aws-cdk-lib 2.164.1__py3-none-any.whl → 2.166.0__py3-none-any.whl

aws_cdk/aws_s3_deployment/__init__.py

@@ -665,7 +665,7 @@ class BucketDeployment(
         :param content_encoding: System-defined content-encoding metadata to be set on all objects in the deployment. Default: - Not set.
         :param content_language: System-defined content-language metadata to be set on all objects in the deployment. Default: - Not set.
         :param content_type: System-defined content-type metadata to be set on all objects in the deployment. Default: - Not set.
-        :param destination_key_prefix: Key prefix in the destination bucket. Must be <=104 characters Default: "/" (unzip to root of the destination bucket)
+        :param destination_key_prefix: Key prefix in the destination bucket. Must be <=104 characters. If it's set with prune: true, it will only prune files with the prefix. We recommend to always configure the ``destinationKeyPrefix`` property. This will prevent the deployment from accidentally deleting data that wasn't uploaded by it. Default: "/" (unzip to root of the destination bucket)
         :param distribution: The CloudFront distribution using the destination bucket as an origin. Files in the distribution's edge caches will be invalidated after files are uploaded to the destination bucket. Default: - No invalidation occurs
         :param distribution_paths: The file paths to invalidate in the CloudFront distribution. Default: - All files under the destination bucket key prefix will be invalidated.
         :param ephemeral_storage_size: The size of the AWS Lambda function’s /tmp directory in MiB. Default: 512 MiB
@@ -678,7 +678,7 @@ class BucketDeployment(
         :param memory_limit: The amount of memory (in MiB) to allocate to the AWS Lambda function which replicates the files from the CDK bucket to the destination bucket. If you are deploying large files, you will need to increase this number accordingly. Default: 128
         :param metadata: User-defined object metadata to be set on all objects in the deployment. Default: - No user metadata is set
         :param output_object_keys: If set to false, the custom resource will not send back the SourceObjectKeys. This is useful when you are facing the error ``Response object is too long`` See https://github.com/aws/aws-cdk/issues/28579 Default: true
-        :param prune: If this is set to false, files in the destination bucket that do not exist in the asset, will NOT be deleted during deployment (create/update). Default: true
+        :param prune: By default, files in the destination bucket that don't exist in the source will be deleted when the BucketDeployment resource is created or updated. If this is set to false, files in the destination bucket that do not exist in the asset, will NOT be deleted during deployment (create/update). Default: true
         :param retain_on_delete: If this is set to "false", the destination files will be deleted when the resource is deleted or the destination is updated. NOTICE: Configuring this to "false" might have operational implications. Please visit to the package documentation referred below to make sure you fully understand those implications. Default: true - when resource is deleted/updated, files are retained
         :param role: Execution role associated with this function. Default: - A role is automatically created
         :param server_side_encryption: System-defined x-amz-server-side-encryption metadata to be set on all objects in the deployment. Default: - Server side encryption is not used.
@@ -880,7 +880,7 @@ class BucketDeploymentProps:
         :param content_encoding: System-defined content-encoding metadata to be set on all objects in the deployment. Default: - Not set.
         :param content_language: System-defined content-language metadata to be set on all objects in the deployment. Default: - Not set.
         :param content_type: System-defined content-type metadata to be set on all objects in the deployment. Default: - Not set.
-        :param destination_key_prefix: Key prefix in the destination bucket. Must be <=104 characters Default: "/" (unzip to root of the destination bucket)
+        :param destination_key_prefix: Key prefix in the destination bucket. Must be <=104 characters. If it's set with prune: true, it will only prune files with the prefix. We recommend to always configure the ``destinationKeyPrefix`` property. This will prevent the deployment from accidentally deleting data that wasn't uploaded by it. Default: "/" (unzip to root of the destination bucket)
         :param distribution: The CloudFront distribution using the destination bucket as an origin. Files in the distribution's edge caches will be invalidated after files are uploaded to the destination bucket. Default: - No invalidation occurs
         :param distribution_paths: The file paths to invalidate in the CloudFront distribution. Default: - All files under the destination bucket key prefix will be invalidated.
         :param ephemeral_storage_size: The size of the AWS Lambda function’s /tmp directory in MiB. Default: 512 MiB
@@ -893,7 +893,7 @@ class BucketDeploymentProps:
         :param memory_limit: The amount of memory (in MiB) to allocate to the AWS Lambda function which replicates the files from the CDK bucket to the destination bucket. If you are deploying large files, you will need to increase this number accordingly. Default: 128
         :param metadata: User-defined object metadata to be set on all objects in the deployment. Default: - No user metadata is set
         :param output_object_keys: If set to false, the custom resource will not send back the SourceObjectKeys. This is useful when you are facing the error ``Response object is too long`` See https://github.com/aws/aws-cdk/issues/28579 Default: true
-        :param prune: If this is set to false, files in the destination bucket that do not exist in the asset, will NOT be deleted during deployment (create/update). Default: true
+        :param prune: By default, files in the destination bucket that don't exist in the source will be deleted when the BucketDeployment resource is created or updated. If this is set to false, files in the destination bucket that do not exist in the asset, will NOT be deleted during deployment (create/update). Default: true
         :param retain_on_delete: If this is set to "false", the destination files will be deleted when the resource is deleted or the destination is updated. NOTICE: Configuring this to "false" might have operational implications. Please visit to the package documentation referred below to make sure you fully understand those implications. Default: true - when resource is deleted/updated, files are retained
         :param role: Execution role associated with this function. Default: - A role is automatically created
         :param server_side_encryption: System-defined x-amz-server-side-encryption metadata to be set on all objects in the deployment. Default: - Server side encryption is not used.
@@ -1111,9 +1111,12 @@ class BucketDeploymentProps:
 
     @builtins.property
     def destination_key_prefix(self) -> typing.Optional[builtins.str]:
-        '''Key prefix in the destination bucket.
+        '''Key prefix in the destination bucket. Must be <=104 characters.
 
-        Must be <=104 characters
+        If it's set with prune: true, it will only prune files with the prefix.
+
+        We recommend to always configure the ``destinationKeyPrefix`` property. This will prevent the deployment
+        from accidentally deleting data that wasn't uploaded by it.
 
         :default: "/" (unzip to root of the destination bucket)
         '''
@@ -1265,7 +1268,10 @@ class BucketDeploymentProps:
 
     @builtins.property
     def prune(self) -> typing.Optional[builtins.bool]:
-        '''If this is set to false, files in the destination bucket that do not exist in the asset, will NOT be deleted during deployment (create/update).
+        '''By default, files in the destination bucket that don't exist in the source will be deleted when the BucketDeployment resource is created or updated.
+
+        If this is set to false, files in the destination bucket that
+        do not exist in the asset, will NOT be deleted during deployment (create/update).
 
         :default: true
 

aws_cdk/aws_sagemaker/__init__.py

@@ -6272,6 +6272,7 @@ class CfnDomain(
                     enable_docker_access="enableDockerAccess",
                     vpc_only_trusted_accounts=["vpcOnlyTrustedAccounts"]
                 ),
+                execution_role_identity_config="executionRoleIdentityConfig",
                 r_studio_server_pro_domain_settings=sagemaker.CfnDomain.RStudioServerProDomainSettingsProperty(
                     domain_execution_role_arn="domainExecutionRoleArn",
         
@@ -6288,6 +6289,7 @@ class CfnDomain(
                 security_group_ids=["securityGroupIds"]
             ),
             kms_key_id="kmsKeyId",
+            tag_propagation="tagPropagation",
             tags=[CfnTag(
                 key="key",
                 value="value"
@@ -6310,6 +6312,7 @@ class CfnDomain(
         default_space_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnDomain.DefaultSpaceSettingsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         domain_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnDomain.DomainSettingsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         kms_key_id: typing.Optional[builtins.str] = None,
+        tag_propagation: typing.Optional[builtins.str] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''
@@ -6322,9 +6325,10 @@ class CfnDomain(
         :param vpc_id: The ID of the Amazon Virtual Private Cloud (Amazon VPC) that Studio uses for communication. *Length Constraints* : Maximum length of 32. *Pattern* : ``[-0-9a-zA-Z]+``
         :param app_network_access_type: Specifies the VPC used for non-EFS traffic. The default value is ``PublicInternetOnly`` . - ``PublicInternetOnly`` - Non-EFS traffic is through a VPC managed by Amazon SageMaker , which allows direct internet access - ``VpcOnly`` - All Studio traffic is through the specified VPC and subnets *Valid Values* : ``PublicInternetOnly | VpcOnly``
         :param app_security_group_management: The entity that creates and manages the required security groups for inter-app communication in ``VpcOnly`` mode. Required when ``CreateDomain.AppNetworkAccessType`` is ``VpcOnly`` and ``DomainSettings.RStudioServerProDomainSettings.DomainExecutionRoleArn`` is provided. If setting up the domain for use with RStudio, this value must be set to ``Service`` . *Allowed Values* : ``Service`` | ``Customer``
-        :param default_space_settings: A collection of settings that apply to spaces created in the domain.
+        :param default_space_settings: The default settings for shared spaces that users create in the domain. SageMaker applies these settings only to shared spaces. It doesn't apply them to private spaces.
         :param domain_settings: A collection of settings that apply to the ``SageMaker Domain`` . These settings are specified through the ``CreateDomain`` API call.
         :param kms_key_id: SageMaker uses AWS KMS to encrypt the EFS volume attached to the Domain with an AWS managed customer master key (CMK) by default. For more control, specify a customer managed CMK. *Length Constraints* : Maximum length of 2048. *Pattern* : ``.*``
+        :param tag_propagation: Indicates whether the tags added to Domain, User Profile and Space entity is propagated to all SageMaker resources.
         :param tags: Tags to associated with the Domain. Each tag consists of a key and an optional value. Tag keys must be unique per resource. Tags are searchable using the Search API. Tags that you specify for the Domain are also added to all apps that are launched in the Domain. *Array members* : Minimum number of 0 items. Maximum number of 50 items.
         '''
         if __debug__:
@@ -6342,6 +6346,7 @@ class CfnDomain(
             default_space_settings=default_space_settings,
             domain_settings=domain_settings,
             kms_key_id=kms_key_id,
+            tag_propagation=tag_propagation,
             tags=tags,
         )
 
@@ -6560,7 +6565,7 @@ class CfnDomain(
     def default_space_settings(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDomain.DefaultSpaceSettingsProperty"]]:
-        '''A collection of settings that apply to spaces created in the domain.'''
+        '''The default settings for shared spaces that users create in the domain.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDomain.DefaultSpaceSettingsProperty"]], jsii.get(self, "defaultSpaceSettings"))
 
     @default_space_settings.setter
@@ -6604,6 +6609,19 @@ class CfnDomain(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "kmsKeyId", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="tagPropagation")
+    def tag_propagation(self) -> typing.Optional[builtins.str]:
+        '''Indicates whether the tags added to Domain, User Profile and Space entity is propagated to all SageMaker resources.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "tagPropagation"))
+
+    @tag_propagation.setter
+    def tag_propagation(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__c3d58c631c2c753ff6694e786e5b7271c0e621cef1413bccab572fda47a21ab3)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "tagPropagation", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
     def tags_raw(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
@@ -7189,7 +7207,9 @@ class CfnDomain(
             security_groups: typing.Optional[typing.Sequence[builtins.str]] = None,
             space_storage_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnDomain.DefaultSpaceStorageSettingsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         ) -> None:
-            '''A collection of settings that apply to spaces created in the domain.
+            '''The default settings for shared spaces that users create in the domain.
+
+            SageMaker applies these settings only to shared spaces. It doesn't apply them to private spaces.
 
             :param execution_role: The ARN of the execution role for the space.
             :param custom_file_system_configs: The settings for assigning a custom file system to a domain. Permitted users can access this file system in Amazon SageMaker Studio.
@@ -7551,6 +7571,7 @@ class CfnDomain(
         jsii_struct_bases=[],
         name_mapping={
             "docker_settings": "dockerSettings",
+            "execution_role_identity_config": "executionRoleIdentityConfig",
             "r_studio_server_pro_domain_settings": "rStudioServerProDomainSettings",
             "security_group_ids": "securityGroupIds",
         },
@@ -7560,6 +7581,7 @@ class CfnDomain(
             self,
             *,
             docker_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnDomain.DockerSettingsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
+            execution_role_identity_config: typing.Optional[builtins.str] = None,
             r_studio_server_pro_domain_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnDomain.RStudioServerProDomainSettingsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
         ) -> None:
@@ -7568,6 +7590,7 @@ class CfnDomain(
             These settings are specified through the ``CreateDomain`` API call.
 
             :param docker_settings: A collection of settings that configure the domain's Docker interaction.
+            :param execution_role_identity_config: The configuration for attaching a SageMaker user profile name to the execution role as a `sts:SourceIdentity key <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html>`_ .
             :param r_studio_server_pro_domain_settings: A collection of settings that configure the ``RStudioServerPro`` Domain-level app.
             :param security_group_ids: The security groups for the Amazon Virtual Private Cloud that the ``Domain`` uses for communication between Domain-level apps and user apps.
 
@@ -7585,6 +7608,7 @@ class CfnDomain(
                         enable_docker_access="enableDockerAccess",
                         vpc_only_trusted_accounts=["vpcOnlyTrustedAccounts"]
                     ),
+                    execution_role_identity_config="executionRoleIdentityConfig",
                     r_studio_server_pro_domain_settings=sagemaker.CfnDomain.RStudioServerProDomainSettingsProperty(
                         domain_execution_role_arn="domainExecutionRoleArn",
                 
@@ -7604,11 +7628,14 @@ class CfnDomain(
             if __debug__:
                 type_hints = typing.get_type_hints(_typecheckingstub__b23323cc301476d59d77a279da88bfc3d14a3c21fb8709a0ecc6db6074a56cf9)
                 check_type(argname="argument docker_settings", value=docker_settings, expected_type=type_hints["docker_settings"])
+                check_type(argname="argument execution_role_identity_config", value=execution_role_identity_config, expected_type=type_hints["execution_role_identity_config"])
                 check_type(argname="argument r_studio_server_pro_domain_settings", value=r_studio_server_pro_domain_settings, expected_type=type_hints["r_studio_server_pro_domain_settings"])
                 check_type(argname="argument security_group_ids", value=security_group_ids, expected_type=type_hints["security_group_ids"])
             self._values: typing.Dict[builtins.str, typing.Any] = {}
             if docker_settings is not None:
                 self._values["docker_settings"] = docker_settings
+            if execution_role_identity_config is not None:
+                self._values["execution_role_identity_config"] = execution_role_identity_config
             if r_studio_server_pro_domain_settings is not None:
                 self._values["r_studio_server_pro_domain_settings"] = r_studio_server_pro_domain_settings
             if security_group_ids is not None:
@@ -7625,6 +7652,15 @@ class CfnDomain(
             result = self._values.get("docker_settings")
             return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDomain.DockerSettingsProperty"]], result)
 
+        @builtins.property
+        def execution_role_identity_config(self) -> typing.Optional[builtins.str]:
+            '''The configuration for attaching a SageMaker user profile name to the execution role as a `sts:SourceIdentity key <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html>`_ .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-domainsettings.html#cfn-sagemaker-domain-domainsettings-executionroleidentityconfig
+            '''
+            result = self._values.get("execution_role_identity_config")
+            return typing.cast(typing.Optional[builtins.str], result)
+
         @builtins.property
         def r_studio_server_pro_domain_settings(
             self,
@@ -8788,19 +8824,19 @@ class CfnDomain(
 
             ``SecurityGroups`` is aggregated when specified in both calls. For all other settings in ``UserSettings`` , the values specified in ``CreateUserProfile`` take precedence over those specified in ``CreateDomain`` .
 
-            :param execution_role: The execution role for the user.
-            :param code_editor_app_settings: The Code Editor application settings.
-            :param custom_file_system_configs: The settings for assigning a custom file system to a user profile. Permitted users can access this file system in Amazon SageMaker Studio.
-            :param custom_posix_user_config: Details about the POSIX identity that is used for file system operations.
+            :param execution_role: The execution role for the user. SageMaker applies this setting only to private spaces that the user creates in the domain. SageMaker doesn't apply this setting to shared spaces.
+            :param code_editor_app_settings: The Code Editor application settings. SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
+            :param custom_file_system_configs: The settings for assigning a custom file system to a user profile. Permitted users can access this file system in Amazon SageMaker Studio. SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
+            :param custom_posix_user_config: Details about the POSIX identity that is used for file system operations. SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
             :param default_landing_uri: The default experience that the user is directed to when accessing the domain. The supported values are:. - ``studio::`` : Indicates that Studio is the default experience. This value can only be passed if ``StudioWebPortal`` is set to ``ENABLED`` . - ``app:JupyterServer:`` : Indicates that Studio Classic is the default experience.
-            :param jupyter_lab_app_settings: The settings for the JupyterLab application.
+            :param jupyter_lab_app_settings: The settings for the JupyterLab application. SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
             :param jupyter_server_app_settings: The Jupyter server's app settings.
             :param kernel_gateway_app_settings: The kernel gateway app settings.
             :param r_session_app_settings: A collection of settings that configure the ``RSessionGateway`` app.
             :param r_studio_server_pro_app_settings: A collection of settings that configure user interaction with the ``RStudioServerPro`` app.
-            :param security_groups: The security groups for the Amazon Virtual Private Cloud (VPC) that the domain uses for communication. Optional when the ``CreateDomain.AppNetworkAccessType`` parameter is set to ``PublicInternetOnly`` . Required when the ``CreateDomain.AppNetworkAccessType`` parameter is set to ``VpcOnly`` , unless specified as part of the ``DefaultUserSettings`` for the domain. Amazon SageMaker adds a security group to allow NFS traffic from Amazon SageMaker Studio. Therefore, the number of security groups that you can specify is one less than the maximum number shown.
+            :param security_groups: The security groups for the Amazon Virtual Private Cloud (VPC) that the domain uses for communication. Optional when the ``CreateDomain.AppNetworkAccessType`` parameter is set to ``PublicInternetOnly`` . Required when the ``CreateDomain.AppNetworkAccessType`` parameter is set to ``VpcOnly`` , unless specified as part of the ``DefaultUserSettings`` for the domain. Amazon SageMaker adds a security group to allow NFS traffic from Amazon SageMaker Studio. Therefore, the number of security groups that you can specify is one less than the maximum number shown. SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
             :param sharing_settings: Specifies options for sharing Amazon SageMaker Studio notebooks.
-            :param space_storage_settings: The storage settings for a space.
+            :param space_storage_settings: The storage settings for a space. SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
             :param studio_web_portal: Whether the user can access Studio. If this value is set to ``DISABLED`` , the user cannot access Studio, even if that is the default experience for the domain.
             :param studio_web_portal_settings: Studio settings. If these settings are applied on a user level, they take priority over the settings applied on a domain level.
 
@@ -8997,6 +9033,8 @@ class CfnDomain(
         def execution_role(self) -> builtins.str:
             '''The execution role for the user.
 
+            SageMaker applies this setting only to private spaces that the user creates in the domain. SageMaker doesn't apply this setting to shared spaces.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-usersettings.html#cfn-sagemaker-domain-usersettings-executionrole
             '''
             result = self._values.get("execution_role")
@@ -9009,6 +9047,8 @@ class CfnDomain(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDomain.CodeEditorAppSettingsProperty"]]:
             '''The Code Editor application settings.
 
+            SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-usersettings.html#cfn-sagemaker-domain-usersettings-codeeditorappsettings
             '''
             result = self._values.get("code_editor_app_settings")
@@ -9022,6 +9062,8 @@ class CfnDomain(
 
             Permitted users can access this file system in Amazon SageMaker Studio.
 
+            SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-usersettings.html#cfn-sagemaker-domain-usersettings-customfilesystemconfigs
             '''
             result = self._values.get("custom_file_system_configs")
@@ -9033,6 +9075,8 @@ class CfnDomain(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDomain.CustomPosixUserConfigProperty"]]:
             '''Details about the POSIX identity that is used for file system operations.
 
+            SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-usersettings.html#cfn-sagemaker-domain-usersettings-customposixuserconfig
             '''
             result = self._values.get("custom_posix_user_config")
@@ -9056,6 +9100,8 @@ class CfnDomain(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDomain.JupyterLabAppSettingsProperty"]]:
             '''The settings for the JupyterLab application.
 
+            SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-usersettings.html#cfn-sagemaker-domain-usersettings-jupyterlabappsettings
             '''
             result = self._values.get("jupyter_lab_app_settings")
@@ -9115,6 +9161,8 @@ class CfnDomain(
 
             Amazon SageMaker adds a security group to allow NFS traffic from Amazon SageMaker Studio. Therefore, the number of security groups that you can specify is one less than the maximum number shown.
 
+            SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-usersettings.html#cfn-sagemaker-domain-usersettings-securitygroups
             '''
             result = self._values.get("security_groups")
@@ -9137,6 +9185,8 @@ class CfnDomain(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDomain.DefaultSpaceStorageSettingsProperty"]]:
             '''The storage settings for a space.
 
+            SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-usersettings.html#cfn-sagemaker-domain-usersettings-spacestoragesettings
             '''
             result = self._values.get("space_storage_settings")
@@ -9192,6 +9242,7 @@ class CfnDomain(
         "default_space_settings": "defaultSpaceSettings",
         "domain_settings": "domainSettings",
         "kms_key_id": "kmsKeyId",
+        "tag_propagation": "tagPropagation",
         "tags": "tags",
     },
 )
@@ -9209,6 +9260,7 @@ class CfnDomainProps:
         default_space_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDomain.DefaultSpaceSettingsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         domain_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDomain.DomainSettingsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         kms_key_id: typing.Optional[builtins.str] = None,
+        tag_propagation: typing.Optional[builtins.str] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''Properties for defining a ``CfnDomain``.
@@ -9220,9 +9272,10 @@ class CfnDomainProps:
         :param vpc_id: The ID of the Amazon Virtual Private Cloud (Amazon VPC) that Studio uses for communication. *Length Constraints* : Maximum length of 32. *Pattern* : ``[-0-9a-zA-Z]+``
         :param app_network_access_type: Specifies the VPC used for non-EFS traffic. The default value is ``PublicInternetOnly`` . - ``PublicInternetOnly`` - Non-EFS traffic is through a VPC managed by Amazon SageMaker , which allows direct internet access - ``VpcOnly`` - All Studio traffic is through the specified VPC and subnets *Valid Values* : ``PublicInternetOnly | VpcOnly``
         :param app_security_group_management: The entity that creates and manages the required security groups for inter-app communication in ``VpcOnly`` mode. Required when ``CreateDomain.AppNetworkAccessType`` is ``VpcOnly`` and ``DomainSettings.RStudioServerProDomainSettings.DomainExecutionRoleArn`` is provided. If setting up the domain for use with RStudio, this value must be set to ``Service`` . *Allowed Values* : ``Service`` | ``Customer``
-        :param default_space_settings: A collection of settings that apply to spaces created in the domain.
+        :param default_space_settings: The default settings for shared spaces that users create in the domain. SageMaker applies these settings only to shared spaces. It doesn't apply them to private spaces.
         :param domain_settings: A collection of settings that apply to the ``SageMaker Domain`` . These settings are specified through the ``CreateDomain`` API call.
         :param kms_key_id: SageMaker uses AWS KMS to encrypt the EFS volume attached to the Domain with an AWS managed customer master key (CMK) by default. For more control, specify a customer managed CMK. *Length Constraints* : Maximum length of 2048. *Pattern* : ``.*``
+        :param tag_propagation: Indicates whether the tags added to Domain, User Profile and Space entity is propagated to all SageMaker resources.
         :param tags: Tags to associated with the Domain. Each tag consists of a key and an optional value. Tag keys must be unique per resource. Tags are searchable using the Search API. Tags that you specify for the Domain are also added to all apps that are launched in the Domain. *Array members* : Minimum number of 0 items. Maximum number of 50 items.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-domain.html
@@ -9454,6 +9507,7 @@ class CfnDomainProps:
                         enable_docker_access="enableDockerAccess",
                         vpc_only_trusted_accounts=["vpcOnlyTrustedAccounts"]
                     ),
+                    execution_role_identity_config="executionRoleIdentityConfig",
                     r_studio_server_pro_domain_settings=sagemaker.CfnDomain.RStudioServerProDomainSettingsProperty(
                         domain_execution_role_arn="domainExecutionRoleArn",
             
@@ -9470,6 +9524,7 @@ class CfnDomainProps:
                     security_group_ids=["securityGroupIds"]
                 ),
                 kms_key_id="kmsKeyId",
+                tag_propagation="tagPropagation",
                 tags=[CfnTag(
                     key="key",
                     value="value"
@@ -9488,6 +9543,7 @@ class CfnDomainProps:
             check_type(argname="argument default_space_settings", value=default_space_settings, expected_type=type_hints["default_space_settings"])
             check_type(argname="argument domain_settings", value=domain_settings, expected_type=type_hints["domain_settings"])
             check_type(argname="argument kms_key_id", value=kms_key_id, expected_type=type_hints["kms_key_id"])
+            check_type(argname="argument tag_propagation", value=tag_propagation, expected_type=type_hints["tag_propagation"])
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "auth_mode": auth_mode,
@@ -9506,6 +9562,8 @@ class CfnDomainProps:
             self._values["domain_settings"] = domain_settings
         if kms_key_id is not None:
             self._values["kms_key_id"] = kms_key_id
+        if tag_propagation is not None:
+            self._values["tag_propagation"] = tag_propagation
         if tags is not None:
             self._values["tags"] = tags
 
@@ -9604,7 +9662,9 @@ class CfnDomainProps:
     def default_space_settings(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnDomain.DefaultSpaceSettingsProperty]]:
-        '''A collection of settings that apply to spaces created in the domain.
+        '''The default settings for shared spaces that users create in the domain.
+
+        SageMaker applies these settings only to shared spaces. It doesn't apply them to private spaces.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-domain.html#cfn-sagemaker-domain-defaultspacesettings
         '''
@@ -9639,6 +9699,15 @@ class CfnDomainProps:
         result = self._values.get("kms_key_id")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def tag_propagation(self) -> typing.Optional[builtins.str]:
+        '''Indicates whether the tags added to Domain, User Profile and Space entity is propagated to all SageMaker resources.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-domain.html#cfn-sagemaker-domain-tagpropagation
+        '''
+        result = self._values.get("tag_propagation")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
         '''Tags to associated with the Domain.
@@ -9814,6 +9883,15 @@ class CfnEndpoint(
         '''The CloudFormation resource type name for this resource class.'''
         return typing.cast(builtins.str, jsii.sget(cls, "CFN_RESOURCE_TYPE_NAME"))
 
+    @builtins.property
+    @jsii.member(jsii_name="attrEndpointArn")
+    def attr_endpoint_arn(self) -> builtins.str:
+        '''The Amazon Resource Name (ARN) of the endpoint.
+
+        :cloudformationAttribute: EndpointArn
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrEndpointArn"))
+
     @builtins.property
     @jsii.member(jsii_name="attrEndpointName")
     def attr_endpoint_name(self) -> builtins.str:
@@ -44393,9 +44471,9 @@ class CfnStudioLifecycleConfig(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param studio_lifecycle_config_app_type: The App type to which the Lifecycle Configuration is attached.
-        :param studio_lifecycle_config_content: The content of your Amazon SageMaker Studio Lifecycle Configuration script.
+        :param studio_lifecycle_config_content: The content of your Amazon SageMaker Studio Lifecycle Configuration script. This content must be base64 encoded.
         :param studio_lifecycle_config_name: The name of the Amazon SageMaker Studio Lifecycle Configuration.
-        :param tags: Tags to be associated with the Lifecycle Configuration.
+        :param tags: Tags to be associated with the Lifecycle Configuration. Each tag consists of a key and an optional value. Tag keys must be unique per resource. Tags are searchable using the Search API.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__781a43111dd6adef34feca5cebbdb6b17f5e2425b368d8e007d51d833843916c)
@@ -44535,9 +44613,9 @@ class CfnStudioLifecycleConfigProps:
         '''Properties for defining a ``CfnStudioLifecycleConfig``.
 
         :param studio_lifecycle_config_app_type: The App type to which the Lifecycle Configuration is attached.
-        :param studio_lifecycle_config_content: The content of your Amazon SageMaker Studio Lifecycle Configuration script.
+        :param studio_lifecycle_config_content: The content of your Amazon SageMaker Studio Lifecycle Configuration script. This content must be base64 encoded.
         :param studio_lifecycle_config_name: The name of the Amazon SageMaker Studio Lifecycle Configuration.
-        :param tags: Tags to be associated with the Lifecycle Configuration.
+        :param tags: Tags to be associated with the Lifecycle Configuration. Each tag consists of a key and an optional value. Tag keys must be unique per resource. Tags are searchable using the Search API.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-studiolifecycleconfig.html
         :exampleMetadata: fixture=_generated
@@ -44588,6 +44666,8 @@ class CfnStudioLifecycleConfigProps:
     def studio_lifecycle_config_content(self) -> builtins.str:
         '''The content of your Amazon SageMaker Studio Lifecycle Configuration script.
 
+        This content must be base64 encoded.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-studiolifecycleconfig.html#cfn-sagemaker-studiolifecycleconfig-studiolifecycleconfigcontent
         '''
         result = self._values.get("studio_lifecycle_config_content")
@@ -44608,6 +44688,8 @@ class CfnStudioLifecycleConfigProps:
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
         '''Tags to be associated with the Lifecycle Configuration.
 
+        Each tag consists of a key and an optional value. Tag keys must be unique per resource. Tags are searchable using the Search API.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-studiolifecycleconfig.html#cfn-sagemaker-studiolifecycleconfig-tags
         '''
         result = self._values.get("tags")
@@ -46480,18 +46562,18 @@ class CfnUserProfile(
 
             ``SecurityGroups`` is aggregated when specified in both calls. For all other settings in ``UserSettings`` , the values specified in ``CreateUserProfile`` take precedence over those specified in ``CreateDomain`` .
 
-            :param code_editor_app_settings: The Code Editor application settings.
-            :param custom_file_system_configs: The settings for assigning a custom file system to a user profile. Permitted users can access this file system in Amazon SageMaker Studio.
-            :param custom_posix_user_config: Details about the POSIX identity that is used for file system operations.
+            :param code_editor_app_settings: The Code Editor application settings. SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
+            :param custom_file_system_configs: The settings for assigning a custom file system to a user profile. Permitted users can access this file system in Amazon SageMaker Studio. SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
+            :param custom_posix_user_config: Details about the POSIX identity that is used for file system operations. SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
             :param default_landing_uri: The default experience that the user is directed to when accessing the domain. The supported values are:. - ``studio::`` : Indicates that Studio is the default experience. This value can only be passed if ``StudioWebPortal`` is set to ``ENABLED`` . - ``app:JupyterServer:`` : Indicates that Studio Classic is the default experience.
-            :param execution_role: The execution role for the user.
-            :param jupyter_lab_app_settings: The settings for the JupyterLab application.
+            :param execution_role: The execution role for the user. SageMaker applies this setting only to private spaces that the user creates in the domain. SageMaker doesn't apply this setting to shared spaces.
+            :param jupyter_lab_app_settings: The settings for the JupyterLab application. SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
             :param jupyter_server_app_settings: The Jupyter server's app settings.
             :param kernel_gateway_app_settings: The kernel gateway app settings.
             :param r_studio_server_pro_app_settings: A collection of settings that configure user interaction with the ``RStudioServerPro`` app.
-            :param security_groups: The security groups for the Amazon Virtual Private Cloud (VPC) that the domain uses for communication. Optional when the ``CreateDomain.AppNetworkAccessType`` parameter is set to ``PublicInternetOnly`` . Required when the ``CreateDomain.AppNetworkAccessType`` parameter is set to ``VpcOnly`` , unless specified as part of the ``DefaultUserSettings`` for the domain. Amazon SageMaker adds a security group to allow NFS traffic from Amazon SageMaker Studio. Therefore, the number of security groups that you can specify is one less than the maximum number shown.
+            :param security_groups: The security groups for the Amazon Virtual Private Cloud (VPC) that the domain uses for communication. Optional when the ``CreateDomain.AppNetworkAccessType`` parameter is set to ``PublicInternetOnly`` . Required when the ``CreateDomain.AppNetworkAccessType`` parameter is set to ``VpcOnly`` , unless specified as part of the ``DefaultUserSettings`` for the domain. Amazon SageMaker adds a security group to allow NFS traffic from Amazon SageMaker Studio. Therefore, the number of security groups that you can specify is one less than the maximum number shown. SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
             :param sharing_settings: Specifies options for sharing Amazon SageMaker Studio notebooks.
-            :param space_storage_settings: The storage settings for a space.
+            :param space_storage_settings: The storage settings for a space. SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
             :param studio_web_portal: Whether the user can access Studio. If this value is set to ``DISABLED`` , the user cannot access Studio, even if that is the default experience for the domain.
             :param studio_web_portal_settings: Studio settings. If these settings are applied on a user level, they take priority over the settings applied on a domain level.
 
@@ -46670,6 +46752,8 @@ class CfnUserProfile(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnUserProfile.CodeEditorAppSettingsProperty"]]:
             '''The Code Editor application settings.
 
+            SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-userprofile-usersettings.html#cfn-sagemaker-userprofile-usersettings-codeeditorappsettings
             '''
             result = self._values.get("code_editor_app_settings")
@@ -46683,6 +46767,8 @@ class CfnUserProfile(
 
             Permitted users can access this file system in Amazon SageMaker Studio.
 
+            SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-userprofile-usersettings.html#cfn-sagemaker-userprofile-usersettings-customfilesystemconfigs
             '''
             result = self._values.get("custom_file_system_configs")
@@ -46694,6 +46780,8 @@ class CfnUserProfile(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnUserProfile.CustomPosixUserConfigProperty"]]:
             '''Details about the POSIX identity that is used for file system operations.
 
+            SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-userprofile-usersettings.html#cfn-sagemaker-userprofile-usersettings-customposixuserconfig
             '''
             result = self._values.get("custom_posix_user_config")
@@ -46715,6 +46803,8 @@ class CfnUserProfile(
         def execution_role(self) -> typing.Optional[builtins.str]:
             '''The execution role for the user.
 
+            SageMaker applies this setting only to private spaces that the user creates in the domain. SageMaker doesn't apply this setting to shared spaces.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-userprofile-usersettings.html#cfn-sagemaker-userprofile-usersettings-executionrole
             '''
             result = self._values.get("execution_role")
@@ -46726,6 +46816,8 @@ class CfnUserProfile(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnUserProfile.JupyterLabAppSettingsProperty"]]:
             '''The settings for the JupyterLab application.
 
+            SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-userprofile-usersettings.html#cfn-sagemaker-userprofile-usersettings-jupyterlabappsettings
             '''
             result = self._values.get("jupyter_lab_app_settings")
@@ -46774,6 +46866,8 @@ class CfnUserProfile(
 
             Amazon SageMaker adds a security group to allow NFS traffic from Amazon SageMaker Studio. Therefore, the number of security groups that you can specify is one less than the maximum number shown.
 
+            SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-userprofile-usersettings.html#cfn-sagemaker-userprofile-usersettings-securitygroups
             '''
             result = self._values.get("security_groups")
@@ -46796,6 +46890,8 @@ class CfnUserProfile(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnUserProfile.DefaultSpaceStorageSettingsProperty"]]:
             '''The storage settings for a space.
 
+            SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-userprofile-usersettings.html#cfn-sagemaker-userprofile-usersettings-spacestoragesettings
             '''
             result = self._values.get("space_storage_settings")
@@ -48809,6 +48905,7 @@ def _typecheckingstub__6a98e719c58aab3299db52c4086bfb65ee6438882423af805478e9ea3
     default_space_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDomain.DefaultSpaceSettingsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     domain_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDomain.DomainSettingsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     kms_key_id: typing.Optional[builtins.str] = None,
+    tag_propagation: typing.Optional[builtins.str] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""
@@ -48886,6 +48983,12 @@ def _typecheckingstub__705995dde312c66454de0b9e9f6a8d7e895beb5c34f61395d1dab1369
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__c3d58c631c2c753ff6694e786e5b7271c0e621cef1413bccab572fda47a21ab3(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__6d1a70c209913231f1eb30dba814eb3a3bc58f6f4341ea1392c5061d8dbc8d51(
     value: typing.Optional[typing.List[_CfnTag_f6864754]],
 ) -> None:
@@ -48980,6 +49083,7 @@ def _typecheckingstub__1936e7c64bbc1c0c5b8c086a1111acac047651d9cb6495a9c2f8961d2
 def _typecheckingstub__b23323cc301476d59d77a279da88bfc3d14a3c21fb8709a0ecc6db6074a56cf9(
     *,
     docker_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDomain.DockerSettingsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+    execution_role_identity_config: typing.Optional[builtins.str] = None,
     r_studio_server_pro_domain_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDomain.RStudioServerProDomainSettingsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
 ) -> None:
@@ -49118,6 +49222,7 @@ def _typecheckingstub__d70b90cbf9af0f3b53a18e5f11f7de868ef5fe3e6110bb229fd135001
     default_space_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDomain.DefaultSpaceSettingsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     domain_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDomain.DomainSettingsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     kms_key_id: typing.Optional[builtins.str] = None,
+    tag_propagation: typing.Optional[builtins.str] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""

aws_cdk/aws_secretsmanager/__init__.py

@@ -819,7 +819,8 @@ class CfnRotationSchedule(
     @builtins.property
     @jsii.member(jsii_name="attrId")
     def attr_id(self) -> builtins.str:
-        '''
+        '''The ARN of the secret.
+
         :cloudformationAttribute: Id
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrId"))