aws-cdk-lib 2.163.1__py3-none-any.whl → 2.164.0__py3-none-any.whl

aws_cdk/_jsii/__init__.py

@@ -35,7 +35,7 @@ import aws_cdk.cloud_assembly_schema._jsii
 import constructs._jsii
 
 __jsii_assembly__ = jsii.JSIIAssembly.load(
-    "aws-cdk-lib", "2.163.1", __name__[0:-6], "aws-cdk-lib@2.163.1.jsii.tgz"
+    "aws-cdk-lib", "2.164.0", __name__[0:-6], "aws-cdk-lib@2.164.0.jsii.tgz"
 )
 
 __all__ = [

aws_cdk/aws_bedrock/__init__.py

@@ -19650,6 +19650,12 @@ class FoundationModelIdentifier(
         '''Base model "anthropic.claude-3-5-sonnet-20240620-v1:0".'''
         return typing.cast("FoundationModelIdentifier", jsii.sget(cls, "ANTHROPIC_CLAUDE_3_5_SONNET_20240620_V1_0"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="ANTHROPIC_CLAUDE_3_5_SONNET_20241022_V2_0")
+    def ANTHROPIC_CLAUDE_3_5_SONNET_20241022_V2_0(cls) -> "FoundationModelIdentifier":
+        '''Base model "anthropic.claude-3-5-sonnet-20241022-v2:0".'''
+        return typing.cast("FoundationModelIdentifier", jsii.sget(cls, "ANTHROPIC_CLAUDE_3_5_SONNET_20241022_V2_0"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="ANTHROPIC_CLAUDE_3_HAIKU_20240307_V1_0")
     def ANTHROPIC_CLAUDE_3_HAIKU_20240307_V1_0(cls) -> "FoundationModelIdentifier":

aws_cdk/aws_cloudfront/experimental/__init__.py

@@ -242,7 +242,7 @@ class EdgeFunction(
         :param params_and_secrets: Specify the configuration of Parameters and Secrets Extension. Default: - No Parameters and Secrets Extension
         :param profiling: Enable profiling. Default: - No profiling.
         :param profiling_group: Profiling Group. Default: - A new profiling group will be created if ``profiling`` is set.
-        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recusrive loops. Default: RecursiveLoop.Terminate
+        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recursive loops. Default: RecursiveLoop.Terminate
         :param reserved_concurrent_executions: The maximum of concurrent executions you want to reserve for the function. Default: - No specific limit - account limit.
         :param role: Lambda execution role. This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal. The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself. The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole". Default: - A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling ``addToRolePolicy``.
         :param runtime_management_mode: Sets the runtime management configuration for a function's version. Default: Auto
@@ -1074,7 +1074,7 @@ class EdgeFunctionProps(_FunctionProps_a308e854):
         :param params_and_secrets: Specify the configuration of Parameters and Secrets Extension. Default: - No Parameters and Secrets Extension
         :param profiling: Enable profiling. Default: - No profiling.
         :param profiling_group: Profiling Group. Default: - A new profiling group will be created if ``profiling`` is set.
-        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recusrive loops. Default: RecursiveLoop.Terminate
+        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recursive loops. Default: RecursiveLoop.Terminate
         :param reserved_concurrent_executions: The maximum of concurrent executions you want to reserve for the function. Default: - No specific limit - account limit.
         :param role: Lambda execution role. This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal. The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself. The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole". Default: - A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling ``addToRolePolicy``.
         :param runtime_management_mode: Sets the runtime management configuration for a function's version. Default: Auto
@@ -1734,7 +1734,7 @@ class EdgeFunctionProps(_FunctionProps_a308e854):
     def recursive_loop(self) -> typing.Optional[_RecursiveLoop_fc293827]:
         '''Sets the Recursive Loop Protection for Lambda Function.
 
-        It lets Lambda detect and terminate unintended recusrive loops.
+        It lets Lambda detect and terminate unintended recursive loops.
 
         :default: RecursiveLoop.Terminate
         '''

aws_cdk/aws_codebuild/__init__.py

@@ -1474,7 +1474,7 @@ class BuildEnvironment:
         privileged: typing.Optional[builtins.bool] = None,
     ) -> None:
         '''
-        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_1_0
+        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_7_0
         :param certificate: The location of the PEM-encoded certificate for the build project. Default: - No external certificate is added to the project
         :param compute_type: The type of compute to use for this build. See the ``ComputeType`` enum for the possible values. Default: taken from ``#buildImage#defaultComputeType``
         :param environment_variables: The environment variables that your builds can use.
@@ -1540,7 +1540,7 @@ class BuildEnvironment:
     def build_image(self) -> typing.Optional["IBuildImage"]:
         '''The image used for the builds.
 
-        :default: LinuxBuildImage.STANDARD_1_0
+        :default: LinuxBuildImage.STANDARD_7_0
         '''
         result = self._values.get("build_image")
         return typing.cast(typing.Optional["IBuildImage"], result)
@@ -7624,7 +7624,7 @@ class CommonProjectProps:
         :param concurrent_build_limit: Maximum number of concurrent builds. Minimum value is 1 and maximum is account build limit. Default: - no explicit limit is set
         :param description: A description of the project. Use the description to identify the purpose of the project. Default: - No description.
         :param encryption_key: Encryption key to use to read and write artifacts. Default: - The AWS-managed CMK for Amazon Simple Storage Service (Amazon S3) is used.
-        :param environment: Build environment to use for the build. Default: BuildEnvironment.LinuxBuildImage.STANDARD_1_0
+        :param environment: Build environment to use for the build. Default: BuildEnvironment.LinuxBuildImage.STANDARD_7_0
         :param environment_variables: Additional environment variables to add to the build environment. Default: - No additional environment variables are specified.
         :param file_system_locations: An ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier, location, mountOptions, mountPoint, and type of a file system created using Amazon Elastic File System. Default: - no file system locations
         :param grant_report_group_permissions: Add permissions to this project's role to create and use test report groups with name starting with the name of this project. That is the standard report group that gets created when a simple name (in contrast to an ARN) is used in the 'reports' section of the buildspec of this project. This is usually harmless, but you can turn these off if you don't plan on using test reports in this project. Default: true
@@ -7907,7 +7907,7 @@ class CommonProjectProps:
     def environment(self) -> typing.Optional[BuildEnvironment]:
         '''Build environment to use for the build.
 
-        :default: BuildEnvironment.LinuxBuildImage.STANDARD_1_0
+        :default: BuildEnvironment.LinuxBuildImage.STANDARD_7_0
         '''
         result = self._values.get("environment")
         return typing.cast(typing.Optional[BuildEnvironment], result)
@@ -9273,7 +9273,7 @@ class IBuildImage(typing_extensions.Protocol):
     ) -> typing.List[builtins.str]:
         '''Allows the image a chance to validate whether the passed configuration is correct.
 
-        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_1_0
+        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_7_0
         :param certificate: The location of the PEM-encoded certificate for the build project. Default: - No external certificate is added to the project
         :param compute_type: The type of compute to use for this build. See the ``ComputeType`` enum for the possible values. Default: taken from ``#buildImage#defaultComputeType``
         :param environment_variables: The environment variables that your builds can use.
@@ -9364,7 +9364,7 @@ class _IBuildImageProxy:
     ) -> typing.List[builtins.str]:
         '''Allows the image a chance to validate whether the passed configuration is correct.
 
-        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_1_0
+        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_7_0
         :param certificate: The location of the PEM-encoded certificate for the build project. Default: - No external certificate is added to the project
         :param compute_type: The type of compute to use for this build. See the ``ComputeType`` enum for the possible values. Default: taken from ``#buildImage#defaultComputeType``
         :param environment_variables: The environment variables that your builds can use.
@@ -10849,7 +10849,7 @@ class LinuxArmBuildImage(
     ) -> typing.List[builtins.str]:
         '''Validates by checking the BuildEnvironments' images are not Lambda ComputeTypes.
 
-        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_1_0
+        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_7_0
         :param certificate: The location of the PEM-encoded certificate for the build project. Default: - No external certificate is added to the project
         :param compute_type: The type of compute to use for this build. See the ``ComputeType`` enum for the possible values. Default: taken from ``#buildImage#defaultComputeType``
         :param environment_variables: The environment variables that your builds can use.
@@ -10972,7 +10972,7 @@ class LinuxArmLambdaBuildImage(
     ) -> typing.List[builtins.str]:
         '''Allows the image a chance to validate whether the passed configuration is correct.
 
-        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_1_0
+        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_7_0
         :param certificate: The location of the PEM-encoded certificate for the build project. Default: - No external certificate is added to the project
         :param compute_type: The type of compute to use for this build. See the ``ComputeType`` enum for the possible values. Default: taken from ``#buildImage#defaultComputeType``
         :param environment_variables: The environment variables that your builds can use.
@@ -11292,7 +11292,7 @@ class LinuxBuildImage(
     ) -> typing.List[builtins.str]:
         '''Allows the image a chance to validate whether the passed configuration is correct.
 
-        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_1_0
+        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_7_0
         :param certificate: The location of the PEM-encoded certificate for the build project. Default: - No external certificate is added to the project
         :param compute_type: The type of compute to use for this build. See the ``ComputeType`` enum for the possible values. Default: taken from ``#buildImage#defaultComputeType``
         :param environment_variables: The environment variables that your builds can use.
@@ -11536,7 +11536,7 @@ class LinuxLambdaBuildImage(
     ) -> typing.List[builtins.str]:
         '''Allows the image a chance to validate whether the passed configuration is correct.
 
-        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_1_0
+        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_7_0
         :param certificate: The location of the PEM-encoded certificate for the build project. Default: - No external certificate is added to the project
         :param compute_type: The type of compute to use for this build. See the ``ComputeType`` enum for the possible values. Default: taken from ``#buildImage#defaultComputeType``
         :param environment_variables: The environment variables that your builds can use.
@@ -11977,7 +11977,7 @@ class MacBuildImage(
     ) -> typing.List[builtins.str]:
         '''Allows the image a chance to validate whether the passed configuration is correct.
 
-        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_1_0
+        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_7_0
         :param certificate: The location of the PEM-encoded certificate for the build project. Default: - No external certificate is added to the project
         :param compute_type: The type of compute to use for this build. See the ``ComputeType`` enum for the possible values. Default: taken from ``#buildImage#defaultComputeType``
         :param environment_variables: The environment variables that your builds can use.
@@ -12148,7 +12148,7 @@ class PipelineProjectProps(CommonProjectProps):
         :param concurrent_build_limit: Maximum number of concurrent builds. Minimum value is 1 and maximum is account build limit. Default: - no explicit limit is set
         :param description: A description of the project. Use the description to identify the purpose of the project. Default: - No description.
         :param encryption_key: Encryption key to use to read and write artifacts. Default: - The AWS-managed CMK for Amazon Simple Storage Service (Amazon S3) is used.
-        :param environment: Build environment to use for the build. Default: BuildEnvironment.LinuxBuildImage.STANDARD_1_0
+        :param environment: Build environment to use for the build. Default: BuildEnvironment.LinuxBuildImage.STANDARD_7_0
         :param environment_variables: Additional environment variables to add to the build environment. Default: - No additional environment variables are specified.
         :param file_system_locations: An ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier, location, mountOptions, mountPoint, and type of a file system created using Amazon Elastic File System. Default: - no file system locations
         :param grant_report_group_permissions: Add permissions to this project's role to create and use test report groups with name starting with the name of this project. That is the standard report group that gets created when a simple name (in contrast to an ARN) is used in the 'reports' section of the buildspec of this project. This is usually harmless, but you can turn these off if you don't plan on using test reports in this project. Default: true
@@ -12389,7 +12389,7 @@ class PipelineProjectProps(CommonProjectProps):
     def environment(self) -> typing.Optional[BuildEnvironment]:
         '''Build environment to use for the build.
 
-        :default: BuildEnvironment.LinuxBuildImage.STANDARD_1_0
+        :default: BuildEnvironment.LinuxBuildImage.STANDARD_7_0
         '''
         result = self._values.get("environment")
         return typing.cast(typing.Optional[BuildEnvironment], result)
@@ -12651,7 +12651,7 @@ class Project(
         :param concurrent_build_limit: Maximum number of concurrent builds. Minimum value is 1 and maximum is account build limit. Default: - no explicit limit is set
         :param description: A description of the project. Use the description to identify the purpose of the project. Default: - No description.
         :param encryption_key: Encryption key to use to read and write artifacts. Default: - The AWS-managed CMK for Amazon Simple Storage Service (Amazon S3) is used.
-        :param environment: Build environment to use for the build. Default: BuildEnvironment.LinuxBuildImage.STANDARD_1_0
+        :param environment: Build environment to use for the build. Default: BuildEnvironment.LinuxBuildImage.STANDARD_7_0
         :param environment_variables: Additional environment variables to add to the build environment. Default: - No additional environment variables are specified.
         :param file_system_locations: An ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier, location, mountOptions, mountPoint, and type of a file system created using Amazon Elastic File System. Default: - no file system locations
         :param grant_report_group_permissions: Add permissions to this project's role to create and use test report groups with name starting with the name of this project. That is the standard report group that gets created when a simple name (in contrast to an ARN) is used in the 'reports' section of the buildspec of this project. This is usually harmless, but you can turn these off if you don't plan on using test reports in this project. Default: true
@@ -13684,7 +13684,7 @@ class ProjectProps(CommonProjectProps):
         :param concurrent_build_limit: Maximum number of concurrent builds. Minimum value is 1 and maximum is account build limit. Default: - no explicit limit is set
         :param description: A description of the project. Use the description to identify the purpose of the project. Default: - No description.
         :param encryption_key: Encryption key to use to read and write artifacts. Default: - The AWS-managed CMK for Amazon Simple Storage Service (Amazon S3) is used.
-        :param environment: Build environment to use for the build. Default: BuildEnvironment.LinuxBuildImage.STANDARD_1_0
+        :param environment: Build environment to use for the build. Default: BuildEnvironment.LinuxBuildImage.STANDARD_7_0
         :param environment_variables: Additional environment variables to add to the build environment. Default: - No additional environment variables are specified.
         :param file_system_locations: An ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier, location, mountOptions, mountPoint, and type of a file system created using Amazon Elastic File System. Default: - no file system locations
         :param grant_report_group_permissions: Add permissions to this project's role to create and use test report groups with name starting with the name of this project. That is the standard report group that gets created when a simple name (in contrast to an ARN) is used in the 'reports' section of the buildspec of this project. This is usually harmless, but you can turn these off if you don't plan on using test reports in this project. Default: true
@@ -13902,7 +13902,7 @@ class ProjectProps(CommonProjectProps):
     def environment(self) -> typing.Optional[BuildEnvironment]:
         '''Build environment to use for the build.
 
-        :default: BuildEnvironment.LinuxBuildImage.STANDARD_1_0
+        :default: BuildEnvironment.LinuxBuildImage.STANDARD_7_0
         '''
         result = self._values.get("environment")
         return typing.cast(typing.Optional[BuildEnvironment], result)
@@ -15487,7 +15487,7 @@ class WindowsBuildImage(
     ) -> typing.List[builtins.str]:
         '''Allows the image a chance to validate whether the passed configuration is correct.
 
-        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_1_0
+        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_7_0
         :param certificate: The location of the PEM-encoded certificate for the build project. Default: - No external certificate is added to the project
         :param compute_type: The type of compute to use for this build. See the ``ComputeType`` enum for the possible values. Default: taken from ``#buildImage#defaultComputeType``
         :param environment_variables: The environment variables that your builds can use.
@@ -16905,7 +16905,7 @@ class LinuxGpuBuildImage(
     ) -> typing.List[builtins.str]:
         '''Allows the image a chance to validate whether the passed configuration is correct.
 
-        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_1_0
+        :param build_image: The image used for the builds. Default: LinuxBuildImage.STANDARD_7_0
         :param certificate: The location of the PEM-encoded certificate for the build project. Default: - No external certificate is added to the project
         :param compute_type: The type of compute to use for this build. See the ``ComputeType`` enum for the possible values. Default: taken from ``#buildImage#defaultComputeType``
         :param environment_variables: The environment variables that your builds can use.
@@ -17154,7 +17154,7 @@ class PipelineProject(
         :param concurrent_build_limit: Maximum number of concurrent builds. Minimum value is 1 and maximum is account build limit. Default: - no explicit limit is set
         :param description: A description of the project. Use the description to identify the purpose of the project. Default: - No description.
         :param encryption_key: Encryption key to use to read and write artifacts. Default: - The AWS-managed CMK for Amazon Simple Storage Service (Amazon S3) is used.
-        :param environment: Build environment to use for the build. Default: BuildEnvironment.LinuxBuildImage.STANDARD_1_0
+        :param environment: Build environment to use for the build. Default: BuildEnvironment.LinuxBuildImage.STANDARD_7_0
         :param environment_variables: Additional environment variables to add to the build environment. Default: - No additional environment variables are specified.
         :param file_system_locations: An ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier, location, mountOptions, mountPoint, and type of a file system created using Amazon Elastic File System. Default: - no file system locations
         :param grant_report_group_permissions: Add permissions to this project's role to create and use test report groups with name starting with the name of this project. That is the standard report group that gets created when a simple name (in contrast to an ARN) is used in the 'reports' section of the buildspec of this project. This is usually harmless, but you can turn these off if you don't plan on using test reports in this project. Default: true

aws_cdk/aws_cognito/__init__.py

@@ -308,13 +308,17 @@ configure an MFA token and use it for sign in. It also allows for the users to u
 [time-based one time password
 (TOTP)](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html).
 
+If you want to enable email-based MFA, set `email` propety to the Amazon SES email-sending configuration and set `advancedSecurityMode` to `AdvancedSecurity.ENFORCED` or `AdvancedSecurity.AUDIT`.
+For more information, see [Email MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security-email-mfa.html).
+
 ```python
 cognito.UserPool(self, "myuserpool",
     # ...
     mfa=cognito.Mfa.REQUIRED,
     mfa_second_factor=cognito.MfaSecondFactor(
         sms=True,
-        otp=True
+        otp=True,
+        email=False
     )
 )
 ```
@@ -13633,7 +13637,8 @@ class Mfa(enum.Enum):
             mfa=cognito.Mfa.REQUIRED,
             mfa_second_factor=cognito.MfaSecondFactor(
                 sms=True,
-                otp=True
+                otp=True,
+                email=False
             )
         )
     '''
@@ -13649,14 +13654,21 @@ class Mfa(enum.Enum):
 @jsii.data_type(
     jsii_type="aws-cdk-lib.aws_cognito.MfaSecondFactor",
     jsii_struct_bases=[],
-    name_mapping={"otp": "otp", "sms": "sms"},
+    name_mapping={"otp": "otp", "sms": "sms", "email": "email"},
 )
 class MfaSecondFactor:
-    def __init__(self, *, otp: builtins.bool, sms: builtins.bool) -> None:
+    def __init__(
+        self,
+        *,
+        otp: builtins.bool,
+        sms: builtins.bool,
+        email: typing.Optional[builtins.bool] = None,
+    ) -> None:
         '''The different ways in which a user pool can obtain their MFA token for sign in.
 
         :param otp: The MFA token is a time-based one time password that is generated by a hardware or software token. Default: false
         :param sms: The MFA token is sent to the user via SMS to their verified phone numbers. Default: true
+        :param email: The MFA token is sent to the user via EMAIL. To enable email-based MFA, set ``email`` property to the Amazon SES email-sending configuration and set ``advancedSecurityMode`` to ``AdvancedSecurity.ENFORCED`` or ``AdvancedSecurity.AUDIT`` Default: false
 
         :see: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html
         :exampleMetadata: infused
@@ -13668,7 +13680,8 @@ class MfaSecondFactor:
                 mfa=cognito.Mfa.REQUIRED,
                 mfa_second_factor=cognito.MfaSecondFactor(
                     sms=True,
-                    otp=True
+                    otp=True,
+                    email=False
                 )
             )
         '''
@@ -13676,10 +13689,13 @@ class MfaSecondFactor:
             type_hints = typing.get_type_hints(_typecheckingstub__cd702328c87129c710daf17c5d6eb94fe91bfd54ab5fe2157a787ca7021ea599)
             check_type(argname="argument otp", value=otp, expected_type=type_hints["otp"])
             check_type(argname="argument sms", value=sms, expected_type=type_hints["sms"])
+            check_type(argname="argument email", value=email, expected_type=type_hints["email"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "otp": otp,
             "sms": sms,
         }
+        if email is not None:
+            self._values["email"] = email
 
     @builtins.property
     def otp(self) -> builtins.bool:
@@ -13699,12 +13715,26 @@ class MfaSecondFactor:
 
         :default: true
 
-        :see: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-sms-text-message.html
+        :see: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-sms-email-message.html
         '''
         result = self._values.get("sms")
         assert result is not None, "Required property 'sms' is missing"
         return typing.cast(builtins.bool, result)
 
+    @builtins.property
+    def email(self) -> typing.Optional[builtins.bool]:
+        '''The MFA token is sent to the user via EMAIL.
+
+        To enable email-based MFA, set ``email`` property to the Amazon SES email-sending configuration
+        and set ``advancedSecurityMode`` to ``AdvancedSecurity.ENFORCED`` or ``AdvancedSecurity.AUDIT``
+
+        :default: false
+
+        :see: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-sms-email-message.html
+        '''
+        result = self._values.get("email")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -16290,7 +16320,7 @@ class UserPool(
         :param lambda_triggers: Lambda functions to use for supported Cognito triggers. Default: - No Lambda triggers.
         :param mfa: Configure whether users of this user pool can or are required use MFA to sign in. Default: Mfa.OFF
         :param mfa_message: The SMS message template sent during MFA verification. Use '{####}' in the template where Cognito should insert the verification code. Default: 'Your authentication code is {####}.'
-        :param mfa_second_factor: Configure the MFA types that users can use in this user pool. Ignored if ``mfa`` is set to ``OFF``. Default: - { sms: true, otp: false }, if ``mfa`` is set to ``OPTIONAL`` or ``REQUIRED``. { sms: false, otp: false }, otherwise
+        :param mfa_second_factor: Configure the MFA types that users can use in this user pool. Ignored if ``mfa`` is set to ``OFF``. Default: - { sms: true, otp: false, email: false }, if ``mfa`` is set to ``OPTIONAL`` or ``REQUIRED``. { sms: false, otp: false, email:false }, otherwise
         :param password_policy: Password policy for this user pool. Default: - see defaults on each property of PasswordPolicy.
         :param removal_policy: Policy to apply when the user pool is removed from the stack. Default: RemovalPolicy.RETAIN
         :param self_sign_up_enabled: Whether self sign-up should be enabled. To configure self sign-up configuration use the ``userVerification`` property. Default: - false
@@ -17885,6 +17915,132 @@ class _UserPoolEmailProxy(UserPoolEmail):
 typing.cast(typing.Any, UserPoolEmail).__jsii_proxy_class__ = lambda : _UserPoolEmailProxy
 
 
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_cognito.UserPoolEmailConfig",
+    jsii_struct_bases=[],
+    name_mapping={
+        "configuration_set": "configurationSet",
+        "email_sending_account": "emailSendingAccount",
+        "from_": "from",
+        "reply_to_email_address": "replyToEmailAddress",
+        "source_arn": "sourceArn",
+    },
+)
+class UserPoolEmailConfig:
+    def __init__(
+        self,
+        *,
+        configuration_set: typing.Optional[builtins.str] = None,
+        email_sending_account: typing.Optional[builtins.str] = None,
+        from_: typing.Optional[builtins.str] = None,
+        reply_to_email_address: typing.Optional[builtins.str] = None,
+        source_arn: typing.Optional[builtins.str] = None,
+    ) -> None:
+        '''Result of binding email settings with a user pool.
+
+        :param configuration_set: The name of the configuration set in SES. Default: - none
+        :param email_sending_account: Specifies whether to use Cognito's built in email functionality or SES. Default: - Cognito built in email functionality
+        :param from_: Identifies either the sender's email address or the sender's name with their email address. If emailSendingAccount is DEVELOPER then this cannot be specified. Default: 'no-reply@verificationemail.com'
+        :param reply_to_email_address: The destination to which the receiver of the email should reply to. Default: - same as ``from``
+        :param source_arn: The ARN of a verified email address in Amazon SES. required if emailSendingAccount is DEVELOPER or if 'from' is provided. Default: - none
+
+        :exampleMetadata: fixture=_generated
+
+        Example::
+
+            # The code below shows an example of how to instantiate this type.
+            # The values are placeholders you should change.
+            from aws_cdk import aws_cognito as cognito
+            
+            user_pool_email_config = cognito.UserPoolEmailConfig(
+                configuration_set="configurationSet",
+                email_sending_account="emailSendingAccount",
+                from="from",
+                reply_to_email_address="replyToEmailAddress",
+                source_arn="sourceArn"
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__e3ce90cb9624f22600c6b33192c8ad7ad7f3946d65d49e2cf22b46b1dca4339e)
+            check_type(argname="argument configuration_set", value=configuration_set, expected_type=type_hints["configuration_set"])
+            check_type(argname="argument email_sending_account", value=email_sending_account, expected_type=type_hints["email_sending_account"])
+            check_type(argname="argument from_", value=from_, expected_type=type_hints["from_"])
+            check_type(argname="argument reply_to_email_address", value=reply_to_email_address, expected_type=type_hints["reply_to_email_address"])
+            check_type(argname="argument source_arn", value=source_arn, expected_type=type_hints["source_arn"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {}
+        if configuration_set is not None:
+            self._values["configuration_set"] = configuration_set
+        if email_sending_account is not None:
+            self._values["email_sending_account"] = email_sending_account
+        if from_ is not None:
+            self._values["from_"] = from_
+        if reply_to_email_address is not None:
+            self._values["reply_to_email_address"] = reply_to_email_address
+        if source_arn is not None:
+            self._values["source_arn"] = source_arn
+
+    @builtins.property
+    def configuration_set(self) -> typing.Optional[builtins.str]:
+        '''The name of the configuration set in SES.
+
+        :default: - none
+        '''
+        result = self._values.get("configuration_set")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def email_sending_account(self) -> typing.Optional[builtins.str]:
+        '''Specifies whether to use Cognito's built in email functionality or SES.
+
+        :default: - Cognito built in email functionality
+        '''
+        result = self._values.get("email_sending_account")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def from_(self) -> typing.Optional[builtins.str]:
+        '''Identifies either the sender's email address or the sender's name with their email address.
+
+        If emailSendingAccount is DEVELOPER then this cannot be specified.
+
+        :default: 'no-reply@verificationemail.com'
+        '''
+        result = self._values.get("from_")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def reply_to_email_address(self) -> typing.Optional[builtins.str]:
+        '''The destination to which the receiver of the email should reply to.
+
+        :default: - same as ``from``
+        '''
+        result = self._values.get("reply_to_email_address")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def source_arn(self) -> typing.Optional[builtins.str]:
+        '''The ARN of a verified email address in Amazon SES.
+
+        required if emailSendingAccount is DEVELOPER or if
+        'from' is provided.
+
+        :default: - none
+        '''
+        result = self._values.get("source_arn")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "UserPoolEmailConfig(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
 class UserPoolIdentityProvider(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_cognito.UserPoolIdentityProvider",
@@ -19107,7 +19263,7 @@ class UserPoolProps:
         :param lambda_triggers: Lambda functions to use for supported Cognito triggers. Default: - No Lambda triggers.
         :param mfa: Configure whether users of this user pool can or are required use MFA to sign in. Default: Mfa.OFF
         :param mfa_message: The SMS message template sent during MFA verification. Use '{####}' in the template where Cognito should insert the verification code. Default: 'Your authentication code is {####}.'
-        :param mfa_second_factor: Configure the MFA types that users can use in this user pool. Ignored if ``mfa`` is set to ``OFF``. Default: - { sms: true, otp: false }, if ``mfa`` is set to ``OPTIONAL`` or ``REQUIRED``. { sms: false, otp: false }, otherwise
+        :param mfa_second_factor: Configure the MFA types that users can use in this user pool. Ignored if ``mfa`` is set to ``OFF``. Default: - { sms: true, otp: false, email: false }, if ``mfa`` is set to ``OPTIONAL`` or ``REQUIRED``. { sms: false, otp: false, email:false }, otherwise
         :param password_policy: Password policy for this user pool. Default: - see defaults on each property of PasswordPolicy.
         :param removal_policy: Policy to apply when the user pool is removed from the stack. Default: RemovalPolicy.RETAIN
         :param self_sign_up_enabled: Whether self sign-up should be enabled. To configure self sign-up configuration use the ``userVerification`` property. Default: - false
@@ -19380,8 +19536,8 @@ class UserPoolProps:
 
         :default:
 
-        - { sms: true, otp: false }, if ``mfa`` is set to ``OPTIONAL`` or ``REQUIRED``.
-        { sms: false, otp: false }, otherwise
+        - { sms: true, otp: false, email: false }, if ``mfa`` is set to ``OPTIONAL`` or ``REQUIRED``.
+        { sms: false, otp: false, email:false }, otherwise
         '''
         result = self._values.get("mfa_second_factor")
         return typing.cast(typing.Optional[MfaSecondFactor], result)
@@ -21421,6 +21577,7 @@ __all__ = [
     "UserPoolDomainOptions",
     "UserPoolDomainProps",
     "UserPoolEmail",
+    "UserPoolEmailConfig",
     "UserPoolIdentityProvider",
     "UserPoolIdentityProviderAmazon",
     "UserPoolIdentityProviderAmazonProps",
@@ -23224,6 +23381,7 @@ def _typecheckingstub__cd702328c87129c710daf17c5d6eb94fe91bfd54ab5fe2157a787ca70
     *,
     otp: builtins.bool,
     sms: builtins.bool,
+    email: typing.Optional[builtins.bool] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -23660,6 +23818,17 @@ def _typecheckingstub__8bae3bcd6b2ec774cf9e4981de492abd05cc31118c8ca51bb996ae328
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__e3ce90cb9624f22600c6b33192c8ad7ad7f3946d65d49e2cf22b46b1dca4339e(
+    *,
+    configuration_set: typing.Optional[builtins.str] = None,
+    email_sending_account: typing.Optional[builtins.str] = None,
+    from_: typing.Optional[builtins.str] = None,
+    reply_to_email_address: typing.Optional[builtins.str] = None,
+    source_arn: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__9db3563a94587e916fce47561a9ad603b26f36fbcb7b72d5e133ddf1e77b76d6(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,

aws_cdk/aws_ec2/__init__.py

@@ -283,6 +283,23 @@ ec2.Vpc(self, "TheVPC",
 provider.connections.allow_from(ec2.Peer.ipv4("1.2.3.4/8"), ec2.Port.HTTP)
 ```
 
+### Associate Public IP Address to NAT Instance
+
+You can choose to associate public IP address to a NAT instance V2 by specifying `associatePublicIpAddress`
+like the following:
+
+```python
+nat_gateway_provider = ec2.NatProvider.instance_v2(
+    instance_type=ec2.InstanceType("t3.small"),
+    associate_public_ip_address=True
+)
+```
+
+In certain scenarios where the public subnet has set `mapPublicIpOnLaunch` to `false`, NAT instances does not
+get public IP addresses assigned which would result in non-working NAT instance as NAT instance requires a public
+IP address to enable outbound internet connectivity. Users can specify `associatePublicIpAddress` to `true` to
+solve this problem.
+
 ### Ip Address Management
 
 The VPC spans a supernet IP range, which contains the non-overlapping IPs of its contained subnets. Possible sources for this IP range are:
@@ -81326,6 +81343,7 @@ class NatInstanceImage(
     jsii_struct_bases=[],
     name_mapping={
         "instance_type": "instanceType",
+        "associate_public_ip_address": "associatePublicIpAddress",
         "credit_specification": "creditSpecification",
         "default_allowed_traffic": "defaultAllowedTraffic",
         "key_name": "keyName",
@@ -81340,6 +81358,7 @@ class NatInstanceProps:
         self,
         *,
         instance_type: InstanceType,
+        associate_public_ip_address: typing.Optional[builtins.bool] = None,
         credit_specification: typing.Optional[CpuCredits] = None,
         default_allowed_traffic: typing.Optional["NatTrafficDirection"] = None,
         key_name: typing.Optional[builtins.str] = None,
@@ -81351,6 +81370,7 @@ class NatInstanceProps:
         '''Properties for a NAT instance.
 
         :param instance_type: Instance type of the NAT instance.
+        :param associate_public_ip_address: Whether to associate a public IP address to the primary network interface attached to this instance. Default: undefined - No public IP address associated
         :param credit_specification: Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc). The unlimited CPU credit option is not supported for T3 instances with dedicated host (``host``) tenancy. Default: - T2 instances are standard, while T3, T4g, and T3a instances are unlimited.
         :param default_allowed_traffic: Direction to allow all traffic through the NAT instance by default. By default, inbound and outbound traffic is allowed. If you set this to another value than INBOUND_AND_OUTBOUND, you must configure the NAT instance's security groups in another way, either by passing in a fully configured Security Group using the ``securityGroup`` property, or by configuring it using the ``.securityGroup`` or ``.connections`` members after passing the NAT Instance Provider to a Vpc. Default: NatTrafficDirection.INBOUND_AND_OUTBOUND
         :param key_name: (deprecated) Name of SSH keypair to grant access to instance. Default: - No SSH access will be possible.
@@ -81378,6 +81398,7 @@ class NatInstanceProps:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__d7c7c717447859e1ccc181bc97f7752cc3f7fa7afaee4c3a4266eeac32c08643)
             check_type(argname="argument instance_type", value=instance_type, expected_type=type_hints["instance_type"])
+            check_type(argname="argument associate_public_ip_address", value=associate_public_ip_address, expected_type=type_hints["associate_public_ip_address"])
             check_type(argname="argument credit_specification", value=credit_specification, expected_type=type_hints["credit_specification"])
             check_type(argname="argument default_allowed_traffic", value=default_allowed_traffic, expected_type=type_hints["default_allowed_traffic"])
             check_type(argname="argument key_name", value=key_name, expected_type=type_hints["key_name"])
@@ -81388,6 +81409,8 @@ class NatInstanceProps:
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "instance_type": instance_type,
         }
+        if associate_public_ip_address is not None:
+            self._values["associate_public_ip_address"] = associate_public_ip_address
         if credit_specification is not None:
             self._values["credit_specification"] = credit_specification
         if default_allowed_traffic is not None:
@@ -81410,6 +81433,15 @@ class NatInstanceProps:
         assert result is not None, "Required property 'instance_type' is missing"
         return typing.cast(InstanceType, result)
 
+    @builtins.property
+    def associate_public_ip_address(self) -> typing.Optional[builtins.bool]:
+        '''Whether to associate a public IP address to the primary network interface attached to this instance.
+
+        :default: undefined - No public IP address associated
+        '''
+        result = self._values.get("associate_public_ip_address")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     @builtins.property
     def credit_specification(self) -> typing.Optional[CpuCredits]:
         '''Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc).
@@ -81592,6 +81624,7 @@ class NatProvider(
         cls,
         *,
         instance_type: InstanceType,
+        associate_public_ip_address: typing.Optional[builtins.bool] = None,
         credit_specification: typing.Optional[CpuCredits] = None,
         default_allowed_traffic: typing.Optional["NatTrafficDirection"] = None,
         key_name: typing.Optional[builtins.str] = None,
@@ -81609,6 +81642,7 @@ class NatProvider(
         your own NatProvider based on AutoScaling groups if you need that.
 
         :param instance_type: Instance type of the NAT instance.
+        :param associate_public_ip_address: Whether to associate a public IP address to the primary network interface attached to this instance. Default: undefined - No public IP address associated
         :param credit_specification: Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc). The unlimited CPU credit option is not supported for T3 instances with dedicated host (``host``) tenancy. Default: - T2 instances are standard, while T3, T4g, and T3a instances are unlimited.
         :param default_allowed_traffic: Direction to allow all traffic through the NAT instance by default. By default, inbound and outbound traffic is allowed. If you set this to another value than INBOUND_AND_OUTBOUND, you must configure the NAT instance's security groups in another way, either by passing in a fully configured Security Group using the ``securityGroup`` property, or by configuring it using the ``.securityGroup`` or ``.connections`` members after passing the NAT Instance Provider to a Vpc. Default: NatTrafficDirection.INBOUND_AND_OUTBOUND
         :param key_name: (deprecated) Name of SSH keypair to grant access to instance. Default: - No SSH access will be possible.
@@ -81627,6 +81661,7 @@ class NatProvider(
         '''
         props = NatInstanceProps(
             instance_type=instance_type,
+            associate_public_ip_address=associate_public_ip_address,
             credit_specification=credit_specification,
             default_allowed_traffic=default_allowed_traffic,
             key_name=key_name,
@@ -81644,6 +81679,7 @@ class NatProvider(
         cls,
         *,
         instance_type: InstanceType,
+        associate_public_ip_address: typing.Optional[builtins.bool] = None,
         credit_specification: typing.Optional[CpuCredits] = None,
         default_allowed_traffic: typing.Optional["NatTrafficDirection"] = None,
         key_name: typing.Optional[builtins.str] = None,
@@ -81661,6 +81697,7 @@ class NatProvider(
         your own NatProvider based on AutoScaling groups if you need that.
 
         :param instance_type: Instance type of the NAT instance.
+        :param associate_public_ip_address: Whether to associate a public IP address to the primary network interface attached to this instance. Default: undefined - No public IP address associated
         :param credit_specification: Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc). The unlimited CPU credit option is not supported for T3 instances with dedicated host (``host``) tenancy. Default: - T2 instances are standard, while T3, T4g, and T3a instances are unlimited.
         :param default_allowed_traffic: Direction to allow all traffic through the NAT instance by default. By default, inbound and outbound traffic is allowed. If you set this to another value than INBOUND_AND_OUTBOUND, you must configure the NAT instance's security groups in another way, either by passing in a fully configured Security Group using the ``securityGroup`` property, or by configuring it using the ``.securityGroup`` or ``.connections`` members after passing the NAT Instance Provider to a Vpc. Default: NatTrafficDirection.INBOUND_AND_OUTBOUND
         :param key_name: (deprecated) Name of SSH keypair to grant access to instance. Default: - No SSH access will be possible.
@@ -81673,6 +81710,7 @@ class NatProvider(
         '''
         props = NatInstanceProps(
             instance_type=instance_type,
+            associate_public_ip_address=associate_public_ip_address,
             credit_specification=credit_specification,
             default_allowed_traffic=default_allowed_traffic,
             key_name=key_name,
@@ -94196,6 +94234,7 @@ class NatInstanceProvider(
         self,
         *,
         instance_type: InstanceType,
+        associate_public_ip_address: typing.Optional[builtins.bool] = None,
         credit_specification: typing.Optional[CpuCredits] = None,
         default_allowed_traffic: typing.Optional[NatTrafficDirection] = None,
         key_name: typing.Optional[builtins.str] = None,
@@ -94206,6 +94245,7 @@ class NatInstanceProvider(
     ) -> None:
         '''
         :param instance_type: Instance type of the NAT instance.
+        :param associate_public_ip_address: Whether to associate a public IP address to the primary network interface attached to this instance. Default: undefined - No public IP address associated
         :param credit_specification: Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc). The unlimited CPU credit option is not supported for T3 instances with dedicated host (``host``) tenancy. Default: - T2 instances are standard, while T3, T4g, and T3a instances are unlimited.
         :param default_allowed_traffic: Direction to allow all traffic through the NAT instance by default. By default, inbound and outbound traffic is allowed. If you set this to another value than INBOUND_AND_OUTBOUND, you must configure the NAT instance's security groups in another way, either by passing in a fully configured Security Group using the ``securityGroup`` property, or by configuring it using the ``.securityGroup`` or ``.connections`` members after passing the NAT Instance Provider to a Vpc. Default: NatTrafficDirection.INBOUND_AND_OUTBOUND
         :param key_name: (deprecated) Name of SSH keypair to grant access to instance. Default: - No SSH access will be possible.
@@ -94218,6 +94258,7 @@ class NatInstanceProvider(
         '''
         props = NatInstanceProps(
             instance_type=instance_type,
+            associate_public_ip_address=associate_public_ip_address,
             credit_specification=credit_specification,
             default_allowed_traffic=default_allowed_traffic,
             key_name=key_name,
@@ -94329,6 +94370,7 @@ class NatInstanceProviderV2(
         self,
         *,
         instance_type: InstanceType,
+        associate_public_ip_address: typing.Optional[builtins.bool] = None,
         credit_specification: typing.Optional[CpuCredits] = None,
         default_allowed_traffic: typing.Optional[NatTrafficDirection] = None,
         key_name: typing.Optional[builtins.str] = None,
@@ -94339,6 +94381,7 @@ class NatInstanceProviderV2(
     ) -> None:
         '''
         :param instance_type: Instance type of the NAT instance.
+        :param associate_public_ip_address: Whether to associate a public IP address to the primary network interface attached to this instance. Default: undefined - No public IP address associated
         :param credit_specification: Specifying the CPU credit type for burstable EC2 instance types (T2, T3, T3a, etc). The unlimited CPU credit option is not supported for T3 instances with dedicated host (``host``) tenancy. Default: - T2 instances are standard, while T3, T4g, and T3a instances are unlimited.
         :param default_allowed_traffic: Direction to allow all traffic through the NAT instance by default. By default, inbound and outbound traffic is allowed. If you set this to another value than INBOUND_AND_OUTBOUND, you must configure the NAT instance's security groups in another way, either by passing in a fully configured Security Group using the ``securityGroup`` property, or by configuring it using the ``.securityGroup`` or ``.connections`` members after passing the NAT Instance Provider to a Vpc. Default: NatTrafficDirection.INBOUND_AND_OUTBOUND
         :param key_name: (deprecated) Name of SSH keypair to grant access to instance. Default: - No SSH access will be possible.
@@ -94349,6 +94392,7 @@ class NatInstanceProviderV2(
         '''
         props = NatInstanceProps(
             instance_type=instance_type,
+            associate_public_ip_address=associate_public_ip_address,
             credit_specification=credit_specification,
             default_allowed_traffic=default_allowed_traffic,
             key_name=key_name,
@@ -107253,6 +107297,7 @@ def _typecheckingstub__addd8acc808c4965634311e54a7ffc0e3ebe29f2170d0d62750af3ad0
 def _typecheckingstub__d7c7c717447859e1ccc181bc97f7752cc3f7fa7afaee4c3a4266eeac32c08643(
     *,
     instance_type: InstanceType,
+    associate_public_ip_address: typing.Optional[builtins.bool] = None,
     credit_specification: typing.Optional[CpuCredits] = None,
     default_allowed_traffic: typing.Optional[NatTrafficDirection] = None,
     key_name: typing.Optional[builtins.str] = None,

aws_cdk/aws_iam/__init__.py

@@ -262,6 +262,72 @@ iam.Role.customize_roles(self,
 For more information on configuring permissions see the [Security And Safety Dev
 Guide](https://github.com/aws/aws-cdk/wiki/Security-And-Safety-Dev-Guide)
 
+#### Policy report generation
+
+When `customizeRoles` is used, the `iam-policy-report.txt` report will contain a list
+of IAM roles and associated permissions that would have been created. This report is
+generated in an attempt to resolve and replace any references with a more user-friendly
+value.
+
+The following are some examples of the value that will appear in the report:
+
+```json
+"Resource": {
+  "Fn::Join": [
+    "",
+    [
+      "arn:",
+      {
+        "Ref": "AWS::Partition"
+      },
+      ":iam::",
+      {
+        "Ref": "AWS::AccountId"
+      },
+      ":role/Role"
+    ]
+  ]
+}
+```
+
+The policy report will instead get:
+
+```json
+"Resource": "arn:(PARTITION):iam::(ACCOUNT):role/Role"
+```
+
+If IAM policy is referencing a resource attribute:
+
+```json
+"Resource": [
+  {
+    "Fn::GetAtt": [
+      "SomeResource",
+      "Arn"
+    ]
+  },
+  {
+    "Ref": "AWS::NoValue",
+  }
+]
+```
+
+The policy report will instead get:
+
+```json
+"Resource": [
+  "(Path/To/SomeResource.Arn)"
+  "(NOVALUE)"
+]
+```
+
+The following pseudo parameters will be converted:
+
+1. `{ 'Ref': 'AWS::AccountId' }` -> `(ACCOUNT)
+2. `{ 'Ref': 'AWS::Partition' }` -> `(PARTITION)
+3. `{ 'Ref': 'AWS::Region' }` -> `(REGION)
+4. `{ 'Ref': 'AWS::NoValue' }` -> `(NOVALUE)
+
 #### Generating a permissions report
 
 It is also possible to generate the report *without* preventing the role/policy creation.

aws_cdk/aws_lambda/__init__.py

@@ -14531,7 +14531,7 @@ class FunctionOptions(EventInvokeConfigOptions):
         :param params_and_secrets: Specify the configuration of Parameters and Secrets Extension. Default: - No Parameters and Secrets Extension
         :param profiling: Enable profiling. Default: - No profiling.
         :param profiling_group: Profiling Group. Default: - A new profiling group will be created if ``profiling`` is set.
-        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recusrive loops. Default: RecursiveLoop.Terminate
+        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recursive loops. Default: RecursiveLoop.Terminate
         :param reserved_concurrent_executions: The maximum of concurrent executions you want to reserve for the function. Default: - No specific limit - account limit.
         :param role: Lambda execution role. This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal. The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself. The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole". Default: - A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling ``addToRolePolicy``.
         :param runtime_management_mode: Sets the runtime management configuration for a function's version. Default: Auto
@@ -15264,7 +15264,7 @@ class FunctionOptions(EventInvokeConfigOptions):
     def recursive_loop(self) -> typing.Optional["RecursiveLoop"]:
         '''Sets the Recursive Loop Protection for Lambda Function.
 
-        It lets Lambda detect and terminate unintended recusrive loops.
+        It lets Lambda detect and terminate unintended recursive loops.
 
         :default: RecursiveLoop.Terminate
         '''
@@ -15574,7 +15574,7 @@ class FunctionProps(FunctionOptions):
         :param params_and_secrets: Specify the configuration of Parameters and Secrets Extension. Default: - No Parameters and Secrets Extension
         :param profiling: Enable profiling. Default: - No profiling.
         :param profiling_group: Profiling Group. Default: - A new profiling group will be created if ``profiling`` is set.
-        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recusrive loops. Default: RecursiveLoop.Terminate
+        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recursive loops. Default: RecursiveLoop.Terminate
         :param reserved_concurrent_executions: The maximum of concurrent executions you want to reserve for the function. Default: - No specific limit - account limit.
         :param role: Lambda execution role. This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal. The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself. The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole". Default: - A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling ``addToRolePolicy``.
         :param runtime_management_mode: Sets the runtime management configuration for a function's version. Default: Auto
@@ -16228,7 +16228,7 @@ class FunctionProps(FunctionOptions):
     def recursive_loop(self) -> typing.Optional["RecursiveLoop"]:
         '''Sets the Recursive Loop Protection for Lambda Function.
 
-        It lets Lambda detect and terminate unintended recusrive loops.
+        It lets Lambda detect and terminate unintended recursive loops.
 
         :default: RecursiveLoop.Terminate
         '''
@@ -19429,7 +19429,7 @@ class LogFormat(enum.Enum):
     By setting this value to Text,
     will result in the current structure of logs format, whereas, by setting this value to JSON,
     Lambda will print the logs as Structured JSON Logs, with the corresponding timestamp and log level
-    of each event. Selecting ‘JSON’ format will only allow customer’s to have different log level
+    of each event. Selecting ‘JSON’ format will only allow customers to have different log level
     Application log level and the System log level.
     '''
 
@@ -19521,7 +19521,7 @@ class LoggingFormat(enum.Enum):
     By setting this value to Text,
     will result in the current structure of logs format, whereas, by setting this value to JSON,
     Lambda will print the logs as Structured JSON Logs, with the corresponding timestamp and log level
-    of each event. Selecting ‘JSON’ format will only allow customer’s to have different log level
+    of each event. Selecting ‘JSON’ format will only allow customers to have different log level
     Application log level and the System log level.
 
     :exampleMetadata: infused
@@ -21059,7 +21059,7 @@ class SingletonFunctionProps(FunctionProps):
         :param params_and_secrets: Specify the configuration of Parameters and Secrets Extension. Default: - No Parameters and Secrets Extension
         :param profiling: Enable profiling. Default: - No profiling.
         :param profiling_group: Profiling Group. Default: - A new profiling group will be created if ``profiling`` is set.
-        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recusrive loops. Default: RecursiveLoop.Terminate
+        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recursive loops. Default: RecursiveLoop.Terminate
         :param reserved_concurrent_executions: The maximum of concurrent executions you want to reserve for the function. Default: - No specific limit - account limit.
         :param role: Lambda execution role. This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal. The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself. The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole". Default: - A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling ``addToRolePolicy``.
         :param runtime_management_mode: Sets the runtime management configuration for a function's version. Default: Auto
@@ -21701,7 +21701,7 @@ class SingletonFunctionProps(FunctionProps):
     def recursive_loop(self) -> typing.Optional[RecursiveLoop]:
         '''Sets the Recursive Loop Protection for Lambda Function.
 
-        It lets Lambda detect and terminate unintended recusrive loops.
+        It lets Lambda detect and terminate unintended recursive loops.
 
         :default: RecursiveLoop.Terminate
         '''
@@ -24013,7 +24013,7 @@ class DockerImageFunctionProps(FunctionOptions):
         :param params_and_secrets: Specify the configuration of Parameters and Secrets Extension. Default: - No Parameters and Secrets Extension
         :param profiling: Enable profiling. Default: - No profiling.
         :param profiling_group: Profiling Group. Default: - A new profiling group will be created if ``profiling`` is set.
-        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recusrive loops. Default: RecursiveLoop.Terminate
+        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recursive loops. Default: RecursiveLoop.Terminate
         :param reserved_concurrent_executions: The maximum of concurrent executions you want to reserve for the function. Default: - No specific limit - account limit.
         :param role: Lambda execution role. This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal. The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself. The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole". Default: - A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling ``addToRolePolicy``.
         :param runtime_management_mode: Sets the runtime management configuration for a function's version. Default: Auto
@@ -24640,7 +24640,7 @@ class DockerImageFunctionProps(FunctionOptions):
     def recursive_loop(self) -> typing.Optional[RecursiveLoop]:
         '''Sets the Recursive Loop Protection for Lambda Function.
 
-        It lets Lambda detect and terminate unintended recusrive loops.
+        It lets Lambda detect and terminate unintended recursive loops.
 
         :default: RecursiveLoop.Terminate
         '''
@@ -26100,7 +26100,7 @@ class SingletonFunction(
         :param params_and_secrets: Specify the configuration of Parameters and Secrets Extension. Default: - No Parameters and Secrets Extension
         :param profiling: Enable profiling. Default: - No profiling.
         :param profiling_group: Profiling Group. Default: - A new profiling group will be created if ``profiling`` is set.
-        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recusrive loops. Default: RecursiveLoop.Terminate
+        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recursive loops. Default: RecursiveLoop.Terminate
         :param reserved_concurrent_executions: The maximum of concurrent executions you want to reserve for the function. Default: - No specific limit - account limit.
         :param role: Lambda execution role. This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal. The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself. The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole". Default: - A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling ``addToRolePolicy``.
         :param runtime_management_mode: Sets the runtime management configuration for a function's version. Default: Auto
@@ -27090,7 +27090,7 @@ class Function(
         :param params_and_secrets: Specify the configuration of Parameters and Secrets Extension. Default: - No Parameters and Secrets Extension
         :param profiling: Enable profiling. Default: - No profiling.
         :param profiling_group: Profiling Group. Default: - A new profiling group will be created if ``profiling`` is set.
-        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recusrive loops. Default: RecursiveLoop.Terminate
+        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recursive loops. Default: RecursiveLoop.Terminate
         :param reserved_concurrent_executions: The maximum of concurrent executions you want to reserve for the function. Default: - No specific limit - account limit.
         :param role: Lambda execution role. This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal. The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself. The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole". Default: - A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling ``addToRolePolicy``.
         :param runtime_management_mode: Sets the runtime management configuration for a function's version. Default: Auto
@@ -27886,7 +27886,7 @@ class DockerImageFunction(
         :param params_and_secrets: Specify the configuration of Parameters and Secrets Extension. Default: - No Parameters and Secrets Extension
         :param profiling: Enable profiling. Default: - No profiling.
         :param profiling_group: Profiling Group. Default: - A new profiling group will be created if ``profiling`` is set.
-        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recusrive loops. Default: RecursiveLoop.Terminate
+        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recursive loops. Default: RecursiveLoop.Terminate
         :param reserved_concurrent_executions: The maximum of concurrent executions you want to reserve for the function. Default: - No specific limit - account limit.
         :param role: Lambda execution role. This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal. The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself. The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole". Default: - A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling ``addToRolePolicy``.
         :param runtime_management_mode: Sets the runtime management configuration for a function's version. Default: Auto

aws_cdk/aws_lambda_nodejs/__init__.py

@@ -173,8 +173,7 @@ nodejs.NodejsFunction(self, "my-handler",
 )
 ```
 
-Includes AWS SDK in the bundle asset by setting `bundleAwsSDK` to `true`. This will be essentially exclude sdk from the external
-module and not be resolved to the Lambda provided sdk.
+Includes AWS SDK in the bundle asset by setting `bundleAwsSDK` to `true`. This will exclude SDK from the external module and would not be resolved to Lambda provided SDK.
 
 ```python
 nodejs.NodejsFunction(self, "my-handler",
@@ -1664,7 +1663,7 @@ class NodejsFunction(
         :param params_and_secrets: Specify the configuration of Parameters and Secrets Extension. Default: - No Parameters and Secrets Extension
         :param profiling: Enable profiling. Default: - No profiling.
         :param profiling_group: Profiling Group. Default: - A new profiling group will be created if ``profiling`` is set.
-        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recusrive loops. Default: RecursiveLoop.Terminate
+        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recursive loops. Default: RecursiveLoop.Terminate
         :param reserved_concurrent_executions: The maximum of concurrent executions you want to reserve for the function. Default: - No specific limit - account limit.
         :param role: Lambda execution role. This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal. The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself. The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole". Default: - A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling ``addToRolePolicy``.
         :param runtime_management_mode: Sets the runtime management configuration for a function's version. Default: Auto
@@ -1912,7 +1911,7 @@ class NodejsFunctionProps(_FunctionOptions_328f4d39):
         :param params_and_secrets: Specify the configuration of Parameters and Secrets Extension. Default: - No Parameters and Secrets Extension
         :param profiling: Enable profiling. Default: - No profiling.
         :param profiling_group: Profiling Group. Default: - A new profiling group will be created if ``profiling`` is set.
-        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recusrive loops. Default: RecursiveLoop.Terminate
+        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recursive loops. Default: RecursiveLoop.Terminate
         :param reserved_concurrent_executions: The maximum of concurrent executions you want to reserve for the function. Default: - No specific limit - account limit.
         :param role: Lambda execution role. This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal. The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself. The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole". Default: - A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling ``addToRolePolicy``.
         :param runtime_management_mode: Sets the runtime management configuration for a function's version. Default: Auto
@@ -2583,7 +2582,7 @@ class NodejsFunctionProps(_FunctionOptions_328f4d39):
     def recursive_loop(self) -> typing.Optional[_RecursiveLoop_fc293827]:
         '''Sets the Recursive Loop Protection for Lambda Function.
 
-        It lets Lambda detect and terminate unintended recusrive loops.
+        It lets Lambda detect and terminate unintended recursive loops.
 
         :default: RecursiveLoop.Terminate
         '''

aws_cdk/aws_s3/__init__.py

@@ -212,8 +212,8 @@ To import an existing bucket into your CDK application, use the `Bucket.fromBuck
 factory method. This method accepts `BucketAttributes` which describes the properties of an already
 existing bucket:
 
-Note that this method allows importing buckets with legacy names containing underscores (`_`), which was
-permitted for buckets created before March 1, 2018. For buckets created after this date, underscores
+Note that this method allows importing buckets with legacy names containing uppercase letters (`A-Z`) or underscores (`_`), which were
+permitted for buckets created before March 1, 2018. For buckets created after this date, uppercase letters and underscores
 are not allowed in the bucket name.
 
 ```python

aws_cdk/cx_api/__init__.py

@@ -476,6 +476,25 @@ occur between these tightly coupled dependencies when using the AWS SDK v3 in La
   }
 }
 ```
+
+* `@aws-cdk/aws-dynamodb:resourcePolicyPerReplica`
+
+If this flag is not set, the default behavior for `TableV2` is to use a different `resourcePolicy` for each replica.
+
+If this flag is set to false, the behavior is that each replica shares the same `resourcePolicy` as the source table.
+This will prevent you from creating a new table which has an additional replica and a resource policy.
+
+This is a feature flag as the old behavior was technically incorrect but users may have come to depend on it.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-dynamodb:resourcePolicyPerReplica": false,
+  },
+}
+```
 '''
 from pkgutil import extend_path
 __path__ = extend_path(__path__, __name__)

aws_cdk/triggers/__init__.py

@@ -511,7 +511,7 @@ class TriggerFunction(
         :param params_and_secrets: Specify the configuration of Parameters and Secrets Extension. Default: - No Parameters and Secrets Extension
         :param profiling: Enable profiling. Default: - No profiling.
         :param profiling_group: Profiling Group. Default: - A new profiling group will be created if ``profiling`` is set.
-        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recusrive loops. Default: RecursiveLoop.Terminate
+        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recursive loops. Default: RecursiveLoop.Terminate
         :param reserved_concurrent_executions: The maximum of concurrent executions you want to reserve for the function. Default: - No specific limit - account limit.
         :param role: Lambda execution role. This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal. The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself. The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole". Default: - A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling ``addToRolePolicy``.
         :param runtime_management_mode: Sets the runtime management configuration for a function's version. Default: Auto
@@ -1058,7 +1058,7 @@ class TriggerFunctionProps(_FunctionProps_a308e854, TriggerOptions):
         :param params_and_secrets: Specify the configuration of Parameters and Secrets Extension. Default: - No Parameters and Secrets Extension
         :param profiling: Enable profiling. Default: - No profiling.
         :param profiling_group: Profiling Group. Default: - A new profiling group will be created if ``profiling`` is set.
-        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recusrive loops. Default: RecursiveLoop.Terminate
+        :param recursive_loop: Sets the Recursive Loop Protection for Lambda Function. It lets Lambda detect and terminate unintended recursive loops. Default: RecursiveLoop.Terminate
         :param reserved_concurrent_executions: The maximum of concurrent executions you want to reserve for the function. Default: - No specific limit - account limit.
         :param role: Lambda execution role. This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal. The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself. The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole". Default: - A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling ``addToRolePolicy``.
         :param runtime_management_mode: Sets the runtime management configuration for a function's version. Default: Auto
@@ -1716,7 +1716,7 @@ class TriggerFunctionProps(_FunctionProps_a308e854, TriggerOptions):
     def recursive_loop(self) -> typing.Optional[_RecursiveLoop_fc293827]:
         '''Sets the Recursive Loop Protection for Lambda Function.
 
-        It lets Lambda detect and terminate unintended recusrive loops.
+        It lets Lambda detect and terminate unintended recursive loops.
 
         :default: RecursiveLoop.Terminate
         '''

{aws_cdk_lib-2.163.1.dist-info → aws_cdk_lib-2.164.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aws-cdk-lib
-Version: 2.163.1
+Version: 2.164.0
 Summary: Version 2 of the AWS Cloud Development Kit library
 Home-page: https://github.com/aws/aws-cdk
 Author: Amazon Web Services

{aws_cdk_lib-2.163.1.dist-info → aws_cdk_lib-2.164.0.dist-info}/RECORD

@@ -1,7 +1,7 @@
 aws_cdk/__init__.py,sha256=KSWF33kJFXDdeM19ji1gEUB_N9sRPeV1c2VpOIjQJog,1818550
 aws_cdk/py.typed,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
-aws_cdk/_jsii/__init__.py,sha256=zMHQ1h4O73o3N2GQ5uZerRONE9s183HMdD4t4PHEedA,1582
-aws_cdk/_jsii/aws-cdk-lib@2.163.1.jsii.tgz,sha256=ztPbHUxTZlTeJVu_eyBstDnazYr0nEjvexuJg6CSOM8,22938358
+aws_cdk/_jsii/__init__.py,sha256=1LHPtgx8sUIkZHQern-LAa8Dx61EtboWOHgiKtTSNjw,1582
+aws_cdk/_jsii/aws-cdk-lib@2.164.0.jsii.tgz,sha256=IO6DK23TIpZnUAM_-DcIBw4owGufTVZQ9uNJz_by4wg,22940683
 aws_cdk/alexa_ask/__init__.py,sha256=yF4ftch7XArzAniw_xoUmGi3wLGeBqIUlOjBTHSxDb4,36370
 aws_cdk/assertions/__init__.py,sha256=vX--kb5ot1oIPFr5H5ElSpuie_TwWOzu1KZU9kcvmuw,92306
 aws_cdk/aws_accessanalyzer/__init__.py,sha256=CtU1aNfPFMbVnTCDoTmfeqI53Dz64i_25R6yDIDj1N4,43040
@@ -37,7 +37,7 @@ aws_cdk/aws_backup/__init__.py,sha256=jOQMzbqFVZ7oPUb1hMPlPl4DOonNIirItaAkAjkIu0
 aws_cdk/aws_backupgateway/__init__.py,sha256=fWZzjez06YHs0rk-kxVm0f2isg102cJv2jFesKW1Jm0,24571
 aws_cdk/aws_batch/__init__.py,sha256=7R6ndWS6hrhoMS9g3E7Q890hsyxFHIaI_eVQOREqHwM,1429280
 aws_cdk/aws_bcmdataexports/__init__.py,sha256=MPzMdYliYXZRV9YD4xdj05ULsSTxUElV7-mRl6QerOY,55627
-aws_cdk/aws_bedrock/__init__.py,sha256=PbT_Zc3eMZaQ8PWH6uUAx58YaVNZF_02muNk1Udve34,1191833
+aws_cdk/aws_bedrock/__init__.py,sha256=Q4Rh_6soUs3-a7hkibA37xjrzAks3Z1Icwf_IwWcuNc,1192211
 aws_cdk/aws_billingconductor/__init__.py,sha256=d-J_dpWvMOtnkJJIK_Zn0RSP3LeVZl0qY04g62HgqUI,143066
 aws_cdk/aws_budgets/__init__.py,sha256=2vAa1yh0ZeuDPTd0iSKnlYZhvXtk8dm_Jn3qvXr6w-o,163046
 aws_cdk/aws_cassandra/__init__.py,sha256=96K10qTC0N0F_K4FVGXMfT_aqLxr_uNKZexhhtltZ3U,147312
@@ -49,13 +49,13 @@ aws_cdk/aws_cleanroomsml/__init__.py,sha256=OZ769Xji5yR16YuvCcaCuH-5emjHREnhIUqj
 aws_cdk/aws_cloud9/__init__.py,sha256=WbYJhSBPFY4ix6PJiND_KHPIVWxim7VAsbDJ6ePpGec,43094
 aws_cdk/aws_cloudformation/__init__.py,sha256=R0KEZkMNoqYLSDdyHi1lhCmSizqRs3-ThTiv-NrlvFg,395760
 aws_cdk/aws_cloudfront/__init__.py,sha256=n-u_zz_r0Z_WW5BhDST94VFh1DyVbwbCmyNWHQNEolA,1506804
-aws_cdk/aws_cloudfront/experimental/__init__.py,sha256=gKpLEoe6ZYkS5Nt4FIEw_H2wEjfHYfvF6vv-jyq-vUg,138843
+aws_cdk/aws_cloudfront/experimental/__init__.py,sha256=Idkbb4AJxuNaV8DA-p0NslbDcWOpQK70hkMtwdU-STg,138843
 aws_cdk/aws_cloudfront_origins/__init__.py,sha256=9thjBWMxHdbNnaE8Ql1L_zbuz507EXneGnjQsnE-WU4,213723
 aws_cdk/aws_cloudtrail/__init__.py,sha256=Sx5VxSUc5-dWqG5bc5lzhMJn1sHv2Q_IOBJKZ9lZ2Yo,315348
 aws_cdk/aws_cloudwatch/__init__.py,sha256=G83zKCOplma8KXXBraMe6kYe7AV_YiGATWeF2JFSxLg,804016
 aws_cdk/aws_cloudwatch_actions/__init__.py,sha256=NiO4EWHXKqyaPYDW-sVvV0YJep3Z-udkF84JlVAIobY,22370
 aws_cdk/aws_codeartifact/__init__.py,sha256=ysKsozQWde3PaDYQ87_gm3BejhU8rlSX3C3oy81hdcI,88035
-aws_cdk/aws_codebuild/__init__.py,sha256=XDFDyYNoq9QJxkyQMS-LBGAs5cV64ReJM4691vBGLgU,1025279
+aws_cdk/aws_codebuild/__init__.py,sha256=zHdgygBoDrNkrClORkYBn3gWh9lWgjnYEmihCnUrtUM,1025279
 aws_cdk/aws_codecommit/__init__.py,sha256=cJe8-KOnQSUarHk_0-uKshcYcNNEGrfDMiAX5jtSnuI,237949
 aws_cdk/aws_codeconnections/__init__.py,sha256=Q57XJwQbJX3HfeJYIcVYjoJw1X5NM4LwStzqeiuqIo0,19964
 aws_cdk/aws_codedeploy/__init__.py,sha256=rJPl_I8D3OGY8qI63PyStOH60hM1KppFStc0zACv47I,606567
@@ -66,7 +66,7 @@ aws_cdk/aws_codepipeline_actions/__init__.py,sha256=qJKbb4Au17NpZkKe-x6-QrCCp2Et
 aws_cdk/aws_codestar/__init__.py,sha256=WhZxNTKEk9gu7tFzbdF7AKnEipApHzhwVfMPrGzXAsw,38783
 aws_cdk/aws_codestarconnections/__init__.py,sha256=oGFXDpdwddFIPcXlfZvnonv8M0ALTMpkQXkdaxXfM4I,62714
 aws_cdk/aws_codestarnotifications/__init__.py,sha256=DAjyEup8GY5GIExTaFeiqM4VsbHWhnvjTJRNBPmhTN0,77344
-aws_cdk/aws_cognito/__init__.py,sha256=iba5Vmg5IBN6ne12xJRCuV1aERJ_80Kd4XgJyDq8YEg,1330295
+aws_cdk/aws_cognito/__init__.py,sha256=wkGRHoiRITSHz_9zO6pMa0Aa6kdIh_Eqh-SrY2sEksY,1338289
 aws_cdk/aws_comprehend/__init__.py,sha256=GDiEy9xnCOeMohZp-yAG7enyePdDabwWxpxRSewOvcE,156707
 aws_cdk/aws_config/__init__.py,sha256=XlynSGVhTD_cLs092YR8FwoprcqAY8T6yuo0EagMGyk,865862
 aws_cdk/aws_connect/__init__.py,sha256=f_dKCY2MU5J_c0KAkkxLkifVs760ZT3RO-QJK2LOFoc,871329
@@ -89,7 +89,7 @@ aws_cdk/aws_dms/__init__.py,sha256=SCJYL0cwke6SVwpINB63fJIhaVWdJ5dhpIv6HlUNnlk,9
 aws_cdk/aws_docdb/__init__.py,sha256=2YAsWWD4da2WJjK7aWlyQmIJJmSswFPUprnmcr1p0_Q,321189
 aws_cdk/aws_docdbelastic/__init__.py,sha256=8ULf53CjSElODf5ZegB4vP1fvBXVjZjnQOA-D976_nE,46746
 aws_cdk/aws_dynamodb/__init__.py,sha256=Uybi4fH2g9LO7pw1FFtXKx8DbQcQNb6CFQBAZ8eodpY,941482
-aws_cdk/aws_ec2/__init__.py,sha256=lFyyIrZF2nBOTf2vgAaPMq_Xk5ubV51YYDnwRBlZB2o,5714235
+aws_cdk/aws_ec2/__init__.py,sha256=CoYlPPnt7WlKyy4zjgxvQneJcOY0PI0pMI_MmULh_1g,5717429
 aws_cdk/aws_ecr/__init__.py,sha256=os4V4OLb0AM19nGrz2slbSwkFTFqx10BTpYT-9kcLiI,298642
 aws_cdk/aws_ecr_assets/__init__.py,sha256=gWgQAeisOgj-wCA8OPdvswJ7kRjVVPkRnac7taoBPeI,84595
 aws_cdk/aws_ecs/__init__.py,sha256=v5ztsv86MdsSJNbZgBYSX9fLFRhdNHZ762qjvwAlxoo,2650012
@@ -128,7 +128,7 @@ aws_cdk/aws_groundstation/__init__.py,sha256=M5Nzqhn58ypp7DjlzVlotO6JJlVSIBT91-f
 aws_cdk/aws_guardduty/__init__.py,sha256=gYnGgbz35Qsgzy5ArpSIgyXKDOWPuZkgLzonn0yymfo,236207
 aws_cdk/aws_healthimaging/__init__.py,sha256=bNpcbOhCYjvvgCJwb6pbmA8BH_8RjtjKJZG8f40I8qQ,17410
 aws_cdk/aws_healthlake/__init__.py,sha256=ybnPJIZglzelRfvC1z2jp2GI__Rwdeu3QXsf-0SIasg,54449
-aws_cdk/aws_iam/__init__.py,sha256=v1ntOFdHl4dSsPigmcDtf237Dn8if11fdvK0bULqSRM,846618
+aws_cdk/aws_iam/__init__.py,sha256=AZU5VBnosW_nzovwFyTB2otMCoMVAKLOMUjwa3AGr0k,847848
 aws_cdk/aws_identitystore/__init__.py,sha256=yXjJuier75gXXW5QBSRTsGvDx5BdNdu9VRcnLhbEMlQ,32106
 aws_cdk/aws_imagebuilder/__init__.py,sha256=FK-mlmBHr7UAsan1OGrZ5kmC_dxl3Z8r5wKDCb0HlFg,577120
 aws_cdk/aws_inspector/__init__.py,sha256=rQysIyMgQRYemWRRG-6q4gLbU5M3t4q8HcoO2kfxx0c,44512
@@ -157,10 +157,10 @@ aws_cdk/aws_kinesisfirehose/__init__.py,sha256=DzecYVnN6a-rVJfbCK5JYh--sZoOuESYD
 aws_cdk/aws_kinesisvideo/__init__.py,sha256=KR-ZCTMZFNR9EJ32dIjEfeiZQMJZha33v-2lg0-mhYY,38745
 aws_cdk/aws_kms/__init__.py,sha256=Qqw_wUEBz5bGROAwuBQ9h5oboNigPov-vNk_n2n7zmg,243206
 aws_cdk/aws_lakeformation/__init__.py,sha256=1tIWIda01HBDgScxl1TzPAibWeTOoN5Y92I_5QxpQjo,335939
-aws_cdk/aws_lambda/__init__.py,sha256=HhXd_se-RPlW_2GEaB1CaRpWbdFXrlisU7-HxzY6DKg,1678224
+aws_cdk/aws_lambda/__init__.py,sha256=aceBS9mQAprViT4I0TeREdBn2v24OIlkAKqLUTRuM8Y,1678218
 aws_cdk/aws_lambda_destinations/__init__.py,sha256=kfVMafyFv5RBNdi2XHb_9qSRmcRQ4ALhjHwNMfcNk5I,21411
 aws_cdk/aws_lambda_event_sources/__init__.py,sha256=k3npHqzJv8lds7d4Ww0S2eIWEkvY8n_qwFYDfNOnbMM,211007
-aws_cdk/aws_lambda_nodejs/__init__.py,sha256=jL0JsGN3pdMuW9FXjog3lyUkgKXxQcZ9MPpGwKtA_nA,177396
+aws_cdk/aws_lambda_nodejs/__init__.py,sha256=mCYThPVskD36XktwxbOwW4i16Pc3XRJup7YKJtyLCSQ,177383
 aws_cdk/aws_launchwizard/__init__.py,sha256=JjBWmw2Beaa5km4JKzRHAphB-HQ83B0g7t34bsw2FsU,24028
 aws_cdk/aws_lex/__init__.py,sha256=ZxdRqHP6njAeoc3j8ICH1BhxlYbUdQ1wwdRo93kNq9U,701594
 aws_cdk/aws_licensemanager/__init__.py,sha256=y37V03_LDcfC2j681MxlhN1J5O5o3dJjFZnFJ0u7V9U,87983
@@ -228,7 +228,7 @@ aws_cdk/aws_route53recoverycontrol/__init__.py,sha256=0WSDxnS6OvT32w-Mxqq42R2fYD
 aws_cdk/aws_route53recoveryreadiness/__init__.py,sha256=_tJI6bM9ZJJwOwM1wjYJIBH5zjnfXBLWj996joYsoYs,95213
 aws_cdk/aws_route53resolver/__init__.py,sha256=TVCxhQyMpBm-U-TYJ5CBG_wBLZXNszQ-_TE0FeWEVQM,238233
 aws_cdk/aws_rum/__init__.py,sha256=FP4Bql2ABXWjRaTfSsuvK3uwsLzBxLHwSxRzHMC64TY,74371
-aws_cdk/aws_s3/__init__.py,sha256=pSae9QY6bSseWcL5mFDXX4ZYDYzbw57ff-bG3v59VE8,1214486
+aws_cdk/aws_s3/__init__.py,sha256=xy2Jy8LlbdHwb0MUYhTQdF0Ijsxgj8GDg9UdtPYQdeE,1214538
 aws_cdk/aws_s3_assets/__init__.py,sha256=Fsuzwb4bijkZwXD6sIRUMTCtG5-JGUwPXani6t7TWB8,46850
 aws_cdk/aws_s3_deployment/__init__.py,sha256=lyqjtnSQcfzxpMvXdBo6urc8vJZWMsFXttJ1HxbUROo,120783
 aws_cdk/aws_s3_notifications/__init__.py,sha256=sv6q8twfxyMiUT6DgDqabGnnMCDySqhFdZgNcgtcuw8,10068
@@ -279,16 +279,16 @@ aws_cdk/aws_xray/__init__.py,sha256=A6qEwDk09YUzCrnBOdh73YQZTEVMG85VUXoy2siZEi8,
 aws_cdk/cloud_assembly_schema/__init__.py,sha256=LMX7o1BOZKOK6AclVD2xmguLl1mNoxwvmspaWu6xUBg,424927
 aws_cdk/cloudformation_include/__init__.py,sha256=nWU59UskSwMHLVfmA2qrsTOqUk65NWElIPTvp-KLA_8,50358
 aws_cdk/custom_resources/__init__.py,sha256=HGNG5d52gePjDpnkTn4T96hQbn66xgly4DmHqBx5qNw,166026
-aws_cdk/cx_api/__init__.py,sha256=2yg6DzIpxjB0vVilJEtXQz1jI2EREsnYBTGdRRtx89w,168930
+aws_cdk/cx_api/__init__.py,sha256=xzPzu4qyzK7HmpSjVatc48nzKczQsYvx5cIy1WgoONE,169543
 aws_cdk/lambda_layer_awscli/__init__.py,sha256=FUcVOwp5XHkYiFms2BGfZWWYCo4vujoEtc9uN-Jc570,3291
 aws_cdk/lambda_layer_kubectl/__init__.py,sha256=n4HLk6edsx2fSmW82ybM_RwaRCsxvfgCBjgCpRrc1K4,3563
 aws_cdk/lambda_layer_node_proxy_agent/__init__.py,sha256=Q0PMbPsP4A7YO-YZe9esn-iziyQHEXR5z1CSSNfeHn8,3306
 aws_cdk/pipelines/__init__.py,sha256=PMIOp-7-2JByt8yJ72-uv07gSSPJ1BTxdykdDG17nfA,397495
 aws_cdk/region_info/__init__.py,sha256=29jwDjGrb4gSGedV1W1e5SuAYF9ZZKYsz0gsSFjdBO4,39658
-aws_cdk/triggers/__init__.py,sha256=Elf2KjshDvai-P9GWEotRj2_l2a7l7BvTr7xd6noGu8,123464
-aws_cdk_lib-2.163.1.dist-info/LICENSE,sha256=kEDF86xJUQh1E9M7UPKKbHepBEdFxIUyoGfTwQB7zKg,11391
-aws_cdk_lib-2.163.1.dist-info/METADATA,sha256=5XyjreCXBxFlFpGqcBvcTlx8dKAh24r428gAZoUOIUE,60027
-aws_cdk_lib-2.163.1.dist-info/NOTICE,sha256=p5UQgJ0CVV5-J24vpfPP0ijj274gNydvWDTD8KR1zTI,41177
-aws_cdk_lib-2.163.1.dist-info/WHEEL,sha256=eOLhNAGa2EW3wWl_TU484h7q1UNgy0JXjjoqKoxAAQc,92
-aws_cdk_lib-2.163.1.dist-info/top_level.txt,sha256=1TALAKbuUGsMSrfKWEf268lySCmcqSEO6cDYe_XlLHM,8
-aws_cdk_lib-2.163.1.dist-info/RECORD,,
+aws_cdk/triggers/__init__.py,sha256=WcCAogtuD5HT8RWUZqXoAmNh4KrPFLiVLJN1QORC9hw,123464
+aws_cdk_lib-2.164.0.dist-info/LICENSE,sha256=kEDF86xJUQh1E9M7UPKKbHepBEdFxIUyoGfTwQB7zKg,11391
+aws_cdk_lib-2.164.0.dist-info/METADATA,sha256=qdAmtURwGsqp7rLCKIEszHZ-68ddYU8Pd7lEiMwoRvg,60027
+aws_cdk_lib-2.164.0.dist-info/NOTICE,sha256=p5UQgJ0CVV5-J24vpfPP0ijj274gNydvWDTD8KR1zTI,41177
+aws_cdk_lib-2.164.0.dist-info/WHEEL,sha256=eOLhNAGa2EW3wWl_TU484h7q1UNgy0JXjjoqKoxAAQc,92
+aws_cdk_lib-2.164.0.dist-info/top_level.txt,sha256=1TALAKbuUGsMSrfKWEf268lySCmcqSEO6cDYe_XlLHM,8
+aws_cdk_lib-2.164.0.dist-info/RECORD,,