aws-cdk-lib 2.166.0__py3-none-any.whl → 2.167.1__py3-none-any.whl

aws_cdk/aws_ec2/__init__.py

@@ -14121,10 +14121,10 @@ class CfnEIP(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param address: Describes an Elastic IP address, or a carrier IP address.
+        :param address: An Elastic IP address or a carrier IP address in a Wavelength Zone.
         :param domain: The network ( ``vpc`` ). If you define an Elastic IP address and associate it with a VPC that is defined in the same template, you must declare a dependency on the VPC-gateway attachment by using the `DependsOn Attribute <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html>`_ on this resource.
         :param instance_id: The ID of the instance. .. epigraph:: Updates to the ``InstanceId`` property may require *some interruptions* . Updates on an EIP reassociates the address on its associated resource.
-        :param ipam_pool_id: 
+        :param ipam_pool_id: The ID of an IPAM pool which has an Amazon-provided or BYOIP public IPv4 CIDR provisioned to it. For more information, see `Allocate sequential Elastic IP addresses from an IPAM pool <https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-eip-pool.html>`_ in the *Amazon VPC IPAM User Guide* .
         :param network_border_group: A unique set of Availability Zones, Local Zones, or Wavelength Zones from which AWS advertises IP addresses. Use this parameter to limit the IP address to this location. IP addresses cannot move between network border groups. Use `DescribeAvailabilityZones <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html>`_ to view the network border groups.
         :param public_ipv4_pool: The ID of an address pool that you own. Use this parameter to let Amazon EC2 select an address from the address pool. .. epigraph:: Updates to the ``PublicIpv4Pool`` property may require *some interruptions* . Updates on an EIP reassociates the address on its associated resource.
         :param tags: Any tags assigned to the Elastic IP address. .. epigraph:: Updates to the ``Tags`` property may require *some interruptions* . Updates on an EIP reassociates the address on its associated resource.
@@ -14211,7 +14211,7 @@ class CfnEIP(
     @builtins.property
     @jsii.member(jsii_name="address")
     def address(self) -> typing.Optional[builtins.str]:
-        '''Describes an Elastic IP address, or a carrier IP address.'''
+        '''An Elastic IP address or a carrier IP address in a Wavelength Zone.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "address"))
 
     @address.setter
@@ -14250,6 +14250,7 @@ class CfnEIP(
     @builtins.property
     @jsii.member(jsii_name="ipamPoolId")
     def ipam_pool_id(self) -> typing.Optional[builtins.str]:
+        '''The ID of an IPAM pool which has an Amazon-provided or BYOIP public IPv4 CIDR provisioned to it.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "ipamPoolId"))
 
     @ipam_pool_id.setter
@@ -14654,10 +14655,10 @@ class CfnEIPProps:
     ) -> None:
         '''Properties for defining a ``CfnEIP``.
 
-        :param address: Describes an Elastic IP address, or a carrier IP address.
+        :param address: An Elastic IP address or a carrier IP address in a Wavelength Zone.
         :param domain: The network ( ``vpc`` ). If you define an Elastic IP address and associate it with a VPC that is defined in the same template, you must declare a dependency on the VPC-gateway attachment by using the `DependsOn Attribute <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html>`_ on this resource.
         :param instance_id: The ID of the instance. .. epigraph:: Updates to the ``InstanceId`` property may require *some interruptions* . Updates on an EIP reassociates the address on its associated resource.
-        :param ipam_pool_id: 
+        :param ipam_pool_id: The ID of an IPAM pool which has an Amazon-provided or BYOIP public IPv4 CIDR provisioned to it. For more information, see `Allocate sequential Elastic IP addresses from an IPAM pool <https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-eip-pool.html>`_ in the *Amazon VPC IPAM User Guide* .
         :param network_border_group: A unique set of Availability Zones, Local Zones, or Wavelength Zones from which AWS advertises IP addresses. Use this parameter to limit the IP address to this location. IP addresses cannot move between network border groups. Use `DescribeAvailabilityZones <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html>`_ to view the network border groups.
         :param public_ipv4_pool: The ID of an address pool that you own. Use this parameter to let Amazon EC2 select an address from the address pool. .. epigraph:: Updates to the ``PublicIpv4Pool`` property may require *some interruptions* . Updates on an EIP reassociates the address on its associated resource.
         :param tags: Any tags assigned to the Elastic IP address. .. epigraph:: Updates to the ``Tags`` property may require *some interruptions* . Updates on an EIP reassociates the address on its associated resource.
@@ -14712,7 +14713,7 @@ class CfnEIPProps:
 
     @builtins.property
     def address(self) -> typing.Optional[builtins.str]:
-        '''Describes an Elastic IP address, or a carrier IP address.
+        '''An Elastic IP address or a carrier IP address in a Wavelength Zone.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-eip.html#cfn-ec2-eip-address
         '''
@@ -14745,7 +14746,10 @@ class CfnEIPProps:
 
     @builtins.property
     def ipam_pool_id(self) -> typing.Optional[builtins.str]:
-        '''
+        '''The ID of an IPAM pool which has an Amazon-provided or BYOIP public IPv4 CIDR provisioned to it.
+
+        For more information, see `Allocate sequential Elastic IP addresses from an IPAM pool <https://docs.aws.amazon.com/vpc/latest/ipam/tutorials-eip-pool.html>`_ in the *Amazon VPC IPAM User Guide* .
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-eip.html#cfn-ec2-eip-ipampoolid
         '''
         result = self._values.get("ipam_pool_id")
@@ -42877,6 +42881,208 @@ class CfnSecurityGroupProps:
         )
 
 
+@jsii.implements(_IInspectable_c2943556)
+class CfnSecurityGroupVpcAssociation(
+    _CfnResource_9df397a6,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_ec2.CfnSecurityGroupVpcAssociation",
+):
+    '''A security group association with a VPC.
+
+    :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupvpcassociation.html
+    :cloudformationResource: AWS::EC2::SecurityGroupVpcAssociation
+    :exampleMetadata: fixture=_generated
+
+    Example::
+
+        # The code below shows an example of how to instantiate this type.
+        # The values are placeholders you should change.
+        from aws_cdk import aws_ec2 as ec2
+        
+        cfn_security_group_vpc_association = ec2.CfnSecurityGroupVpcAssociation(self, "MyCfnSecurityGroupVpcAssociation",
+            group_id="groupId",
+            vpc_id="vpcId"
+        )
+    '''
+
+    def __init__(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        group_id: builtins.str,
+        vpc_id: builtins.str,
+    ) -> None:
+        '''
+        :param scope: Scope in which this resource is defined.
+        :param id: Construct identifier for this resource (unique in its scope).
+        :param group_id: The association's security group ID.
+        :param vpc_id: The association's VPC ID.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__8ef924d53acf4952f6e0712b289196e5433c7a379c29292778e606fc67d28d33)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        props = CfnSecurityGroupVpcAssociationProps(group_id=group_id, vpc_id=vpc_id)
+
+        jsii.create(self.__class__, self, [scope, id, props])
+
+    @jsii.member(jsii_name="inspect")
+    def inspect(self, inspector: _TreeInspector_488e0dd5) -> None:
+        '''Examines the CloudFormation resource and discloses attributes.
+
+        :param inspector: tree inspector to collect and process attributes.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__3b795589f9573dd12035364cf54b516679d09c552bd1ec30cda2b8af867c8a38)
+            check_type(argname="argument inspector", value=inspector, expected_type=type_hints["inspector"])
+        return typing.cast(None, jsii.invoke(self, "inspect", [inspector]))
+
+    @jsii.member(jsii_name="renderProperties")
+    def _render_properties(
+        self,
+        props: typing.Mapping[builtins.str, typing.Any],
+    ) -> typing.Mapping[builtins.str, typing.Any]:
+        '''
+        :param props: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__4b10db158649118e3454cff2ebbf5af15bbad50af6e0d2ad16d18c33aaa545eb)
+            check_type(argname="argument props", value=props, expected_type=type_hints["props"])
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.invoke(self, "renderProperties", [props]))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="CFN_RESOURCE_TYPE_NAME")
+    def CFN_RESOURCE_TYPE_NAME(cls) -> builtins.str:
+        '''The CloudFormation resource type name for this resource class.'''
+        return typing.cast(builtins.str, jsii.sget(cls, "CFN_RESOURCE_TYPE_NAME"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrState")
+    def attr_state(self) -> builtins.str:
+        '''The association's state.
+
+        :cloudformationAttribute: State
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrState"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrStateReason")
+    def attr_state_reason(self) -> builtins.str:
+        '''The association's state reason.
+
+        :cloudformationAttribute: StateReason
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrStateReason"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrVpcOwnerId")
+    def attr_vpc_owner_id(self) -> builtins.str:
+        '''The AWS account ID of the owner of the VPC.
+
+        :cloudformationAttribute: VpcOwnerId
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrVpcOwnerId"))
+
+    @builtins.property
+    @jsii.member(jsii_name="cfnProperties")
+    def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
+
+    @builtins.property
+    @jsii.member(jsii_name="groupId")
+    def group_id(self) -> builtins.str:
+        '''The association's security group ID.'''
+        return typing.cast(builtins.str, jsii.get(self, "groupId"))
+
+    @group_id.setter
+    def group_id(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__dbfe370ca161992c0cae87f8e6c8e5335b02d12cdc9c58c298adc37823186981)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "groupId", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="vpcId")
+    def vpc_id(self) -> builtins.str:
+        '''The association's VPC ID.'''
+        return typing.cast(builtins.str, jsii.get(self, "vpcId"))
+
+    @vpc_id.setter
+    def vpc_id(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__61cdbe72d309edde5399294ad29626026a3ccb424a9a810c66ac713d99b04a09)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "vpcId", value) # pyright: ignore[reportArgumentType]
+
+
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_ec2.CfnSecurityGroupVpcAssociationProps",
+    jsii_struct_bases=[],
+    name_mapping={"group_id": "groupId", "vpc_id": "vpcId"},
+)
+class CfnSecurityGroupVpcAssociationProps:
+    def __init__(self, *, group_id: builtins.str, vpc_id: builtins.str) -> None:
+        '''Properties for defining a ``CfnSecurityGroupVpcAssociation``.
+
+        :param group_id: The association's security group ID.
+        :param vpc_id: The association's VPC ID.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupvpcassociation.html
+        :exampleMetadata: fixture=_generated
+
+        Example::
+
+            # The code below shows an example of how to instantiate this type.
+            # The values are placeholders you should change.
+            from aws_cdk import aws_ec2 as ec2
+            
+            cfn_security_group_vpc_association_props = ec2.CfnSecurityGroupVpcAssociationProps(
+                group_id="groupId",
+                vpc_id="vpcId"
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__87ba04fafd179cdc829033f2003bf4578598a141055d5898627ff9a12c5222d9)
+            check_type(argname="argument group_id", value=group_id, expected_type=type_hints["group_id"])
+            check_type(argname="argument vpc_id", value=vpc_id, expected_type=type_hints["vpc_id"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "group_id": group_id,
+            "vpc_id": vpc_id,
+        }
+
+    @builtins.property
+    def group_id(self) -> builtins.str:
+        '''The association's security group ID.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupvpcassociation.html#cfn-ec2-securitygroupvpcassociation-groupid
+        '''
+        result = self._values.get("group_id")
+        assert result is not None, "Required property 'group_id' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def vpc_id(self) -> builtins.str:
+        '''The association's VPC ID.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupvpcassociation.html#cfn-ec2-securitygroupvpcassociation-vpcid
+        '''
+        result = self._values.get("vpc_id")
+        assert result is not None, "Required property 'vpc_id' is missing"
+        return typing.cast(builtins.str, result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "CfnSecurityGroupVpcAssociationProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
 @jsii.implements(_IInspectable_c2943556)
 class CfnSnapshotBlockPublicAccess(
     _CfnResource_9df397a6,
@@ -72235,6 +72441,7 @@ class InitFile(
         service_restart_handles: typing.Optional[typing.Sequence["InitServiceRestartHandle"]] = None,
         deploy_time: typing.Optional[builtins.bool] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+        source_kms_key: typing.Optional[_IKey_5f11635f] = None,
         asset_hash: typing.Optional[builtins.str] = None,
         asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
         bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -72255,6 +72462,7 @@ class InitFile(
         :param service_restart_handles: Restart the given service after this file has been written. Default: - Do not restart any service
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
+        :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
         :param asset_hash: Specify a custom hash for this asset. If ``assetHashType`` is set it must be set to ``AssetHashType.CUSTOM``. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based on ``assetHashType``
         :param asset_hash_type: Specifies the type of hash to calculate for this asset. If ``assetHash`` is configured, this option must be ``undefined`` or ``AssetHashType.CUSTOM``. Default: - the default is ``AssetHashType.SOURCE``, but if ``assetHash`` is explicitly specified this value defaults to ``AssetHashType.CUSTOM``.
         :param bundling: Bundle the asset by executing a command in a Docker container or a custom bundling provider. The asset path will be mounted at ``/asset-input``. The Docker container is responsible for putting content at ``/asset-output``. The content at ``/asset-output`` will be zipped and used as the final asset. Default: - uploaded as-is to S3 if the asset is a regular file or a .zip file, archived into a .zip file and uploaded to S3 otherwise
@@ -72274,6 +72482,7 @@ class InitFile(
             service_restart_handles=service_restart_handles,
             deploy_time=deploy_time,
             readers=readers,
+            source_kms_key=source_kms_key,
             asset_hash=asset_hash,
             asset_hash_type=asset_hash_type,
             bundling=bundling,
@@ -73396,6 +73605,7 @@ class InitSource(
         service_restart_handles: typing.Optional[typing.Sequence[InitServiceRestartHandle]] = None,
         deploy_time: typing.Optional[builtins.bool] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+        source_kms_key: typing.Optional[_IKey_5f11635f] = None,
         asset_hash: typing.Optional[builtins.str] = None,
         asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
         bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -73410,6 +73620,7 @@ class InitSource(
         :param service_restart_handles: Restart the given services after this archive has been extracted. Default: - Do not restart any service
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
+        :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
         :param asset_hash: Specify a custom hash for this asset. If ``assetHashType`` is set it must be set to ``AssetHashType.CUSTOM``. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based on ``assetHashType``
         :param asset_hash_type: Specifies the type of hash to calculate for this asset. If ``assetHash`` is configured, this option must be ``undefined`` or ``AssetHashType.CUSTOM``. Default: - the default is ``AssetHashType.SOURCE``, but if ``assetHash`` is explicitly specified this value defaults to ``AssetHashType.CUSTOM``.
         :param bundling: Bundle the asset by executing a command in a Docker container or a custom bundling provider. The asset path will be mounted at ``/asset-input``. The Docker container is responsible for putting content at ``/asset-output``. The content at ``/asset-output`` will be zipped and used as the final asset. Default: - uploaded as-is to S3 if the asset is a regular file or a .zip file, archived into a .zip file and uploaded to S3 otherwise
@@ -73425,6 +73636,7 @@ class InitSource(
             service_restart_handles=service_restart_handles,
             deploy_time=deploy_time,
             readers=readers,
+            source_kms_key=source_kms_key,
             asset_hash=asset_hash,
             asset_hash_type=asset_hash_type,
             bundling=bundling,
@@ -93311,6 +93523,7 @@ class InitCommand(
         "ignore_mode": "ignoreMode",
         "deploy_time": "deployTime",
         "readers": "readers",
+        "source_kms_key": "sourceKMSKey",
     },
 )
 class InitFileAssetOptions(InitFileOptions, _AssetOptions_2aa69621):
@@ -93330,6 +93543,7 @@ class InitFileAssetOptions(InitFileOptions, _AssetOptions_2aa69621):
         ignore_mode: typing.Optional[_IgnoreMode_655a98e8] = None,
         deploy_time: typing.Optional[builtins.bool] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+        source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     ) -> None:
         '''Additional options for creating an InitFile from an asset.
 
@@ -93346,6 +93560,7 @@ class InitFileAssetOptions(InitFileOptions, _AssetOptions_2aa69621):
         :param ignore_mode: The ignore behavior to use for ``exclude`` patterns. Default: IgnoreMode.GLOB
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
+        :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
 
         :exampleMetadata: fixture=_generated
 
@@ -93356,10 +93571,12 @@ class InitFileAssetOptions(InitFileOptions, _AssetOptions_2aa69621):
             import aws_cdk as cdk
             from aws_cdk import aws_ec2 as ec2
             from aws_cdk import aws_iam as iam
+            from aws_cdk import aws_kms as kms
             
             # docker_image: cdk.DockerImage
             # grantable: iam.IGrantable
             # init_service_restart_handle: ec2.InitServiceRestartHandle
+            # key: kms.Key
             # local_bundling: cdk.ILocalBundling
             
             init_file_asset_options = ec2.InitFileAssetOptions(
@@ -93400,7 +93617,8 @@ class InitFileAssetOptions(InitFileOptions, _AssetOptions_2aa69621):
                 mode="mode",
                 owner="owner",
                 readers=[grantable],
-                service_restart_handles=[init_service_restart_handle]
+                service_restart_handles=[init_service_restart_handle],
+                source_kMSKey=key
             )
         '''
         if isinstance(bundling, dict):
@@ -93420,6 +93638,7 @@ class InitFileAssetOptions(InitFileOptions, _AssetOptions_2aa69621):
             check_type(argname="argument ignore_mode", value=ignore_mode, expected_type=type_hints["ignore_mode"])
             check_type(argname="argument deploy_time", value=deploy_time, expected_type=type_hints["deploy_time"])
             check_type(argname="argument readers", value=readers, expected_type=type_hints["readers"])
+            check_type(argname="argument source_kms_key", value=source_kms_key, expected_type=type_hints["source_kms_key"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
         if base64_encoded is not None:
             self._values["base64_encoded"] = base64_encoded
@@ -93447,6 +93666,8 @@ class InitFileAssetOptions(InitFileOptions, _AssetOptions_2aa69621):
             self._values["deploy_time"] = deploy_time
         if readers is not None:
             self._values["readers"] = readers
+        if source_kms_key is not None:
+            self._values["source_kms_key"] = source_kms_key
 
     @builtins.property
     def base64_encoded(self) -> typing.Optional[builtins.bool]:
@@ -93620,6 +93841,15 @@ class InitFileAssetOptions(InitFileOptions, _AssetOptions_2aa69621):
         result = self._values.get("readers")
         return typing.cast(typing.Optional[typing.List[_IGrantable_71c4f5de]], result)
 
+    @builtins.property
+    def source_kms_key(self) -> typing.Optional[_IKey_5f11635f]:
+        '''The ARN of the KMS key used to encrypt the handler code.
+
+        :default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
+        '''
+        result = self._values.get("source_kms_key")
+        return typing.cast(typing.Optional[_IKey_5f11635f], result)
+
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -93645,6 +93875,7 @@ class InitFileAssetOptions(InitFileOptions, _AssetOptions_2aa69621):
         "ignore_mode": "ignoreMode",
         "deploy_time": "deployTime",
         "readers": "readers",
+        "source_kms_key": "sourceKMSKey",
     },
 )
 class InitSourceAssetOptions(InitSourceOptions, _AssetOptions_2aa69621):
@@ -93660,6 +93891,7 @@ class InitSourceAssetOptions(InitSourceOptions, _AssetOptions_2aa69621):
         ignore_mode: typing.Optional[_IgnoreMode_655a98e8] = None,
         deploy_time: typing.Optional[builtins.bool] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+        source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     ) -> None:
         '''Additional options for an InitSource that builds an asset from local files.
 
@@ -93672,6 +93904,7 @@ class InitSourceAssetOptions(InitSourceOptions, _AssetOptions_2aa69621):
         :param ignore_mode: The ignore behavior to use for ``exclude`` patterns. Default: IgnoreMode.GLOB
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
+        :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
 
         :exampleMetadata: fixture=_generated
 
@@ -93682,10 +93915,12 @@ class InitSourceAssetOptions(InitSourceOptions, _AssetOptions_2aa69621):
             import aws_cdk as cdk
             from aws_cdk import aws_ec2 as ec2
             from aws_cdk import aws_iam as iam
+            from aws_cdk import aws_kms as kms
             
             # docker_image: cdk.DockerImage
             # grantable: iam.IGrantable
             # init_service_restart_handle: ec2.InitServiceRestartHandle
+            # key: kms.Key
             # local_bundling: cdk.ILocalBundling
             
             init_source_asset_options = ec2.InitSourceAssetOptions(
@@ -93722,7 +93957,8 @@ class InitSourceAssetOptions(InitSourceOptions, _AssetOptions_2aa69621):
                 follow_symlinks=cdk.SymlinkFollowMode.NEVER,
                 ignore_mode=cdk.IgnoreMode.GLOB,
                 readers=[grantable],
-                service_restart_handles=[init_service_restart_handle]
+                service_restart_handles=[init_service_restart_handle],
+                source_kMSKey=key
             )
         '''
         if isinstance(bundling, dict):
@@ -93738,6 +93974,7 @@ class InitSourceAssetOptions(InitSourceOptions, _AssetOptions_2aa69621):
             check_type(argname="argument ignore_mode", value=ignore_mode, expected_type=type_hints["ignore_mode"])
             check_type(argname="argument deploy_time", value=deploy_time, expected_type=type_hints["deploy_time"])
             check_type(argname="argument readers", value=readers, expected_type=type_hints["readers"])
+            check_type(argname="argument source_kms_key", value=source_kms_key, expected_type=type_hints["source_kms_key"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
         if service_restart_handles is not None:
             self._values["service_restart_handles"] = service_restart_handles
@@ -93757,6 +93994,8 @@ class InitSourceAssetOptions(InitSourceOptions, _AssetOptions_2aa69621):
             self._values["deploy_time"] = deploy_time
         if readers is not None:
             self._values["readers"] = readers
+        if source_kms_key is not None:
+            self._values["source_kms_key"] = source_kms_key
 
     @builtins.property
     def service_restart_handles(
@@ -93881,6 +94120,15 @@ class InitSourceAssetOptions(InitSourceOptions, _AssetOptions_2aa69621):
         result = self._values.get("readers")
         return typing.cast(typing.Optional[typing.List[_IGrantable_71c4f5de]], result)
 
+    @builtins.property
+    def source_kms_key(self) -> typing.Optional[_IKey_5f11635f]:
+        '''The ARN of the KMS key used to encrypt the handler code.
+
+        :default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
+        '''
+        result = self._values.get("source_kms_key")
+        return typing.cast(typing.Optional[_IKey_5f11635f], result)
+
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -96464,6 +96712,8 @@ __all__ = [
     "CfnSecurityGroupIngress",
     "CfnSecurityGroupIngressProps",
     "CfnSecurityGroupProps",
+    "CfnSecurityGroupVpcAssociation",
+    "CfnSecurityGroupVpcAssociationProps",
     "CfnSnapshotBlockPublicAccess",
     "CfnSnapshotBlockPublicAccessProps",
     "CfnSpotFleet",
@@ -102388,6 +102638,48 @@ def _typecheckingstub__a21c9d7bd7156fd2dd5a288945bbf548f4ab7a9ee07ba36ecb2062ab6
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__8ef924d53acf4952f6e0712b289196e5433c7a379c29292778e606fc67d28d33(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    group_id: builtins.str,
+    vpc_id: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__3b795589f9573dd12035364cf54b516679d09c552bd1ec30cda2b8af867c8a38(
+    inspector: _TreeInspector_488e0dd5,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__4b10db158649118e3454cff2ebbf5af15bbad50af6e0d2ad16d18c33aaa545eb(
+    props: typing.Mapping[builtins.str, typing.Any],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__dbfe370ca161992c0cae87f8e6c8e5335b02d12cdc9c58c298adc37823186981(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__61cdbe72d309edde5399294ad29626026a3ccb424a9a810c66ac713d99b04a09(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__87ba04fafd179cdc829033f2003bf4578598a141055d5898627ff9a12c5222d9(
+    *,
+    group_id: builtins.str,
+    vpc_id: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__995a1a5869d618c24a624831b2ad5e725b73ab6134ba003d66411c58faf1187e(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
@@ -106523,6 +106815,7 @@ def _typecheckingstub__164f7ae4723652c2e5c3189a870d0dbd16f8bec14d0e807d648248a60
     service_restart_handles: typing.Optional[typing.Sequence[InitServiceRestartHandle]] = None,
     deploy_time: typing.Optional[builtins.bool] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+    source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     asset_hash: typing.Optional[builtins.str] = None,
     asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
     bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -106770,6 +107063,7 @@ def _typecheckingstub__28af50587b7c2068b2cb49dbac75ce38a6ffdaf070d2c430abde336ae
     service_restart_handles: typing.Optional[typing.Sequence[InitServiceRestartHandle]] = None,
     deploy_time: typing.Optional[builtins.bool] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+    source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     asset_hash: typing.Optional[builtins.str] = None,
     asset_hash_type: typing.Optional[_AssetHashType_05b67f2d] = None,
     bundling: typing.Optional[typing.Union[_BundlingOptions_588cc936, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -108818,6 +109112,7 @@ def _typecheckingstub__6ce391dd6a64744f1d308a93bd2b78efee46c104a775f9153a5171d8a
     ignore_mode: typing.Optional[_IgnoreMode_655a98e8] = None,
     deploy_time: typing.Optional[builtins.bool] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+    source_kms_key: typing.Optional[_IKey_5f11635f] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -108833,6 +109128,7 @@ def _typecheckingstub__f3d9778b6f3d55d750d385b361f8381c51ee484d3c8920175605233fb
     ignore_mode: typing.Optional[_IgnoreMode_655a98e8] = None,
     deploy_time: typing.Optional[builtins.bool] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
+    source_kms_key: typing.Optional[_IKey_5f11635f] = None,
 ) -> None:
     """Type checking stubs"""
     pass