aws-cdk-lib 2.161.1__py3-none-any.whl → 2.162.0__py3-none-any.whl

aws_cdk/aws_cloudformation/__init__.py

@@ -71,7 +71,10 @@ class CfnCustomResource(
         from aws_cdk import aws_cloudformation as cloudformation
         
         cfn_custom_resource = cloudformation.CfnCustomResource(self, "MyCfnCustomResource",
-            service_token="serviceToken"
+            service_token="serviceToken",
+        
+            # the properties below are optional
+            service_timeout=123
         )
     '''
 
@@ -81,17 +84,21 @@ class CfnCustomResource(
         id: builtins.str,
         *,
         service_token: builtins.str,
+        service_timeout: typing.Optional[jsii.Number] = None,
     ) -> None:
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param service_token: The service token, such as an Amazon SNS topic ARN or Lambda function ARN. The service token must be from the same Region as the stack. Updates aren't supported.
+        :param service_timeout: The maximum time, in seconds, that can elapse before a custom resource operation times out. The value must be an integer from 1 to 3600. The default value is 3600 seconds (1 hour).
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__c0a3b106ffbe7fa1289a8e834aa35f1789994087e265fc54556841046e49661f)
             check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
-        props = CfnCustomResourceProps(service_token=service_token)
+        props = CfnCustomResourceProps(
+            service_token=service_token, service_timeout=service_timeout
+        )
 
         jsii.create(self.__class__, self, [scope, id, props])
 
@@ -151,17 +158,39 @@ class CfnCustomResource(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "serviceToken", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="serviceTimeout")
+    def service_timeout(self) -> typing.Optional[jsii.Number]:
+        '''The maximum time, in seconds, that can elapse before a custom resource operation times out.'''
+        return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "serviceTimeout"))
+
+    @service_timeout.setter
+    def service_timeout(self, value: typing.Optional[jsii.Number]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__8aeb9202526d3c023edb03694e6fd97bdab3490571f472a31d826759168ed9d6)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "serviceTimeout", value) # pyright: ignore[reportArgumentType]
+
 
 @jsii.data_type(
     jsii_type="aws-cdk-lib.aws_cloudformation.CfnCustomResourceProps",
     jsii_struct_bases=[],
-    name_mapping={"service_token": "serviceToken"},
+    name_mapping={
+        "service_token": "serviceToken",
+        "service_timeout": "serviceTimeout",
+    },
 )
 class CfnCustomResourceProps:
-    def __init__(self, *, service_token: builtins.str) -> None:
+    def __init__(
+        self,
+        *,
+        service_token: builtins.str,
+        service_timeout: typing.Optional[jsii.Number] = None,
+    ) -> None:
         '''Properties for defining a ``CfnCustomResource``.
 
         :param service_token: The service token, such as an Amazon SNS topic ARN or Lambda function ARN. The service token must be from the same Region as the stack. Updates aren't supported.
+        :param service_timeout: The maximum time, in seconds, that can elapse before a custom resource operation times out. The value must be an integer from 1 to 3600. The default value is 3600 seconds (1 hour).
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-customresource.html
         :exampleMetadata: fixture=_generated
@@ -173,15 +202,21 @@ class CfnCustomResourceProps:
             from aws_cdk import aws_cloudformation as cloudformation
             
             cfn_custom_resource_props = cloudformation.CfnCustomResourceProps(
-                service_token="serviceToken"
+                service_token="serviceToken",
+            
+                # the properties below are optional
+                service_timeout=123
             )
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__f766b9f5ea2582bff4d2cb33b19a38fbdabfbe380c61d04a056e8e0d2a00b54a)
             check_type(argname="argument service_token", value=service_token, expected_type=type_hints["service_token"])
+            check_type(argname="argument service_timeout", value=service_timeout, expected_type=type_hints["service_timeout"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "service_token": service_token,
         }
+        if service_timeout is not None:
+            self._values["service_timeout"] = service_timeout
 
     @builtins.property
     def service_token(self) -> builtins.str:
@@ -197,6 +232,17 @@ class CfnCustomResourceProps:
         assert result is not None, "Required property 'service_token' is missing"
         return typing.cast(builtins.str, result)
 
+    @builtins.property
+    def service_timeout(self) -> typing.Optional[jsii.Number]:
+        '''The maximum time, in seconds, that can elapse before a custom resource operation times out.
+
+        The value must be an integer from 1 to 3600. The default value is 3600 seconds (1 hour).
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-customresource.html#cfn-cloudformation-customresource-servicetimeout
+        '''
+        result = self._values.get("service_timeout")
+        return typing.cast(typing.Optional[jsii.Number], result)
+
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -6183,6 +6229,7 @@ def _typecheckingstub__c0a3b106ffbe7fa1289a8e834aa35f1789994087e265fc54556841046
     id: builtins.str,
     *,
     service_token: builtins.str,
+    service_timeout: typing.Optional[jsii.Number] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -6205,9 +6252,16 @@ def _typecheckingstub__77951bc16957122471cd48666095011465879476219c4b12cf6a7c268
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__8aeb9202526d3c023edb03694e6fd97bdab3490571f472a31d826759168ed9d6(
+    value: typing.Optional[jsii.Number],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__f766b9f5ea2582bff4d2cb33b19a38fbdabfbe380c61d04a056e8e0d2a00b54a(
     *,
     service_token: builtins.str,
+    service_timeout: typing.Optional[jsii.Number] = None,
 ) -> None:
     """Type checking stubs"""
     pass

aws_cdk/aws_cloudfront/__init__.py

@@ -1167,7 +1167,7 @@ specified status codes the failover origin source will be used.
 cloudfront.CloudFrontWebDistribution(self, "ADistribution",
     origin_configs=[cloudfront.SourceConfiguration(
         s3_origin_source=cloudfront.S3OriginConfig(
-            s3_bucket_source=s3.Bucket.from_bucket_name(self, "aBucket", "myoriginbucket"),
+            s3_bucket_source=s3.Bucket.from_bucket_name(self, "aBucket", "amzn-s3-demo-bucket"),
             origin_path="/",
             origin_headers={
                 "myHeader": "42"
@@ -1175,7 +1175,7 @@ cloudfront.CloudFrontWebDistribution(self, "ADistribution",
             origin_shield_region="us-west-2"
         ),
         failover_s3_origin_source=cloudfront.S3OriginConfig(
-            s3_bucket_source=s3.Bucket.from_bucket_name(self, "aBucketFallback", "myoriginbucketfallback"),
+            s3_bucket_source=s3.Bucket.from_bucket_name(self, "aBucketFallback", "amzn-s3-demo-bucket1"),
             origin_path="/somewhere",
             origin_headers={
                 "myHeader2": "21"
@@ -16343,7 +16343,7 @@ class FailoverStatusCode(enum.Enum):
         cloudfront.CloudFrontWebDistribution(self, "ADistribution",
             origin_configs=[cloudfront.SourceConfiguration(
                 s3_origin_source=cloudfront.S3OriginConfig(
-                    s3_bucket_source=s3.Bucket.from_bucket_name(self, "aBucket", "myoriginbucket"),
+                    s3_bucket_source=s3.Bucket.from_bucket_name(self, "aBucket", "amzn-s3-demo-bucket"),
                     origin_path="/",
                     origin_headers={
                         "myHeader": "42"
@@ -16351,7 +16351,7 @@ class FailoverStatusCode(enum.Enum):
                     origin_shield_region="us-west-2"
                 ),
                 failover_s3_origin_source=cloudfront.S3OriginConfig(
-                    s3_bucket_source=s3.Bucket.from_bucket_name(self, "aBucketFallback", "myoriginbucketfallback"),
+                    s3_bucket_source=s3.Bucket.from_bucket_name(self, "aBucketFallback", "amzn-s3-demo-bucket1"),
                     origin_path="/somewhere",
                     origin_headers={
                         "myHeader2": "21"

aws_cdk/aws_codebuild/__init__.py

@@ -361,7 +361,7 @@ codebuild.Project(self, "Project",
         build_image=codebuild.WindowsBuildImage.from_ecr_repository(ecr_repository, "v1.0", codebuild.WindowsImageType.SERVER_2019),
         # optional certificate to include in the build image
         certificate=codebuild.BuildEnvironmentCertificate(
-            bucket=s3.Bucket.from_bucket_name(self, "Bucket", "my-bucket"),
+            bucket=s3.Bucket.from_bucket_name(self, "Bucket", "amzn-s3-demo-bucket"),
             object_key="path/to/cert.pem"
         )
     )
@@ -1641,7 +1641,7 @@ class BuildEnvironmentCertificate:
                     build_image=codebuild.WindowsBuildImage.from_ecr_repository(ecr_repository, "v1.0", codebuild.WindowsImageType.SERVER_2019),
                     # optional certificate to include in the build image
                     certificate=codebuild.BuildEnvironmentCertificate(
-                        bucket=s3.Bucket.from_bucket_name(self, "Bucket", "my-bucket"),
+                        bucket=s3.Bucket.from_bucket_name(self, "Bucket", "amzn-s3-demo-bucket"),
                         object_key="path/to/cert.pem"
                     )
                 )
@@ -12618,7 +12618,7 @@ class Project(
                 build_image=codebuild.WindowsBuildImage.from_ecr_repository(ecr_repository, "v1.0", codebuild.WindowsImageType.SERVER_2019),
                 # optional certificate to include in the build image
                 certificate=codebuild.BuildEnvironmentCertificate(
-                    bucket=s3.Bucket.from_bucket_name(self, "Bucket", "my-bucket"),
+                    bucket=s3.Bucket.from_bucket_name(self, "Bucket", "amzn-s3-demo-bucket"),
                     object_key="path/to/cert.pem"
                 )
             )
@@ -13736,7 +13736,7 @@ class ProjectProps(CommonProjectProps):
                     build_image=codebuild.WindowsBuildImage.from_ecr_repository(ecr_repository, "v1.0", codebuild.WindowsImageType.SERVER_2019),
                     # optional certificate to include in the build image
                     certificate=codebuild.BuildEnvironmentCertificate(
-                        bucket=s3.Bucket.from_bucket_name(self, "Bucket", "my-bucket"),
+                        bucket=s3.Bucket.from_bucket_name(self, "Bucket", "amzn-s3-demo-bucket"),
                         object_key="path/to/cert.pem"
                     )
                 )
@@ -15402,7 +15402,7 @@ class WindowsBuildImage(
                 build_image=codebuild.WindowsBuildImage.from_ecr_repository(ecr_repository, "v1.0", codebuild.WindowsImageType.SERVER_2019),
                 # optional certificate to include in the build image
                 certificate=codebuild.BuildEnvironmentCertificate(
-                    bucket=s3.Bucket.from_bucket_name(self, "Bucket", "my-bucket"),
+                    bucket=s3.Bucket.from_bucket_name(self, "Bucket", "amzn-s3-demo-bucket"),
                     object_key="path/to/cert.pem"
                 )
             )
@@ -15619,7 +15619,7 @@ class WindowsImageType(enum.Enum):
                 build_image=codebuild.WindowsBuildImage.from_ecr_repository(ecr_repository, "v1.0", codebuild.WindowsImageType.SERVER_2019),
                 # optional certificate to include in the build image
                 certificate=codebuild.BuildEnvironmentCertificate(
-                    bucket=s3.Bucket.from_bucket_name(self, "Bucket", "my-bucket"),
+                    bucket=s3.Bucket.from_bucket_name(self, "Bucket", "amzn-s3-demo-bucket"),
                     object_key="path/to/cert.pem"
                 )
             )

aws_cdk/aws_codepipeline/__init__.py

@@ -291,7 +291,7 @@ pipeline = codepipeline.Pipeline(self, "MyFirstPipeline",
     cross_region_replication_buckets={
         # note that a physical name of the replication Bucket must be known at synthesis time
         "us-west-1": s3.Bucket.from_bucket_attributes(self, "UsWest1ReplicationBucket",
-            bucket_name="my-us-west-1-replication-bucket",
+            bucket_name="amzn-s3-demo-bucket",
             # optional KMS key
             encryption_key=kms.Key.from_key_arn(self, "UsWest1ReplicationKey", "arn:aws:kms:us-west-1:123456789012:key/1234-5678-9012")
         )

aws_cdk/aws_codepipeline_actions/__init__.py

@@ -282,7 +282,7 @@ you can specify the region explicitly:
 
 ```python
 source_bucket = s3.Bucket.from_bucket_attributes(self, "SourceBucket",
-    bucket_name="my-bucket",
+    bucket_name="amzn-s3-demo-bucket",
     region="ap-southeast-1"
 )
 ```

aws_cdk/aws_dynamodb/__init__.py

@@ -11464,7 +11464,7 @@ class TableEncryptionV2(
     @jsii.member(jsii_name="awsManagedKey")
     @builtins.classmethod
     def aws_managed_key(cls) -> "TableEncryptionV2":
-        '''Configure server-side encryption using a DynamoDB owned key.'''
+        '''Configure server-side encryption using an AWS managed key.'''
         return typing.cast("TableEncryptionV2", jsii.sinvoke(cls, "awsManagedKey", []))
 
     @jsii.member(jsii_name="customerManagedKey")

aws_cdk/aws_ec2/__init__.py

@@ -48057,7 +48057,7 @@ class CfnSubnet(
             subnetcount = subnetcount + 1
         
         cluster = eks.Cluster(self, "hello-eks",
-            version=eks.KubernetesVersion.V1_30,
+            version=eks.KubernetesVersion.V1_31,
             vpc=vpc,
             ip_family=eks.IpFamily.IP_V6,
             vpc_subnets=[ec2.SubnetSelection(subnets=vpc.public_subnets)]
@@ -55930,7 +55930,7 @@ class CfnVPCCidrBlock(
             subnetcount = subnetcount + 1
         
         cluster = eks.Cluster(self, "hello-eks",
-            version=eks.KubernetesVersion.V1_30,
+            version=eks.KubernetesVersion.V1_31,
             vpc=vpc,
             ip_family=eks.IpFamily.IP_V6,
             vpc_subnets=[ec2.SubnetSelection(subnets=vpc.public_subnets)]
@@ -56245,7 +56245,7 @@ class CfnVPCCidrBlockProps:
                 subnetcount = subnetcount + 1
             
             cluster = eks.Cluster(self, "hello-eks",
-                version=eks.KubernetesVersion.V1_30,
+                version=eks.KubernetesVersion.V1_31,
                 vpc=vpc,
                 ip_family=eks.IpFamily.IP_V6,
                 vpc_subnets=[ec2.SubnetSelection(subnets=vpc.public_subnets)]
@@ -75581,6 +75581,16 @@ class InterfaceVpcEndpointAwsService(
     def IOT_TWINMAKER_DATA(cls) -> "InterfaceVpcEndpointAwsService":
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "IOT_TWINMAKER_DATA"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="KAFKA")
+    def KAFKA(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "KAFKA"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="KAFKA_FIPS")
+    def KAFKA_FIPS(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "KAFKA_FIPS"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="KENDRA")
     def KENDRA(cls) -> "InterfaceVpcEndpointAwsService":

aws_cdk/aws_ecs/__init__.py

@@ -87,6 +87,19 @@ cluster = ecs.Cluster(self, "Cluster",
 )
 ```
 
+To encrypt the fargate ephemeral storage configure a KMS key.
+
+```python
+# key: kms.Key
+
+
+cluster = ecs.Cluster(self, "Cluster",
+    managed_storage_configuration=ecs.ManagedStorageConfiguration(
+        fargate_ephemeral_storage_kms_key=key
+    )
+)
+```
+
 The following code imports an existing cluster using the ARN which can be used to
 import an Amazon ECS service either EC2 or Fargate.
 
@@ -1635,7 +1648,7 @@ to work, you need to have the SSM plugin for the AWS CLI installed locally. For
 [Install Session Manager plugin for AWS CLI](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html).
 
 To enable the ECS Exec feature for your containers, set the boolean flag `enableExecuteCommand` to `true` in
-your `Ec2Service` or `FargateService`.
+your `Ec2Service`, `FargateService` or `ExternalService`.
 
 ```python
 # cluster: ecs.Cluster
@@ -19179,6 +19192,7 @@ class ClusterAttributes:
         "default_cloud_map_namespace": "defaultCloudMapNamespace",
         "enable_fargate_capacity_providers": "enableFargateCapacityProviders",
         "execute_command_configuration": "executeCommandConfiguration",
+        "managed_storage_configuration": "managedStorageConfiguration",
         "vpc": "vpc",
     },
 )
@@ -19192,6 +19206,7 @@ class ClusterProps:
         default_cloud_map_namespace: typing.Optional[typing.Union[CloudMapNamespaceOptions, typing.Dict[builtins.str, typing.Any]]] = None,
         enable_fargate_capacity_providers: typing.Optional[builtins.bool] = None,
         execute_command_configuration: typing.Optional[typing.Union["ExecuteCommandConfiguration", typing.Dict[builtins.str, typing.Any]]] = None,
+        managed_storage_configuration: typing.Optional[typing.Union["ManagedStorageConfiguration", typing.Dict[builtins.str, typing.Any]]] = None,
         vpc: typing.Optional[_IVpc_f30d5663] = None,
     ) -> None:
         '''The properties used to define an ECS cluster.
@@ -19202,48 +19217,35 @@ class ClusterProps:
         :param default_cloud_map_namespace: The service discovery namespace created in this cluster. Default: - no service discovery namespace created, you can use ``addDefaultCloudMapNamespace`` to add a default service discovery namespace later.
         :param enable_fargate_capacity_providers: Whether to enable Fargate Capacity Providers. Default: false
         :param execute_command_configuration: The execute command configuration for the cluster. Default: - no configuration will be provided.
+        :param managed_storage_configuration: Encryption configuration for ECS Managed storage. Default: - no encryption will be applied.
         :param vpc: The VPC where your ECS instances will be running or your ENIs will be deployed. Default: - creates a new VPC with two AZs
 
         :exampleMetadata: infused
 
         Example::
 
-            # vpc: ec2.Vpc
-            
-            
-            cluster = ecs.Cluster(self, "Cluster",
-                vpc=vpc
-            )
-            
-            auto_scaling_group = autoscaling.AutoScalingGroup(self, "ASG",
-                vpc=vpc,
-                instance_type=ec2.InstanceType("t2.micro"),
-                machine_image=ecs.EcsOptimizedImage.amazon_linux2(),
-                min_capacity=0,
-                max_capacity=100
+            vpc = ec2.Vpc.from_lookup(self, "Vpc",
+                is_default=True
             )
+            cluster = ecs.Cluster(self, "ECSCluster", vpc=vpc)
             
-            capacity_provider = ecs.AsgCapacityProvider(self, "AsgCapacityProvider",
-                auto_scaling_group=auto_scaling_group,
-                instance_warmup_period=300
+            task_definition = ecs.TaskDefinition(self, "TD",
+                compatibility=ecs.Compatibility.FARGATE,
+                cpu="256",
+                memory_mi_b="512"
             )
-            cluster.add_asg_capacity_provider(capacity_provider)
-            
-            task_definition = ecs.Ec2TaskDefinition(self, "TaskDef")
             
-            task_definition.add_container("web",
-                image=ecs.ContainerImage.from_registry("amazon/amazon-ecs-sample"),
-                memory_reservation_mi_b=256
+            task_definition.add_container("TheContainer",
+                image=ecs.ContainerImage.from_registry("foo/bar")
             )
             
-            ecs.Ec2Service(self, "EC2Service",
+            run_task = tasks.EcsRunTask(self, "Run",
+                integration_pattern=sfn.IntegrationPattern.RUN_JOB,
                 cluster=cluster,
                 task_definition=task_definition,
-                capacity_provider_strategies=[ecs.CapacityProviderStrategy(
-                    capacity_provider=capacity_provider.capacity_provider_name,
-                    weight=1
-                )
-                ]
+                launch_target=tasks.EcsFargateLaunchTarget(),
+                cpu="1024",
+                memory_mi_b="1048"
             )
         '''
         if isinstance(capacity, dict):
@@ -19252,6 +19254,8 @@ class ClusterProps:
             default_cloud_map_namespace = CloudMapNamespaceOptions(**default_cloud_map_namespace)
         if isinstance(execute_command_configuration, dict):
             execute_command_configuration = ExecuteCommandConfiguration(**execute_command_configuration)
+        if isinstance(managed_storage_configuration, dict):
+            managed_storage_configuration = ManagedStorageConfiguration(**managed_storage_configuration)
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__8819884fed76c2873e86d47e66faba011202f5d697aa512d17a66e5954cd0bf6)
             check_type(argname="argument capacity", value=capacity, expected_type=type_hints["capacity"])
@@ -19260,6 +19264,7 @@ class ClusterProps:
             check_type(argname="argument default_cloud_map_namespace", value=default_cloud_map_namespace, expected_type=type_hints["default_cloud_map_namespace"])
             check_type(argname="argument enable_fargate_capacity_providers", value=enable_fargate_capacity_providers, expected_type=type_hints["enable_fargate_capacity_providers"])
             check_type(argname="argument execute_command_configuration", value=execute_command_configuration, expected_type=type_hints["execute_command_configuration"])
+            check_type(argname="argument managed_storage_configuration", value=managed_storage_configuration, expected_type=type_hints["managed_storage_configuration"])
             check_type(argname="argument vpc", value=vpc, expected_type=type_hints["vpc"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
         if capacity is not None:
@@ -19274,6 +19279,8 @@ class ClusterProps:
             self._values["enable_fargate_capacity_providers"] = enable_fargate_capacity_providers
         if execute_command_configuration is not None:
             self._values["execute_command_configuration"] = execute_command_configuration
+        if managed_storage_configuration is not None:
+            self._values["managed_storage_configuration"] = managed_storage_configuration
         if vpc is not None:
             self._values["vpc"] = vpc
 
@@ -19336,6 +19343,17 @@ class ClusterProps:
         result = self._values.get("execute_command_configuration")
         return typing.cast(typing.Optional["ExecuteCommandConfiguration"], result)
 
+    @builtins.property
+    def managed_storage_configuration(
+        self,
+    ) -> typing.Optional["ManagedStorageConfiguration"]:
+        '''Encryption configuration for ECS Managed storage.
+
+        :default: - no encryption will be applied.
+        '''
+        result = self._values.get("managed_storage_configuration")
+        return typing.cast(typing.Optional["ManagedStorageConfiguration"], result)
+
     @builtins.property
     def vpc(self) -> typing.Optional[_IVpc_f30d5663]:
         '''The VPC where your ECS instances will be running or your ENIs will be deployed.
@@ -31804,6 +31822,68 @@ class MachineImageType(enum.Enum):
     '''Bottlerocket AMI.'''
 
 
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_ecs.ManagedStorageConfiguration",
+    jsii_struct_bases=[],
+    name_mapping={
+        "fargate_ephemeral_storage_kms_key": "fargateEphemeralStorageKmsKey",
+    },
+)
+class ManagedStorageConfiguration:
+    def __init__(
+        self,
+        *,
+        fargate_ephemeral_storage_kms_key: typing.Optional[_IKey_5f11635f] = None,
+    ) -> None:
+        '''Kms Keys for encryption ECS managed storage.
+
+        :param fargate_ephemeral_storage_kms_key: KMS Key used to encrypt ECS Fargate ephemeral Storage. The configured KMS Key's policy will be modified to allow ECS to use the Key to encrypt the ephemeral Storage for this cluster. Default: No encryption will be applied
+
+        :exampleMetadata: infused
+
+        Example::
+
+            # key: kms.Key
+            
+            
+            cluster = ecs.Cluster(self, "Cluster",
+                managed_storage_configuration=ecs.ManagedStorageConfiguration(
+                    fargate_ephemeral_storage_kms_key=key
+                )
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__2f9a1356d6603371cc25e0653216ab0167448ba43002bef5b32c489376e7fbb9)
+            check_type(argname="argument fargate_ephemeral_storage_kms_key", value=fargate_ephemeral_storage_kms_key, expected_type=type_hints["fargate_ephemeral_storage_kms_key"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {}
+        if fargate_ephemeral_storage_kms_key is not None:
+            self._values["fargate_ephemeral_storage_kms_key"] = fargate_ephemeral_storage_kms_key
+
+    @builtins.property
+    def fargate_ephemeral_storage_kms_key(self) -> typing.Optional[_IKey_5f11635f]:
+        '''KMS Key used to encrypt ECS Fargate ephemeral Storage.
+
+        The configured KMS Key's policy will be modified to allow ECS to use the Key to encrypt the ephemeral Storage for this cluster.
+
+        :default: No encryption will be applied
+
+        :see: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/fargate-storage-encryption.html
+        '''
+        result = self._values.get("fargate_ephemeral_storage_kms_key")
+        return typing.cast(typing.Optional[_IKey_5f11635f], result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "ManagedStorageConfiguration(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
 @jsii.data_type(
     jsii_type="aws-cdk-lib.aws_ecs.MemoryUtilizationScalingProps",
     jsii_struct_bases=[_BaseTargetTrackingProps_540ba713],
@@ -38287,6 +38367,7 @@ class Cluster(
         default_cloud_map_namespace: typing.Optional[typing.Union[CloudMapNamespaceOptions, typing.Dict[builtins.str, typing.Any]]] = None,
         enable_fargate_capacity_providers: typing.Optional[builtins.bool] = None,
         execute_command_configuration: typing.Optional[typing.Union[ExecuteCommandConfiguration, typing.Dict[builtins.str, typing.Any]]] = None,
+        managed_storage_configuration: typing.Optional[typing.Union[ManagedStorageConfiguration, typing.Dict[builtins.str, typing.Any]]] = None,
         vpc: typing.Optional[_IVpc_f30d5663] = None,
     ) -> None:
         '''Constructs a new instance of the Cluster class.
@@ -38299,6 +38380,7 @@ class Cluster(
         :param default_cloud_map_namespace: The service discovery namespace created in this cluster. Default: - no service discovery namespace created, you can use ``addDefaultCloudMapNamespace`` to add a default service discovery namespace later.
         :param enable_fargate_capacity_providers: Whether to enable Fargate Capacity Providers. Default: false
         :param execute_command_configuration: The execute command configuration for the cluster. Default: - no configuration will be provided.
+        :param managed_storage_configuration: Encryption configuration for ECS Managed storage. Default: - no encryption will be applied.
         :param vpc: The VPC where your ECS instances will be running or your ENIs will be deployed. Default: - creates a new VPC with two AZs
         '''
         if __debug__:
@@ -38312,6 +38394,7 @@ class Cluster(
             default_cloud_map_namespace=default_cloud_map_namespace,
             enable_fargate_capacity_providers=enable_fargate_capacity_providers,
             execute_command_configuration=execute_command_configuration,
+            managed_storage_configuration=managed_storage_configuration,
             vpc=vpc,
         )
 
@@ -41573,6 +41656,7 @@ __all__ = [
     "LogDriverConfig",
     "LogDrivers",
     "MachineImageType",
+    "ManagedStorageConfiguration",
     "MemoryUtilizationScalingProps",
     "MountPoint",
     "NetworkMode",
@@ -43332,6 +43416,7 @@ def _typecheckingstub__8819884fed76c2873e86d47e66faba011202f5d697aa512d17a66e595
     default_cloud_map_namespace: typing.Optional[typing.Union[CloudMapNamespaceOptions, typing.Dict[builtins.str, typing.Any]]] = None,
     enable_fargate_capacity_providers: typing.Optional[builtins.bool] = None,
     execute_command_configuration: typing.Optional[typing.Union[ExecuteCommandConfiguration, typing.Dict[builtins.str, typing.Any]]] = None,
+    managed_storage_configuration: typing.Optional[typing.Union[ManagedStorageConfiguration, typing.Dict[builtins.str, typing.Any]]] = None,
     vpc: typing.Optional[_IVpc_f30d5663] = None,
 ) -> None:
     """Type checking stubs"""
@@ -44496,6 +44581,13 @@ def _typecheckingstub__4028d39adfbd4018be781b02eae5afae009ba3d6754c9cac3c26580b7
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__2f9a1356d6603371cc25e0653216ab0167448ba43002bef5b32c489376e7fbb9(
+    *,
+    fargate_ephemeral_storage_kms_key: typing.Optional[_IKey_5f11635f] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__d32882694adadbb57f52a4cbf2992bb09590a6b59af9bbac933f44a4e322f934(
     *,
     disable_scale_in: typing.Optional[builtins.bool] = None,
@@ -45281,6 +45373,7 @@ def _typecheckingstub__3bfa430ae70aac83ab429fdb76501803ea8a276abbb829c3c149f8a8b
     default_cloud_map_namespace: typing.Optional[typing.Union[CloudMapNamespaceOptions, typing.Dict[builtins.str, typing.Any]]] = None,
     enable_fargate_capacity_providers: typing.Optional[builtins.bool] = None,
     execute_command_configuration: typing.Optional[typing.Union[ExecuteCommandConfiguration, typing.Dict[builtins.str, typing.Any]]] = None,
+    managed_storage_configuration: typing.Optional[typing.Union[ManagedStorageConfiguration, typing.Dict[builtins.str, typing.Any]]] = None,
     vpc: typing.Optional[_IVpc_f30d5663] = None,
 ) -> None:
     """Type checking stubs"""