aws-cdk-lib 2.165.0__py3-none-any.whl → 2.167.0__py3-none-any.whl

aws_cdk/aws_stepfunctions/__init__.py

@@ -5348,6 +5348,7 @@ class DefinitionBody(
         *,
         deploy_time: typing.Optional[builtins.bool] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+        source_kms_key: typing.Optional[_IKey_5f11635f] = None,
         asset_hash: typing.Optional[builtins.str] = None,
         asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
         bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -5359,6 +5360,7 @@ class DefinitionBody(
         :param path: -
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
+        :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
         :param asset_hash: Specify a custom hash for this asset. If ``assetHashType`` is set it must be set to ``AssetHashType.CUSTOM``. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based on ``assetHashType``
         :param asset_hash_type: Specifies the type of hash to calculate for this asset. If ``assetHash`` is configured, this option must be ``undefined`` or ``AssetHashType.CUSTOM``. Default: - the default is ``AssetHashType.SOURCE``, but if ``assetHash`` is explicitly specified this value defaults to ``AssetHashType.CUSTOM``.
         :param bundling: Bundle the asset by executing a command in a Docker container or a custom bundling provider. The asset path will be mounted at ``/asset-input``. The Docker container is responsible for putting content at ``/asset-output``. The content at ``/asset-output`` will be zipped and used as the final asset. Default: - uploaded as-is to S3 if the asset is a regular file or a .zip file, archived into a .zip file and uploaded to S3 otherwise
@@ -5372,6 +5374,7 @@ class DefinitionBody(
         options = _AssetOptions_2aa69621(
             deploy_time=deploy_time,
             readers=readers,
+            source_kms_key=source_kms_key,
             asset_hash=asset_hash,
             asset_hash_type=asset_hash_type,
             bundling=bundling,
@@ -5920,6 +5923,7 @@ class FileDefinitionBody(
         *,
         deploy_time: typing.Optional[builtins.bool] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+        source_kms_key: typing.Optional[_IKey_5f11635f] = None,
         asset_hash: typing.Optional[builtins.str] = None,
         asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
         bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -5931,6 +5935,7 @@ class FileDefinitionBody(
         :param path: -
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
+        :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
         :param asset_hash: Specify a custom hash for this asset. If ``assetHashType`` is set it must be set to ``AssetHashType.CUSTOM``. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based on ``assetHashType``
         :param asset_hash_type: Specifies the type of hash to calculate for this asset. If ``assetHash`` is configured, this option must be ``undefined`` or ``AssetHashType.CUSTOM``. Default: - the default is ``AssetHashType.SOURCE``, but if ``assetHash`` is explicitly specified this value defaults to ``AssetHashType.CUSTOM``.
         :param bundling: Bundle the asset by executing a command in a Docker container or a custom bundling provider. The asset path will be mounted at ``/asset-input``. The Docker container is responsible for putting content at ``/asset-output``. The content at ``/asset-output`` will be zipped and used as the final asset. Default: - uploaded as-is to S3 if the asset is a regular file or a .zip file, archived into a .zip file and uploaded to S3 otherwise
@@ -5944,6 +5949,7 @@ class FileDefinitionBody(
         options = _AssetOptions_2aa69621(
             deploy_time=deploy_time,
             readers=readers,
+            source_kms_key=source_kms_key,
             asset_hash=asset_hash,
             asset_hash_type=asset_hash_type,
             bundling=bundling,
@@ -17493,6 +17499,7 @@ def _typecheckingstub__2e34fabd0367a0519a35d86d419baa37e6fe26ad05457e96b236a55bb
     *,
     deploy_time: typing.Optional[builtins.bool] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+    source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     asset_hash: typing.Optional[builtins.str] = None,
     asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
     bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -17574,6 +17581,7 @@ def _typecheckingstub__526ef9213812e76ec99bd530d4fbea7cc137d220b92525fe763d6d315
     *,
     deploy_time: typing.Optional[builtins.bool] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+    source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     asset_hash: typing.Optional[builtins.str] = None,
     asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
     bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,

aws_cdk/aws_synthetics/__init__.py

@@ -307,6 +307,33 @@ canary = synthetics.Canary(self, "MyCanary",
     )]
 )
 ```
+
+Canary artifacts are encrypted at rest using an AWS-managed key by default.
+
+You can choose the encryption options SSE-S3 or SSE-KMS by setting the `artifactS3EncryptionMode` property.
+
+When you use SSE-KMS, you can also supply your own external KMS key by specifying the `kmsKey` property. If you don't, a KMS key will be automatically created and associated with the canary.
+
+```python
+import aws_cdk.aws_kms as kms
+
+
+key = kms.Key(self, "myKey")
+
+canary = synthetics.Canary(self, "MyCanary",
+    schedule=synthetics.Schedule.rate(Duration.minutes(5)),
+    test=synthetics.Test.custom(
+        code=synthetics.Code.from_asset(path.join(__dirname, "canary")),
+        handler="index.handler"
+    ),
+    runtime=synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_7_0,
+    artifacts_bucket_lifecycle_rules=[LifecycleRule(
+        expiration=Duration.days(30)
+    )],
+    artifact_s3_encryption_mode=synthetics.ArtifactsEncryptionMode.KMS,
+    artifact_s3_kms_key=key
+)
+```
 '''
 from pkgutil import extend_path
 __path__ = extend_path(__path__, __name__)
@@ -370,6 +397,7 @@ from ..aws_ec2 import (
     SubnetSelection as _SubnetSelection_e57d76df,
 )
 from ..aws_iam import IGrantable as _IGrantable_71c4f5de, IRole as _IRole_235f5d8e
+from ..aws_kms import IKey as _IKey_5f11635f
 from ..aws_s3 import (
     IBucket as _IBucket_42e086fd,
     LifecycleRule as _LifecycleRule_bb74e6ff,
@@ -456,6 +484,40 @@ class ArtifactsBucketLocation:
         )
 
 
+@jsii.enum(jsii_type="aws-cdk-lib.aws_synthetics.ArtifactsEncryptionMode")
+class ArtifactsEncryptionMode(enum.Enum):
+    '''Encryption mode for canary artifacts.
+
+    :exampleMetadata: infused
+
+    Example::
+
+        import aws_cdk.aws_kms as kms
+        
+        
+        key = kms.Key(self, "myKey")
+        
+        canary = synthetics.Canary(self, "MyCanary",
+            schedule=synthetics.Schedule.rate(Duration.minutes(5)),
+            test=synthetics.Test.custom(
+                code=synthetics.Code.from_asset(path.join(__dirname, "canary")),
+                handler="index.handler"
+            ),
+            runtime=synthetics.Runtime.SYNTHETICS_NODEJS_PUPPETEER_7_0,
+            artifacts_bucket_lifecycle_rules=[LifecycleRule(
+                expiration=Duration.days(30)
+            )],
+            artifact_s3_encryption_mode=synthetics.ArtifactsEncryptionMode.KMS,
+            artifact_s3_kms_key=key
+        )
+    '''
+
+    S3_MANAGED = "S3_MANAGED"
+    '''Server-side encryption (SSE) with an Amazon S3-managed key.'''
+    KMS = "KMS"
+    '''Server-side encryption (SSE) with an AWS KMS customer managed key.'''
+
+
 @jsii.implements(_IConnectable_10015a05)
 class Canary(
     _Resource_45bc6135,
@@ -490,6 +552,8 @@ class Canary(
         runtime: "Runtime",
         test: "Test",
         active_tracing: typing.Optional[builtins.bool] = None,
+        artifact_s3_encryption_mode: typing.Optional[ArtifactsEncryptionMode] = None,
+        artifact_s3_kms_key: typing.Optional[_IKey_5f11635f] = None,
         artifacts_bucket_lifecycle_rules: typing.Optional[typing.Sequence[typing.Union[_LifecycleRule_bb74e6ff, typing.Dict[builtins.str, typing.Any]]]] = None,
         artifacts_bucket_location: typing.Optional[typing.Union[ArtifactsBucketLocation, typing.Dict[builtins.str, typing.Any]]] = None,
         canary_name: typing.Optional[builtins.str] = None,
@@ -513,6 +577,8 @@ class Canary(
         :param runtime: Specify the runtime version to use for the canary.
         :param test: The type of test that you want your canary to run. Use ``Test.custom()`` to specify the test to run.
         :param active_tracing: Specifies whether this canary is to use active AWS X-Ray tracing when it runs. Active tracing enables this canary run to be displayed in the ServiceLens and X-Ray service maps even if the canary does not hit an endpoint that has X-Ray tracing enabled. Using X-Ray tracing incurs charges. You can enable active tracing only for canaries that use version ``syn-nodejs-2.0`` or later for their canary runtime. Default: false
+        :param artifact_s3_encryption_mode: Canary Artifacts in S3 encryption mode. Artifact encryption is only supported for canaries that use Synthetics runtime version ``syn-nodejs-puppeteer-3.3`` or later. Default: - Artifacts are encrypted at rest using an AWS managed key. ``ArtifactsEncryptionMode.KMS`` is set if you specify ``artifactS3KmsKey``.
+        :param artifact_s3_kms_key: The KMS key used to encrypt canary artifacts. Default: - no kms key if ``artifactS3EncryptionMode`` is set to ``S3_MANAGED``. A key will be created if one is not provided and ``artifactS3EncryptionMode`` is set to ``KMS``.
         :param artifacts_bucket_lifecycle_rules: Lifecycle rules for the generated canary artifact bucket. Has no effect if a bucket is passed to ``artifactsBucketLocation``. If you pass a bucket to ``artifactsBucketLocation``, you can add lifecycle rules to the bucket itself. Default: - no rules applied to the generated bucket.
         :param artifacts_bucket_location: The s3 location that stores the data of the canary runs. Default: - A new s3 bucket will be created without a prefix.
         :param canary_name: The name of the canary. Be sure to give it a descriptive name that distinguishes it from other canaries in your account. Do not include secrets or proprietary information in your canary name. The canary name makes up part of the canary ARN, which is included in outbound calls over the internet. Default: - A unique name will be generated from the construct ID
@@ -538,6 +604,8 @@ class Canary(
             runtime=runtime,
             test=test,
             active_tracing=active_tracing,
+            artifact_s3_encryption_mode=artifact_s3_encryption_mode,
+            artifact_s3_kms_key=artifact_s3_kms_key,
             artifacts_bucket_lifecycle_rules=artifacts_bucket_lifecycle_rules,
             artifacts_bucket_location=artifacts_bucket_location,
             canary_name=canary_name,
@@ -733,6 +801,8 @@ class Canary(
         "runtime": "runtime",
         "test": "test",
         "active_tracing": "activeTracing",
+        "artifact_s3_encryption_mode": "artifactS3EncryptionMode",
+        "artifact_s3_kms_key": "artifactS3KmsKey",
         "artifacts_bucket_lifecycle_rules": "artifactsBucketLifecycleRules",
         "artifacts_bucket_location": "artifactsBucketLocation",
         "canary_name": "canaryName",
@@ -758,6 +828,8 @@ class CanaryProps:
         runtime: "Runtime",
         test: "Test",
         active_tracing: typing.Optional[builtins.bool] = None,
+        artifact_s3_encryption_mode: typing.Optional[ArtifactsEncryptionMode] = None,
+        artifact_s3_kms_key: typing.Optional[_IKey_5f11635f] = None,
         artifacts_bucket_lifecycle_rules: typing.Optional[typing.Sequence[typing.Union[_LifecycleRule_bb74e6ff, typing.Dict[builtins.str, typing.Any]]]] = None,
         artifacts_bucket_location: typing.Optional[typing.Union[ArtifactsBucketLocation, typing.Dict[builtins.str, typing.Any]]] = None,
         canary_name: typing.Optional[builtins.str] = None,
@@ -780,6 +852,8 @@ class CanaryProps:
         :param runtime: Specify the runtime version to use for the canary.
         :param test: The type of test that you want your canary to run. Use ``Test.custom()`` to specify the test to run.
         :param active_tracing: Specifies whether this canary is to use active AWS X-Ray tracing when it runs. Active tracing enables this canary run to be displayed in the ServiceLens and X-Ray service maps even if the canary does not hit an endpoint that has X-Ray tracing enabled. Using X-Ray tracing incurs charges. You can enable active tracing only for canaries that use version ``syn-nodejs-2.0`` or later for their canary runtime. Default: false
+        :param artifact_s3_encryption_mode: Canary Artifacts in S3 encryption mode. Artifact encryption is only supported for canaries that use Synthetics runtime version ``syn-nodejs-puppeteer-3.3`` or later. Default: - Artifacts are encrypted at rest using an AWS managed key. ``ArtifactsEncryptionMode.KMS`` is set if you specify ``artifactS3KmsKey``.
+        :param artifact_s3_kms_key: The KMS key used to encrypt canary artifacts. Default: - no kms key if ``artifactS3EncryptionMode`` is set to ``S3_MANAGED``. A key will be created if one is not provided and ``artifactS3EncryptionMode`` is set to ``KMS``.
         :param artifacts_bucket_lifecycle_rules: Lifecycle rules for the generated canary artifact bucket. Has no effect if a bucket is passed to ``artifactsBucketLocation``. If you pass a bucket to ``artifactsBucketLocation``, you can add lifecycle rules to the bucket itself. Default: - no rules applied to the generated bucket.
         :param artifacts_bucket_location: The s3 location that stores the data of the canary runs. Default: - A new s3 bucket will be created without a prefix.
         :param canary_name: The name of the canary. Be sure to give it a descriptive name that distinguishes it from other canaries in your account. Do not include secrets or proprietary information in your canary name. The canary name makes up part of the canary ARN, which is included in outbound calls over the internet. Default: - A unique name will be generated from the construct ID
@@ -823,6 +897,8 @@ class CanaryProps:
             check_type(argname="argument runtime", value=runtime, expected_type=type_hints["runtime"])
             check_type(argname="argument test", value=test, expected_type=type_hints["test"])
             check_type(argname="argument active_tracing", value=active_tracing, expected_type=type_hints["active_tracing"])
+            check_type(argname="argument artifact_s3_encryption_mode", value=artifact_s3_encryption_mode, expected_type=type_hints["artifact_s3_encryption_mode"])
+            check_type(argname="argument artifact_s3_kms_key", value=artifact_s3_kms_key, expected_type=type_hints["artifact_s3_kms_key"])
             check_type(argname="argument artifacts_bucket_lifecycle_rules", value=artifacts_bucket_lifecycle_rules, expected_type=type_hints["artifacts_bucket_lifecycle_rules"])
             check_type(argname="argument artifacts_bucket_location", value=artifacts_bucket_location, expected_type=type_hints["artifacts_bucket_location"])
             check_type(argname="argument canary_name", value=canary_name, expected_type=type_hints["canary_name"])
@@ -845,6 +921,10 @@ class CanaryProps:
         }
         if active_tracing is not None:
             self._values["active_tracing"] = active_tracing
+        if artifact_s3_encryption_mode is not None:
+            self._values["artifact_s3_encryption_mode"] = artifact_s3_encryption_mode
+        if artifact_s3_kms_key is not None:
+            self._values["artifact_s3_kms_key"] = artifact_s3_kms_key
         if artifacts_bucket_lifecycle_rules is not None:
             self._values["artifacts_bucket_lifecycle_rules"] = artifacts_bucket_lifecycle_rules
         if artifacts_bucket_location is not None:
@@ -914,6 +994,29 @@ class CanaryProps:
         result = self._values.get("active_tracing")
         return typing.cast(typing.Optional[builtins.bool], result)
 
+    @builtins.property
+    def artifact_s3_encryption_mode(self) -> typing.Optional[ArtifactsEncryptionMode]:
+        '''Canary Artifacts in S3 encryption mode.
+
+        Artifact encryption is only supported for canaries that use Synthetics runtime
+        version ``syn-nodejs-puppeteer-3.3`` or later.
+
+        :default: - Artifacts are encrypted at rest using an AWS managed key. ``ArtifactsEncryptionMode.KMS`` is set if you specify ``artifactS3KmsKey``.
+
+        :see: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_artifact_encryption.html
+        '''
+        result = self._values.get("artifact_s3_encryption_mode")
+        return typing.cast(typing.Optional[ArtifactsEncryptionMode], result)
+
+    @builtins.property
+    def artifact_s3_kms_key(self) -> typing.Optional[_IKey_5f11635f]:
+        '''The KMS key used to encrypt canary artifacts.
+
+        :default: - no kms key if ``artifactS3EncryptionMode`` is set to ``S3_MANAGED``. A key will be created if one is not provided and ``artifactS3EncryptionMode`` is set to ``KMS``.
+        '''
+        result = self._values.get("artifact_s3_kms_key")
+        return typing.cast(typing.Optional[_IKey_5f11635f], result)
+
     @builtins.property
     def artifacts_bucket_lifecycle_rules(
         self,
@@ -3089,6 +3192,7 @@ class Code(
         *,
         deploy_time: typing.Optional[builtins.bool] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+        source_kms_key: typing.Optional[_IKey_5f11635f] = None,
         asset_hash: typing.Optional[builtins.str] = None,
         asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
         bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -3103,6 +3207,7 @@ class Code(
         :param asset_path: Either a directory or a .zip file.
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
+        :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
         :param asset_hash: Specify a custom hash for this asset. If ``assetHashType`` is set it must be set to ``AssetHashType.CUSTOM``. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based on ``assetHashType``
         :param asset_hash_type: Specifies the type of hash to calculate for this asset. If ``assetHash`` is configured, this option must be ``undefined`` or ``AssetHashType.CUSTOM``. Default: - the default is ``AssetHashType.SOURCE``, but if ``assetHash`` is explicitly specified this value defaults to ``AssetHashType.CUSTOM``.
         :param bundling: Bundle the asset by executing a command in a Docker container or a custom bundling provider. The asset path will be mounted at ``/asset-input``. The Docker container is responsible for putting content at ``/asset-output``. The content at ``/asset-output`` will be zipped and used as the final asset. Default: - uploaded as-is to S3 if the asset is a regular file or a .zip file, archived into a .zip file and uploaded to S3 otherwise
@@ -3120,6 +3225,7 @@ class Code(
         options = _AssetOptions_2aa69621(
             deploy_time=deploy_time,
             readers=readers,
+            source_kms_key=source_kms_key,
             asset_hash=asset_hash,
             asset_hash_type=asset_hash_type,
             bundling=bundling,
@@ -3794,6 +3900,19 @@ class Runtime(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_synthetics.Run
         '''
         return typing.cast("Runtime", jsii.sget(cls, "SYNTHETICS_NODEJS_PUPPETEER_9_0"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="SYNTHETICS_NODEJS_PUPPETEER_9_1")
+    def SYNTHETICS_NODEJS_PUPPETEER_9_1(cls) -> "Runtime":
+        '''``syn-nodejs-puppeteer-9.1`` includes the following: - Lambda runtime Node.js 20.x - Puppeteer-core version 22.12.1 - Chromium version 126.0.6478.126.
+
+        New Features:
+
+        - **Bug fixes** Bug fix related to date ranges and pending requests in HAR files.
+
+        :see: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_nodejs_puppeteer.html#CloudWatch_Synthetics_runtimeversion-nodejs-puppeteer-9.1
+        '''
+        return typing.cast("Runtime", jsii.sget(cls, "SYNTHETICS_NODEJS_PUPPETEER_9_1"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="SYNTHETICS_PYTHON_SELENIUM_1_0")
     def SYNTHETICS_PYTHON_SELENIUM_1_0(cls) -> "Runtime":
@@ -4155,10 +4274,12 @@ class AssetCode(
         # The values are placeholders you should change.
         import aws_cdk as cdk
         from aws_cdk import aws_iam as iam
+        from aws_cdk import aws_kms as kms
         from aws_cdk import aws_synthetics as synthetics
         
         # docker_image: cdk.DockerImage
         # grantable: iam.IGrantable
+        # key: kms.Key
         # local_bundling: cdk.ILocalBundling
         
         asset_code = synthetics.AssetCode("assetPath",
@@ -4194,7 +4315,8 @@ class AssetCode(
             exclude=["exclude"],
             follow_symlinks=cdk.SymlinkFollowMode.NEVER,
             ignore_mode=cdk.IgnoreMode.GLOB,
-            readers=[grantable]
+            readers=[grantable],
+            source_kMSKey=key
         )
     '''
 
@@ -4204,6 +4326,7 @@ class AssetCode(
         *,
         deploy_time: typing.Optional[builtins.bool] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+        source_kms_key: typing.Optional[_IKey_5f11635f] = None,
         asset_hash: typing.Optional[builtins.str] = None,
         asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
         bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -4215,6 +4338,7 @@ class AssetCode(
         :param asset_path: The path to the asset file or directory.
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
+        :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
         :param asset_hash: Specify a custom hash for this asset. If ``assetHashType`` is set it must be set to ``AssetHashType.CUSTOM``. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based on ``assetHashType``
         :param asset_hash_type: Specifies the type of hash to calculate for this asset. If ``assetHash`` is configured, this option must be ``undefined`` or ``AssetHashType.CUSTOM``. Default: - the default is ``AssetHashType.SOURCE``, but if ``assetHash`` is explicitly specified this value defaults to ``AssetHashType.CUSTOM``.
         :param bundling: Bundle the asset by executing a command in a Docker container or a custom bundling provider. The asset path will be mounted at ``/asset-input``. The Docker container is responsible for putting content at ``/asset-output``. The content at ``/asset-output`` will be zipped and used as the final asset. Default: - uploaded as-is to S3 if the asset is a regular file or a .zip file, archived into a .zip file and uploaded to S3 otherwise
@@ -4228,6 +4352,7 @@ class AssetCode(
         options = _AssetOptions_2aa69621(
             deploy_time=deploy_time,
             readers=readers,
+            source_kms_key=source_kms_key,
             asset_hash=asset_hash,
             asset_hash_type=asset_hash_type,
             bundling=bundling,
@@ -4261,6 +4386,7 @@ class AssetCode(
 
 __all__ = [
     "ArtifactsBucketLocation",
+    "ArtifactsEncryptionMode",
     "AssetCode",
     "Canary",
     "CanaryProps",
@@ -4298,6 +4424,8 @@ def _typecheckingstub__b3b6d76e5f93e31884e16cc00a9b4fc93e6782ff7db09c74aa1ef9346
     runtime: Runtime,
     test: Test,
     active_tracing: typing.Optional[builtins.bool] = None,
+    artifact_s3_encryption_mode: typing.Optional[ArtifactsEncryptionMode] = None,
+    artifact_s3_kms_key: typing.Optional[_IKey_5f11635f] = None,
     artifacts_bucket_lifecycle_rules: typing.Optional[typing.Sequence[typing.Union[_LifecycleRule_bb74e6ff, typing.Dict[builtins.str, typing.Any]]]] = None,
     artifacts_bucket_location: typing.Optional[typing.Union[ArtifactsBucketLocation, typing.Dict[builtins.str, typing.Any]]] = None,
     canary_name: typing.Optional[builtins.str] = None,
@@ -4323,6 +4451,8 @@ def _typecheckingstub__44ec0b14d52b66927d4daebe6f97bb070f3629bb0eb86e21668ca7862
     runtime: Runtime,
     test: Test,
     active_tracing: typing.Optional[builtins.bool] = None,
+    artifact_s3_encryption_mode: typing.Optional[ArtifactsEncryptionMode] = None,
+    artifact_s3_kms_key: typing.Optional[_IKey_5f11635f] = None,
     artifacts_bucket_lifecycle_rules: typing.Optional[typing.Sequence[typing.Union[_LifecycleRule_bb74e6ff, typing.Dict[builtins.str, typing.Any]]]] = None,
     artifacts_bucket_location: typing.Optional[typing.Union[ArtifactsBucketLocation, typing.Dict[builtins.str, typing.Any]]] = None,
     canary_name: typing.Optional[builtins.str] = None,
@@ -4622,6 +4752,7 @@ def _typecheckingstub__02201c2190b076bbceced8708b435fab8189f7f505650002941cc7a50
     *,
     deploy_time: typing.Optional[builtins.bool] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+    source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     asset_hash: typing.Optional[builtins.str] = None,
     asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
     bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -4735,6 +4866,7 @@ def _typecheckingstub__60a29a536d66536254f2ca409a65dc32f30e483b29091222d42f32106
     *,
     deploy_time: typing.Optional[builtins.bool] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+    source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     asset_hash: typing.Optional[builtins.str] = None,
     asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
     bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,

aws_cdk/aws_timestream/__init__.py

@@ -347,6 +347,7 @@ class CfnInfluxDBInstance(
             name="name",
             organization="organization",
             password="password",
+            port=123,
             publicly_accessible=False,
             tags=[CfnTag(
                 key="key",
@@ -373,6 +374,7 @@ class CfnInfluxDBInstance(
         name: typing.Optional[builtins.str] = None,
         organization: typing.Optional[builtins.str] = None,
         password: typing.Optional[builtins.str] = None,
+        port: typing.Optional[jsii.Number] = None,
         publicly_accessible: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
         username: typing.Optional[builtins.str] = None,
@@ -392,6 +394,7 @@ class CfnInfluxDBInstance(
         :param name: The name that uniquely identifies the DB instance when interacting with the Amazon Timestream for InfluxDB API and CLI commands. This name will also be a prefix included in the endpoint. DB instance names must be unique per customer and per region.
         :param organization: The name of the initial organization for the initial admin user in InfluxDB. An InfluxDB organization is a workspace for a group of users.
         :param password: The password of the initial admin user created in InfluxDB. This password will allow you to access the InfluxDB UI to perform various administrative tasks and also use the InfluxDB CLI to create an operator token. These attributes will be stored in a Secret created in Amazon SecretManager in your account.
+        :param port: The port number on which InfluxDB accepts connections.
         :param publicly_accessible: Configures the DB instance with a public IP to facilitate access. Default: - false
         :param tags: A list of key-value pairs to associate with the DB instance.
         :param username: The username of the initial admin user created in InfluxDB. Must start with a letter and can't end with a hyphen or contain two consecutive hyphens. For example, my-user1. This username will allow you to access the InfluxDB UI to perform various administrative tasks and also use the InfluxDB CLI to create an operator token. These attributes will be stored in a Secret created in Amazon Secrets Manager in your account.
@@ -413,6 +416,7 @@ class CfnInfluxDBInstance(
             name=name,
             organization=organization,
             password=password,
+            port=port,
             publicly_accessible=publicly_accessible,
             tags=tags,
             username=username,
@@ -670,6 +674,19 @@ class CfnInfluxDBInstance(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "password", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="port")
+    def port(self) -> typing.Optional[jsii.Number]:
+        '''The port number on which InfluxDB accepts connections.'''
+        return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "port"))
+
+    @port.setter
+    def port(self, value: typing.Optional[jsii.Number]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__9ae9e68a1bb2222ab6cb849a3a301ca28375e9ce32277709782f39c7cb9ce7d4)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "port", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="publiclyAccessible")
     def publicly_accessible(
@@ -890,6 +907,7 @@ class CfnInfluxDBInstance(
         "name": "name",
         "organization": "organization",
         "password": "password",
+        "port": "port",
         "publicly_accessible": "publiclyAccessible",
         "tags": "tags",
         "username": "username",
@@ -911,6 +929,7 @@ class CfnInfluxDBInstanceProps:
         name: typing.Optional[builtins.str] = None,
         organization: typing.Optional[builtins.str] = None,
         password: typing.Optional[builtins.str] = None,
+        port: typing.Optional[jsii.Number] = None,
         publicly_accessible: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
         username: typing.Optional[builtins.str] = None,
@@ -929,6 +948,7 @@ class CfnInfluxDBInstanceProps:
         :param name: The name that uniquely identifies the DB instance when interacting with the Amazon Timestream for InfluxDB API and CLI commands. This name will also be a prefix included in the endpoint. DB instance names must be unique per customer and per region.
         :param organization: The name of the initial organization for the initial admin user in InfluxDB. An InfluxDB organization is a workspace for a group of users.
         :param password: The password of the initial admin user created in InfluxDB. This password will allow you to access the InfluxDB UI to perform various administrative tasks and also use the InfluxDB CLI to create an operator token. These attributes will be stored in a Secret created in Amazon SecretManager in your account.
+        :param port: The port number on which InfluxDB accepts connections.
         :param publicly_accessible: Configures the DB instance with a public IP to facilitate access. Default: - false
         :param tags: A list of key-value pairs to associate with the DB instance.
         :param username: The username of the initial admin user created in InfluxDB. Must start with a letter and can't end with a hyphen or contain two consecutive hyphens. For example, my-user1. This username will allow you to access the InfluxDB UI to perform various administrative tasks and also use the InfluxDB CLI to create an operator token. These attributes will be stored in a Secret created in Amazon Secrets Manager in your account.
@@ -960,6 +980,7 @@ class CfnInfluxDBInstanceProps:
                 name="name",
                 organization="organization",
                 password="password",
+                port=123,
                 publicly_accessible=False,
                 tags=[CfnTag(
                     key="key",
@@ -982,6 +1003,7 @@ class CfnInfluxDBInstanceProps:
             check_type(argname="argument name", value=name, expected_type=type_hints["name"])
             check_type(argname="argument organization", value=organization, expected_type=type_hints["organization"])
             check_type(argname="argument password", value=password, expected_type=type_hints["password"])
+            check_type(argname="argument port", value=port, expected_type=type_hints["port"])
             check_type(argname="argument publicly_accessible", value=publicly_accessible, expected_type=type_hints["publicly_accessible"])
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
             check_type(argname="argument username", value=username, expected_type=type_hints["username"])
@@ -1008,6 +1030,8 @@ class CfnInfluxDBInstanceProps:
             self._values["organization"] = organization
         if password is not None:
             self._values["password"] = password
+        if port is not None:
+            self._values["port"] = port
         if publicly_accessible is not None:
             self._values["publicly_accessible"] = publicly_accessible
         if tags is not None:
@@ -1127,6 +1151,15 @@ class CfnInfluxDBInstanceProps:
         result = self._values.get("password")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def port(self) -> typing.Optional[jsii.Number]:
+        '''The port number on which InfluxDB accepts connections.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-timestream-influxdbinstance.html#cfn-timestream-influxdbinstance-port
+        '''
+        result = self._values.get("port")
+        return typing.cast(typing.Optional[jsii.Number], result)
+
     @builtins.property
     def publicly_accessible(
         self,
@@ -3926,6 +3959,7 @@ def _typecheckingstub__261e4a43f1d3c329e317698aa3b0f0428b7e7d3646c4c536f48fd191f
     name: typing.Optional[builtins.str] = None,
     organization: typing.Optional[builtins.str] = None,
     password: typing.Optional[builtins.str] = None,
+    port: typing.Optional[jsii.Number] = None,
     publicly_accessible: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     username: typing.Optional[builtins.str] = None,
@@ -4007,6 +4041,12 @@ def _typecheckingstub__74f7e1c43a2306182a51c50f7081008d44b95cb4e9c3b52de43127db0
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__9ae9e68a1bb2222ab6cb849a3a301ca28375e9ce32277709782f39c7cb9ce7d4(
+    value: typing.Optional[jsii.Number],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__f4fc7c874876ac199eadc5d0947e02e2e8f42717e865d6b225956129df9bcf9b(
     value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
 ) -> None:
@@ -4064,6 +4104,7 @@ def _typecheckingstub__d0e1a256f4abdadd4b29eda8fd45f16d71b49061c796d179f90eb728f
     name: typing.Optional[builtins.str] = None,
     organization: typing.Optional[builtins.str] = None,
     password: typing.Optional[builtins.str] = None,
+    port: typing.Optional[jsii.Number] = None,
     publicly_accessible: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     username: typing.Optional[builtins.str] = None,