aws-cdk-lib 2.166.0__py3-none-any.whl → 2.167.0__py3-none-any.whl

aws_cdk/aws_s3_assets/__init__.py

@@ -258,6 +258,7 @@ from .. import (
     SymlinkFollowMode as _SymlinkFollowMode_047ec1f6,
 )
 from ..aws_iam import IGrantable as _IGrantable_71c4f5de
+from ..aws_kms import IKey as _IKey_5f11635f
 from ..aws_s3 import IBucket as _IBucket_42e086fd
 
 
@@ -294,6 +295,7 @@ class Asset(
         path: builtins.str,
         deploy_time: typing.Optional[builtins.bool] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+        source_kms_key: typing.Optional[_IKey_5f11635f] = None,
         asset_hash: typing.Optional[builtins.str] = None,
         asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
         bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -307,6 +309,7 @@ class Asset(
         :param path: The disk location of the asset. The path should refer to one of the following: - A regular file or a .zip file, in which case the file will be uploaded as-is to S3. - A directory, in which case it will be archived into a .zip file and uploaded to S3.
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
+        :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
         :param asset_hash: Specify a custom hash for this asset. If ``assetHashType`` is set it must be set to ``AssetHashType.CUSTOM``. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based on ``assetHashType``
         :param asset_hash_type: Specifies the type of hash to calculate for this asset. If ``assetHash`` is configured, this option must be ``undefined`` or ``AssetHashType.CUSTOM``. Default: - the default is ``AssetHashType.SOURCE``, but if ``assetHash`` is explicitly specified this value defaults to ``AssetHashType.CUSTOM``.
         :param bundling: Bundle the asset by executing a command in a Docker container or a custom bundling provider. The asset path will be mounted at ``/asset-input``. The Docker container is responsible for putting content at ``/asset-output``. The content at ``/asset-output`` will be zipped and used as the final asset. Default: - uploaded as-is to S3 if the asset is a regular file or a .zip file, archived into a .zip file and uploaded to S3 otherwise
@@ -322,6 +325,7 @@ class Asset(
             path=path,
             deploy_time=deploy_time,
             readers=readers,
+            source_kms_key=source_kms_key,
             asset_hash=asset_hash,
             asset_hash_type=asset_hash_type,
             bundling=bundling,
@@ -459,6 +463,7 @@ class Asset(
         "ignore_mode": "ignoreMode",
         "deploy_time": "deployTime",
         "readers": "readers",
+        "source_kms_key": "sourceKMSKey",
     },
 )
 class AssetOptions(_AssetOptions_9cd3031e, _FileCopyOptions_e03e2a30):
@@ -473,6 +478,7 @@ class AssetOptions(_AssetOptions_9cd3031e, _FileCopyOptions_e03e2a30):
         ignore_mode: typing.Optional[_IgnoreMode_655a98e8] = None,
         deploy_time: typing.Optional[builtins.bool] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+        source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     ) -> None:
         '''
         :param asset_hash: Specify a custom hash for this asset. If ``assetHashType`` is set it must be set to ``AssetHashType.CUSTOM``. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based on ``assetHashType``
@@ -483,6 +489,7 @@ class AssetOptions(_AssetOptions_9cd3031e, _FileCopyOptions_e03e2a30):
         :param ignore_mode: The ignore behavior to use for ``exclude`` patterns. Default: IgnoreMode.GLOB
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
+        :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
 
         :exampleMetadata: infused
 
@@ -512,6 +519,7 @@ class AssetOptions(_AssetOptions_9cd3031e, _FileCopyOptions_e03e2a30):
             check_type(argname="argument ignore_mode", value=ignore_mode, expected_type=type_hints["ignore_mode"])
             check_type(argname="argument deploy_time", value=deploy_time, expected_type=type_hints["deploy_time"])
             check_type(argname="argument readers", value=readers, expected_type=type_hints["readers"])
+            check_type(argname="argument source_kms_key", value=source_kms_key, expected_type=type_hints["source_kms_key"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
         if asset_hash is not None:
             self._values["asset_hash"] = asset_hash
@@ -529,6 +537,8 @@ class AssetOptions(_AssetOptions_9cd3031e, _FileCopyOptions_e03e2a30):
             self._values["deploy_time"] = deploy_time
         if readers is not None:
             self._values["readers"] = readers
+        if source_kms_key is not None:
+            self._values["source_kms_key"] = source_kms_key
 
     @builtins.property
     def asset_hash(self) -> typing.Optional[builtins.str]:
@@ -642,6 +652,15 @@ class AssetOptions(_AssetOptions_9cd3031e, _FileCopyOptions_e03e2a30):
         result = self._values.get("readers")
         return typing.cast(typing.Optional[typing.List[_IGrantable_71c4f5de]], result)
 
+    @builtins.property
+    def source_kms_key(self) -> typing.Optional[_IKey_5f11635f]:
+        '''The ARN of the KMS key used to encrypt the handler code.
+
+        :default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
+        '''
+        result = self._values.get("source_kms_key")
+        return typing.cast(typing.Optional[_IKey_5f11635f], result)
+
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -666,6 +685,7 @@ class AssetOptions(_AssetOptions_9cd3031e, _FileCopyOptions_e03e2a30):
         "ignore_mode": "ignoreMode",
         "deploy_time": "deployTime",
         "readers": "readers",
+        "source_kms_key": "sourceKMSKey",
         "path": "path",
     },
 )
@@ -681,6 +701,7 @@ class AssetProps(AssetOptions):
         ignore_mode: typing.Optional[_IgnoreMode_655a98e8] = None,
         deploy_time: typing.Optional[builtins.bool] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+        source_kms_key: typing.Optional[_IKey_5f11635f] = None,
         path: builtins.str,
     ) -> None:
         '''
@@ -692,6 +713,7 @@ class AssetProps(AssetOptions):
         :param ignore_mode: The ignore behavior to use for ``exclude`` patterns. Default: IgnoreMode.GLOB
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
+        :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
         :param path: The disk location of the asset. The path should refer to one of the following: - A regular file or a .zip file, in which case the file will be uploaded as-is to S3. - A directory, in which case it will be archived into a .zip file and uploaded to S3.
 
         :exampleMetadata: infused
@@ -722,6 +744,7 @@ class AssetProps(AssetOptions):
             check_type(argname="argument ignore_mode", value=ignore_mode, expected_type=type_hints["ignore_mode"])
             check_type(argname="argument deploy_time", value=deploy_time, expected_type=type_hints["deploy_time"])
             check_type(argname="argument readers", value=readers, expected_type=type_hints["readers"])
+            check_type(argname="argument source_kms_key", value=source_kms_key, expected_type=type_hints["source_kms_key"])
             check_type(argname="argument path", value=path, expected_type=type_hints["path"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "path": path,
@@ -742,6 +765,8 @@ class AssetProps(AssetOptions):
             self._values["deploy_time"] = deploy_time
         if readers is not None:
             self._values["readers"] = readers
+        if source_kms_key is not None:
+            self._values["source_kms_key"] = source_kms_key
 
     @builtins.property
     def asset_hash(self) -> typing.Optional[builtins.str]:
@@ -855,6 +880,15 @@ class AssetProps(AssetOptions):
         result = self._values.get("readers")
         return typing.cast(typing.Optional[typing.List[_IGrantable_71c4f5de]], result)
 
+    @builtins.property
+    def source_kms_key(self) -> typing.Optional[_IKey_5f11635f]:
+        '''The ARN of the KMS key used to encrypt the handler code.
+
+        :default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
+        '''
+        result = self._values.get("source_kms_key")
+        return typing.cast(typing.Optional[_IKey_5f11635f], result)
+
     @builtins.property
     def path(self) -> builtins.str:
         '''The disk location of the asset.
@@ -895,6 +929,7 @@ def _typecheckingstub__00df81fd3b746cf2ee52c0e7a23b6fdc1b45db97673ca7e25a9651e7e
     path: builtins.str,
     deploy_time: typing.Optional[builtins.bool] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+    source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     asset_hash: typing.Optional[builtins.str] = None,
     asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
     bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -928,6 +963,7 @@ def _typecheckingstub__11950fe0327642dd25ddfeb2c620bb33847718475fe489bf003d096a0
     ignore_mode: typing.Optional[_IgnoreMode_655a98e8] = None,
     deploy_time: typing.Optional[builtins.bool] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+    source_kms_key: typing.Optional[_IKey_5f11635f] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -942,6 +978,7 @@ def _typecheckingstub__f879318d3885bc2e9c71c124fac7ad5a955812e438be7c03244c3aad7
     ignore_mode: typing.Optional[_IgnoreMode_655a98e8] = None,
     deploy_time: typing.Optional[builtins.bool] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+    source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     path: builtins.str,
 ) -> None:
     """Type checking stubs"""

aws_cdk/aws_s3_deployment/__init__.py

@@ -579,6 +579,7 @@ from ..aws_ec2 import (
     IVpc as _IVpc_f30d5663, SubnetSelection as _SubnetSelection_e57d76df
 )
 from ..aws_iam import IGrantable as _IGrantable_71c4f5de, IRole as _IRole_235f5d8e
+from ..aws_kms import IKey as _IKey_5f11635f
 from ..aws_logs import (
     ILogGroup as _ILogGroup_3c4fa718, RetentionDays as _RetentionDays_070f99f0
 )
@@ -1950,6 +1951,7 @@ class Source(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_s3_deployment.S
         *,
         deploy_time: typing.Optional[builtins.bool] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+        source_kms_key: typing.Optional[_IKey_5f11635f] = None,
         asset_hash: typing.Optional[builtins.str] = None,
         asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
         bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -1965,6 +1967,7 @@ class Source(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_s3_deployment.S
         :param path: The path to a local .zip file or a directory.
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
+        :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
         :param asset_hash: Specify a custom hash for this asset. If ``assetHashType`` is set it must be set to ``AssetHashType.CUSTOM``. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based on ``assetHashType``
         :param asset_hash_type: Specifies the type of hash to calculate for this asset. If ``assetHash`` is configured, this option must be ``undefined`` or ``AssetHashType.CUSTOM``. Default: - the default is ``AssetHashType.SOURCE``, but if ``assetHash`` is explicitly specified this value defaults to ``AssetHashType.CUSTOM``.
         :param bundling: Bundle the asset by executing a command in a Docker container or a custom bundling provider. The asset path will be mounted at ``/asset-input``. The Docker container is responsible for putting content at ``/asset-output``. The content at ``/asset-output`` will be zipped and used as the final asset. Default: - uploaded as-is to S3 if the asset is a regular file or a .zip file, archived into a .zip file and uploaded to S3 otherwise
@@ -1978,6 +1981,7 @@ class Source(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_s3_deployment.S
         options = _AssetOptions_2aa69621(
             deploy_time=deploy_time,
             readers=readers,
+            source_kms_key=source_kms_key,
             asset_hash=asset_hash,
             asset_hash_type=asset_hash_type,
             bundling=bundling,
@@ -2438,6 +2442,7 @@ def _typecheckingstub__fc877c69568cee7364ec77003356fc6818118602dda64adf3dbf38ff7
     *,
     deploy_time: typing.Optional[builtins.bool] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+    source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     asset_hash: typing.Optional[builtins.str] = None,
     asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
     bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,

aws_cdk/aws_servicecatalog/__init__.py

@@ -182,8 +182,8 @@ from aws_cdk.aws_s3 import Bucket
 
 
 class LambdaProduct(servicecatalog.ProductStack):
-    def __init__(self, scope, id, *, assetBucket=None, serverSideEncryption=None, serverSideEncryptionAwsKmsKeyId=None, memoryLimit=None):
-        super().__init__(scope, id, assetBucket=assetBucket, serverSideEncryption=serverSideEncryption, serverSideEncryptionAwsKmsKeyId=serverSideEncryptionAwsKmsKeyId, memoryLimit=memoryLimit)
+    def __init__(self, scope, id, *, assetBucket=None, serverSideEncryption=None, serverSideEncryptionAwsKmsKeyId=None, memoryLimit=None, description=None, analyticsReporting=None):
+        super().__init__(scope, id, assetBucket=assetBucket, serverSideEncryption=serverSideEncryption, serverSideEncryptionAwsKmsKeyId=serverSideEncryptionAwsKmsKeyId, memoryLimit=memoryLimit, description=description, analyticsReporting=analyticsReporting)
 
         lambda_.Function(self, "LambdaProduct",
             runtime=lambda_.Runtime.PYTHON_3_9,
@@ -629,6 +629,7 @@ from ..aws_iam import (
     IRole as _IRole_235f5d8e,
     IUser as _IUser_c32311f7,
 )
+from ..aws_kms import IKey as _IKey_5f11635f
 from ..aws_s3 import IBucket as _IBucket_42e086fd
 from ..aws_s3_assets import AssetOptions as _AssetOptions_2aa69621
 from ..aws_s3_deployment import ServerSideEncryption as _ServerSideEncryption_50ddf705
@@ -7038,6 +7039,7 @@ class CloudFormationTemplate(
         *,
         deploy_time: typing.Optional[builtins.bool] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+        source_kms_key: typing.Optional[_IKey_5f11635f] = None,
         asset_hash: typing.Optional[builtins.str] = None,
         asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
         bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -7050,6 +7052,7 @@ class CloudFormationTemplate(
         :param path: A file containing the provisioning artifacts.
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
+        :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
         :param asset_hash: Specify a custom hash for this asset. If ``assetHashType`` is set it must be set to ``AssetHashType.CUSTOM``. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based on ``assetHashType``
         :param asset_hash_type: Specifies the type of hash to calculate for this asset. If ``assetHash`` is configured, this option must be ``undefined`` or ``AssetHashType.CUSTOM``. Default: - the default is ``AssetHashType.SOURCE``, but if ``assetHash`` is explicitly specified this value defaults to ``AssetHashType.CUSTOM``.
         :param bundling: Bundle the asset by executing a command in a Docker container or a custom bundling provider. The asset path will be mounted at ``/asset-input``. The Docker container is responsible for putting content at ``/asset-output``. The content at ``/asset-output`` will be zipped and used as the final asset. Default: - uploaded as-is to S3 if the asset is a regular file or a .zip file, archived into a .zip file and uploaded to S3 otherwise
@@ -7063,6 +7066,7 @@ class CloudFormationTemplate(
         options = _AssetOptions_2aa69621(
             deploy_time=deploy_time,
             readers=readers,
+            source_kms_key=source_kms_key,
             asset_hash=asset_hash,
             asset_hash_type=asset_hash_type,
             bundling=bundling,
@@ -8696,7 +8700,9 @@ class ProductStack(
         scope: _constructs_77d1e7e8.Construct,
         id: builtins.str,
         *,
+        analytics_reporting: typing.Optional[builtins.bool] = None,
         asset_bucket: typing.Optional[_IBucket_42e086fd] = None,
+        description: typing.Optional[builtins.str] = None,
         memory_limit: typing.Optional[jsii.Number] = None,
         server_side_encryption: typing.Optional[_ServerSideEncryption_50ddf705] = None,
         server_side_encryption_aws_kms_key_id: typing.Optional[builtins.str] = None,
@@ -8704,7 +8710,9 @@ class ProductStack(
         '''
         :param scope: -
         :param id: -
+        :param analytics_reporting: Include runtime versioning information in this Stack. Default: - ``analyticsReporting`` setting of containing ``App``, or value of 'aws:cdk:version-reporting' context key
         :param asset_bucket: A Bucket can be passed to store assets, enabling ProductStack Asset support. Default: - No Bucket provided and Assets will not be supported.
+        :param description: A description of the stack. Default: - No description.
         :param memory_limit: The amount of memory (in MiB) to allocate to the AWS Lambda function which replicates the files from the CDK bucket to the destination bucket. If you are deploying large files, you will need to increase this number accordingly. Default: 128
         :param server_side_encryption: A ServerSideEncryption can be enabled to encrypt assets that are put into assetBucket. Default: - No encryption is used
         :param server_side_encryption_aws_kms_key_id: For AWS_KMS ServerSideEncryption a KMS KeyId must be provided which will be used to encrypt assets. Default: - No KMS KeyId and SSE_KMS encryption cannot be used
@@ -8714,7 +8722,9 @@ class ProductStack(
             check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         props = ProductStackProps(
+            analytics_reporting=analytics_reporting,
             asset_bucket=asset_bucket,
+            description=description,
             memory_limit=memory_limit,
             server_side_encryption=server_side_encryption,
             server_side_encryption_aws_kms_key_id=server_side_encryption_aws_kms_key_id,
@@ -8963,7 +8973,9 @@ class ProductStackHistoryProps:
     jsii_type="aws-cdk-lib.aws_servicecatalog.ProductStackProps",
     jsii_struct_bases=[],
     name_mapping={
+        "analytics_reporting": "analyticsReporting",
         "asset_bucket": "assetBucket",
+        "description": "description",
         "memory_limit": "memoryLimit",
         "server_side_encryption": "serverSideEncryption",
         "server_side_encryption_aws_kms_key_id": "serverSideEncryptionAwsKmsKeyId",
@@ -8973,14 +8985,18 @@ class ProductStackProps:
     def __init__(
         self,
         *,
+        analytics_reporting: typing.Optional[builtins.bool] = None,
         asset_bucket: typing.Optional[_IBucket_42e086fd] = None,
+        description: typing.Optional[builtins.str] = None,
         memory_limit: typing.Optional[jsii.Number] = None,
         server_side_encryption: typing.Optional[_ServerSideEncryption_50ddf705] = None,
         server_side_encryption_aws_kms_key_id: typing.Optional[builtins.str] = None,
     ) -> None:
         '''Product stack props.
 
+        :param analytics_reporting: Include runtime versioning information in this Stack. Default: - ``analyticsReporting`` setting of containing ``App``, or value of 'aws:cdk:version-reporting' context key
         :param asset_bucket: A Bucket can be passed to store assets, enabling ProductStack Asset support. Default: - No Bucket provided and Assets will not be supported.
+        :param description: A description of the stack. Default: - No description.
         :param memory_limit: The amount of memory (in MiB) to allocate to the AWS Lambda function which replicates the files from the CDK bucket to the destination bucket. If you are deploying large files, you will need to increase this number accordingly. Default: 128
         :param server_side_encryption: A ServerSideEncryption can be enabled to encrypt assets that are put into assetBucket. Default: - No encryption is used
         :param server_side_encryption_aws_kms_key_id: For AWS_KMS ServerSideEncryption a KMS KeyId must be provided which will be used to encrypt assets. Default: - No KMS KeyId and SSE_KMS encryption cannot be used
@@ -8995,8 +9011,8 @@ class ProductStackProps:
             
             
             class LambdaProduct(servicecatalog.ProductStack):
-                def __init__(self, scope, id, *, assetBucket=None, serverSideEncryption=None, serverSideEncryptionAwsKmsKeyId=None, memoryLimit=None):
-                    super().__init__(scope, id, assetBucket=assetBucket, serverSideEncryption=serverSideEncryption, serverSideEncryptionAwsKmsKeyId=serverSideEncryptionAwsKmsKeyId, memoryLimit=memoryLimit)
+                def __init__(self, scope, id, *, assetBucket=None, serverSideEncryption=None, serverSideEncryptionAwsKmsKeyId=None, memoryLimit=None, description=None, analyticsReporting=None):
+                    super().__init__(scope, id, assetBucket=assetBucket, serverSideEncryption=serverSideEncryption, serverSideEncryptionAwsKmsKeyId=serverSideEncryptionAwsKmsKeyId, memoryLimit=memoryLimit, description=description, analyticsReporting=analyticsReporting)
             
                     lambda_.Function(self, "LambdaProduct",
                         runtime=lambda_.Runtime.PYTHON_3_9,
@@ -9022,13 +9038,19 @@ class ProductStackProps:
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__ecbfd6177b5d6f8d80ee31c2897d6968897a0abd05a9f5a7d209806206868801)
+            check_type(argname="argument analytics_reporting", value=analytics_reporting, expected_type=type_hints["analytics_reporting"])
             check_type(argname="argument asset_bucket", value=asset_bucket, expected_type=type_hints["asset_bucket"])
+            check_type(argname="argument description", value=description, expected_type=type_hints["description"])
             check_type(argname="argument memory_limit", value=memory_limit, expected_type=type_hints["memory_limit"])
             check_type(argname="argument server_side_encryption", value=server_side_encryption, expected_type=type_hints["server_side_encryption"])
             check_type(argname="argument server_side_encryption_aws_kms_key_id", value=server_side_encryption_aws_kms_key_id, expected_type=type_hints["server_side_encryption_aws_kms_key_id"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
+        if analytics_reporting is not None:
+            self._values["analytics_reporting"] = analytics_reporting
         if asset_bucket is not None:
             self._values["asset_bucket"] = asset_bucket
+        if description is not None:
+            self._values["description"] = description
         if memory_limit is not None:
             self._values["memory_limit"] = memory_limit
         if server_side_encryption is not None:
@@ -9036,6 +9058,18 @@ class ProductStackProps:
         if server_side_encryption_aws_kms_key_id is not None:
             self._values["server_side_encryption_aws_kms_key_id"] = server_side_encryption_aws_kms_key_id
 
+    @builtins.property
+    def analytics_reporting(self) -> typing.Optional[builtins.bool]:
+        '''Include runtime versioning information in this Stack.
+
+        :default:
+
+        - ``analyticsReporting`` setting of containing ``App``, or value of
+        'aws:cdk:version-reporting' context key
+        '''
+        result = self._values.get("analytics_reporting")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     @builtins.property
     def asset_bucket(self) -> typing.Optional[_IBucket_42e086fd]:
         '''A Bucket can be passed to store assets, enabling ProductStack Asset support.
@@ -9045,6 +9079,15 @@ class ProductStackProps:
         result = self._values.get("asset_bucket")
         return typing.cast(typing.Optional[_IBucket_42e086fd], result)
 
+    @builtins.property
+    def description(self) -> typing.Optional[builtins.str]:
+        '''A description of the stack.
+
+        :default: - No description.
+        '''
+        result = self._values.get("description")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def memory_limit(self) -> typing.Optional[jsii.Number]:
         '''The amount of memory (in MiB) to allocate to the AWS Lambda function which replicates the files from the CDK bucket to the destination bucket.
@@ -11086,6 +11129,7 @@ def _typecheckingstub__8e0d542f4ba87cd0da3d994035ba4c030fc0e065bd6d2e49190b0063a
     *,
     deploy_time: typing.Optional[builtins.bool] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+    source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     asset_hash: typing.Optional[builtins.str] = None,
     asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
     bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -11438,7 +11482,9 @@ def _typecheckingstub__cf14756a9e6c7e2a58f04e1077a464a1b706954bb40fbda6658fac963
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
     *,
+    analytics_reporting: typing.Optional[builtins.bool] = None,
     asset_bucket: typing.Optional[_IBucket_42e086fd] = None,
+    description: typing.Optional[builtins.str] = None,
     memory_limit: typing.Optional[jsii.Number] = None,
     server_side_encryption: typing.Optional[_ServerSideEncryption_50ddf705] = None,
     server_side_encryption_aws_kms_key_id: typing.Optional[builtins.str] = None,
@@ -11480,7 +11526,9 @@ def _typecheckingstub__14ff2199f395b44b32757ccbaa6927f0bf434a9370c673216c8f69e57
 
 def _typecheckingstub__ecbfd6177b5d6f8d80ee31c2897d6968897a0abd05a9f5a7d209806206868801(
     *,
+    analytics_reporting: typing.Optional[builtins.bool] = None,
     asset_bucket: typing.Optional[_IBucket_42e086fd] = None,
+    description: typing.Optional[builtins.str] = None,
     memory_limit: typing.Optional[jsii.Number] = None,
     server_side_encryption: typing.Optional[_ServerSideEncryption_50ddf705] = None,
     server_side_encryption_aws_kms_key_id: typing.Optional[builtins.str] = None,

aws_cdk/aws_ses/__init__.py

@@ -1016,7 +1016,7 @@ class CfnConfigurationSet(
         ) -> None:
             '''Specifies the name of the dedicated IP pool to associate with the configuration set and whether messages that use the configuration set are required to use Transport Layer Security (TLS).
 
-            :param max_delivery_seconds: Specifies the maximum time until which SES will retry sending emails.
+            :param max_delivery_seconds: The maximum amount of time, in seconds, that Amazon SES API v2 will attempt delivery of email. If specified, the value must greater than or equal to 300 seconds (5 minutes) and less than or equal to 50400 seconds (840 minutes).
             :param sending_pool_name: The name of the dedicated IP pool to associate with the configuration set.
             :param tls_policy: Specifies whether messages that use the configuration set are required to use Transport Layer Security (TLS). If the value is ``REQUIRE`` , messages are only delivered if a TLS connection can be established. If the value is ``OPTIONAL`` , messages can be delivered in plain text if a TLS connection can't be established. Valid Values: ``REQUIRE | OPTIONAL``
 
@@ -1050,7 +1050,9 @@ class CfnConfigurationSet(
 
         @builtins.property
         def max_delivery_seconds(self) -> typing.Optional[jsii.Number]:
-            '''Specifies the maximum time until which SES will retry sending emails.
+            '''The maximum amount of time, in seconds, that Amazon SES API v2 will attempt delivery of email.
+
+            If specified, the value must greater than or equal to 300 seconds (5 minutes) and less than or equal to 50400 seconds (840 minutes).
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-configurationset-deliveryoptions.html#cfn-ses-configurationset-deliveryoptions-maxdeliveryseconds
             '''
@@ -11737,7 +11739,7 @@ class CfnTemplate(
         ) -> None:
             '''An object that defines the email template to use for an email message, and the values to use for any message variables in that template.
 
-            An *email template* is a type of message template that contains content that you want to define, save, and reuse in email messages that you send.
+            An *email template* is a type of message template that contains content that you want to reuse in email messages that you send. You can specifiy the email template by providing the name or ARN of an *email template* previously saved in your Amazon SES account or by providing the full template content.
 
             :param subject_part: The subject line of the email.
             :param html_part: The HTML body of the email.

aws_cdk/aws_stepfunctions/__init__.py

@@ -5348,6 +5348,7 @@ class DefinitionBody(
         *,
         deploy_time: typing.Optional[builtins.bool] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+        source_kms_key: typing.Optional[_IKey_5f11635f] = None,
         asset_hash: typing.Optional[builtins.str] = None,
         asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
         bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -5359,6 +5360,7 @@ class DefinitionBody(
         :param path: -
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
+        :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
         :param asset_hash: Specify a custom hash for this asset. If ``assetHashType`` is set it must be set to ``AssetHashType.CUSTOM``. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based on ``assetHashType``
         :param asset_hash_type: Specifies the type of hash to calculate for this asset. If ``assetHash`` is configured, this option must be ``undefined`` or ``AssetHashType.CUSTOM``. Default: - the default is ``AssetHashType.SOURCE``, but if ``assetHash`` is explicitly specified this value defaults to ``AssetHashType.CUSTOM``.
         :param bundling: Bundle the asset by executing a command in a Docker container or a custom bundling provider. The asset path will be mounted at ``/asset-input``. The Docker container is responsible for putting content at ``/asset-output``. The content at ``/asset-output`` will be zipped and used as the final asset. Default: - uploaded as-is to S3 if the asset is a regular file or a .zip file, archived into a .zip file and uploaded to S3 otherwise
@@ -5372,6 +5374,7 @@ class DefinitionBody(
         options = _AssetOptions_2aa69621(
             deploy_time=deploy_time,
             readers=readers,
+            source_kms_key=source_kms_key,
             asset_hash=asset_hash,
             asset_hash_type=asset_hash_type,
             bundling=bundling,
@@ -5920,6 +5923,7 @@ class FileDefinitionBody(
         *,
         deploy_time: typing.Optional[builtins.bool] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+        source_kms_key: typing.Optional[_IKey_5f11635f] = None,
         asset_hash: typing.Optional[builtins.str] = None,
         asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
         bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -5931,6 +5935,7 @@ class FileDefinitionBody(
         :param path: -
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
+        :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
         :param asset_hash: Specify a custom hash for this asset. If ``assetHashType`` is set it must be set to ``AssetHashType.CUSTOM``. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based on ``assetHashType``
         :param asset_hash_type: Specifies the type of hash to calculate for this asset. If ``assetHash`` is configured, this option must be ``undefined`` or ``AssetHashType.CUSTOM``. Default: - the default is ``AssetHashType.SOURCE``, but if ``assetHash`` is explicitly specified this value defaults to ``AssetHashType.CUSTOM``.
         :param bundling: Bundle the asset by executing a command in a Docker container or a custom bundling provider. The asset path will be mounted at ``/asset-input``. The Docker container is responsible for putting content at ``/asset-output``. The content at ``/asset-output`` will be zipped and used as the final asset. Default: - uploaded as-is to S3 if the asset is a regular file or a .zip file, archived into a .zip file and uploaded to S3 otherwise
@@ -5944,6 +5949,7 @@ class FileDefinitionBody(
         options = _AssetOptions_2aa69621(
             deploy_time=deploy_time,
             readers=readers,
+            source_kms_key=source_kms_key,
             asset_hash=asset_hash,
             asset_hash_type=asset_hash_type,
             bundling=bundling,
@@ -17493,6 +17499,7 @@ def _typecheckingstub__2e34fabd0367a0519a35d86d419baa37e6fe26ad05457e96b236a55bb
     *,
     deploy_time: typing.Optional[builtins.bool] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+    source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     asset_hash: typing.Optional[builtins.str] = None,
     asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
     bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -17574,6 +17581,7 @@ def _typecheckingstub__526ef9213812e76ec99bd530d4fbea7cc137d220b92525fe763d6d315
     *,
     deploy_time: typing.Optional[builtins.bool] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+    source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     asset_hash: typing.Optional[builtins.str] = None,
     asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
     bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,

aws_cdk/aws_synthetics/__init__.py

@@ -3192,6 +3192,7 @@ class Code(
         *,
         deploy_time: typing.Optional[builtins.bool] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+        source_kms_key: typing.Optional[_IKey_5f11635f] = None,
         asset_hash: typing.Optional[builtins.str] = None,
         asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
         bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -3206,6 +3207,7 @@ class Code(
         :param asset_path: Either a directory or a .zip file.
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
+        :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
         :param asset_hash: Specify a custom hash for this asset. If ``assetHashType`` is set it must be set to ``AssetHashType.CUSTOM``. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based on ``assetHashType``
         :param asset_hash_type: Specifies the type of hash to calculate for this asset. If ``assetHash`` is configured, this option must be ``undefined`` or ``AssetHashType.CUSTOM``. Default: - the default is ``AssetHashType.SOURCE``, but if ``assetHash`` is explicitly specified this value defaults to ``AssetHashType.CUSTOM``.
         :param bundling: Bundle the asset by executing a command in a Docker container or a custom bundling provider. The asset path will be mounted at ``/asset-input``. The Docker container is responsible for putting content at ``/asset-output``. The content at ``/asset-output`` will be zipped and used as the final asset. Default: - uploaded as-is to S3 if the asset is a regular file or a .zip file, archived into a .zip file and uploaded to S3 otherwise
@@ -3223,6 +3225,7 @@ class Code(
         options = _AssetOptions_2aa69621(
             deploy_time=deploy_time,
             readers=readers,
+            source_kms_key=source_kms_key,
             asset_hash=asset_hash,
             asset_hash_type=asset_hash_type,
             bundling=bundling,
@@ -4271,10 +4274,12 @@ class AssetCode(
         # The values are placeholders you should change.
         import aws_cdk as cdk
         from aws_cdk import aws_iam as iam
+        from aws_cdk import aws_kms as kms
         from aws_cdk import aws_synthetics as synthetics
         
         # docker_image: cdk.DockerImage
         # grantable: iam.IGrantable
+        # key: kms.Key
         # local_bundling: cdk.ILocalBundling
         
         asset_code = synthetics.AssetCode("assetPath",
@@ -4310,7 +4315,8 @@ class AssetCode(
             exclude=["exclude"],
             follow_symlinks=cdk.SymlinkFollowMode.NEVER,
             ignore_mode=cdk.IgnoreMode.GLOB,
-            readers=[grantable]
+            readers=[grantable],
+            source_kMSKey=key
         )
     '''
 
@@ -4320,6 +4326,7 @@ class AssetCode(
         *,
         deploy_time: typing.Optional[builtins.bool] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+        source_kms_key: typing.Optional[_IKey_5f11635f] = None,
         asset_hash: typing.Optional[builtins.str] = None,
         asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
         bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -4331,6 +4338,7 @@ class AssetCode(
         :param asset_path: The path to the asset file or directory.
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
+        :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
         :param asset_hash: Specify a custom hash for this asset. If ``assetHashType`` is set it must be set to ``AssetHashType.CUSTOM``. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based on ``assetHashType``
         :param asset_hash_type: Specifies the type of hash to calculate for this asset. If ``assetHash`` is configured, this option must be ``undefined`` or ``AssetHashType.CUSTOM``. Default: - the default is ``AssetHashType.SOURCE``, but if ``assetHash`` is explicitly specified this value defaults to ``AssetHashType.CUSTOM``.
         :param bundling: Bundle the asset by executing a command in a Docker container or a custom bundling provider. The asset path will be mounted at ``/asset-input``. The Docker container is responsible for putting content at ``/asset-output``. The content at ``/asset-output`` will be zipped and used as the final asset. Default: - uploaded as-is to S3 if the asset is a regular file or a .zip file, archived into a .zip file and uploaded to S3 otherwise
@@ -4344,6 +4352,7 @@ class AssetCode(
         options = _AssetOptions_2aa69621(
             deploy_time=deploy_time,
             readers=readers,
+            source_kms_key=source_kms_key,
             asset_hash=asset_hash,
             asset_hash_type=asset_hash_type,
             bundling=bundling,
@@ -4743,6 +4752,7 @@ def _typecheckingstub__02201c2190b076bbceced8708b435fab8189f7f505650002941cc7a50
     *,
     deploy_time: typing.Optional[builtins.bool] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+    source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     asset_hash: typing.Optional[builtins.str] = None,
     asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
     bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -4856,6 +4866,7 @@ def _typecheckingstub__60a29a536d66536254f2ca409a65dc32f30e483b29091222d42f32106
     *,
     deploy_time: typing.Optional[builtins.bool] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+    source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     asset_hash: typing.Optional[builtins.str] = None,
     asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
     bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,