aws-cdk-lib 2.168.0__py3-none-any.whl → 2.170.0__py3-none-any.whl

aws_cdk/__init__.py

@@ -36069,6 +36069,7 @@ __all__ = [
     "aws_qldb",
     "aws_quicksight",
     "aws_ram",
+    "aws_rbin",
     "aws_rds",
     "aws_redshift",
     "aws_redshiftserverless",
@@ -36358,6 +36359,7 @@ from . import aws_qbusiness
 from . import aws_qldb
 from . import aws_quicksight
 from . import aws_ram
+from . import aws_rbin
 from . import aws_rds
 from . import aws_redshift
 from . import aws_redshiftserverless

aws_cdk/_jsii/__init__.py

@@ -35,7 +35,7 @@ import aws_cdk.cloud_assembly_schema._jsii
 import constructs._jsii
 
 __jsii_assembly__ = jsii.JSIIAssembly.load(
-    "aws-cdk-lib", "2.168.0", __name__[0:-6], "aws-cdk-lib@2.168.0.jsii.tgz"
+    "aws-cdk-lib", "2.170.0", __name__[0:-6], "aws-cdk-lib@2.170.0.jsii.tgz"
 )
 
 __all__ = [

aws_cdk/aws_accessanalyzer/__init__.py

@@ -95,6 +95,15 @@ class CfnAnalyzer(
             # the properties below are optional
             analyzer_configuration=accessanalyzer.CfnAnalyzer.AnalyzerConfigurationProperty(
                 unused_access_configuration=accessanalyzer.CfnAnalyzer.UnusedAccessConfigurationProperty(
+                    analysis_rule=accessanalyzer.CfnAnalyzer.AnalysisRuleProperty(
+                        exclusions=[accessanalyzer.CfnAnalyzer.AnalysisRuleCriteriaProperty(
+                            account_ids=["accountIds"],
+                            resource_tags=[[CfnTag(
+                                key="key",
+                                value="value"
+                            )]]
+                        )]
+                    ),
                     unused_access_age=123
                 )
             ),
@@ -133,10 +142,10 @@ class CfnAnalyzer(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param type: The type represents the zone of trust for the analyzer. *Allowed Values* : ACCOUNT | ORGANIZATION | ACCOUNT_UNUSED_ACCESS | ORGANIZATION_UNUSED_ACCESS
-        :param analyzer_configuration: Contains information about the configuration of an unused access analyzer for an AWS organization or account.
+        :param analyzer_configuration: Contains information about the configuration of an analyzer for an AWS organization or account.
         :param analyzer_name: The name of the analyzer.
         :param archive_rules: Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
-        :param tags: An array of key-value pairs to apply to the analyzer.
+        :param tags: An array of key-value pairs to apply to the analyzer. You can use the set of Unicode letters, digits, whitespace, ``_`` , ``.`` , ``/`` , ``=`` , ``+`` , and ``-`` . For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with ``aws:`` . For the tag value, you can specify a value that is 0 to 256 characters in length.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__4d078d0b17e4dff80691cd25737bc9c648722f68955725da002d3ab5d4df9b21)
@@ -220,7 +229,7 @@ class CfnAnalyzer(
     def analyzer_configuration(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnAnalyzer.AnalyzerConfigurationProperty"]]:
-        '''Contains information about the configuration of an unused access analyzer for an AWS organization or account.'''
+        '''Contains information about the configuration of an analyzer for an AWS organization or account.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnAnalyzer.AnalyzerConfigurationProperty"]], jsii.get(self, "analyzerConfiguration"))
 
     @analyzer_configuration.setter
@@ -277,6 +286,158 @@ class CfnAnalyzer(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "tagsRaw", value) # pyright: ignore[reportArgumentType]
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_accessanalyzer.CfnAnalyzer.AnalysisRuleCriteriaProperty",
+        jsii_struct_bases=[],
+        name_mapping={"account_ids": "accountIds", "resource_tags": "resourceTags"},
+    )
+    class AnalysisRuleCriteriaProperty:
+        def __init__(
+            self,
+            *,
+            account_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+            resource_tags: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]]]]]] = None,
+        ) -> None:
+            '''The criteria for an analysis rule for an analyzer.
+
+            The criteria determine which entities will generate findings.
+
+            :param account_ids: A list of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers. The list cannot include more than 2,000 account IDs.
+            :param resource_tags: An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace, ``_`` , ``.`` , ``/`` , ``=`` , ``+`` , and ``-`` . For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with ``aws:`` . For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-accessanalyzer-analyzer-analysisrulecriteria.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_accessanalyzer as accessanalyzer
+                
+                analysis_rule_criteria_property = accessanalyzer.CfnAnalyzer.AnalysisRuleCriteriaProperty(
+                    account_ids=["accountIds"],
+                    resource_tags=[[CfnTag(
+                        key="key",
+                        value="value"
+                    )]]
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__36c3b122854545155d3943e2cf1f8f001f347b0db4e3b0e61e5562d5c4418440)
+                check_type(argname="argument account_ids", value=account_ids, expected_type=type_hints["account_ids"])
+                check_type(argname="argument resource_tags", value=resource_tags, expected_type=type_hints["resource_tags"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if account_ids is not None:
+                self._values["account_ids"] = account_ids
+            if resource_tags is not None:
+                self._values["resource_tags"] = resource_tags
+
+        @builtins.property
+        def account_ids(self) -> typing.Optional[typing.List[builtins.str]]:
+            '''A list of AWS account IDs to apply to the analysis rule criteria.
+
+            The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers. The list cannot include more than 2,000 account IDs.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-accessanalyzer-analyzer-analysisrulecriteria.html#cfn-accessanalyzer-analyzer-analysisrulecriteria-accountids
+            '''
+            result = self._values.get("account_ids")
+            return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
+        @builtins.property
+        def resource_tags(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, _CfnTag_f6864754]]]]]]:
+            '''An array of key-value pairs to match for your resources.
+
+            You can use the set of Unicode letters, digits, whitespace, ``_`` , ``.`` , ``/`` , ``=`` , ``+`` , and ``-`` .
+
+            For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with ``aws:`` .
+
+            For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-accessanalyzer-analyzer-analysisrulecriteria.html#cfn-accessanalyzer-analyzer-analysisrulecriteria-resourcetags
+            '''
+            result = self._values.get("resource_tags")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, _CfnTag_f6864754]]]]]], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "AnalysisRuleCriteriaProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_accessanalyzer.CfnAnalyzer.AnalysisRuleProperty",
+        jsii_struct_bases=[],
+        name_mapping={"exclusions": "exclusions"},
+    )
+    class AnalysisRuleProperty:
+        def __init__(
+            self,
+            *,
+            exclusions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAnalyzer.AnalysisRuleCriteriaProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
+        ) -> None:
+            '''Contains information about analysis rules for the analyzer.
+
+            Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.
+
+            :param exclusions: A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-accessanalyzer-analyzer-analysisrule.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_accessanalyzer as accessanalyzer
+                
+                analysis_rule_property = accessanalyzer.CfnAnalyzer.AnalysisRuleProperty(
+                    exclusions=[accessanalyzer.CfnAnalyzer.AnalysisRuleCriteriaProperty(
+                        account_ids=["accountIds"],
+                        resource_tags=[[CfnTag(
+                            key="key",
+                            value="value"
+                        )]]
+                    )]
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__17edc274e7f0852c4514c56018aaea9d25296dab4aaadab463eab14602e93887)
+                check_type(argname="argument exclusions", value=exclusions, expected_type=type_hints["exclusions"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if exclusions is not None:
+                self._values["exclusions"] = exclusions
+
+        @builtins.property
+        def exclusions(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAnalyzer.AnalysisRuleCriteriaProperty"]]]]:
+            '''A list of rules for the analyzer containing criteria to exclude from analysis.
+
+            Entities that meet the rule criteria will not generate findings.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-accessanalyzer-analyzer-analysisrule.html#cfn-accessanalyzer-analyzer-analysisrule-exclusions
+            '''
+            result = self._values.get("exclusions")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnAnalyzer.AnalysisRuleCriteriaProperty"]]]], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "AnalysisRuleProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_accessanalyzer.CfnAnalyzer.AnalyzerConfigurationProperty",
         jsii_struct_bases=[],
@@ -288,9 +449,9 @@ class CfnAnalyzer(
             *,
             unused_access_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAnalyzer.UnusedAccessConfigurationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         ) -> None:
-            '''Contains information about the configuration of an unused access analyzer for an AWS organization or account.
+            '''Contains information about the configuration of an analyzer for an AWS organization or account.
 
-            :param unused_access_configuration: Specifies the configuration of an unused access analyzer for an AWS organization or account. External access analyzers do not support any configuration.
+            :param unused_access_configuration: Specifies the configuration of an unused access analyzer for an AWS organization or account.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-accessanalyzer-analyzer-analyzerconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -303,6 +464,15 @@ class CfnAnalyzer(
                 
                 analyzer_configuration_property = accessanalyzer.CfnAnalyzer.AnalyzerConfigurationProperty(
                     unused_access_configuration=accessanalyzer.CfnAnalyzer.UnusedAccessConfigurationProperty(
+                        analysis_rule=accessanalyzer.CfnAnalyzer.AnalysisRuleProperty(
+                            exclusions=[accessanalyzer.CfnAnalyzer.AnalysisRuleCriteriaProperty(
+                                account_ids=["accountIds"],
+                                resource_tags=[[CfnTag(
+                                    key="key",
+                                    value="value"
+                                )]]
+                            )]
+                        ),
                         unused_access_age=123
                     )
                 )
@@ -320,8 +490,6 @@ class CfnAnalyzer(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnAnalyzer.UnusedAccessConfigurationProperty"]]:
             '''Specifies the configuration of an unused access analyzer for an AWS organization or account.
 
-            External access analyzers do not support any configuration.
-
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-accessanalyzer-analyzer-analyzerconfiguration.html#cfn-accessanalyzer-analyzer-analyzerconfiguration-unusedaccessconfiguration
             '''
             result = self._values.get("unused_access_configuration")
@@ -352,6 +520,8 @@ class CfnAnalyzer(
         ) -> None:
             '''Contains information about an archive rule.
 
+            Archive rules automatically archive new findings that meet the criteria you define when you create the rule.
+
             :param filter: The criteria for the rule.
             :param rule_name: The name of the rule to create.
 
@@ -550,17 +720,22 @@ class CfnAnalyzer(
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_accessanalyzer.CfnAnalyzer.UnusedAccessConfigurationProperty",
         jsii_struct_bases=[],
-        name_mapping={"unused_access_age": "unusedAccessAge"},
+        name_mapping={
+            "analysis_rule": "analysisRule",
+            "unused_access_age": "unusedAccessAge",
+        },
     )
     class UnusedAccessConfigurationProperty:
         def __init__(
             self,
             *,
+            analysis_rule: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAnalyzer.AnalysisRuleProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             unused_access_age: typing.Optional[jsii.Number] = None,
         ) -> None:
             '''Contains information about an unused access analyzer.
 
-            :param unused_access_age: The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.
+            :param analysis_rule: Contains information about analysis rules for the analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.
+            :param unused_access_age: The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-accessanalyzer-analyzer-unusedaccessconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -572,21 +747,46 @@ class CfnAnalyzer(
                 from aws_cdk import aws_accessanalyzer as accessanalyzer
                 
                 unused_access_configuration_property = accessanalyzer.CfnAnalyzer.UnusedAccessConfigurationProperty(
+                    analysis_rule=accessanalyzer.CfnAnalyzer.AnalysisRuleProperty(
+                        exclusions=[accessanalyzer.CfnAnalyzer.AnalysisRuleCriteriaProperty(
+                            account_ids=["accountIds"],
+                            resource_tags=[[CfnTag(
+                                key="key",
+                                value="value"
+                            )]]
+                        )]
+                    ),
                     unused_access_age=123
                 )
             '''
             if __debug__:
                 type_hints = typing.get_type_hints(_typecheckingstub__b15bc1bfb223a199dc73f744cc56dfec8d77e91fcae9e8e5b3520484a497aba7)
+                check_type(argname="argument analysis_rule", value=analysis_rule, expected_type=type_hints["analysis_rule"])
                 check_type(argname="argument unused_access_age", value=unused_access_age, expected_type=type_hints["unused_access_age"])
             self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if analysis_rule is not None:
+                self._values["analysis_rule"] = analysis_rule
             if unused_access_age is not None:
                 self._values["unused_access_age"] = unused_access_age
 
+        @builtins.property
+        def analysis_rule(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnAnalyzer.AnalysisRuleProperty"]]:
+            '''Contains information about analysis rules for the analyzer.
+
+            Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-accessanalyzer-analyzer-unusedaccessconfiguration.html#cfn-accessanalyzer-analyzer-unusedaccessconfiguration-analysisrule
+            '''
+            result = self._values.get("analysis_rule")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnAnalyzer.AnalysisRuleProperty"]], result)
+
         @builtins.property
         def unused_access_age(self) -> typing.Optional[jsii.Number]:
             '''The specified access age in days for which to generate findings for unused access.
 
-            For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.
+            For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-accessanalyzer-analyzer-unusedaccessconfiguration.html#cfn-accessanalyzer-analyzer-unusedaccessconfiguration-unusedaccessage
             '''
@@ -629,10 +829,10 @@ class CfnAnalyzerProps:
         '''Properties for defining a ``CfnAnalyzer``.
 
         :param type: The type represents the zone of trust for the analyzer. *Allowed Values* : ACCOUNT | ORGANIZATION | ACCOUNT_UNUSED_ACCESS | ORGANIZATION_UNUSED_ACCESS
-        :param analyzer_configuration: Contains information about the configuration of an unused access analyzer for an AWS organization or account.
+        :param analyzer_configuration: Contains information about the configuration of an analyzer for an AWS organization or account.
         :param analyzer_name: The name of the analyzer.
         :param archive_rules: Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
-        :param tags: An array of key-value pairs to apply to the analyzer.
+        :param tags: An array of key-value pairs to apply to the analyzer. You can use the set of Unicode letters, digits, whitespace, ``_`` , ``.`` , ``/`` , ``=`` , ``+`` , and ``-`` . For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with ``aws:`` . For the tag value, you can specify a value that is 0 to 256 characters in length.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html
         :exampleMetadata: fixture=_generated
@@ -649,6 +849,15 @@ class CfnAnalyzerProps:
                 # the properties below are optional
                 analyzer_configuration=accessanalyzer.CfnAnalyzer.AnalyzerConfigurationProperty(
                     unused_access_configuration=accessanalyzer.CfnAnalyzer.UnusedAccessConfigurationProperty(
+                        analysis_rule=accessanalyzer.CfnAnalyzer.AnalysisRuleProperty(
+                            exclusions=[accessanalyzer.CfnAnalyzer.AnalysisRuleCriteriaProperty(
+                                account_ids=["accountIds"],
+                                resource_tags=[[CfnTag(
+                                    key="key",
+                                    value="value"
+                                )]]
+                            )]
+                        ),
                         unused_access_age=123
                     )
                 ),
@@ -706,7 +915,7 @@ class CfnAnalyzerProps:
     def analyzer_configuration(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnAnalyzer.AnalyzerConfigurationProperty]]:
-        '''Contains information about the configuration of an unused access analyzer for an AWS organization or account.
+        '''Contains information about the configuration of an analyzer for an AWS organization or account.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html#cfn-accessanalyzer-analyzer-analyzerconfiguration
         '''
@@ -739,6 +948,12 @@ class CfnAnalyzerProps:
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
         '''An array of key-value pairs to apply to the analyzer.
 
+        You can use the set of Unicode letters, digits, whitespace, ``_`` , ``.`` , ``/`` , ``=`` , ``+`` , and ``-`` .
+
+        For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with ``aws:`` .
+
+        For the tag value, you can specify a value that is 0 to 256 characters in length.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html#cfn-accessanalyzer-analyzer-tags
         '''
         result = self._values.get("tags")
@@ -818,6 +1033,21 @@ def _typecheckingstub__a60563761f5e2faa4dde6d3c0daa593ac20d10acf23bf72fc62050810
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__36c3b122854545155d3943e2cf1f8f001f347b0db4e3b0e61e5562d5c4418440(
+    *,
+    account_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+    resource_tags: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]]]]]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__17edc274e7f0852c4514c56018aaea9d25296dab4aaadab463eab14602e93887(
+    *,
+    exclusions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAnalyzer.AnalysisRuleCriteriaProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__31c56409583b90336517d4c07b7b7849a386335199a589eff293943ed3b54e61(
     *,
     unused_access_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAnalyzer.UnusedAccessConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -846,6 +1076,7 @@ def _typecheckingstub__a277539f2c67c28a2a9fc67270fd81239b1346785d9508df320b963a2
 
 def _typecheckingstub__b15bc1bfb223a199dc73f744cc56dfec8d77e91fcae9e8e5b3520484a497aba7(
     *,
+    analysis_rule: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAnalyzer.AnalysisRuleProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     unused_access_age: typing.Optional[jsii.Number] = None,
 ) -> None:
     """Type checking stubs"""

aws_cdk/aws_applicationsignals/__init__.py

@@ -120,6 +120,9 @@ class CfnServiceLevelObjective(
     - ``autoscaling:DescribeAutoScalingGroups``
 
     You can easily set SLO targets for your applications that are discovered by Application Signals, using critical metrics such as latency and availability. You can also set SLOs against any CloudWatch metric or math expression that produces a time series.
+    .. epigraph::
+
+       You can't create an SLO for a service operation that was discovered by Application Signals until after that operation has reported standard metrics to Application Signals.
 
     You cannot change from a period-based SLO to a request-based SLO, or change from a request-based SLO to a period-based SLO.
 
@@ -523,8 +526,12 @@ class CfnServiceLevelObjective(
             '''This object defines the length of the look-back window used to calculate one burn rate metric for this SLO.
 
             The burn rate measures how fast the service is consuming the error budget, relative to the attainment goal of the SLO. A burn rate of exactly 1 indicates that the SLO goal will be met exactly.
+
             For example, if you specify 60 as the number of minutes in the look-back window, the burn rate is calculated as the following:
-            burn rate = error rate over the look-back window / (1 - attainment goal percentage)
+
+            *burn rate = error rate over the look-back window / (100% - attainment goal percentage)*
+
+            For more information about burn rates, see `Calculate burn rates <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-ServiceLevelObjectives.html#CloudWatch-ServiceLevelObjectives-burn>`_ .
 
             :param look_back_window_minutes: The number of minutes to use as the look-back window.