aws-cdk-lib 2.171.1__py3-none-any.whl → 2.172.0__py3-none-any.whl

aws_cdk/aws_cloudformation/__init__.py

@@ -261,7 +261,9 @@ class CfnGuardHook(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_cloudformation.CfnGuardHook",
 ):
-    '''This is a CloudFormation resource for activating the first-party AWS::Hooks::GuardHook.
+    '''The ``AWS::CloudFormation::GuardHook`` resource creates a Guard Hook with the specified attributes within your CloudFormation template.
+
+    Using the Guard domain specific language (DSL), you can author Hooks to evaluate your resources before allowing stack creation, modification, or deletion. For more information, see `Guard Hooks <https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/guard-hooks.html>`_ in the *AWS CloudFormation Hooks User Guide* .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-guardhook.html
     :cloudformationResource: AWS::CloudFormation::GuardHook
@@ -336,16 +338,16 @@ class CfnGuardHook(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param alias: The typename alias for the hook.
-        :param execution_role: IAM Role ARN.
-        :param failure_mode: Attribute to specify CloudFormation behavior on hook failure. Default: - "WARN"
-        :param hook_status: Attribute to specify which stacks this hook applies to or should get invoked for. Default: - "DISABLED"
-        :param rule_location: S3 Source Location for the Guard files.
-        :param target_operations: Which operations should this Hook run against? Resource changes, stacks or change sets.
-        :param log_bucket: S3 Bucket where the guard validate report will be uploaded to.
-        :param options: 
-        :param stack_filters: Filters to allow hooks to target specific stack attributes.
-        :param target_filters: 
+        :param alias: The type name alias for the Hook. This alias must be unique per account and Region. The alias must be in the form ``Name1::Name2::Name3`` and must not begin with ``AWS`` . For example, ``Private::Guard::MyTestHook`` .
+        :param execution_role: The IAM role that the Hook assumes to retrieve your Guard rules from S3 and optionally write a detailed Guard output report back.
+        :param failure_mode: Specifies how the Hook responds when rules fail their evaluation. - ``FAIL`` : Prevents the action from proceeding. This is helpful for enforcing strict compliance or security policies. - ``WARN`` : Issues warnings to users but allows actions to continue. This is useful for non-critical validations or informational checks. Default: - "WARN"
+        :param hook_status: Specifies if the Hook is ``ENABLED`` or ``DISABLED`` . Default: - "DISABLED"
+        :param rule_location: Specifies the S3 location of your Guard rules.
+        :param target_operations: Specifies which type of operation the Hook is run against. Valid values: ``STACK`` | ``RESOURCE`` | ``CHANGE_SET`` | ``CLOUD_CONTROL``
+        :param log_bucket: Specifies the name of an S3 bucket to store the Guard output report. This report contains the results of your Guard rule validations.
+        :param options: Specifies the S3 location of your input parameters.
+        :param stack_filters: Specifies the stack level filters for the Hook.
+        :param target_filters: Specifies the target filters for the Hook.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__03161d7a487fda6efdcca08ffddf765149d688cda393f699958050fcb318e260)
@@ -399,7 +401,7 @@ class CfnGuardHook(
     @builtins.property
     @jsii.member(jsii_name="attrHookArn")
     def attr_hook_arn(self) -> builtins.str:
-        '''The Amazon Resource Name (ARN) of the activated hook.
+        '''Returns the ARN of a Guard Hook.
 
         :cloudformationAttribute: HookArn
         '''
@@ -413,7 +415,10 @@ class CfnGuardHook(
     @builtins.property
     @jsii.member(jsii_name="alias")
     def alias(self) -> builtins.str:
-        '''The typename alias for the hook.'''
+        '''The type name alias for the Hook.
+
+        This alias must be unique per account and Region.
+        '''
         return typing.cast(builtins.str, jsii.get(self, "alias"))
 
     @alias.setter
@@ -426,7 +431,7 @@ class CfnGuardHook(
     @builtins.property
     @jsii.member(jsii_name="executionRole")
     def execution_role(self) -> builtins.str:
-        '''IAM Role ARN.'''
+        '''The IAM role that the Hook assumes to retrieve your Guard rules from S3 and optionally write a detailed Guard output report back.'''
         return typing.cast(builtins.str, jsii.get(self, "executionRole"))
 
     @execution_role.setter
@@ -439,7 +444,7 @@ class CfnGuardHook(
     @builtins.property
     @jsii.member(jsii_name="failureMode")
     def failure_mode(self) -> builtins.str:
-        '''Attribute to specify CloudFormation behavior on hook failure.'''
+        '''Specifies how the Hook responds when rules fail their evaluation.'''
         return typing.cast(builtins.str, jsii.get(self, "failureMode"))
 
     @failure_mode.setter
@@ -452,7 +457,7 @@ class CfnGuardHook(
     @builtins.property
     @jsii.member(jsii_name="hookStatus")
     def hook_status(self) -> builtins.str:
-        '''Attribute to specify which stacks this hook applies to or should get invoked for.'''
+        '''Specifies if the Hook is ``ENABLED`` or ``DISABLED`` .'''
         return typing.cast(builtins.str, jsii.get(self, "hookStatus"))
 
     @hook_status.setter
@@ -467,7 +472,7 @@ class CfnGuardHook(
     def rule_location(
         self,
     ) -> typing.Union[_IResolvable_da3f097b, "CfnGuardHook.S3LocationProperty"]:
-        '''S3 Source Location for the Guard files.'''
+        '''Specifies the S3 location of your Guard rules.'''
         return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnGuardHook.S3LocationProperty"], jsii.get(self, "ruleLocation"))
 
     @rule_location.setter
@@ -483,7 +488,7 @@ class CfnGuardHook(
     @builtins.property
     @jsii.member(jsii_name="targetOperations")
     def target_operations(self) -> typing.List[builtins.str]:
-        '''Which operations should this Hook run against?'''
+        '''Specifies which type of operation the Hook is run against.'''
         return typing.cast(typing.List[builtins.str], jsii.get(self, "targetOperations"))
 
     @target_operations.setter
@@ -496,7 +501,7 @@ class CfnGuardHook(
     @builtins.property
     @jsii.member(jsii_name="logBucket")
     def log_bucket(self) -> typing.Optional[builtins.str]:
-        '''S3 Bucket where the guard validate report will be uploaded to.'''
+        '''Specifies the name of an S3 bucket to store the Guard output report.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "logBucket"))
 
     @log_bucket.setter
@@ -511,6 +516,7 @@ class CfnGuardHook(
     def options(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnGuardHook.OptionsProperty"]]:
+        '''Specifies the S3 location of your input parameters.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnGuardHook.OptionsProperty"]], jsii.get(self, "options"))
 
     @options.setter
@@ -528,7 +534,7 @@ class CfnGuardHook(
     def stack_filters(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnGuardHook.StackFiltersProperty"]]:
-        '''Filters to allow hooks to target specific stack attributes.'''
+        '''Specifies the stack level filters for the Hook.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnGuardHook.StackFiltersProperty"]], jsii.get(self, "stackFilters"))
 
     @stack_filters.setter
@@ -546,6 +552,7 @@ class CfnGuardHook(
     def target_filters(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnGuardHook.TargetFiltersProperty"]]:
+        '''Specifies the target filters for the Hook.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnGuardHook.TargetFiltersProperty"]], jsii.get(self, "targetFilters"))
 
     @target_filters.setter
@@ -569,8 +576,9 @@ class CfnGuardHook(
             *,
             input_params: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnGuardHook.S3LocationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         ) -> None:
-            '''
-            :param input_params: S3 Source Location for the Guard files.
+            '''Specifies the input parameters for a Guard Hook.
+
+            :param input_params: Specifies the S3 location where your input parameters are located.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-guardhook-options.html
             :exampleMetadata: fixture=_generated
@@ -601,7 +609,7 @@ class CfnGuardHook(
         def input_params(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnGuardHook.S3LocationProperty"]]:
-            '''S3 Source Location for the Guard files.
+            '''Specifies the S3 location where your input parameters are located.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-guardhook-options.html#cfn-cloudformation-guardhook-options-inputparams
             '''
@@ -631,10 +639,10 @@ class CfnGuardHook(
             uri: builtins.str,
             version_id: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''S3 Source Location for the Guard files.
+            '''Specifies the S3 location where your Guard rules or input parameters are located.
 
-            :param uri: S3 uri of Guard files.
-            :param version_id: S3 object version.
+            :param uri: Specifies the S3 path to the file containing your Guard rules or input parameters (in the form ``s3://<bucket name>/<file name>`` ). For Guard rules, the object stored in S3 must have one of the following file extensions: ``.guard`` , ``.zip`` , or ``.tar.gz`` . For input parameters, the object stored in S3 must have one of the following file extensions: ``.yaml`` , ``.json`` , ``.zip`` , or ``.tar.gz`` .
+            :param version_id: For S3 buckets with versioning enabled, specifies the unique ID of the S3 object version to download your Guard rules or input parameters from. The Guard Hook downloads files from S3 every time the Hook is invoked. To prevent accidental changes or deletions, we recommend using a version when configuring your Guard Hook.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-guardhook-s3location.html
             :exampleMetadata: fixture=_generated
@@ -664,7 +672,11 @@ class CfnGuardHook(
 
         @builtins.property
         def uri(self) -> builtins.str:
-            '''S3 uri of Guard files.
+            '''Specifies the S3 path to the file containing your Guard rules or input parameters (in the form ``s3://<bucket name>/<file name>`` ).
+
+            For Guard rules, the object stored in S3 must have one of the following file extensions: ``.guard`` , ``.zip`` , or ``.tar.gz`` .
+
+            For input parameters, the object stored in S3 must have one of the following file extensions: ``.yaml`` , ``.json`` , ``.zip`` , or ``.tar.gz`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-guardhook-s3location.html#cfn-cloudformation-guardhook-s3location-uri
             '''
@@ -674,7 +686,9 @@ class CfnGuardHook(
 
         @builtins.property
         def version_id(self) -> typing.Optional[builtins.str]:
-            '''S3 object version.
+            '''For S3 buckets with versioning enabled, specifies the unique ID of the S3 object version to download your Guard rules or input parameters from.
+
+            The Guard Hook downloads files from S3 every time the Hook is invoked. To prevent accidental changes or deletions, we recommend using a version when configuring your Guard Hook.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-guardhook-s3location.html#cfn-cloudformation-guardhook-s3location-versionid
             '''
@@ -709,11 +723,15 @@ class CfnGuardHook(
             stack_names: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnGuardHook.StackNamesProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             stack_roles: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnGuardHook.StackRolesProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         ) -> None:
-            '''Filters to allow hooks to target specific stack attributes.
+            '''The ``StackFilters`` property type specifies stack level filters for a Hook.
+
+            The ``StackNames`` or ``StackRoles`` properties are optional. However, you must specify at least one of these properties.
+
+            For more information, see `AWS CloudFormation Hooks stack level filters <https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html>`_ .
 
-            :param filtering_criteria: Attribute to specify the filtering behavior. ANY will make the Hook pass if one filter matches. ALL will make the Hook pass if all filters match Default: - "ALL"
-            :param stack_names: List of stack names as filters.
-            :param stack_roles: List of stack roles that are performing the stack operations.
+            :param filtering_criteria: The filtering criteria. - All stack names and stack roles ( ``All`` ): The Hook will only be invoked when all specified filters match. - Any stack names and stack roles ( ``Any`` ): The Hook will be invoked if at least one of the specified filters match. Default: - "ALL"
+            :param stack_names: Includes or excludes specific stacks from Hook invocations.
+            :param stack_roles: Includes or excludes specific stacks from Hook invocations based on their associated IAM roles.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-guardhook-stackfilters.html
             :exampleMetadata: fixture=_generated
@@ -753,9 +771,10 @@ class CfnGuardHook(
 
         @builtins.property
         def filtering_criteria(self) -> builtins.str:
-            '''Attribute to specify the filtering behavior.
+            '''The filtering criteria.
 
-            ANY will make the Hook pass if one filter matches. ALL will make the Hook pass if all filters match
+            - All stack names and stack roles ( ``All`` ): The Hook will only be invoked when all specified filters match.
+            - Any stack names and stack roles ( ``Any`` ): The Hook will be invoked if at least one of the specified filters match.
 
             :default: - "ALL"
 
@@ -769,7 +788,7 @@ class CfnGuardHook(
         def stack_names(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnGuardHook.StackNamesProperty"]]:
-            '''List of stack names as filters.
+            '''Includes or excludes specific stacks from Hook invocations.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-guardhook-stackfilters.html#cfn-cloudformation-guardhook-stackfilters-stacknames
             '''
@@ -780,7 +799,7 @@ class CfnGuardHook(
         def stack_roles(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnGuardHook.StackRolesProperty"]]:
-            '''List of stack roles that are performing the stack operations.
+            '''Includes or excludes specific stacks from Hook invocations based on their associated IAM roles.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-guardhook-stackfilters.html#cfn-cloudformation-guardhook-stackfilters-stackroles
             '''
@@ -810,10 +829,12 @@ class CfnGuardHook(
             exclude: typing.Optional[typing.Sequence[builtins.str]] = None,
             include: typing.Optional[typing.Sequence[builtins.str]] = None,
         ) -> None:
-            '''List of stack names as filters.
+            '''Specifies the stack names for the ``StackFilters`` property type to include or exclude specific stacks from Hook invocations.
 
-            :param exclude: List of stack names that the hook is going to be excluded from.
-            :param include: List of stack names that the hook is going to target.
+            For more information, see `AWS CloudFormation Hooks stack level filters <https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html>`_ .
+
+            :param exclude: The stack names to exclude. All stacks except those listed here will invoke the Hook.
+            :param include: The stack names to include. Only the stacks specified in this list will invoke the Hook.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-guardhook-stacknames.html
             :exampleMetadata: fixture=_generated
@@ -841,7 +862,9 @@ class CfnGuardHook(
 
         @builtins.property
         def exclude(self) -> typing.Optional[typing.List[builtins.str]]:
-            '''List of stack names that the hook is going to be excluded from.
+            '''The stack names to exclude.
+
+            All stacks except those listed here will invoke the Hook.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-guardhook-stacknames.html#cfn-cloudformation-guardhook-stacknames-exclude
             '''
@@ -850,7 +873,9 @@ class CfnGuardHook(
 
         @builtins.property
         def include(self) -> typing.Optional[typing.List[builtins.str]]:
-            '''List of stack names that the hook is going to target.
+            '''The stack names to include.
+
+            Only the stacks specified in this list will invoke the Hook.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-guardhook-stacknames.html#cfn-cloudformation-guardhook-stacknames-include
             '''
@@ -880,10 +905,12 @@ class CfnGuardHook(
             exclude: typing.Optional[typing.Sequence[builtins.str]] = None,
             include: typing.Optional[typing.Sequence[builtins.str]] = None,
         ) -> None:
-            '''List of stack roles that are performing the stack operations.
+            '''Specifies the stack roles for the ``StackFilters`` property type to include or exclude specific stacks from Hook invocations based on their associated IAM roles.
 
-            :param exclude: List of stack roles that the hook is going to be excluded from.
-            :param include: List of stack roles that the hook is going to target.
+            For more information, see `AWS CloudFormation Hooks stack level filters <https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html>`_ .
+
+            :param exclude: The IAM role ARNs for stacks you want to exclude. The Hook will be invoked on all stacks except those initiated by the specified roles.
+            :param include: The IAM role ARNs to target stacks associated with these roles. Only stack operations initiated by these roles will invoke the Hook.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-guardhook-stackroles.html
             :exampleMetadata: fixture=_generated
@@ -911,7 +938,9 @@ class CfnGuardHook(
 
         @builtins.property
         def exclude(self) -> typing.Optional[typing.List[builtins.str]]:
-            '''List of stack roles that the hook is going to be excluded from.
+            '''The IAM role ARNs for stacks you want to exclude.
+
+            The Hook will be invoked on all stacks except those initiated by the specified roles.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-guardhook-stackroles.html#cfn-cloudformation-guardhook-stackroles-exclude
             '''
@@ -920,7 +949,9 @@ class CfnGuardHook(
 
         @builtins.property
         def include(self) -> typing.Optional[typing.List[builtins.str]]:
-            '''List of stack roles that the hook is going to target.
+            '''The IAM role ARNs to target stacks associated with these roles.
+
+            Only stack operations initiated by these roles will invoke the Hook.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-guardhook-stackroles.html#cfn-cloudformation-guardhook-stackroles-include
             '''
@@ -955,7 +986,10 @@ class CfnGuardHook(
             invocation_points: typing.Optional[typing.Sequence[builtins.str]] = None,
             target_names: typing.Optional[typing.Sequence[builtins.str]] = None,
         ) -> None:
-            '''
+            '''The ``TargetFilters`` property type specifies the target filters for the Hook.
+
+            For more information, see `AWS CloudFormation Hook target filters <https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/specify-hook-configuration-targetfilters.html>`_ .
+
             :param actions: List of actions that the hook is going to target.
             :param invocation_points: List of invocation points that the hook is going to target.
             :param target_names: List of type names that the hook is going to target.
@@ -1060,16 +1094,16 @@ class CfnGuardHookProps:
     ) -> None:
         '''Properties for defining a ``CfnGuardHook``.
 
-        :param alias: The typename alias for the hook.
-        :param execution_role: IAM Role ARN.
-        :param failure_mode: Attribute to specify CloudFormation behavior on hook failure. Default: - "WARN"
-        :param hook_status: Attribute to specify which stacks this hook applies to or should get invoked for. Default: - "DISABLED"
-        :param rule_location: S3 Source Location for the Guard files.
-        :param target_operations: Which operations should this Hook run against? Resource changes, stacks or change sets.
-        :param log_bucket: S3 Bucket where the guard validate report will be uploaded to.
-        :param options: 
-        :param stack_filters: Filters to allow hooks to target specific stack attributes.
-        :param target_filters: 
+        :param alias: The type name alias for the Hook. This alias must be unique per account and Region. The alias must be in the form ``Name1::Name2::Name3`` and must not begin with ``AWS`` . For example, ``Private::Guard::MyTestHook`` .
+        :param execution_role: The IAM role that the Hook assumes to retrieve your Guard rules from S3 and optionally write a detailed Guard output report back.
+        :param failure_mode: Specifies how the Hook responds when rules fail their evaluation. - ``FAIL`` : Prevents the action from proceeding. This is helpful for enforcing strict compliance or security policies. - ``WARN`` : Issues warnings to users but allows actions to continue. This is useful for non-critical validations or informational checks. Default: - "WARN"
+        :param hook_status: Specifies if the Hook is ``ENABLED`` or ``DISABLED`` . Default: - "DISABLED"
+        :param rule_location: Specifies the S3 location of your Guard rules.
+        :param target_operations: Specifies which type of operation the Hook is run against. Valid values: ``STACK`` | ``RESOURCE`` | ``CHANGE_SET`` | ``CLOUD_CONTROL``
+        :param log_bucket: Specifies the name of an S3 bucket to store the Guard output report. This report contains the results of your Guard rule validations.
+        :param options: Specifies the S3 location of your input parameters.
+        :param stack_filters: Specifies the stack level filters for the Hook.
+        :param target_filters: Specifies the target filters for the Hook.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-guardhook.html
         :exampleMetadata: fixture=_generated
@@ -1154,7 +1188,9 @@ class CfnGuardHookProps:
 
     @builtins.property
     def alias(self) -> builtins.str:
-        '''The typename alias for the hook.
+        '''The type name alias for the Hook. This alias must be unique per account and Region.
+
+        The alias must be in the form ``Name1::Name2::Name3`` and must not begin with ``AWS`` . For example, ``Private::Guard::MyTestHook`` .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-guardhook.html#cfn-cloudformation-guardhook-alias
         '''
@@ -1164,7 +1200,7 @@ class CfnGuardHookProps:
 
     @builtins.property
     def execution_role(self) -> builtins.str:
-        '''IAM Role ARN.
+        '''The IAM role that the Hook assumes to retrieve your Guard rules from S3 and optionally write a detailed Guard output report back.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-guardhook.html#cfn-cloudformation-guardhook-executionrole
         '''
@@ -1174,7 +1210,10 @@ class CfnGuardHookProps:
 
     @builtins.property
     def failure_mode(self) -> builtins.str:
-        '''Attribute to specify CloudFormation behavior on hook failure.
+        '''Specifies how the Hook responds when rules fail their evaluation.
+
+        - ``FAIL`` : Prevents the action from proceeding. This is helpful for enforcing strict compliance or security policies.
+        - ``WARN`` : Issues warnings to users but allows actions to continue. This is useful for non-critical validations or informational checks.
 
         :default: - "WARN"
 
@@ -1186,7 +1225,7 @@ class CfnGuardHookProps:
 
     @builtins.property
     def hook_status(self) -> builtins.str:
-        '''Attribute to specify which stacks this hook applies to or should get invoked for.
+        '''Specifies if the Hook is ``ENABLED`` or ``DISABLED`` .
 
         :default: - "DISABLED"
 
@@ -1200,7 +1239,7 @@ class CfnGuardHookProps:
     def rule_location(
         self,
     ) -> typing.Union[_IResolvable_da3f097b, CfnGuardHook.S3LocationProperty]:
-        '''S3 Source Location for the Guard files.
+        '''Specifies the S3 location of your Guard rules.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-guardhook.html#cfn-cloudformation-guardhook-rulelocation
         '''
@@ -1210,9 +1249,9 @@ class CfnGuardHookProps:
 
     @builtins.property
     def target_operations(self) -> typing.List[builtins.str]:
-        '''Which operations should this Hook run against?
+        '''Specifies which type of operation the Hook is run against.
 
-        Resource changes, stacks or change sets.
+        Valid values: ``STACK`` | ``RESOURCE`` | ``CHANGE_SET`` | ``CLOUD_CONTROL``
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-guardhook.html#cfn-cloudformation-guardhook-targetoperations
         '''
@@ -1222,7 +1261,9 @@ class CfnGuardHookProps:
 
     @builtins.property
     def log_bucket(self) -> typing.Optional[builtins.str]:
-        '''S3 Bucket where the guard validate report will be uploaded to.
+        '''Specifies the name of an S3 bucket to store the Guard output report.
+
+        This report contains the results of your Guard rule validations.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-guardhook.html#cfn-cloudformation-guardhook-logbucket
         '''
@@ -1233,7 +1274,8 @@ class CfnGuardHookProps:
     def options(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnGuardHook.OptionsProperty]]:
-        '''
+        '''Specifies the S3 location of your input parameters.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-guardhook.html#cfn-cloudformation-guardhook-options
         '''
         result = self._values.get("options")
@@ -1243,7 +1285,7 @@ class CfnGuardHookProps:
     def stack_filters(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnGuardHook.StackFiltersProperty]]:
-        '''Filters to allow hooks to target specific stack attributes.
+        '''Specifies the stack level filters for the Hook.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-guardhook.html#cfn-cloudformation-guardhook-stackfilters
         '''
@@ -1254,7 +1296,8 @@ class CfnGuardHookProps:
     def target_filters(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnGuardHook.TargetFiltersProperty]]:
-        '''
+        '''Specifies the target filters for the Hook.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-guardhook.html#cfn-cloudformation-guardhook-targetfilters
         '''
         result = self._values.get("target_filters")
@@ -1278,9 +1321,9 @@ class CfnHookDefaultVersion(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_cloudformation.CfnHookDefaultVersion",
 ):
-    '''The ``HookDefaultVersion`` resource specifies the default version of the hook.
+    '''The ``HookDefaultVersion`` resource specifies the default version of the Hook.
 
-    The default version of the hook is used in CloudFormation operations for this AWS account and AWS Region .
+    The default version of the Hook is used in CloudFormation operations for this AWS account and AWS Region .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-hookdefaultversion.html
     :cloudformationResource: AWS::CloudFormation::HookDefaultVersion
@@ -1311,7 +1354,7 @@ class CfnHookDefaultVersion(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param type_name: The name of the hook. You must specify either ``TypeVersionArn`` , or ``TypeName`` and ``VersionId`` .
+        :param type_name: The name of the Hook. You must specify either ``TypeVersionArn`` , or ``TypeName`` and ``VersionId`` .
         :param type_version_arn: The version ID of the type configuration. You must specify either ``TypeVersionArn`` , or ``TypeName`` and ``VersionId`` .
         :param version_id: The version ID of the type specified. You must specify either ``TypeVersionArn`` , or ``TypeName`` and ``VersionId`` .
         '''
@@ -1374,7 +1417,7 @@ class CfnHookDefaultVersion(
     @builtins.property
     @jsii.member(jsii_name="typeName")
     def type_name(self) -> typing.Optional[builtins.str]:
-        '''The name of the hook.'''
+        '''The name of the Hook.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "typeName"))
 
     @type_name.setter
@@ -1430,7 +1473,7 @@ class CfnHookDefaultVersionProps:
     ) -> None:
         '''Properties for defining a ``CfnHookDefaultVersion``.
 
-        :param type_name: The name of the hook. You must specify either ``TypeVersionArn`` , or ``TypeName`` and ``VersionId`` .
+        :param type_name: The name of the Hook. You must specify either ``TypeVersionArn`` , or ``TypeName`` and ``VersionId`` .
         :param type_version_arn: The version ID of the type configuration. You must specify either ``TypeVersionArn`` , or ``TypeName`` and ``VersionId`` .
         :param version_id: The version ID of the type specified. You must specify either ``TypeVersionArn`` , or ``TypeName`` and ``VersionId`` .
 
@@ -1464,7 +1507,7 @@ class CfnHookDefaultVersionProps:
 
     @builtins.property
     def type_name(self) -> typing.Optional[builtins.str]:
-        '''The name of the hook.
+        '''The name of the Hook.
 
         You must specify either ``TypeVersionArn`` , or ``TypeName`` and ``VersionId`` .
 
@@ -1513,7 +1556,7 @@ class CfnHookTypeConfig(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_cloudformation.CfnHookTypeConfig",
 ):
-    '''The ``HookTypeConfig`` resource specifies the configuration of a hook.
+    '''The ``HookTypeConfig`` resource specifies the configuration of a Hook.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-hooktypeconfig.html
     :cloudformationResource: AWS::CloudFormation::HookTypeConfig
@@ -1548,10 +1591,10 @@ class CfnHookTypeConfig(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param configuration: Specifies the activated hook type configuration, in this AWS account and AWS Region . You must specify either ``TypeName`` and ``Configuration`` or ``TypeArn`` and ``Configuration`` .
-        :param configuration_alias: Specifies the activated hook type configuration, in this AWS account and AWS Region . Defaults to ``default`` alias. Hook types currently support default configuration alias. Default: - "default"
-        :param type_arn: The Amazon Resource Number (ARN) for the hook to set ``Configuration`` for. You must specify either ``TypeName`` and ``Configuration`` or ``TypeArn`` and ``Configuration`` .
-        :param type_name: The unique name for your hook. Specifies a three-part namespace for your hook, with a recommended pattern of ``Organization::Service::Hook`` . You must specify either ``TypeName`` and ``Configuration`` or ``TypeArn`` and ``Configuration`` .
+        :param configuration: Specifies the activated Hook type configuration, in this AWS account and AWS Region . You must specify either ``TypeName`` and ``Configuration`` or ``TypeArn`` and ``Configuration`` .
+        :param configuration_alias: Specifies the activated Hook type configuration, in this AWS account and AWS Region . Defaults to ``default`` alias. Hook types currently support default configuration alias. Default: - "default"
+        :param type_arn: The Amazon Resource Number (ARN) for the Hook to set ``Configuration`` for. You must specify either ``TypeName`` and ``Configuration`` or ``TypeArn`` and ``Configuration`` .
+        :param type_name: The unique name for your Hook. Specifies a three-part namespace for your Hook, with a recommended pattern of ``Organization::Service::Hook`` . You must specify either ``TypeName`` and ``Configuration`` or ``TypeArn`` and ``Configuration`` .
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__1aa75e15214f256047fa6d0b79cceb9720316dd5d5524cca649ba63b4b4613e3)
@@ -1599,7 +1642,7 @@ class CfnHookTypeConfig(
     @builtins.property
     @jsii.member(jsii_name="attrConfigurationArn")
     def attr_configuration_arn(self) -> builtins.str:
-        '''The Amazon Resource Number (ARN) of the activated hook type configuration, in this account and Region.
+        '''The Amazon Resource Number (ARN) of the activated Hook type configuration, in this account and Region.
 
         :cloudformationAttribute: ConfigurationArn
         '''
@@ -1613,7 +1656,7 @@ class CfnHookTypeConfig(
     @builtins.property
     @jsii.member(jsii_name="configuration")
     def configuration(self) -> builtins.str:
-        '''Specifies the activated hook type configuration, in this AWS account and AWS Region .'''
+        '''Specifies the activated Hook type configuration, in this AWS account and AWS Region .'''
         return typing.cast(builtins.str, jsii.get(self, "configuration"))
 
     @configuration.setter
@@ -1626,7 +1669,7 @@ class CfnHookTypeConfig(
     @builtins.property
     @jsii.member(jsii_name="configurationAlias")
     def configuration_alias(self) -> typing.Optional[builtins.str]:
-        '''Specifies the activated hook type configuration, in this AWS account and AWS Region .'''
+        '''Specifies the activated Hook type configuration, in this AWS account and AWS Region .'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "configurationAlias"))
 
     @configuration_alias.setter
@@ -1639,7 +1682,7 @@ class CfnHookTypeConfig(
     @builtins.property
     @jsii.member(jsii_name="typeArn")
     def type_arn(self) -> typing.Optional[builtins.str]:
-        '''The Amazon Resource Number (ARN) for the hook to set ``Configuration`` for.'''
+        '''The Amazon Resource Number (ARN) for the Hook to set ``Configuration`` for.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "typeArn"))
 
     @type_arn.setter
@@ -1652,7 +1695,7 @@ class CfnHookTypeConfig(
     @builtins.property
     @jsii.member(jsii_name="typeName")
     def type_name(self) -> typing.Optional[builtins.str]:
-        '''The unique name for your hook.'''
+        '''The unique name for your Hook.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "typeName"))
 
     @type_name.setter
@@ -1684,10 +1727,10 @@ class CfnHookTypeConfigProps:
     ) -> None:
         '''Properties for defining a ``CfnHookTypeConfig``.
 
-        :param configuration: Specifies the activated hook type configuration, in this AWS account and AWS Region . You must specify either ``TypeName`` and ``Configuration`` or ``TypeArn`` and ``Configuration`` .
-        :param configuration_alias: Specifies the activated hook type configuration, in this AWS account and AWS Region . Defaults to ``default`` alias. Hook types currently support default configuration alias. Default: - "default"
-        :param type_arn: The Amazon Resource Number (ARN) for the hook to set ``Configuration`` for. You must specify either ``TypeName`` and ``Configuration`` or ``TypeArn`` and ``Configuration`` .
-        :param type_name: The unique name for your hook. Specifies a three-part namespace for your hook, with a recommended pattern of ``Organization::Service::Hook`` . You must specify either ``TypeName`` and ``Configuration`` or ``TypeArn`` and ``Configuration`` .
+        :param configuration: Specifies the activated Hook type configuration, in this AWS account and AWS Region . You must specify either ``TypeName`` and ``Configuration`` or ``TypeArn`` and ``Configuration`` .
+        :param configuration_alias: Specifies the activated Hook type configuration, in this AWS account and AWS Region . Defaults to ``default`` alias. Hook types currently support default configuration alias. Default: - "default"
+        :param type_arn: The Amazon Resource Number (ARN) for the Hook to set ``Configuration`` for. You must specify either ``TypeName`` and ``Configuration`` or ``TypeArn`` and ``Configuration`` .
+        :param type_name: The unique name for your Hook. Specifies a three-part namespace for your Hook, with a recommended pattern of ``Organization::Service::Hook`` . You must specify either ``TypeName`` and ``Configuration`` or ``TypeArn`` and ``Configuration`` .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-hooktypeconfig.html
         :exampleMetadata: fixture=_generated
@@ -1725,7 +1768,7 @@ class CfnHookTypeConfigProps:
 
     @builtins.property
     def configuration(self) -> builtins.str:
-        '''Specifies the activated hook type configuration, in this AWS account and AWS Region .
+        '''Specifies the activated Hook type configuration, in this AWS account and AWS Region .
 
         You must specify either ``TypeName`` and ``Configuration`` or ``TypeArn`` and ``Configuration`` .
 
@@ -1737,7 +1780,7 @@ class CfnHookTypeConfigProps:
 
     @builtins.property
     def configuration_alias(self) -> typing.Optional[builtins.str]:
-        '''Specifies the activated hook type configuration, in this AWS account and AWS Region .
+        '''Specifies the activated Hook type configuration, in this AWS account and AWS Region .
 
         Defaults to ``default`` alias. Hook types currently support default configuration alias.
 
@@ -1750,7 +1793,7 @@ class CfnHookTypeConfigProps:
 
     @builtins.property
     def type_arn(self) -> typing.Optional[builtins.str]:
-        '''The Amazon Resource Number (ARN) for the hook to set ``Configuration`` for.
+        '''The Amazon Resource Number (ARN) for the Hook to set ``Configuration`` for.
 
         You must specify either ``TypeName`` and ``Configuration`` or ``TypeArn`` and ``Configuration`` .
 
@@ -1761,9 +1804,9 @@ class CfnHookTypeConfigProps:
 
     @builtins.property
     def type_name(self) -> typing.Optional[builtins.str]:
-        '''The unique name for your hook.
+        '''The unique name for your Hook.
 
-        Specifies a three-part namespace for your hook, with a recommended pattern of ``Organization::Service::Hook`` .
+        Specifies a three-part namespace for your Hook, with a recommended pattern of ``Organization::Service::Hook`` .
 
         You must specify either ``TypeName`` and ``Configuration`` or ``TypeArn`` and ``Configuration`` .
 
@@ -1790,7 +1833,7 @@ class CfnHookVersion(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_cloudformation.CfnHookVersion",
 ):
-    '''The ``HookVersion`` resource publishes new or first hook version to the AWS CloudFormation registry.
+    '''The ``HookVersion`` resource publishes new or first Hook version to the AWS CloudFormation registry.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-hookversion.html
     :cloudformationResource: AWS::CloudFormation::HookVersion
@@ -1828,9 +1871,9 @@ class CfnHookVersion(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param schema_handler_package: A URL to the Amazon S3 bucket containing the hook project package that contains the necessary files for the hook you want to register. For information on generating a schema handler package for the resource you want to register, see `submit <https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-cli-submit.html>`_ in the *CloudFormation CLI User Guide for Extension Development* . .. epigraph:: The user registering the resource must be able to access the package in the S3 bucket. That's, the user must have `GetObject <https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html>`_ permissions for the schema handler package. For more information, see `Actions, Resources, and Condition Keys for Amazon S3 <https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html>`_ in the *AWS Identity and Access Management User Guide* .
+        :param schema_handler_package: A URL to the Amazon S3 bucket containing the Hook project package that contains the necessary files for the Hook you want to register. For information on generating a schema handler package for the resource you want to register, see `submit <https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-cli-submit.html>`_ in the *CloudFormation CLI User Guide for Extension Development* . .. epigraph:: The user registering the resource must be able to access the package in the S3 bucket. That's, the user must have `GetObject <https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html>`_ permissions for the schema handler package. For more information, see `Actions, Resources, and Condition Keys for Amazon S3 <https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html>`_ in the *AWS Identity and Access Management User Guide* .
         :param type_name: The unique name for your hook. Specifies a three-part namespace for your hook, with a recommended pattern of ``Organization::Service::Hook`` . .. epigraph:: The following organization namespaces are reserved and can't be used in your hook type names: - ``Alexa`` - ``AMZN`` - ``Amazon`` - ``ASK`` - ``AWS`` - ``Custom`` - ``Dev``
-        :param execution_role_arn: The Amazon Resource Name (ARN) of the task execution role that grants the hook permission.
+        :param execution_role_arn: The Amazon Resource Name (ARN) of the task execution role that grants the Hook permission.
         :param logging_config: Contains logging configuration information for an extension.
         '''
         if __debug__:
@@ -1879,7 +1922,7 @@ class CfnHookVersion(
     @builtins.property
     @jsii.member(jsii_name="attrArn")
     def attr_arn(self) -> builtins.str:
-        '''The Amazon Resource Name (ARN) of the hook.
+        '''The Amazon Resource Name (ARN) of the Hook.
 
         :cloudformationAttribute: Arn
         '''
@@ -1888,7 +1931,7 @@ class CfnHookVersion(
     @builtins.property
     @jsii.member(jsii_name="attrIsDefaultVersion")
     def attr_is_default_version(self) -> _IResolvable_da3f097b:
-        '''Whether the specified hook version is set as the default version.
+        '''Whether the specified Hook version is set as the default version.
 
         :cloudformationAttribute: IsDefaultVersion
         '''
@@ -1897,7 +1940,7 @@ class CfnHookVersion(
     @builtins.property
     @jsii.member(jsii_name="attrTypeArn")
     def attr_type_arn(self) -> builtins.str:
-        '''The Amazon Resource Number (ARN) assigned to this version of the hook.
+        '''The Amazon Resource Number (ARN) assigned to this version of the Hook.
 
         :cloudformationAttribute: TypeArn
         '''
@@ -1906,7 +1949,7 @@ class CfnHookVersion(
     @builtins.property
     @jsii.member(jsii_name="attrVersionId")
     def attr_version_id(self) -> builtins.str:
-        '''The ID of this version of the hook.
+        '''The ID of this version of the Hook.
 
         :cloudformationAttribute: VersionId
         '''
@@ -1934,7 +1977,7 @@ class CfnHookVersion(
     @builtins.property
     @jsii.member(jsii_name="schemaHandlerPackage")
     def schema_handler_package(self) -> builtins.str:
-        '''A URL to the Amazon S3 bucket containing the hook project package that contains the necessary files for the hook you want to register.'''
+        '''A URL to the Amazon S3 bucket containing the Hook project package that contains the necessary files for the Hook you want to register.'''
         return typing.cast(builtins.str, jsii.get(self, "schemaHandlerPackage"))
 
     @schema_handler_package.setter
@@ -1960,7 +2003,7 @@ class CfnHookVersion(
     @builtins.property
     @jsii.member(jsii_name="executionRoleArn")
     def execution_role_arn(self) -> typing.Optional[builtins.str]:
-        '''The Amazon Resource Name (ARN) of the task execution role that grants the hook permission.'''
+        '''The Amazon Resource Name (ARN) of the task execution role that grants the Hook permission.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "executionRoleArn"))
 
     @execution_role_arn.setter
@@ -2080,9 +2123,9 @@ class CfnHookVersionProps:
     ) -> None:
         '''Properties for defining a ``CfnHookVersion``.
 
-        :param schema_handler_package: A URL to the Amazon S3 bucket containing the hook project package that contains the necessary files for the hook you want to register. For information on generating a schema handler package for the resource you want to register, see `submit <https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-cli-submit.html>`_ in the *CloudFormation CLI User Guide for Extension Development* . .. epigraph:: The user registering the resource must be able to access the package in the S3 bucket. That's, the user must have `GetObject <https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html>`_ permissions for the schema handler package. For more information, see `Actions, Resources, and Condition Keys for Amazon S3 <https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html>`_ in the *AWS Identity and Access Management User Guide* .
+        :param schema_handler_package: A URL to the Amazon S3 bucket containing the Hook project package that contains the necessary files for the Hook you want to register. For information on generating a schema handler package for the resource you want to register, see `submit <https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-cli-submit.html>`_ in the *CloudFormation CLI User Guide for Extension Development* . .. epigraph:: The user registering the resource must be able to access the package in the S3 bucket. That's, the user must have `GetObject <https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html>`_ permissions for the schema handler package. For more information, see `Actions, Resources, and Condition Keys for Amazon S3 <https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html>`_ in the *AWS Identity and Access Management User Guide* .
         :param type_name: The unique name for your hook. Specifies a three-part namespace for your hook, with a recommended pattern of ``Organization::Service::Hook`` . .. epigraph:: The following organization namespaces are reserved and can't be used in your hook type names: - ``Alexa`` - ``AMZN`` - ``Amazon`` - ``ASK`` - ``AWS`` - ``Custom`` - ``Dev``
-        :param execution_role_arn: The Amazon Resource Name (ARN) of the task execution role that grants the hook permission.
+        :param execution_role_arn: The Amazon Resource Name (ARN) of the task execution role that grants the Hook permission.
         :param logging_config: Contains logging configuration information for an extension.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-hookversion.html
@@ -2123,7 +2166,7 @@ class CfnHookVersionProps:
 
     @builtins.property
     def schema_handler_package(self) -> builtins.str:
-        '''A URL to the Amazon S3 bucket containing the hook project package that contains the necessary files for the hook you want to register.
+        '''A URL to the Amazon S3 bucket containing the Hook project package that contains the necessary files for the Hook you want to register.
 
         For information on generating a schema handler package for the resource you want to register, see `submit <https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-cli-submit.html>`_ in the *CloudFormation CLI User Guide for Extension Development* .
         .. epigraph::
@@ -2161,7 +2204,7 @@ class CfnHookVersionProps:
 
     @builtins.property
     def execution_role_arn(self) -> typing.Optional[builtins.str]:
-        '''The Amazon Resource Name (ARN) of the task execution role that grants the hook permission.
+        '''The Amazon Resource Name (ARN) of the task execution role that grants the Hook permission.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-hookversion.html#cfn-cloudformation-hookversion-executionrolearn
         '''
@@ -2197,7 +2240,9 @@ class CfnLambdaHook(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_cloudformation.CfnLambdaHook",
 ):
-    '''This is a CloudFormation resource for the first-party AWS::Hooks::LambdaHook.
+    '''The ``AWS::CloudFormation::LambdaHook`` resource creates a Lambda Hook with the specified attributes within your CloudFormation template.
+
+    You can use a Lambda Hook to evaluate your resources before allowing stack creation, modification, or deletion. This resource forwards requests for resource evaluation to a Lambda function. For more information, see `Lambda Hooks <https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/lambda-hooks.html>`_ in the *AWS CloudFormation Hooks User Guide* .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-lambdahook.html
     :cloudformationResource: AWS::CloudFormation::LambdaHook
@@ -2256,14 +2301,14 @@ class CfnLambdaHook(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param alias: The typename alias for the hook.
-        :param execution_role: IAM Role ARN.
-        :param failure_mode: Attribute to specify CloudFormation behavior on hook failure.
-        :param hook_status: Attribute to specify which stacks this hook applies to or should get invoked for. Default: - "ENABLED"
-        :param lambda_function: Amazon Resource Name (ARN), Partial ARN, name, version, or alias of the Lambda function to invoke with this hook.
-        :param target_operations: Which operations should this Hook run against? Resource changes, stacks or change sets.
-        :param stack_filters: Filters to allow hooks to target specific stack attributes.
-        :param target_filters: 
+        :param alias: The type name alias for the Hook. This alias must be unique per account and Region. The alias must be in the form ``Name1::Name2::Name3`` and must not begin with ``AWS`` . For example, ``Private::Lambda::MyTestHook`` .
+        :param execution_role: The IAM role that the Hook assumes to invoke your Lambda function.
+        :param failure_mode: Specifies how the Hook responds when the Lambda function invoked by the Hook returns a ``FAILED`` response. - ``FAIL`` : Prevents the action from proceeding. This is helpful for enforcing strict compliance or security policies. - ``WARN`` : Issues warnings to users but allows actions to continue. This is useful for non-critical validations or informational checks.
+        :param hook_status: Specifies if the Hook is ``ENABLED`` or ``DISABLED`` . Default: - "ENABLED"
+        :param lambda_function: Specifies the Lambda function for the Hook. You can use:. - The full Amazon Resource Name (ARN) without a suffix. - A qualified ARN with a version or alias suffix.
+        :param target_operations: Specifies which type of operation the Hook is run against. Valid values: ``STACK`` | ``RESOURCE`` | ``CHANGE_SET`` | ``CLOUD_CONTROL``
+        :param stack_filters: Specifies the stack level filters for the Hook.
+        :param target_filters: Specifies the target filters for the Hook.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__fec9ac58a382959177810e26366e5dddc9f912aaf73b09411981c9ecbce1010a)
@@ -2315,7 +2360,7 @@ class CfnLambdaHook(
     @builtins.property
     @jsii.member(jsii_name="attrHookArn")
     def attr_hook_arn(self) -> builtins.str:
-        '''The Amazon Resource Name (ARN) of the activated hook.
+        '''Returns the ARN of a Lambda Hook.
 
         :cloudformationAttribute: HookArn
         '''
@@ -2329,7 +2374,10 @@ class CfnLambdaHook(
     @builtins.property
     @jsii.member(jsii_name="alias")
     def alias(self) -> builtins.str:
-        '''The typename alias for the hook.'''
+        '''The type name alias for the Hook.
+
+        This alias must be unique per account and Region.
+        '''
         return typing.cast(builtins.str, jsii.get(self, "alias"))
 
     @alias.setter
@@ -2342,7 +2390,7 @@ class CfnLambdaHook(
     @builtins.property
     @jsii.member(jsii_name="executionRole")
     def execution_role(self) -> builtins.str:
-        '''IAM Role ARN.'''
+        '''The IAM role that the Hook assumes to invoke your Lambda function.'''
         return typing.cast(builtins.str, jsii.get(self, "executionRole"))
 
     @execution_role.setter
@@ -2355,7 +2403,7 @@ class CfnLambdaHook(
     @builtins.property
     @jsii.member(jsii_name="failureMode")
     def failure_mode(self) -> builtins.str:
-        '''Attribute to specify CloudFormation behavior on hook failure.'''
+        '''Specifies how the Hook responds when the Lambda function invoked by the Hook returns a ``FAILED`` response.'''
         return typing.cast(builtins.str, jsii.get(self, "failureMode"))
 
     @failure_mode.setter
@@ -2368,7 +2416,7 @@ class CfnLambdaHook(
     @builtins.property
     @jsii.member(jsii_name="hookStatus")
     def hook_status(self) -> builtins.str:
-        '''Attribute to specify which stacks this hook applies to or should get invoked for.'''
+        '''Specifies if the Hook is ``ENABLED`` or ``DISABLED`` .'''
         return typing.cast(builtins.str, jsii.get(self, "hookStatus"))
 
     @hook_status.setter
@@ -2381,7 +2429,10 @@ class CfnLambdaHook(
     @builtins.property
     @jsii.member(jsii_name="lambdaFunction")
     def lambda_function(self) -> builtins.str:
-        '''Amazon Resource Name (ARN), Partial ARN, name, version, or alias of the Lambda function to invoke with this hook.'''
+        '''Specifies the Lambda function for the Hook.
+
+        You can use:.
+        '''
         return typing.cast(builtins.str, jsii.get(self, "lambdaFunction"))
 
     @lambda_function.setter
@@ -2394,7 +2445,7 @@ class CfnLambdaHook(
     @builtins.property
     @jsii.member(jsii_name="targetOperations")
     def target_operations(self) -> typing.List[builtins.str]:
-        '''Which operations should this Hook run against?'''
+        '''Specifies which type of operation the Hook is run against.'''
         return typing.cast(typing.List[builtins.str], jsii.get(self, "targetOperations"))
 
     @target_operations.setter
@@ -2409,7 +2460,7 @@ class CfnLambdaHook(
     def stack_filters(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnLambdaHook.StackFiltersProperty"]]:
-        '''Filters to allow hooks to target specific stack attributes.'''
+        '''Specifies the stack level filters for the Hook.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnLambdaHook.StackFiltersProperty"]], jsii.get(self, "stackFilters"))
 
     @stack_filters.setter
@@ -2427,6 +2478,7 @@ class CfnLambdaHook(
     def target_filters(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnLambdaHook.TargetFiltersProperty"]]:
+        '''Specifies the target filters for the Hook.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnLambdaHook.TargetFiltersProperty"]], jsii.get(self, "targetFilters"))
 
     @target_filters.setter
@@ -2456,11 +2508,15 @@ class CfnLambdaHook(
             stack_names: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnLambdaHook.StackNamesProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             stack_roles: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnLambdaHook.StackRolesProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         ) -> None:
-            '''Filters to allow hooks to target specific stack attributes.
+            '''The ``StackFilters`` property type specifies stack level filters for a Hook.
+
+            The ``StackNames`` or ``StackRoles`` properties are optional. However, you must specify at least one of these properties.
 
-            :param filtering_criteria: Attribute to specify the filtering behavior. ANY will make the Hook pass if one filter matches. ALL will make the Hook pass if all filters match Default: - "ALL"
-            :param stack_names: List of stack names as filters.
-            :param stack_roles: List of stack roles that are performing the stack operations.
+            For more information, see `AWS CloudFormation Hooks stack level filters <https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html>`_ .
+
+            :param filtering_criteria: The filtering criteria. - All stack names and stack roles ( ``All`` ): The Hook will only be invoked when all specified filters match. - Any stack names and stack roles ( ``Any`` ): The Hook will be invoked if at least one of the specified filters match. Default: - "ALL"
+            :param stack_names: Includes or excludes specific stacks from Hook invocations.
+            :param stack_roles: Includes or excludes specific stacks from Hook invocations based on their associated IAM roles.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-lambdahook-stackfilters.html
             :exampleMetadata: fixture=_generated
@@ -2500,9 +2556,10 @@ class CfnLambdaHook(
 
         @builtins.property
         def filtering_criteria(self) -> builtins.str:
-            '''Attribute to specify the filtering behavior.
+            '''The filtering criteria.
 
-            ANY will make the Hook pass if one filter matches. ALL will make the Hook pass if all filters match
+            - All stack names and stack roles ( ``All`` ): The Hook will only be invoked when all specified filters match.
+            - Any stack names and stack roles ( ``Any`` ): The Hook will be invoked if at least one of the specified filters match.
 
             :default: - "ALL"
 
@@ -2516,7 +2573,7 @@ class CfnLambdaHook(
         def stack_names(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnLambdaHook.StackNamesProperty"]]:
-            '''List of stack names as filters.
+            '''Includes or excludes specific stacks from Hook invocations.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-lambdahook-stackfilters.html#cfn-cloudformation-lambdahook-stackfilters-stacknames
             '''
@@ -2527,7 +2584,7 @@ class CfnLambdaHook(
         def stack_roles(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnLambdaHook.StackRolesProperty"]]:
-            '''List of stack roles that are performing the stack operations.
+            '''Includes or excludes specific stacks from Hook invocations based on their associated IAM roles.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-lambdahook-stackfilters.html#cfn-cloudformation-lambdahook-stackfilters-stackroles
             '''
@@ -2557,10 +2614,12 @@ class CfnLambdaHook(
             exclude: typing.Optional[typing.Sequence[builtins.str]] = None,
             include: typing.Optional[typing.Sequence[builtins.str]] = None,
         ) -> None:
-            '''List of stack names as filters.
+            '''Specifies the stack names for the ``StackFilters`` property type to include or exclude specific stacks from Hook invocations.
+
+            For more information, see `AWS CloudFormation Hooks stack level filters <https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html>`_ .
 
-            :param exclude: List of stack names that the hook is going to be excluded from.
-            :param include: List of stack names that the hook is going to target.
+            :param exclude: The stack names to exclude. All stacks except those listed here will invoke the Hook.
+            :param include: The stack names to include. Only the stacks specified in this list will invoke the Hook.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-lambdahook-stacknames.html
             :exampleMetadata: fixture=_generated
@@ -2588,7 +2647,9 @@ class CfnLambdaHook(
 
         @builtins.property
         def exclude(self) -> typing.Optional[typing.List[builtins.str]]:
-            '''List of stack names that the hook is going to be excluded from.
+            '''The stack names to exclude.
+
+            All stacks except those listed here will invoke the Hook.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-lambdahook-stacknames.html#cfn-cloudformation-lambdahook-stacknames-exclude
             '''
@@ -2597,7 +2658,9 @@ class CfnLambdaHook(
 
         @builtins.property
         def include(self) -> typing.Optional[typing.List[builtins.str]]:
-            '''List of stack names that the hook is going to target.
+            '''The stack names to include.
+
+            Only the stacks specified in this list will invoke the Hook.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-lambdahook-stacknames.html#cfn-cloudformation-lambdahook-stacknames-include
             '''
@@ -2627,10 +2690,12 @@ class CfnLambdaHook(
             exclude: typing.Optional[typing.Sequence[builtins.str]] = None,
             include: typing.Optional[typing.Sequence[builtins.str]] = None,
         ) -> None:
-            '''List of stack roles that are performing the stack operations.
+            '''Specifies the stack roles for the ``StackFilters`` property type to include or exclude specific stacks from Hook invocations based on their associated IAM roles.
+
+            For more information, see `AWS CloudFormation Hooks stack level filters <https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html>`_ .
 
-            :param exclude: List of stack roles that the hook is going to be excluded from.
-            :param include: List of stack roles that the hook is going to target.
+            :param exclude: The IAM role ARNs for stacks you want to exclude. The Hook will be invoked on all stacks except those initiated by the specified roles.
+            :param include: The IAM role ARNs to target stacks associated with these roles. Only stack operations initiated by these roles will invoke the Hook.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-lambdahook-stackroles.html
             :exampleMetadata: fixture=_generated
@@ -2658,7 +2723,9 @@ class CfnLambdaHook(
 
         @builtins.property
         def exclude(self) -> typing.Optional[typing.List[builtins.str]]:
-            '''List of stack roles that the hook is going to be excluded from.
+            '''The IAM role ARNs for stacks you want to exclude.
+
+            The Hook will be invoked on all stacks except those initiated by the specified roles.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-lambdahook-stackroles.html#cfn-cloudformation-lambdahook-stackroles-exclude
             '''
@@ -2667,7 +2734,9 @@ class CfnLambdaHook(
 
         @builtins.property
         def include(self) -> typing.Optional[typing.List[builtins.str]]:
-            '''List of stack roles that the hook is going to target.
+            '''The IAM role ARNs to target stacks associated with these roles.
+
+            Only stack operations initiated by these roles will invoke the Hook.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudformation-lambdahook-stackroles.html#cfn-cloudformation-lambdahook-stackroles-include
             '''
@@ -2702,7 +2771,10 @@ class CfnLambdaHook(
             invocation_points: typing.Optional[typing.Sequence[builtins.str]] = None,
             target_names: typing.Optional[typing.Sequence[builtins.str]] = None,
         ) -> None:
-            '''
+            '''The ``TargetFilters`` property type specifies the target filters for the Hook.
+
+            For more information, see `AWS CloudFormation Hook target filters <https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/specify-hook-configuration-targetfilters.html>`_ .
+
             :param actions: List of actions that the hook is going to target.
             :param invocation_points: List of invocation points that the hook is going to target.
             :param target_names: List of type names that the hook is going to target.
@@ -2803,14 +2875,14 @@ class CfnLambdaHookProps:
     ) -> None:
         '''Properties for defining a ``CfnLambdaHook``.
 
-        :param alias: The typename alias for the hook.
-        :param execution_role: IAM Role ARN.
-        :param failure_mode: Attribute to specify CloudFormation behavior on hook failure.
-        :param hook_status: Attribute to specify which stacks this hook applies to or should get invoked for. Default: - "ENABLED"
-        :param lambda_function: Amazon Resource Name (ARN), Partial ARN, name, version, or alias of the Lambda function to invoke with this hook.
-        :param target_operations: Which operations should this Hook run against? Resource changes, stacks or change sets.
-        :param stack_filters: Filters to allow hooks to target specific stack attributes.
-        :param target_filters: 
+        :param alias: The type name alias for the Hook. This alias must be unique per account and Region. The alias must be in the form ``Name1::Name2::Name3`` and must not begin with ``AWS`` . For example, ``Private::Lambda::MyTestHook`` .
+        :param execution_role: The IAM role that the Hook assumes to invoke your Lambda function.
+        :param failure_mode: Specifies how the Hook responds when the Lambda function invoked by the Hook returns a ``FAILED`` response. - ``FAIL`` : Prevents the action from proceeding. This is helpful for enforcing strict compliance or security policies. - ``WARN`` : Issues warnings to users but allows actions to continue. This is useful for non-critical validations or informational checks.
+        :param hook_status: Specifies if the Hook is ``ENABLED`` or ``DISABLED`` . Default: - "ENABLED"
+        :param lambda_function: Specifies the Lambda function for the Hook. You can use:. - The full Amazon Resource Name (ARN) without a suffix. - A qualified ARN with a version or alias suffix.
+        :param target_operations: Specifies which type of operation the Hook is run against. Valid values: ``STACK`` | ``RESOURCE`` | ``CHANGE_SET`` | ``CLOUD_CONTROL``
+        :param stack_filters: Specifies the stack level filters for the Hook.
+        :param target_filters: Specifies the target filters for the Hook.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-lambdahook.html
         :exampleMetadata: fixture=_generated
@@ -2875,7 +2947,9 @@ class CfnLambdaHookProps:
 
     @builtins.property
     def alias(self) -> builtins.str:
-        '''The typename alias for the hook.
+        '''The type name alias for the Hook. This alias must be unique per account and Region.
+
+        The alias must be in the form ``Name1::Name2::Name3`` and must not begin with ``AWS`` . For example, ``Private::Lambda::MyTestHook`` .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-lambdahook.html#cfn-cloudformation-lambdahook-alias
         '''
@@ -2885,7 +2959,7 @@ class CfnLambdaHookProps:
 
     @builtins.property
     def execution_role(self) -> builtins.str:
-        '''IAM Role ARN.
+        '''The IAM role that the Hook assumes to invoke your Lambda function.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-lambdahook.html#cfn-cloudformation-lambdahook-executionrole
         '''
@@ -2895,7 +2969,10 @@ class CfnLambdaHookProps:
 
     @builtins.property
     def failure_mode(self) -> builtins.str:
-        '''Attribute to specify CloudFormation behavior on hook failure.
+        '''Specifies how the Hook responds when the Lambda function invoked by the Hook returns a ``FAILED`` response.
+
+        - ``FAIL`` : Prevents the action from proceeding. This is helpful for enforcing strict compliance or security policies.
+        - ``WARN`` : Issues warnings to users but allows actions to continue. This is useful for non-critical validations or informational checks.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-lambdahook.html#cfn-cloudformation-lambdahook-failuremode
         '''
@@ -2905,7 +2982,7 @@ class CfnLambdaHookProps:
 
     @builtins.property
     def hook_status(self) -> builtins.str:
-        '''Attribute to specify which stacks this hook applies to or should get invoked for.
+        '''Specifies if the Hook is ``ENABLED`` or ``DISABLED`` .
 
         :default: - "ENABLED"
 
@@ -2917,7 +2994,10 @@ class CfnLambdaHookProps:
 
     @builtins.property
     def lambda_function(self) -> builtins.str:
-        '''Amazon Resource Name (ARN), Partial ARN, name, version, or alias of the Lambda function to invoke with this hook.
+        '''Specifies the Lambda function for the Hook. You can use:.
+
+        - The full Amazon Resource Name (ARN) without a suffix.
+        - A qualified ARN with a version or alias suffix.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-lambdahook.html#cfn-cloudformation-lambdahook-lambdafunction
         '''
@@ -2927,9 +3007,9 @@ class CfnLambdaHookProps:
 
     @builtins.property
     def target_operations(self) -> typing.List[builtins.str]:
-        '''Which operations should this Hook run against?
+        '''Specifies which type of operation the Hook is run against.
 
-        Resource changes, stacks or change sets.
+        Valid values: ``STACK`` | ``RESOURCE`` | ``CHANGE_SET`` | ``CLOUD_CONTROL``
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-lambdahook.html#cfn-cloudformation-lambdahook-targetoperations
         '''
@@ -2941,7 +3021,7 @@ class CfnLambdaHookProps:
     def stack_filters(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnLambdaHook.StackFiltersProperty]]:
-        '''Filters to allow hooks to target specific stack attributes.
+        '''Specifies the stack level filters for the Hook.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-lambdahook.html#cfn-cloudformation-lambdahook-stackfilters
         '''
@@ -2952,7 +3032,8 @@ class CfnLambdaHookProps:
     def target_filters(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnLambdaHook.TargetFiltersProperty]]:
-        '''
+        '''Specifies the target filters for the Hook.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-lambdahook.html#cfn-cloudformation-lambdahook-targetfilters
         '''
         result = self._values.get("target_filters")