_ in the *Amazon Virtual Private Cloud User Guide* . ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time.
         :param tags: The tags for the NAT gateway.
@@ -30730,7 +30730,7 @@ class CfnNatGatewayProps:
         :param connectivity_type: Indicates whether the NAT gateway supports public or private connectivity. The default is public connectivity.
         :param max_drain_duration_seconds: The maximum amount of time to wait (in seconds) before forcibly releasing the IP addresses if connections are still in progress. Default value is 350 seconds.
         :param private_ip_address: The private IPv4 address to assign to the NAT gateway. If you don't provide an address, a private IPv4 address will be automatically assigned.
-        :param secondary_allocation_ids: Secondary EIP allocation IDs. For more information, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating>`_ in the *Amazon VPC User Guide* .
+        :param secondary_allocation_ids: Secondary EIP allocation IDs. For more information, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-working-with.html>`_ in the *Amazon VPC User Guide* .
         :param secondary_private_ip_address_count: [Private NAT gateway only] The number of secondary private IPv4 addresses you want to assign to the NAT gateway. For more information about secondary addresses, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating>`_ in the *Amazon Virtual Private Cloud User Guide* . ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time.
         :param secondary_private_ip_addresses: Secondary private IPv4 addresses. For more information about secondary addresses, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating>`_ in the *Amazon Virtual Private Cloud User Guide* . ``SecondaryPrivateIpAddressCount`` and ``SecondaryPrivateIpAddresses`` cannot be set at the same time.
         :param tags: The tags for the NAT gateway.
@@ -30850,7 +30850,7 @@ class CfnNatGatewayProps:
     def secondary_allocation_ids(self) -> typing.Optional[typing.List[builtins.str]]:
         '''Secondary EIP allocation IDs.
 
-        For more information, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating>`_ in the *Amazon VPC User Guide* .
+        For more information, see `Create a NAT gateway <https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-working-with.html>`_ in the *Amazon VPC User Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-natgateway.html#cfn-ec2-natgateway-secondaryallocationids
         '''
@@ -51260,6 +51260,7 @@ class CfnTransitGateway(
             dns_support="dnsSupport",
             multicast_support="multicastSupport",
             propagation_default_route_table_id="propagationDefaultRouteTableId",
+            security_group_referencing_support="securityGroupReferencingSupport",
             tags=[CfnTag(
                 key="key",
                 value="value"
@@ -51283,6 +51284,7 @@ class CfnTransitGateway(
         dns_support: typing.Optional[builtins.str] = None,
         multicast_support: typing.Optional[builtins.str] = None,
         propagation_default_route_table_id: typing.Optional[builtins.str] = None,
+        security_group_referencing_support: typing.Optional[builtins.str] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
         transit_gateway_cidr_blocks: typing.Optional[typing.Sequence[builtins.str]] = None,
         vpn_ecmp_support: typing.Optional[builtins.str] = None,
@@ -51299,6 +51301,7 @@ class CfnTransitGateway(
         :param dns_support: Enable or disable DNS support. Enabled by default.
         :param multicast_support: Indicates whether multicast is enabled on the transit gateway.
         :param propagation_default_route_table_id: The ID of the default propagation route table.
+        :param security_group_referencing_support: Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature. For important information about this feature, see `Create a transit gateway <https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw>`_ in the *AWS Transit Gateway Guide* .
         :param tags: The tags for the transit gateway.
         :param transit_gateway_cidr_blocks: The transit gateway CIDR blocks.
         :param vpn_ecmp_support: Enable or disable Equal Cost Multipath Protocol support. Enabled by default.
@@ -51317,6 +51320,7 @@ class CfnTransitGateway(
             dns_support=dns_support,
             multicast_support=multicast_support,
             propagation_default_route_table_id=propagation_default_route_table_id,
+            security_group_referencing_support=security_group_referencing_support,
             tags=tags,
             transit_gateway_cidr_blocks=transit_gateway_cidr_blocks,
             vpn_ecmp_support=vpn_ecmp_support,
@@ -51514,6 +51518,22 @@ class CfnTransitGateway(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "propagationDefaultRouteTableId", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="securityGroupReferencingSupport")
+    def security_group_referencing_support(self) -> typing.Optional[builtins.str]:
+        '''Enables you to reference a security group across VPCs attached to a transit gateway (TGW).'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "securityGroupReferencingSupport"))
+
+    @security_group_referencing_support.setter
+    def security_group_referencing_support(
+        self,
+        value: typing.Optional[builtins.str],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__a3f506ba1d4c7659981ecfc231f5fb9ba7e866a8317415667ead4b5ff07b05dc)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "securityGroupReferencingSupport", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
     def tags_raw(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
@@ -51753,6 +51773,7 @@ class CfnTransitGatewayAttachment(
             "appliance_mode_support": "applianceModeSupport",
             "dns_support": "dnsSupport",
             "ipv6_support": "ipv6Support",
+            "security_group_referencing_support": "securityGroupReferencingSupport",
         },
     )
     class OptionsProperty:
@@ -51762,12 +51783,14 @@ class CfnTransitGatewayAttachment(
             appliance_mode_support: typing.Optional[builtins.str] = None,
             dns_support: typing.Optional[builtins.str] = None,
             ipv6_support: typing.Optional[builtins.str] = None,
+            security_group_referencing_support: typing.Optional[builtins.str] = None,
         ) -> None:
             '''Describes the VPC attachment options.
 
             :param appliance_mode_support: Enable or disable appliance mode support. The default is ``disable`` .
             :param dns_support: Enable or disable DNS support. The default is ``disable`` .
             :param ipv6_support: Enable or disable IPv6 support. The default is ``disable`` .
+            :param security_group_referencing_support: Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature. For important information about this feature, see `Create a transit gateway <https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw>`_ in the *AWS Transit Gateway Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-transitgatewayattachment-options.html
             :exampleMetadata: fixture=_generated
@@ -51781,7 +51804,8 @@ class CfnTransitGatewayAttachment(
                 options_property = ec2.CfnTransitGatewayAttachment.OptionsProperty(
                     appliance_mode_support="applianceModeSupport",
                     dns_support="dnsSupport",
-                    ipv6_support="ipv6Support"
+                    ipv6_support="ipv6Support",
+                    security_group_referencing_support="securityGroupReferencingSupport"
                 )
             '''
             if __debug__:
@@ -51789,6 +51813,7 @@ class CfnTransitGatewayAttachment(
                 check_type(argname="argument appliance_mode_support", value=appliance_mode_support, expected_type=type_hints["appliance_mode_support"])
                 check_type(argname="argument dns_support", value=dns_support, expected_type=type_hints["dns_support"])
                 check_type(argname="argument ipv6_support", value=ipv6_support, expected_type=type_hints["ipv6_support"])
+                check_type(argname="argument security_group_referencing_support", value=security_group_referencing_support, expected_type=type_hints["security_group_referencing_support"])
             self._values: typing.Dict[builtins.str, typing.Any] = {}
             if appliance_mode_support is not None:
                 self._values["appliance_mode_support"] = appliance_mode_support
@@ -51796,6 +51821,8 @@ class CfnTransitGatewayAttachment(
                 self._values["dns_support"] = dns_support
             if ipv6_support is not None:
                 self._values["ipv6_support"] = ipv6_support
+            if security_group_referencing_support is not None:
+                self._values["security_group_referencing_support"] = security_group_referencing_support
 
         @builtins.property
         def appliance_mode_support(self) -> typing.Optional[builtins.str]:
@@ -51830,6 +51857,19 @@ class CfnTransitGatewayAttachment(
             result = self._values.get("ipv6_support")
             return typing.cast(typing.Optional[builtins.str], result)
 
+        @builtins.property
+        def security_group_referencing_support(self) -> typing.Optional[builtins.str]:
+            '''Enables you to reference a security group across VPCs attached to a transit gateway (TGW).
+
+            Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.
+
+            For important information about this feature, see `Create a transit gateway <https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw>`_ in the *AWS Transit Gateway Guide* .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-transitgatewayattachment-options.html#cfn-ec2-transitgatewayattachment-options-securitygroupreferencingsupport
+            '''
+            result = self._values.get("security_group_referencing_support")
+            return typing.cast(typing.Optional[builtins.str], result)
+
         def __eq__(self, rhs: typing.Any) -> builtins.bool:
             return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -53954,6 +53994,7 @@ class CfnTransitGatewayPeeringAttachmentProps:
         "dns_support": "dnsSupport",
         "multicast_support": "multicastSupport",
         "propagation_default_route_table_id": "propagationDefaultRouteTableId",
+        "security_group_referencing_support": "securityGroupReferencingSupport",
         "tags": "tags",
         "transit_gateway_cidr_blocks": "transitGatewayCidrBlocks",
         "vpn_ecmp_support": "vpnEcmpSupport",
@@ -53972,6 +54013,7 @@ class CfnTransitGatewayProps:
         dns_support: typing.Optional[builtins.str] = None,
         multicast_support: typing.Optional[builtins.str] = None,
         propagation_default_route_table_id: typing.Optional[builtins.str] = None,
+        security_group_referencing_support: typing.Optional[builtins.str] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
         transit_gateway_cidr_blocks: typing.Optional[typing.Sequence[builtins.str]] = None,
         vpn_ecmp_support: typing.Optional[builtins.str] = None,
@@ -53987,6 +54029,7 @@ class CfnTransitGatewayProps:
         :param dns_support: Enable or disable DNS support. Enabled by default.
         :param multicast_support: Indicates whether multicast is enabled on the transit gateway.
         :param propagation_default_route_table_id: The ID of the default propagation route table.
+        :param security_group_referencing_support: Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature. For important information about this feature, see `Create a transit gateway <https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw>`_ in the *AWS Transit Gateway Guide* .
         :param tags: The tags for the transit gateway.
         :param transit_gateway_cidr_blocks: The transit gateway CIDR blocks.
         :param vpn_ecmp_support: Enable or disable Equal Cost Multipath Protocol support. Enabled by default.
@@ -54010,6 +54053,7 @@ class CfnTransitGatewayProps:
                 dns_support="dnsSupport",
                 multicast_support="multicastSupport",
                 propagation_default_route_table_id="propagationDefaultRouteTableId",
+                security_group_referencing_support="securityGroupReferencingSupport",
                 tags=[CfnTag(
                     key="key",
                     value="value"
@@ -54029,6 +54073,7 @@ class CfnTransitGatewayProps:
             check_type(argname="argument dns_support", value=dns_support, expected_type=type_hints["dns_support"])
             check_type(argname="argument multicast_support", value=multicast_support, expected_type=type_hints["multicast_support"])
             check_type(argname="argument propagation_default_route_table_id", value=propagation_default_route_table_id, expected_type=type_hints["propagation_default_route_table_id"])
+            check_type(argname="argument security_group_referencing_support", value=security_group_referencing_support, expected_type=type_hints["security_group_referencing_support"])
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
             check_type(argname="argument transit_gateway_cidr_blocks", value=transit_gateway_cidr_blocks, expected_type=type_hints["transit_gateway_cidr_blocks"])
             check_type(argname="argument vpn_ecmp_support", value=vpn_ecmp_support, expected_type=type_hints["vpn_ecmp_support"])
@@ -54051,6 +54096,8 @@ class CfnTransitGatewayProps:
             self._values["multicast_support"] = multicast_support
         if propagation_default_route_table_id is not None:
             self._values["propagation_default_route_table_id"] = propagation_default_route_table_id
+        if security_group_referencing_support is not None:
+            self._values["security_group_referencing_support"] = security_group_referencing_support
         if tags is not None:
             self._values["tags"] = tags
         if transit_gateway_cidr_blocks is not None:
@@ -54149,6 +54196,19 @@ class CfnTransitGatewayProps:
         result = self._values.get("propagation_default_route_table_id")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def security_group_referencing_support(self) -> typing.Optional[builtins.str]:
+        '''Enables you to reference a security group across VPCs attached to a transit gateway (TGW).
+
+        Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.
+
+        For important information about this feature, see `Create a transit gateway <https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw>`_ in the *AWS Transit Gateway Guide* .
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgateway.html#cfn-ec2-transitgateway-securitygroupreferencingsupport
+        '''
+        result = self._values.get("security_group_referencing_support")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
         '''The tags for the transit gateway.
@@ -55268,6 +55328,7 @@ class CfnTransitGatewayVpcAttachment(
             "appliance_mode_support": "applianceModeSupport",
             "dns_support": "dnsSupport",
             "ipv6_support": "ipv6Support",
+            "security_group_referencing_support": "securityGroupReferencingSupport",
         },
     )
     class OptionsProperty:
@@ -55277,12 +55338,14 @@ class CfnTransitGatewayVpcAttachment(
             appliance_mode_support: typing.Optional[builtins.str] = None,
             dns_support: typing.Optional[builtins.str] = None,
             ipv6_support: typing.Optional[builtins.str] = None,
+            security_group_referencing_support: typing.Optional[builtins.str] = None,
         ) -> None:
             '''Describes the VPC attachment options.
 
             :param appliance_mode_support: Enable or disable appliance mode support. The default is ``disable`` .
             :param dns_support: Enable or disable DNS support. The default is ``disable`` .
             :param ipv6_support: Enable or disable IPv6 support. The default is ``disable`` .
+            :param security_group_referencing_support: Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature. For important information about this feature, see `Create a transit gateway <https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw>`_ in the *AWS Transit Gateway Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-transitgatewayvpcattachment-options.html
             :exampleMetadata: fixture=_generated
@@ -55296,7 +55359,8 @@ class CfnTransitGatewayVpcAttachment(
                 options_property = ec2.CfnTransitGatewayVpcAttachment.OptionsProperty(
                     appliance_mode_support="applianceModeSupport",
                     dns_support="dnsSupport",
-                    ipv6_support="ipv6Support"
+                    ipv6_support="ipv6Support",
+                    security_group_referencing_support="securityGroupReferencingSupport"
                 )
             '''
             if __debug__:
@@ -55304,6 +55368,7 @@ class CfnTransitGatewayVpcAttachment(
                 check_type(argname="argument appliance_mode_support", value=appliance_mode_support, expected_type=type_hints["appliance_mode_support"])
                 check_type(argname="argument dns_support", value=dns_support, expected_type=type_hints["dns_support"])
                 check_type(argname="argument ipv6_support", value=ipv6_support, expected_type=type_hints["ipv6_support"])
+                check_type(argname="argument security_group_referencing_support", value=security_group_referencing_support, expected_type=type_hints["security_group_referencing_support"])
             self._values: typing.Dict[builtins.str, typing.Any] = {}
             if appliance_mode_support is not None:
                 self._values["appliance_mode_support"] = appliance_mode_support
@@ -55311,6 +55376,8 @@ class CfnTransitGatewayVpcAttachment(
                 self._values["dns_support"] = dns_support
             if ipv6_support is not None:
                 self._values["ipv6_support"] = ipv6_support
+            if security_group_referencing_support is not None:
+                self._values["security_group_referencing_support"] = security_group_referencing_support
 
         @builtins.property
         def appliance_mode_support(self) -> typing.Optional[builtins.str]:
@@ -55345,6 +55412,19 @@ class CfnTransitGatewayVpcAttachment(
             result = self._values.get("ipv6_support")
             return typing.cast(typing.Optional[builtins.str], result)
 
+        @builtins.property
+        def security_group_referencing_support(self) -> typing.Optional[builtins.str]:
+            '''Enables you to reference a security group across VPCs attached to a transit gateway (TGW).
+
+            Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.
+
+            For important information about this feature, see `Create a transit gateway <https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw>`_ in the *AWS Transit Gateway Guide* .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-transitgatewayvpcattachment-options.html#cfn-ec2-transitgatewayvpcattachment-options-securitygroupreferencingsupport
+            '''
+            result = self._values.get("security_group_referencing_support")
+            return typing.cast(typing.Optional[builtins.str], result)
+
         def __eq__(self, rhs: typing.Any) -> builtins.bool:
             return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -56550,7 +56630,7 @@ class CfnVPCEndpoint(
         :param id: Construct identifier for this resource (unique in its scope).
         :param service_name: The name of the endpoint service.
         :param vpc_id: The ID of the VPC.
-        :param policy_document: An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.
+        :param policy_document: An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and AWS CloudFormation converts the policy to JSON format before calling the API actions for AWS PrivateLink . Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'``
         :param private_dns_enabled: Indicate whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, ``kinesis.us-east-1.amazonaws.com`` ), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service. To use a private hosted zone, you must set the following VPC attributes to ``true`` : ``enableDnsHostnames`` and ``enableDnsSupport`` . This property is supported only for interface endpoints. Default: ``false``
         :param route_table_ids: The IDs of the route tables. Routing is supported only for gateway endpoints.
         :param security_group_ids: The IDs of the security groups to associate with the endpoint network interfaces. If this parameter is not specified, we use the default security group for the VPC. Security groups are supported only for interface endpoints.
@@ -57075,7 +57155,7 @@ class CfnVPCEndpointProps:
 
         :param service_name: The name of the endpoint service.
         :param vpc_id: The ID of the VPC.
-        :param policy_document: An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.
+        :param policy_document: An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and AWS CloudFormation converts the policy to JSON format before calling the API actions for AWS PrivateLink . Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'``
         :param private_dns_enabled: Indicate whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, ``kinesis.us-east-1.amazonaws.com`` ), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service. To use a private hosted zone, you must set the following VPC attributes to ``true`` : ``enableDnsHostnames`` and ``enableDnsSupport`` . This property is supported only for interface endpoints. Default: ``false``
         :param route_table_ids: The IDs of the route tables. Routing is supported only for gateway endpoints.
         :param security_group_ids: The IDs of the security groups to associate with the endpoint network interfaces. If this parameter is not specified, we use the default security group for the VPC. Security groups are supported only for interface endpoints.
@@ -57159,7 +57239,9 @@ class CfnVPCEndpointProps:
 
         The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.
 
-        For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.
+        For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and AWS CloudFormation converts the policy to JSON format before calling the API actions for AWS PrivateLink . Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section:
+
+        ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'``
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html#cfn-ec2-vpcendpoint-policydocument
         '''
@@ -73349,6 +73431,10 @@ class InstanceClass(enum.Enum):
     '''Graphics-optimized instances, 6th generation.'''
     G6 = "G6"
     '''Graphics-optimized instances, 6th generation.'''
+    GRAPHICS6_EFFICIENT = "GRAPHICS6_EFFICIENT"
+    '''Cost-efficient GPU-based instances for AI inference and spatial computing workloads, 6th generation.'''
+    G6E = "G6E"
+    '''Cost-efficient GPU-based instances for AI inference and spatial computing workloads, 6th generation.'''
     PARALLEL2 = "PARALLEL2"
     '''Parallel-processing optimized instances, 2nd generation.'''
     P2 = "P2"
@@ -75130,6 +75216,11 @@ class InterfaceVpcEndpointAwsService(
     def DIRECTORY_SERVICE(cls) -> "InterfaceVpcEndpointAwsService":
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "DIRECTORY_SERVICE"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="DYNAMODB")
+    def DYNAMODB(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "DYNAMODB"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="EBS_DIRECT")
     def EBS_DIRECT(cls) -> "InterfaceVpcEndpointAwsService":
@@ -75991,6 +76082,11 @@ class InterfaceVpcEndpointAwsService(
     def SAGEMAKER_API(cls) -> "InterfaceVpcEndpointAwsService":
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "SAGEMAKER_API"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="SAGEMAKER_EXPERIMENTS")
+    def SAGEMAKER_EXPERIMENTS(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "SAGEMAKER_EXPERIMENTS"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="SAGEMAKER_FEATURESTORE_RUNTIME")
     def SAGEMAKER_FEATURESTORE_RUNTIME(cls) -> "InterfaceVpcEndpointAwsService":
@@ -102100,6 +102196,7 @@ def _typecheckingstub__bba1945c40ffe23ea319a1157d643d40dd9ada3eb2884ee096699e549
     dns_support: typing.Optional[builtins.str] = None,
     multicast_support: typing.Optional[builtins.str] = None,
     propagation_default_route_table_id: typing.Optional[builtins.str] = None,
+    security_group_referencing_support: typing.Optional[builtins.str] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     transit_gateway_cidr_blocks: typing.Optional[typing.Sequence[builtins.str]] = None,
     vpn_ecmp_support: typing.Optional[builtins.str] = None,
@@ -102173,6 +102270,12 @@ def _typecheckingstub__96eb40466e83d16bb71ed5f295e56c3ec41178edaf7dada2d08c5cfbf
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__a3f506ba1d4c7659981ecfc231f5fb9ba7e866a8317415667ead4b5ff07b05dc(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__ce7a4c126005c51509a0bd7f2c9b3dd762ba3bd0c8c5a303dfdcdb1ae2aa45ac(
     value: typing.Optional[typing.List[_CfnTag_f6864754]],
 ) -> None:
@@ -102251,6 +102354,7 @@ def _typecheckingstub__1a6a91070bc957616b318464b989714fb81382073cacd0ab2b00be277
     appliance_mode_support: typing.Optional[builtins.str] = None,
     dns_support: typing.Optional[builtins.str] = None,
     ipv6_support: typing.Optional[builtins.str] = None,
+    security_group_referencing_support: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -102617,6 +102721,7 @@ def _typecheckingstub__49fd996c8de156c654fbaab604bd7c39350335d42f26ebf85fab17421
     dns_support: typing.Optional[builtins.str] = None,
     multicast_support: typing.Optional[builtins.str] = None,
     propagation_default_route_table_id: typing.Optional[builtins.str] = None,
+    security_group_referencing_support: typing.Optional[builtins.str] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     transit_gateway_cidr_blocks: typing.Optional[typing.Sequence[builtins.str]] = None,
     vpn_ecmp_support: typing.Optional[builtins.str] = None,
@@ -102882,6 +102987,7 @@ def _typecheckingstub__ea53e7949c27ba728a0fa1f4b7f62f321894de9f55e4d88a106982259
     appliance_mode_support: typing.Optional[builtins.str] = None,
     dns_support: typing.Optional[builtins.str] = None,
     ipv6_support: typing.Optional[builtins.str] = None,
+    security_group_referencing_support: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
     pass