aws-cdk-lib 2.167.2__py3-none-any.whl → 2.169.0__py3-none-any.whl

aws_cdk/aws_rds/__init__.py

@@ -2861,6 +2861,12 @@ class AuroraMysqlEngineVersion(
         '''Version "8.0.mysql_aurora.3.07.1".'''
         return typing.cast("AuroraMysqlEngineVersion", jsii.sget(cls, "VER_3_07_1"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_3_08_0")
+    def VER_3_08_0(cls) -> "AuroraMysqlEngineVersion":
+        '''Version "8.0.mysql_aurora.3.08.0".'''
+        return typing.cast("AuroraMysqlEngineVersion", jsii.sget(cls, "VER_3_08_0"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_5_7_12")
     def VER_5_7_12(cls) -> "AuroraMysqlEngineVersion":
@@ -4973,7 +4979,7 @@ class CfnDBCluster(
         :param enable_iam_database_authentication: A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. For more information, see `IAM Database Authentication <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html>`_ in the *Amazon Aurora User Guide.* Valid for: Aurora DB clusters only
         :param enable_local_write_forwarding: Specifies whether read replicas can forward write operations to the writer DB instance in the DB cluster. By default, write operations aren't allowed on reader DB instances. Valid for: Aurora DB clusters only
         :param engine: The name of the database engine to be used for this DB cluster. Valid Values: - ``aurora-mysql`` - ``aurora-postgresql`` - ``mysql`` - ``postgres`` Valid for: Aurora DB clusters and Multi-AZ DB clusters
-        :param engine_lifecycle_support: The life cycle type for this DB cluster. .. epigraph:: By default, this value is set to ``open-source-rds-extended-support`` , which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to ``open-source-rds-extended-support-disabled`` . In this case, creating the DB cluster will fail if the DB major version is past its end of standard support date. You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections: - Amazon Aurora (PostgreSQL only) - `Using Amazon RDS Extended Support <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html>`_ in the *Amazon Aurora User Guide* - Amazon RDS - `Using Amazon RDS Extended Support <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html>`_ in the *Amazon RDS User Guide* Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters Valid Values: ``open-source-rds-extended-support | open-source-rds-extended-support-disabled`` Default: ``open-source-rds-extended-support``
+        :param engine_lifecycle_support: The life cycle type for this DB cluster. .. epigraph:: By default, this value is set to ``open-source-rds-extended-support`` , which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to ``open-source-rds-extended-support-disabled`` . In this case, creating the DB cluster will fail if the DB major version is past its end of standard support date. You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections: - Amazon Aurora - `Using Amazon RDS Extended Support <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html>`_ in the *Amazon Aurora User Guide* - Amazon RDS - `Using Amazon RDS Extended Support <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html>`_ in the *Amazon RDS User Guide* Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters Valid Values: ``open-source-rds-extended-support | open-source-rds-extended-support-disabled`` Default: ``open-source-rds-extended-support``
         :param engine_mode: The DB engine mode of the DB cluster, either ``provisioned`` or ``serverless`` . The ``serverless`` engine mode only applies for Aurora Serverless v1 DB clusters. Aurora Serverless v2 DB clusters use the ``provisioned`` engine mode. For information about limitations and requirements for Serverless DB clusters, see the following sections in the *Amazon Aurora User Guide* : - `Limitations of Aurora Serverless v1 <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.limitations>`_ - `Requirements for Aurora Serverless v2 <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html>`_ Valid for Cluster Type: Aurora DB clusters only
         :param engine_version: The version number of the database engine to use. To list all of the available engine versions for Aurora MySQL version 2 (5.7-compatible) and version 3 (8.0-compatible), use the following command: ``aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion"`` You can supply either ``5.7`` or ``8.0`` to use the default engine version for Aurora MySQL version 2 or version 3, respectively. To list all of the available engine versions for Aurora PostgreSQL, use the following command: ``aws rds describe-db-engine-versions --engine aurora-postgresql --query "DBEngineVersions[].EngineVersion"`` To list all of the available engine versions for RDS for MySQL, use the following command: ``aws rds describe-db-engine-versions --engine mysql --query "DBEngineVersions[].EngineVersion"`` To list all of the available engine versions for RDS for PostgreSQL, use the following command: ``aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion"`` *Aurora MySQL* For information, see `Database engine updates for Amazon Aurora MySQL <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.html>`_ in the *Amazon Aurora User Guide* . *Aurora PostgreSQL* For information, see `Amazon Aurora PostgreSQL releases and engine versions <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Updates.20180305.html>`_ in the *Amazon Aurora User Guide* . *MySQL* For information, see `Amazon RDS for MySQL <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide* . *PostgreSQL* For information, see `Amazon RDS for PostgreSQL <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts>`_ in the *Amazon RDS User Guide* . Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param global_cluster_identifier: If you are configuring an Aurora global database cluster and want your Aurora DB cluster to be a secondary member in the global database cluster, specify the global cluster ID of the global database cluster. To define the primary database cluster of the global cluster, use the `AWS::RDS::GlobalCluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-globalcluster.html>`_ resource. If you aren't configuring a global database cluster, don't specify this property. .. epigraph:: To remove the DB cluster from a global database cluster, specify an empty value for the ``GlobalClusterIdentifier`` property. For information about Aurora global databases, see `Working with Amazon Aurora Global Databases <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html>`_ in the *Amazon Aurora User Guide* . Valid for: Aurora DB clusters only
@@ -7129,7 +7135,7 @@ class CfnDBClusterProps:
         :param enable_iam_database_authentication: A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. For more information, see `IAM Database Authentication <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html>`_ in the *Amazon Aurora User Guide.* Valid for: Aurora DB clusters only
         :param enable_local_write_forwarding: Specifies whether read replicas can forward write operations to the writer DB instance in the DB cluster. By default, write operations aren't allowed on reader DB instances. Valid for: Aurora DB clusters only
         :param engine: The name of the database engine to be used for this DB cluster. Valid Values: - ``aurora-mysql`` - ``aurora-postgresql`` - ``mysql`` - ``postgres`` Valid for: Aurora DB clusters and Multi-AZ DB clusters
-        :param engine_lifecycle_support: The life cycle type for this DB cluster. .. epigraph:: By default, this value is set to ``open-source-rds-extended-support`` , which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to ``open-source-rds-extended-support-disabled`` . In this case, creating the DB cluster will fail if the DB major version is past its end of standard support date. You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections: - Amazon Aurora (PostgreSQL only) - `Using Amazon RDS Extended Support <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html>`_ in the *Amazon Aurora User Guide* - Amazon RDS - `Using Amazon RDS Extended Support <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html>`_ in the *Amazon RDS User Guide* Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters Valid Values: ``open-source-rds-extended-support | open-source-rds-extended-support-disabled`` Default: ``open-source-rds-extended-support``
+        :param engine_lifecycle_support: The life cycle type for this DB cluster. .. epigraph:: By default, this value is set to ``open-source-rds-extended-support`` , which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to ``open-source-rds-extended-support-disabled`` . In this case, creating the DB cluster will fail if the DB major version is past its end of standard support date. You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections: - Amazon Aurora - `Using Amazon RDS Extended Support <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html>`_ in the *Amazon Aurora User Guide* - Amazon RDS - `Using Amazon RDS Extended Support <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html>`_ in the *Amazon RDS User Guide* Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters Valid Values: ``open-source-rds-extended-support | open-source-rds-extended-support-disabled`` Default: ``open-source-rds-extended-support``
         :param engine_mode: The DB engine mode of the DB cluster, either ``provisioned`` or ``serverless`` . The ``serverless`` engine mode only applies for Aurora Serverless v1 DB clusters. Aurora Serverless v2 DB clusters use the ``provisioned`` engine mode. For information about limitations and requirements for Serverless DB clusters, see the following sections in the *Amazon Aurora User Guide* : - `Limitations of Aurora Serverless v1 <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.limitations>`_ - `Requirements for Aurora Serverless v2 <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html>`_ Valid for Cluster Type: Aurora DB clusters only
         :param engine_version: The version number of the database engine to use. To list all of the available engine versions for Aurora MySQL version 2 (5.7-compatible) and version 3 (8.0-compatible), use the following command: ``aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion"`` You can supply either ``5.7`` or ``8.0`` to use the default engine version for Aurora MySQL version 2 or version 3, respectively. To list all of the available engine versions for Aurora PostgreSQL, use the following command: ``aws rds describe-db-engine-versions --engine aurora-postgresql --query "DBEngineVersions[].EngineVersion"`` To list all of the available engine versions for RDS for MySQL, use the following command: ``aws rds describe-db-engine-versions --engine mysql --query "DBEngineVersions[].EngineVersion"`` To list all of the available engine versions for RDS for PostgreSQL, use the following command: ``aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion"`` *Aurora MySQL* For information, see `Database engine updates for Amazon Aurora MySQL <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.html>`_ in the *Amazon Aurora User Guide* . *Aurora PostgreSQL* For information, see `Amazon Aurora PostgreSQL releases and engine versions <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Updates.20180305.html>`_ in the *Amazon Aurora User Guide* . *MySQL* For information, see `Amazon RDS for MySQL <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide* . *PostgreSQL* For information, see `Amazon RDS for PostgreSQL <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts>`_ in the *Amazon RDS User Guide* . Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param global_cluster_identifier: If you are configuring an Aurora global database cluster and want your Aurora DB cluster to be a secondary member in the global database cluster, specify the global cluster ID of the global database cluster. To define the primary database cluster of the global cluster, use the `AWS::RDS::GlobalCluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-globalcluster.html>`_ resource. If you aren't configuring a global database cluster, don't specify this property. .. epigraph:: To remove the DB cluster from a global database cluster, specify an empty value for the ``GlobalClusterIdentifier`` property. For information about Aurora global databases, see `Working with Amazon Aurora Global Databases <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html>`_ in the *Amazon Aurora User Guide* . Valid for: Aurora DB clusters only
@@ -7821,7 +7827,7 @@ class CfnDBClusterProps:
 
         You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections:
 
-        - Amazon Aurora (PostgreSQL only) - `Using Amazon RDS Extended Support <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html>`_ in the *Amazon Aurora User Guide*
+        - Amazon Aurora - `Using Amazon RDS Extended Support <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html>`_ in the *Amazon Aurora User Guide*
         - Amazon RDS - `Using Amazon RDS Extended Support <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html>`_ in the *Amazon RDS User Guide*
 
         Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
@@ -16678,6 +16684,9 @@ class CfnGlobalCluster(
             engine_lifecycle_support="engineLifecycleSupport",
             engine_version="engineVersion",
             global_cluster_identifier="globalClusterIdentifier",
+            global_endpoint=rds.CfnGlobalCluster.GlobalEndpointProperty(
+                address="address"
+            ),
             source_db_cluster_identifier="sourceDbClusterIdentifier",
             storage_encrypted=False,
             tags=[CfnTag(
@@ -16697,6 +16706,7 @@ class CfnGlobalCluster(
         engine_lifecycle_support: typing.Optional[builtins.str] = None,
         engine_version: typing.Optional[builtins.str] = None,
         global_cluster_identifier: typing.Optional[builtins.str] = None,
+        global_endpoint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnGlobalCluster.GlobalEndpointProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         source_db_cluster_identifier: typing.Optional[builtins.str] = None,
         storage_encrypted: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -16709,6 +16719,7 @@ class CfnGlobalCluster(
         :param engine_lifecycle_support: The life cycle type for this global database cluster. .. epigraph:: By default, this value is set to ``open-source-rds-extended-support`` , which enrolls your global cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to ``open-source-rds-extended-support-disabled`` . In this case, creating the global cluster will fail if the DB major version is past its end of standard support date. This setting only applies to Aurora PostgreSQL-based global databases. You can use this setting to enroll your global cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your global cluster past the end of standard support for that engine version. For more information, see `Using Amazon RDS Extended Support <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html>`_ in the *Amazon Aurora User Guide* . Valid Values: ``open-source-rds-extended-support | open-source-rds-extended-support-disabled`` Default: ``open-source-rds-extended-support``
         :param engine_version: The engine version to use for this global database cluster. Constraints: - Can't be specified if ``SourceDBClusterIdentifier`` is specified. In this case, Amazon Aurora uses the engine version of the source DB cluster.
         :param global_cluster_identifier: The cluster identifier for this global database cluster. This parameter is stored as a lowercase string.
+        :param global_endpoint: 
         :param source_db_cluster_identifier: The Amazon Resource Name (ARN) to use as the primary cluster of the global database. If you provide a value for this parameter, don't specify values for the following settings because Amazon Aurora uses the values from the specified source DB cluster: - ``DatabaseName`` - ``Engine`` - ``EngineVersion`` - ``StorageEncrypted``
         :param storage_encrypted: Specifies whether to enable storage encryption for the new global database cluster. Constraints: - Can't be specified if ``SourceDBClusterIdentifier`` is specified. In this case, Amazon Aurora uses the setting from the source DB cluster.
         :param tags: Metadata assigned to an Amazon RDS resource consisting of a key-value pair. For more information, see `Tagging Amazon RDS resources <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html>`_ in the *Amazon RDS User Guide* or `Tagging Amazon Aurora and Amazon RDS resources <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html>`_ in the *Amazon Aurora User Guide* .
@@ -16723,6 +16734,7 @@ class CfnGlobalCluster(
             engine_lifecycle_support=engine_lifecycle_support,
             engine_version=engine_version,
             global_cluster_identifier=global_cluster_identifier,
+            global_endpoint=global_endpoint,
             source_db_cluster_identifier=source_db_cluster_identifier,
             storage_encrypted=storage_encrypted,
             tags=tags,
@@ -16841,6 +16853,23 @@ class CfnGlobalCluster(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "globalClusterIdentifier", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="globalEndpoint")
+    def global_endpoint(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnGlobalCluster.GlobalEndpointProperty"]]:
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnGlobalCluster.GlobalEndpointProperty"]], jsii.get(self, "globalEndpoint"))
+
+    @global_endpoint.setter
+    def global_endpoint(
+        self,
+        value: typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnGlobalCluster.GlobalEndpointProperty"]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__7b1b1a8e034b0a4e155f1c4e96d4c9dd770043cd6a95e96f303770a5dff27e85)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "globalEndpoint", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="sourceDbClusterIdentifier")
     def source_db_cluster_identifier(self) -> typing.Optional[builtins.str]:
@@ -16888,6 +16917,58 @@ class CfnGlobalCluster(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "tags", value) # pyright: ignore[reportArgumentType]
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_rds.CfnGlobalCluster.GlobalEndpointProperty",
+        jsii_struct_bases=[],
+        name_mapping={"address": "address"},
+    )
+    class GlobalEndpointProperty:
+        def __init__(self, *, address: typing.Optional[builtins.str] = None) -> None:
+            '''
+            :param address: The writer endpoint for the global database cluster. This endpoint always points to the writer DB instance in the current primary cluster.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-globalcluster-globalendpoint.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_rds as rds
+                
+                global_endpoint_property = rds.CfnGlobalCluster.GlobalEndpointProperty(
+                    address="address"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__350cbf05f202394e90ba919ae123a3da8d1e1e8e92a272b6ff65d6578cf2dadc)
+                check_type(argname="argument address", value=address, expected_type=type_hints["address"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if address is not None:
+                self._values["address"] = address
+
+        @builtins.property
+        def address(self) -> typing.Optional[builtins.str]:
+            '''The writer endpoint for the global database cluster.
+
+            This endpoint always points to the writer DB instance in the current primary cluster.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-globalcluster-globalendpoint.html#cfn-rds-globalcluster-globalendpoint-address
+            '''
+            result = self._values.get("address")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "GlobalEndpointProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
 
 @jsii.data_type(
     jsii_type="aws-cdk-lib.aws_rds.CfnGlobalClusterProps",
@@ -16898,6 +16979,7 @@ class CfnGlobalCluster(
         "engine_lifecycle_support": "engineLifecycleSupport",
         "engine_version": "engineVersion",
         "global_cluster_identifier": "globalClusterIdentifier",
+        "global_endpoint": "globalEndpoint",
         "source_db_cluster_identifier": "sourceDbClusterIdentifier",
         "storage_encrypted": "storageEncrypted",
         "tags": "tags",
@@ -16912,6 +16994,7 @@ class CfnGlobalClusterProps:
         engine_lifecycle_support: typing.Optional[builtins.str] = None,
         engine_version: typing.Optional[builtins.str] = None,
         global_cluster_identifier: typing.Optional[builtins.str] = None,
+        global_endpoint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnGlobalCluster.GlobalEndpointProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         source_db_cluster_identifier: typing.Optional[builtins.str] = None,
         storage_encrypted: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -16923,6 +17006,7 @@ class CfnGlobalClusterProps:
         :param engine_lifecycle_support: The life cycle type for this global database cluster. .. epigraph:: By default, this value is set to ``open-source-rds-extended-support`` , which enrolls your global cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to ``open-source-rds-extended-support-disabled`` . In this case, creating the global cluster will fail if the DB major version is past its end of standard support date. This setting only applies to Aurora PostgreSQL-based global databases. You can use this setting to enroll your global cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your global cluster past the end of standard support for that engine version. For more information, see `Using Amazon RDS Extended Support <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/extended-support.html>`_ in the *Amazon Aurora User Guide* . Valid Values: ``open-source-rds-extended-support | open-source-rds-extended-support-disabled`` Default: ``open-source-rds-extended-support``
         :param engine_version: The engine version to use for this global database cluster. Constraints: - Can't be specified if ``SourceDBClusterIdentifier`` is specified. In this case, Amazon Aurora uses the engine version of the source DB cluster.
         :param global_cluster_identifier: The cluster identifier for this global database cluster. This parameter is stored as a lowercase string.
+        :param global_endpoint: 
         :param source_db_cluster_identifier: The Amazon Resource Name (ARN) to use as the primary cluster of the global database. If you provide a value for this parameter, don't specify values for the following settings because Amazon Aurora uses the values from the specified source DB cluster: - ``DatabaseName`` - ``Engine`` - ``EngineVersion`` - ``StorageEncrypted``
         :param storage_encrypted: Specifies whether to enable storage encryption for the new global database cluster. Constraints: - Can't be specified if ``SourceDBClusterIdentifier`` is specified. In this case, Amazon Aurora uses the setting from the source DB cluster.
         :param tags: Metadata assigned to an Amazon RDS resource consisting of a key-value pair. For more information, see `Tagging Amazon RDS resources <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html>`_ in the *Amazon RDS User Guide* or `Tagging Amazon Aurora and Amazon RDS resources <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html>`_ in the *Amazon Aurora User Guide* .
@@ -16942,6 +17026,9 @@ class CfnGlobalClusterProps:
                 engine_lifecycle_support="engineLifecycleSupport",
                 engine_version="engineVersion",
                 global_cluster_identifier="globalClusterIdentifier",
+                global_endpoint=rds.CfnGlobalCluster.GlobalEndpointProperty(
+                    address="address"
+                ),
                 source_db_cluster_identifier="sourceDbClusterIdentifier",
                 storage_encrypted=False,
                 tags=[CfnTag(
@@ -16957,6 +17044,7 @@ class CfnGlobalClusterProps:
             check_type(argname="argument engine_lifecycle_support", value=engine_lifecycle_support, expected_type=type_hints["engine_lifecycle_support"])
             check_type(argname="argument engine_version", value=engine_version, expected_type=type_hints["engine_version"])
             check_type(argname="argument global_cluster_identifier", value=global_cluster_identifier, expected_type=type_hints["global_cluster_identifier"])
+            check_type(argname="argument global_endpoint", value=global_endpoint, expected_type=type_hints["global_endpoint"])
             check_type(argname="argument source_db_cluster_identifier", value=source_db_cluster_identifier, expected_type=type_hints["source_db_cluster_identifier"])
             check_type(argname="argument storage_encrypted", value=storage_encrypted, expected_type=type_hints["storage_encrypted"])
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
@@ -16971,6 +17059,8 @@ class CfnGlobalClusterProps:
             self._values["engine_version"] = engine_version
         if global_cluster_identifier is not None:
             self._values["global_cluster_identifier"] = global_cluster_identifier
+        if global_endpoint is not None:
+            self._values["global_endpoint"] = global_endpoint
         if source_db_cluster_identifier is not None:
             self._values["source_db_cluster_identifier"] = source_db_cluster_identifier
         if storage_encrypted is not None:
@@ -17051,6 +17141,16 @@ class CfnGlobalClusterProps:
         result = self._values.get("global_cluster_identifier")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def global_endpoint(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnGlobalCluster.GlobalEndpointProperty]]:
+        '''
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-globalcluster.html#cfn-rds-globalcluster-globalendpoint
+        '''
+        result = self._values.get("global_endpoint")
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, CfnGlobalCluster.GlobalEndpointProperty]], result)
+
     @builtins.property
     def source_db_cluster_identifier(self) -> typing.Optional[builtins.str]:
         '''The Amazon Resource Name (ARN) to use as the primary cluster of the global database.
@@ -31609,6 +31709,12 @@ class MysqlEngineVersion(
         '''Version "8.0.39".'''
         return typing.cast("MysqlEngineVersion", jsii.sget(cls, "VER_8_0_39"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_8_0_40")
+    def VER_8_0_40(cls) -> "MysqlEngineVersion":
+        '''Version "8.0.40".'''
+        return typing.cast("MysqlEngineVersion", jsii.sget(cls, "VER_8_0_40"))
+
     @builtins.property
     @jsii.member(jsii_name="mysqlFullVersion")
     def mysql_full_version(self) -> builtins.str:
@@ -34493,6 +34599,12 @@ class PostgresEngineVersion(
         '''Version "12.20".'''
         return typing.cast("PostgresEngineVersion", jsii.sget(cls, "VER_12_20"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_12_21")
+    def VER_12_21(cls) -> "PostgresEngineVersion":
+        '''Version "12.21".'''
+        return typing.cast("PostgresEngineVersion", jsii.sget(cls, "VER_12_21"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_12_3")
     def VER_12_3(cls) -> "PostgresEngineVersion":
@@ -34634,6 +34746,12 @@ class PostgresEngineVersion(
         '''Version "13.16".'''
         return typing.cast("PostgresEngineVersion", jsii.sget(cls, "VER_13_16"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_13_17")
+    def VER_13_17(cls) -> "PostgresEngineVersion":
+        '''Version "13.17".'''
+        return typing.cast("PostgresEngineVersion", jsii.sget(cls, "VER_13_17"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_13_2")
     def VER_13_2(cls) -> "PostgresEngineVersion":
@@ -34763,6 +34881,12 @@ class PostgresEngineVersion(
         '''Version "14.13".'''
         return typing.cast("PostgresEngineVersion", jsii.sget(cls, "VER_14_13"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_14_14")
+    def VER_14_14(cls) -> "PostgresEngineVersion":
+        '''Version "14.14".'''
+        return typing.cast("PostgresEngineVersion", jsii.sget(cls, "VER_14_14"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_14_2")
     def VER_14_2(cls) -> "PostgresEngineVersion":
@@ -34904,6 +35028,12 @@ class PostgresEngineVersion(
         '''Version "15.8".'''
         return typing.cast("PostgresEngineVersion", jsii.sget(cls, "VER_15_8"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_15_9")
+    def VER_15_9(cls) -> "PostgresEngineVersion":
+        '''Version "15.9".'''
+        return typing.cast("PostgresEngineVersion", jsii.sget(cls, "VER_15_9"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_16")
     def VER_16(cls) -> "PostgresEngineVersion":
@@ -34934,6 +35064,24 @@ class PostgresEngineVersion(
         '''Version "16.4".'''
         return typing.cast("PostgresEngineVersion", jsii.sget(cls, "VER_16_4"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_16_5")
+    def VER_16_5(cls) -> "PostgresEngineVersion":
+        '''Version "16.5".'''
+        return typing.cast("PostgresEngineVersion", jsii.sget(cls, "VER_16_5"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_17")
+    def VER_17(cls) -> "PostgresEngineVersion":
+        '''Version "17" (only a major version, without a specific minor version).'''
+        return typing.cast("PostgresEngineVersion", jsii.sget(cls, "VER_17"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_17_1")
+    def VER_17_1(cls) -> "PostgresEngineVersion":
+        '''Version "17.1".'''
+        return typing.cast("PostgresEngineVersion", jsii.sget(cls, "VER_17_1"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_9_6_24")
     def VER_9_6_24(cls) -> "PostgresEngineVersion":
@@ -47814,6 +47962,7 @@ def _typecheckingstub__1611fa62b935d4f304c9fd8befd7c639fa3cc4898c7c6d9f86feb2d66
     engine_lifecycle_support: typing.Optional[builtins.str] = None,
     engine_version: typing.Optional[builtins.str] = None,
     global_cluster_identifier: typing.Optional[builtins.str] = None,
+    global_endpoint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnGlobalCluster.GlobalEndpointProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     source_db_cluster_identifier: typing.Optional[builtins.str] = None,
     storage_encrypted: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -47863,6 +48012,12 @@ def _typecheckingstub__8c0878c8feb5b0667b16ebe0d996cc33dadb0920b96e5594e9cf1b8cc
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__7b1b1a8e034b0a4e155f1c4e96d4c9dd770043cd6a95e96f303770a5dff27e85(
+    value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnGlobalCluster.GlobalEndpointProperty]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__2b8b99331248625e609d8c61fdd2aeead968468cd83f1da2306ce25de200e221(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -47881,6 +48036,13 @@ def _typecheckingstub__353dbc811b6418119794dea977794a47fb1500897063d3e8fdf280f56
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__350cbf05f202394e90ba919ae123a3da8d1e1e8e92a272b6ff65d6578cf2dadc(
+    *,
+    address: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__ef2e57f0cb9427badb90bc7e1248f0f26bc8de21a104bb924da9733667030430(
     *,
     deletion_protection: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
@@ -47888,6 +48050,7 @@ def _typecheckingstub__ef2e57f0cb9427badb90bc7e1248f0f26bc8de21a104bb924da973366
     engine_lifecycle_support: typing.Optional[builtins.str] = None,
     engine_version: typing.Optional[builtins.str] = None,
     global_cluster_identifier: typing.Optional[builtins.str] = None,
+    global_endpoint: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnGlobalCluster.GlobalEndpointProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     source_db_cluster_identifier: typing.Optional[builtins.str] = None,
     storage_encrypted: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,

aws_cdk/aws_route53resolver/__init__.py

@@ -447,7 +447,6 @@ class CfnFirewallRuleGroup(
         cfn_firewall_rule_group = route53resolver.CfnFirewallRuleGroup(self, "MyCfnFirewallRuleGroup",
             firewall_rules=[route53resolver.CfnFirewallRuleGroup.FirewallRuleProperty(
                 action="action",
-                firewall_domain_list_id="firewallDomainListId",
                 priority=123,
         
                 # the properties below are optional
@@ -455,7 +454,11 @@ class CfnFirewallRuleGroup(
                 block_override_domain="blockOverrideDomain",
                 block_override_ttl=123,
                 block_response="blockResponse",
+                confidence_threshold="confidenceThreshold",
+                dns_threat_protection="dnsThreatProtection",
+                firewall_domain_list_id="firewallDomainListId",
                 firewall_domain_redirection_action="firewallDomainRedirectionAction",
+                firewall_threat_protection_id="firewallThreatProtectionId",
                 qtype="qtype"
             )],
             name="name",
@@ -678,13 +681,16 @@ class CfnFirewallRuleGroup(
         jsii_struct_bases=[],
         name_mapping={
             "action": "action",
-            "firewall_domain_list_id": "firewallDomainListId",
             "priority": "priority",
             "block_override_dns_type": "blockOverrideDnsType",
             "block_override_domain": "blockOverrideDomain",
             "block_override_ttl": "blockOverrideTtl",
             "block_response": "blockResponse",
+            "confidence_threshold": "confidenceThreshold",
+            "dns_threat_protection": "dnsThreatProtection",
+            "firewall_domain_list_id": "firewallDomainListId",
             "firewall_domain_redirection_action": "firewallDomainRedirectionAction",
+            "firewall_threat_protection_id": "firewallThreatProtectionId",
             "qtype": "qtype",
         },
     )
@@ -693,25 +699,31 @@ class CfnFirewallRuleGroup(
             self,
             *,
             action: builtins.str,
-            firewall_domain_list_id: builtins.str,
             priority: jsii.Number,
             block_override_dns_type: typing.Optional[builtins.str] = None,
             block_override_domain: typing.Optional[builtins.str] = None,
             block_override_ttl: typing.Optional[jsii.Number] = None,
             block_response: typing.Optional[builtins.str] = None,
+            confidence_threshold: typing.Optional[builtins.str] = None,
+            dns_threat_protection: typing.Optional[builtins.str] = None,
+            firewall_domain_list_id: typing.Optional[builtins.str] = None,
             firewall_domain_redirection_action: typing.Optional[builtins.str] = None,
+            firewall_threat_protection_id: typing.Optional[builtins.str] = None,
             qtype: typing.Optional[builtins.str] = None,
         ) -> None:
             '''A single firewall rule in a rule group.
 
             :param action: The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list: - ``ALLOW`` - Permit the request to go through. - ``ALERT`` - Permit the request to go through but send an alert to the logs. - ``BLOCK`` - Disallow the request. If this is specified,then ``BlockResponse`` must also be specified. if ``BlockResponse`` is ``OVERRIDE`` , then all of the following ``OVERRIDE`` attributes must be specified: - ``BlockOverrideDnsType`` - ``BlockOverrideDomain`` - ``BlockOverrideTtl``
-            :param firewall_domain_list_id: The ID of the domain list that's used in the rule.
             :param priority: The priority of the rule in the rule group. This value must be unique within the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
             :param block_override_dns_type: The DNS record's type. This determines the format of the record value that you provided in ``BlockOverrideDomain`` . Used for the rule action ``BLOCK`` with a ``BlockResponse`` setting of ``OVERRIDE`` .
             :param block_override_domain: The custom DNS record to send back in response to the query. Used for the rule action ``BLOCK`` with a ``BlockResponse`` setting of ``OVERRIDE`` .
             :param block_override_ttl: The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action ``BLOCK`` with a ``BlockResponse`` setting of ``OVERRIDE`` .
             :param block_response: The way that you want DNS Firewall to block the request. Used for the rule action setting ``BLOCK`` . - ``NODATA`` - Respond indicating that the query was successful, but no response is available for it. - ``NXDOMAIN`` - Respond indicating that the domain name that's in the query doesn't exist. - ``OVERRIDE`` - Provide a custom override in the response. This option requires custom handling details in the rule's ``BlockOverride*`` settings.
+            :param confidence_threshold: FirewallDomainRedirectionAction.
+            :param dns_threat_protection: FirewallDomainRedirectionAction.
+            :param firewall_domain_list_id: The ID of the domain list that's used in the rule.
             :param firewall_domain_redirection_action: How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME, or DNAME. ``Inspect_Redirection_Domain`` (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be added to the domain list. ``Trust_Redirection_Domain`` inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to the domain list.
+            :param firewall_threat_protection_id: ResourceId.
             :param qtype: The DNS query type you want the rule to evaluate. Allowed values are; - A: Returns an IPv4 address. - AAAA: Returns an Ipv6 address. - CAA: Restricts CAs that can create SSL/TLS certifications for the domain. - CNAME: Returns another domain name. - DS: Record that identifies the DNSSEC signing key of a delegated zone. - MX: Specifies mail servers. - NAPTR: Regular-expression-based rewriting of domain names. - NS: Authoritative name servers. - PTR: Maps an IP address to a domain name. - SOA: Start of authority record for the zone. - SPF: Lists the servers authorized to send emails from a domain. - SRV: Application specific values that identify servers. - TXT: Verifies email senders and application-specific values. - A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPE NUMBER , where the NUMBER can be 1-65334, for example, TYPE28. For more information, see `List of DNS record types <https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/List_of_DNS_record_types>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53resolver-firewallrulegroup-firewallrule.html
@@ -725,7 +737,6 @@ class CfnFirewallRuleGroup(
                 
                 firewall_rule_property = route53resolver.CfnFirewallRuleGroup.FirewallRuleProperty(
                     action="action",
-                    firewall_domain_list_id="firewallDomainListId",
                     priority=123,
                 
                     # the properties below are optional
@@ -733,24 +744,30 @@ class CfnFirewallRuleGroup(
                     block_override_domain="blockOverrideDomain",
                     block_override_ttl=123,
                     block_response="blockResponse",
+                    confidence_threshold="confidenceThreshold",
+                    dns_threat_protection="dnsThreatProtection",
+                    firewall_domain_list_id="firewallDomainListId",
                     firewall_domain_redirection_action="firewallDomainRedirectionAction",
+                    firewall_threat_protection_id="firewallThreatProtectionId",
                     qtype="qtype"
                 )
             '''
             if __debug__:
                 type_hints = typing.get_type_hints(_typecheckingstub__61f0f7aa6db62533b4486bd58a4692d76a133c14cd2281a8ea8e083c9d952e92)
                 check_type(argname="argument action", value=action, expected_type=type_hints["action"])
-                check_type(argname="argument firewall_domain_list_id", value=firewall_domain_list_id, expected_type=type_hints["firewall_domain_list_id"])
                 check_type(argname="argument priority", value=priority, expected_type=type_hints["priority"])
                 check_type(argname="argument block_override_dns_type", value=block_override_dns_type, expected_type=type_hints["block_override_dns_type"])
                 check_type(argname="argument block_override_domain", value=block_override_domain, expected_type=type_hints["block_override_domain"])
                 check_type(argname="argument block_override_ttl", value=block_override_ttl, expected_type=type_hints["block_override_ttl"])
                 check_type(argname="argument block_response", value=block_response, expected_type=type_hints["block_response"])
+                check_type(argname="argument confidence_threshold", value=confidence_threshold, expected_type=type_hints["confidence_threshold"])
+                check_type(argname="argument dns_threat_protection", value=dns_threat_protection, expected_type=type_hints["dns_threat_protection"])
+                check_type(argname="argument firewall_domain_list_id", value=firewall_domain_list_id, expected_type=type_hints["firewall_domain_list_id"])
                 check_type(argname="argument firewall_domain_redirection_action", value=firewall_domain_redirection_action, expected_type=type_hints["firewall_domain_redirection_action"])
+                check_type(argname="argument firewall_threat_protection_id", value=firewall_threat_protection_id, expected_type=type_hints["firewall_threat_protection_id"])
                 check_type(argname="argument qtype", value=qtype, expected_type=type_hints["qtype"])
             self._values: typing.Dict[builtins.str, typing.Any] = {
                 "action": action,
-                "firewall_domain_list_id": firewall_domain_list_id,
                 "priority": priority,
             }
             if block_override_dns_type is not None:
@@ -761,8 +778,16 @@ class CfnFirewallRuleGroup(
                 self._values["block_override_ttl"] = block_override_ttl
             if block_response is not None:
                 self._values["block_response"] = block_response
+            if confidence_threshold is not None:
+                self._values["confidence_threshold"] = confidence_threshold
+            if dns_threat_protection is not None:
+                self._values["dns_threat_protection"] = dns_threat_protection
+            if firewall_domain_list_id is not None:
+                self._values["firewall_domain_list_id"] = firewall_domain_list_id
             if firewall_domain_redirection_action is not None:
                 self._values["firewall_domain_redirection_action"] = firewall_domain_redirection_action
+            if firewall_threat_protection_id is not None:
+                self._values["firewall_threat_protection_id"] = firewall_threat_protection_id
             if qtype is not None:
                 self._values["qtype"] = qtype
 
@@ -785,16 +810,6 @@ class CfnFirewallRuleGroup(
             assert result is not None, "Required property 'action' is missing"
             return typing.cast(builtins.str, result)
 
-        @builtins.property
-        def firewall_domain_list_id(self) -> builtins.str:
-            '''The ID of the domain list that's used in the rule.
-
-            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53resolver-firewallrulegroup-firewallrule.html#cfn-route53resolver-firewallrulegroup-firewallrule-firewalldomainlistid
-            '''
-            result = self._values.get("firewall_domain_list_id")
-            assert result is not None, "Required property 'firewall_domain_list_id' is missing"
-            return typing.cast(builtins.str, result)
-
         @builtins.property
         def priority(self) -> jsii.Number:
             '''The priority of the rule in the rule group.
@@ -853,6 +868,33 @@ class CfnFirewallRuleGroup(
             result = self._values.get("block_response")
             return typing.cast(typing.Optional[builtins.str], result)
 
+        @builtins.property
+        def confidence_threshold(self) -> typing.Optional[builtins.str]:
+            '''FirewallDomainRedirectionAction.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53resolver-firewallrulegroup-firewallrule.html#cfn-route53resolver-firewallrulegroup-firewallrule-confidencethreshold
+            '''
+            result = self._values.get("confidence_threshold")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def dns_threat_protection(self) -> typing.Optional[builtins.str]:
+            '''FirewallDomainRedirectionAction.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53resolver-firewallrulegroup-firewallrule.html#cfn-route53resolver-firewallrulegroup-firewallrule-dnsthreatprotection
+            '''
+            result = self._values.get("dns_threat_protection")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def firewall_domain_list_id(self) -> typing.Optional[builtins.str]:
+            '''The ID of the domain list that's used in the rule.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53resolver-firewallrulegroup-firewallrule.html#cfn-route53resolver-firewallrulegroup-firewallrule-firewalldomainlistid
+            '''
+            result = self._values.get("firewall_domain_list_id")
+            return typing.cast(typing.Optional[builtins.str], result)
+
         @builtins.property
         def firewall_domain_redirection_action(self) -> typing.Optional[builtins.str]:
             '''How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME, or DNAME.
@@ -866,6 +908,15 @@ class CfnFirewallRuleGroup(
             result = self._values.get("firewall_domain_redirection_action")
             return typing.cast(typing.Optional[builtins.str], result)
 
+        @builtins.property
+        def firewall_threat_protection_id(self) -> typing.Optional[builtins.str]:
+            '''ResourceId.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53resolver-firewallrulegroup-firewallrule.html#cfn-route53resolver-firewallrulegroup-firewallrule-firewallthreatprotectionid
+            '''
+            result = self._values.get("firewall_threat_protection_id")
+            return typing.cast(typing.Optional[builtins.str], result)
+
         @builtins.property
         def qtype(self) -> typing.Optional[builtins.str]:
             '''The DNS query type you want the rule to evaluate. Allowed values are;
@@ -1349,7 +1400,6 @@ class CfnFirewallRuleGroupProps:
             cfn_firewall_rule_group_props = route53resolver.CfnFirewallRuleGroupProps(
                 firewall_rules=[route53resolver.CfnFirewallRuleGroup.FirewallRuleProperty(
                     action="action",
-                    firewall_domain_list_id="firewallDomainListId",
                     priority=123,
             
                     # the properties below are optional
@@ -1357,7 +1407,11 @@ class CfnFirewallRuleGroupProps:
                     block_override_domain="blockOverrideDomain",
                     block_override_ttl=123,
                     block_response="blockResponse",
+                    confidence_threshold="confidenceThreshold",
+                    dns_threat_protection="dnsThreatProtection",
+                    firewall_domain_list_id="firewallDomainListId",
                     firewall_domain_redirection_action="firewallDomainRedirectionAction",
+                    firewall_threat_protection_id="firewallThreatProtectionId",
                     qtype="qtype"
                 )],
                 name="name",
@@ -4286,13 +4340,16 @@ def _typecheckingstub__68e88161bfa870a62d2b106ff0d76bb87c2d573da805d7d6852d0dff9
 def _typecheckingstub__61f0f7aa6db62533b4486bd58a4692d76a133c14cd2281a8ea8e083c9d952e92(
     *,
     action: builtins.str,
-    firewall_domain_list_id: builtins.str,
     priority: jsii.Number,
     block_override_dns_type: typing.Optional[builtins.str] = None,
     block_override_domain: typing.Optional[builtins.str] = None,
     block_override_ttl: typing.Optional[jsii.Number] = None,
     block_response: typing.Optional[builtins.str] = None,
+    confidence_threshold: typing.Optional[builtins.str] = None,
+    dns_threat_protection: typing.Optional[builtins.str] = None,
+    firewall_domain_list_id: typing.Optional[builtins.str] = None,
     firewall_domain_redirection_action: typing.Optional[builtins.str] = None,
+    firewall_threat_protection_id: typing.Optional[builtins.str] = None,
     qtype: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""