aws-cdk-lib 2.173.4__py3-none-any.whl → 2.174.1__py3-none-any.whl

aws_cdk/aws_redshiftserverless/__init__.py

@@ -1267,6 +1267,10 @@ class CfnWorkgroup(
             max_capacity=123,
             namespace_name="namespaceName",
             port=123,
+            price_performance_target=redshiftserverless.CfnWorkgroup.PerformanceTargetProperty(
+                level=123,
+                status="status"
+            ),
             publicly_accessible=False,
             security_group_ids=["securityGroupIds"],
             subnet_ids=["subnetIds"],
@@ -1289,6 +1293,7 @@ class CfnWorkgroup(
         max_capacity: typing.Optional[jsii.Number] = None,
         namespace_name: typing.Optional[builtins.str] = None,
         port: typing.Optional[jsii.Number] = None,
+        price_performance_target: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWorkgroup.PerformanceTargetProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         publicly_accessible: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
         subnet_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
@@ -1304,6 +1309,7 @@ class CfnWorkgroup(
         :param max_capacity: The maximum data-warehouse capacity Amazon Redshift Serverless uses to serve queries. The max capacity is specified in RPUs.
         :param namespace_name: The namespace the workgroup is associated with.
         :param port: The custom port to use when connecting to a workgroup. Valid port ranges are 5431-5455 and 8191-8215. The default is 5439.
+        :param price_performance_target: An object that represents the price performance target settings for the workgroup.
         :param publicly_accessible: A value that specifies whether the workgroup can be accessible from a public network. Default: - false
         :param security_group_ids: A list of security group IDs to associate with the workgroup.
         :param subnet_ids: A list of subnet IDs the workgroup is associated with.
@@ -1321,6 +1327,7 @@ class CfnWorkgroup(
             max_capacity=max_capacity,
             namespace_name=namespace_name,
             port=port,
+            price_performance_target=price_performance_target,
             publicly_accessible=publicly_accessible,
             security_group_ids=security_group_ids,
             subnet_ids=subnet_ids,
@@ -1633,6 +1640,24 @@ class CfnWorkgroup(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "port", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="pricePerformanceTarget")
+    def price_performance_target(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWorkgroup.PerformanceTargetProperty"]]:
+        '''An object that represents the price performance target settings for the workgroup.'''
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWorkgroup.PerformanceTargetProperty"]], jsii.get(self, "pricePerformanceTarget"))
+
+    @price_performance_target.setter
+    def price_performance_target(
+        self,
+        value: typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWorkgroup.PerformanceTargetProperty"]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__971a4fc1559ba6fa762249206f240d83ab3e607f325e8eeed9b9122b529c78e0)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "pricePerformanceTarget", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="publiclyAccessible")
     def publicly_accessible(
@@ -1973,6 +1998,78 @@ class CfnWorkgroup(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_redshiftserverless.CfnWorkgroup.PerformanceTargetProperty",
+        jsii_struct_bases=[],
+        name_mapping={"level": "level", "status": "status"},
+    )
+    class PerformanceTargetProperty:
+        def __init__(
+            self,
+            *,
+            level: typing.Optional[jsii.Number] = None,
+            status: typing.Optional[builtins.str] = None,
+        ) -> None:
+            '''An object that represents the price performance target settings for the workgroup.
+
+            :param level: The target price performance level for the workgroup. Valid values include 1, 25, 50, 75, and 100. These correspond to the price performance levels LOW_COST, ECONOMICAL, BALANCED, RESOURCEFUL, and HIGH_PERFORMANCE.
+            :param status: Whether the price performance target is enabled for the workgroup.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-redshiftserverless-workgroup-performancetarget.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_redshiftserverless as redshiftserverless
+                
+                performance_target_property = redshiftserverless.CfnWorkgroup.PerformanceTargetProperty(
+                    level=123,
+                    status="status"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__e7166282347ab806de45e7f23d02833af860bdd81c72c593cfef563b261c272f)
+                check_type(argname="argument level", value=level, expected_type=type_hints["level"])
+                check_type(argname="argument status", value=status, expected_type=type_hints["status"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if level is not None:
+                self._values["level"] = level
+            if status is not None:
+                self._values["status"] = status
+
+        @builtins.property
+        def level(self) -> typing.Optional[jsii.Number]:
+            '''The target price performance level for the workgroup.
+
+            Valid values include 1, 25, 50, 75, and 100. These correspond to the price performance levels LOW_COST, ECONOMICAL, BALANCED, RESOURCEFUL, and HIGH_PERFORMANCE.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-redshiftserverless-workgroup-performancetarget.html#cfn-redshiftserverless-workgroup-performancetarget-level
+            '''
+            result = self._values.get("level")
+            return typing.cast(typing.Optional[jsii.Number], result)
+
+        @builtins.property
+        def status(self) -> typing.Optional[builtins.str]:
+            '''Whether the price performance target is enabled for the workgroup.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-redshiftserverless-workgroup-performancetarget.html#cfn-redshiftserverless-workgroup-performancetarget-status
+            '''
+            result = self._values.get("status")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "PerformanceTargetProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_redshiftserverless.CfnWorkgroup.VpcEndpointProperty",
         jsii_struct_bases=[],
@@ -2082,6 +2179,7 @@ class CfnWorkgroup(
             "enhanced_vpc_routing": "enhancedVpcRouting",
             "max_capacity": "maxCapacity",
             "namespace_name": "namespaceName",
+            "price_performance_target": "pricePerformanceTarget",
             "publicly_accessible": "publiclyAccessible",
             "security_group_ids": "securityGroupIds",
             "status": "status",
@@ -2102,6 +2200,7 @@ class CfnWorkgroup(
             enhanced_vpc_routing: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
             max_capacity: typing.Optional[jsii.Number] = None,
             namespace_name: typing.Optional[builtins.str] = None,
+            price_performance_target: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWorkgroup.PerformanceTargetProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             publicly_accessible: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
             security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
             status: typing.Optional[builtins.str] = None,
@@ -2119,6 +2218,7 @@ class CfnWorkgroup(
             :param enhanced_vpc_routing: The value that specifies whether to enable enhanced virtual private cloud (VPC) routing, which forces Amazon Redshift Serverless to route traffic through your VPC.
             :param max_capacity: The maximum data-warehouse capacity Amazon Redshift Serverless uses to serve queries. The max capacity is specified in RPUs.
             :param namespace_name: The namespace the workgroup is associated with.
+            :param price_performance_target: An object that represents the price performance target settings for the workgroup.
             :param publicly_accessible: A value that specifies whether the workgroup can be accessible from a public network.
             :param security_group_ids: An array of security group IDs to associate with the workgroup.
             :param status: The status of the workgroup.
@@ -2160,6 +2260,10 @@ class CfnWorkgroup(
                     enhanced_vpc_routing=False,
                     max_capacity=123,
                     namespace_name="namespaceName",
+                    price_performance_target=redshiftserverless.CfnWorkgroup.PerformanceTargetProperty(
+                        level=123,
+                        status="status"
+                    ),
                     publicly_accessible=False,
                     security_group_ids=["securityGroupIds"],
                     status="status",
@@ -2178,6 +2282,7 @@ class CfnWorkgroup(
                 check_type(argname="argument enhanced_vpc_routing", value=enhanced_vpc_routing, expected_type=type_hints["enhanced_vpc_routing"])
                 check_type(argname="argument max_capacity", value=max_capacity, expected_type=type_hints["max_capacity"])
                 check_type(argname="argument namespace_name", value=namespace_name, expected_type=type_hints["namespace_name"])
+                check_type(argname="argument price_performance_target", value=price_performance_target, expected_type=type_hints["price_performance_target"])
                 check_type(argname="argument publicly_accessible", value=publicly_accessible, expected_type=type_hints["publicly_accessible"])
                 check_type(argname="argument security_group_ids", value=security_group_ids, expected_type=type_hints["security_group_ids"])
                 check_type(argname="argument status", value=status, expected_type=type_hints["status"])
@@ -2200,6 +2305,8 @@ class CfnWorkgroup(
                 self._values["max_capacity"] = max_capacity
             if namespace_name is not None:
                 self._values["namespace_name"] = namespace_name
+            if price_performance_target is not None:
+                self._values["price_performance_target"] = price_performance_target
             if publicly_accessible is not None:
                 self._values["publicly_accessible"] = publicly_accessible
             if security_group_ids is not None:
@@ -2288,6 +2395,17 @@ class CfnWorkgroup(
             result = self._values.get("namespace_name")
             return typing.cast(typing.Optional[builtins.str], result)
 
+        @builtins.property
+        def price_performance_target(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWorkgroup.PerformanceTargetProperty"]]:
+            '''An object that represents the price performance target settings for the workgroup.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-redshiftserverless-workgroup-workgroup.html#cfn-redshiftserverless-workgroup-workgroup-priceperformancetarget
+            '''
+            result = self._values.get("price_performance_target")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWorkgroup.PerformanceTargetProperty"]], result)
+
         @builtins.property
         def publicly_accessible(
             self,
@@ -2376,6 +2494,7 @@ class CfnWorkgroup(
         "max_capacity": "maxCapacity",
         "namespace_name": "namespaceName",
         "port": "port",
+        "price_performance_target": "pricePerformanceTarget",
         "publicly_accessible": "publiclyAccessible",
         "security_group_ids": "securityGroupIds",
         "subnet_ids": "subnetIds",
@@ -2393,6 +2512,7 @@ class CfnWorkgroupProps:
         max_capacity: typing.Optional[jsii.Number] = None,
         namespace_name: typing.Optional[builtins.str] = None,
         port: typing.Optional[jsii.Number] = None,
+        price_performance_target: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWorkgroup.PerformanceTargetProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         publicly_accessible: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
         subnet_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
@@ -2407,6 +2527,7 @@ class CfnWorkgroupProps:
         :param max_capacity: The maximum data-warehouse capacity Amazon Redshift Serverless uses to serve queries. The max capacity is specified in RPUs.
         :param namespace_name: The namespace the workgroup is associated with.
         :param port: The custom port to use when connecting to a workgroup. Valid port ranges are 5431-5455 and 8191-8215. The default is 5439.
+        :param price_performance_target: An object that represents the price performance target settings for the workgroup.
         :param publicly_accessible: A value that specifies whether the workgroup can be accessible from a public network. Default: - false
         :param security_group_ids: A list of security group IDs to associate with the workgroup.
         :param subnet_ids: A list of subnet IDs the workgroup is associated with.
@@ -2434,6 +2555,10 @@ class CfnWorkgroupProps:
                 max_capacity=123,
                 namespace_name="namespaceName",
                 port=123,
+                price_performance_target=redshiftserverless.CfnWorkgroup.PerformanceTargetProperty(
+                    level=123,
+                    status="status"
+                ),
                 publicly_accessible=False,
                 security_group_ids=["securityGroupIds"],
                 subnet_ids=["subnetIds"],
@@ -2452,6 +2577,7 @@ class CfnWorkgroupProps:
             check_type(argname="argument max_capacity", value=max_capacity, expected_type=type_hints["max_capacity"])
             check_type(argname="argument namespace_name", value=namespace_name, expected_type=type_hints["namespace_name"])
             check_type(argname="argument port", value=port, expected_type=type_hints["port"])
+            check_type(argname="argument price_performance_target", value=price_performance_target, expected_type=type_hints["price_performance_target"])
             check_type(argname="argument publicly_accessible", value=publicly_accessible, expected_type=type_hints["publicly_accessible"])
             check_type(argname="argument security_group_ids", value=security_group_ids, expected_type=type_hints["security_group_ids"])
             check_type(argname="argument subnet_ids", value=subnet_ids, expected_type=type_hints["subnet_ids"])
@@ -2471,6 +2597,8 @@ class CfnWorkgroupProps:
             self._values["namespace_name"] = namespace_name
         if port is not None:
             self._values["port"] = port
+        if price_performance_target is not None:
+            self._values["price_performance_target"] = price_performance_target
         if publicly_accessible is not None:
             self._values["publicly_accessible"] = publicly_accessible
         if security_group_ids is not None:
@@ -2556,6 +2684,17 @@ class CfnWorkgroupProps:
         result = self._values.get("port")
         return typing.cast(typing.Optional[jsii.Number], result)
 
+    @builtins.property
+    def price_performance_target(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnWorkgroup.PerformanceTargetProperty]]:
+        '''An object that represents the price performance target settings for the workgroup.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshiftserverless-workgroup.html#cfn-redshiftserverless-workgroup-priceperformancetarget
+        '''
+        result = self._values.get("price_performance_target")
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, CfnWorkgroup.PerformanceTargetProperty]], result)
+
     @builtins.property
     def publicly_accessible(
         self,
@@ -2810,6 +2949,7 @@ def _typecheckingstub__61a1b6ebbdacc577619f4e17ddabdaa553ffe5fe072b72e14ddf7d9c3
     max_capacity: typing.Optional[jsii.Number] = None,
     namespace_name: typing.Optional[builtins.str] = None,
     port: typing.Optional[jsii.Number] = None,
+    price_performance_target: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWorkgroup.PerformanceTargetProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     publicly_accessible: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
     subnet_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
@@ -2872,6 +3012,12 @@ def _typecheckingstub__7e3a61acfcbbe3b107c15ebd1c1248f3bd150ad58cf876908da7870de
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__971a4fc1559ba6fa762249206f240d83ab3e607f325e8eeed9b9122b529c78e0(
+    value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnWorkgroup.PerformanceTargetProperty]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__974542b0d8aa6c1847dd536dcf795ef2c4719aed798ea365b0767f6ad3234ca0(
     value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
 ) -> None:
@@ -2923,6 +3069,14 @@ def _typecheckingstub__c27a8032aaa250691e1e68b2e75ce65c47142ac6b83ad22f01b09ec29
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__e7166282347ab806de45e7f23d02833af860bdd81c72c593cfef563b261c272f(
+    *,
+    level: typing.Optional[jsii.Number] = None,
+    status: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__200b427a09281b666ef25deaac2b6bf3abeeda64d77ffa3f7903dbe300b6606d(
     *,
     network_interfaces: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWorkgroup.NetworkInterfaceProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
@@ -2941,6 +3095,7 @@ def _typecheckingstub__b7cad236eecd67272da075e88f17a1dbdae4ee5083553d6443dcc19b3
     enhanced_vpc_routing: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     max_capacity: typing.Optional[jsii.Number] = None,
     namespace_name: typing.Optional[builtins.str] = None,
+    price_performance_target: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWorkgroup.PerformanceTargetProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     publicly_accessible: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
     status: typing.Optional[builtins.str] = None,
@@ -2961,6 +3116,7 @@ def _typecheckingstub__1ee3941005026bdab05d38183c12cc7cf5ff218e6db3877161b60d823
     max_capacity: typing.Optional[jsii.Number] = None,
     namespace_name: typing.Optional[builtins.str] = None,
     port: typing.Optional[jsii.Number] = None,
+    price_performance_target: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWorkgroup.PerformanceTargetProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     publicly_accessible: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
     subnet_ids: typing.Optional[typing.Sequence[builtins.str]] = None,

aws_cdk/aws_resiliencehub/__init__.py

@@ -494,7 +494,7 @@ class CfnApp(
 
             :param type: Defines how AWS Resilience Hub scans your resources. It can scan for the resources by using a pre-existing role in your AWS account, or by using the credentials of the current IAM user.
             :param cross_account_role_arns: Defines a list of role Amazon Resource Names (ARNs) to be used in other accounts. These ARNs are used for querying purposes while importing resources and assessing your application. .. epigraph:: - These ARNs are required only when your resources are in other accounts and you have different role name in these accounts. Else, the invoker role name will be used in the other accounts. - These roles must have a trust policy with ``iam:AssumeRole`` permission to the invoker role in the primary account.
-            :param invoker_role_name: Existing AWS IAM role name in the primary AWS account that will be assumed by AWS Resilience Hub Service Principle to obtain a read-only access to your application resources while running an assessment. .. epigraph:: - You must have ``iam:passRole`` permission for this role while creating or updating the application. - Currently, ``invokerRoleName`` accepts only ``[A-Za-z0-9_+=,.@-]`` characters.
+            :param invoker_role_name: Existing AWS IAM role name in the primary AWS account that will be assumed by AWS Resilience Hub Service Principle to obtain a read-only access to your application resources while running an assessment. If your IAM role includes a path, you must include the path in the ``invokerRoleName`` parameter. For example, if your IAM role's ARN is ``arn:aws:iam:123456789012:role/my-path/role-name`` , you should pass ``my-path/role-name`` . .. epigraph:: - You must have ``iam:passRole`` permission for this role while creating or updating the application. - Currently, ``invokerRoleName`` accepts only ``[A-Za-z0-9_+=,.@-]`` characters.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resiliencehub-app-permissionmodel.html
             :exampleMetadata: fixture=_generated
@@ -557,6 +557,7 @@ class CfnApp(
         def invoker_role_name(self) -> typing.Optional[builtins.str]:
             '''Existing AWS IAM role name in the primary AWS account that will be assumed by AWS Resilience Hub Service Principle to obtain a read-only access to your application resources while running an assessment.
 
+            If your IAM role includes a path, you must include the path in the ``invokerRoleName`` parameter. For example, if your IAM role's ARN is ``arn:aws:iam:123456789012:role/my-path/role-name`` , you should pass ``my-path/role-name`` .
             .. epigraph::
 
                - You must have ``iam:passRole`` permission for this role while creating or updating the application.

aws_cdk/aws_route53_targets/__init__.py

@@ -1027,19 +1027,19 @@ class UserPoolDomainTarget(
     @jsii.member(jsii_name="bind")
     def bind(
         self,
-        _record: _IRecordSet_7d446a82,
+        record: _IRecordSet_7d446a82,
         _zone: typing.Optional[_IHostedZone_9a6907ad] = None,
     ) -> _AliasRecordTargetConfig_588f62e9:
         '''Return hosted zone ID and DNS name, usable for Route53 alias targets.
 
-        :param _record: -
+        :param record: -
         :param _zone: -
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__ce4923401899f48bd0c1ae21051fc7f7dfe9597cb06da980cb1dc4cf441fbf3c)
-            check_type(argname="argument _record", value=_record, expected_type=type_hints["_record"])
+            check_type(argname="argument record", value=record, expected_type=type_hints["record"])
             check_type(argname="argument _zone", value=_zone, expected_type=type_hints["_zone"])
-        return typing.cast(_AliasRecordTargetConfig_588f62e9, jsii.invoke(self, "bind", [_record, _zone]))
+        return typing.cast(_AliasRecordTargetConfig_588f62e9, jsii.invoke(self, "bind", [record, _zone]))
 
 
 class ApiGateway(
@@ -1268,7 +1268,7 @@ def _typecheckingstub__b00bf5eba0024f5bf7c1acfbffab5d3fa54e65eb29951b3b0fe2f6659
     pass
 
 def _typecheckingstub__ce4923401899f48bd0c1ae21051fc7f7dfe9597cb06da980cb1dc4cf441fbf3c(
-    _record: _IRecordSet_7d446a82,
+    record: _IRecordSet_7d446a82,
     _zone: typing.Optional[_IHostedZone_9a6907ad] = None,
 ) -> None:
     """Type checking stubs"""

aws_cdk/aws_s3/__init__.py

@@ -2013,19 +2013,20 @@ class BucketProps:
 
         Example::
 
-            import aws_cdk.aws_kms as kms
-            
-            
-            my_kms_key = kms.Key(self, "myKMSKey")
-            my_bucket = s3.Bucket(self, "mySSEKMSEncryptedBucket",
-                encryption=s3.BucketEncryption.KMS,
-                encryption_key=my_kms_key,
+            access_logs_bucket = s3.Bucket(self, "AccessLogsBucket",
                 object_ownership=s3.ObjectOwnership.BUCKET_OWNER_ENFORCED
             )
-            cloudfront.Distribution(self, "myDist",
-                default_behavior=cloudfront.BehaviorOptions(
-                    origin=origins.S3BucketOrigin.with_origin_access_control(my_bucket)
-                )
+            
+            access_logs_bucket.add_to_resource_policy(
+                iam.PolicyStatement(
+                    actions=["s3:*"],
+                    resources=[access_logs_bucket.bucket_arn, access_logs_bucket.arn_for_objects("*")],
+                    principals=[iam.AnyPrincipal()]
+                ))
+            
+            bucket = s3.Bucket(self, "MyBucket",
+                server_access_logs_bucket=access_logs_bucket,
+                server_access_logs_prefix="logs"
             )
         '''
         if isinstance(website_redirect, dict):
@@ -4236,7 +4237,7 @@ class CfnBucket(
         :param access_control: .. epigraph:: This is a legacy property, and it is not recommended for most use cases. A majority of modern use cases in Amazon S3 no longer require the use of ACLs, and we recommend that you keep ACLs disabled. For more information, see `Controlling object ownership <https://docs.aws.amazon.com//AmazonS3/latest/userguide/about-object-ownership.html>`_ in the *Amazon S3 User Guide* . A canned access control list (ACL) that grants predefined permissions to the bucket. For more information about canned ACLs, see `Canned ACL <https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl>`_ in the *Amazon S3 User Guide* . S3 buckets are created with ACLs disabled by default. Therefore, unless you explicitly set the `AWS::S3::OwnershipControls <https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-ownershipcontrols.html>`_ property to enable ACLs, your resource will fail to deploy with any value other than Private. Use cases requiring ACLs are uncommon. The majority of access control configurations can be successfully and more easily achieved with bucket policies. For more information, see `AWS::S3::BucketPolicy <https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html>`_ . For examples of common policy configurations, including S3 Server Access Logs buckets and more, see `Bucket policy examples <https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html>`_ in the *Amazon S3 User Guide* .
         :param analytics_configurations: Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket.
         :param bucket_encryption: Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS). For information about the Amazon S3 default encryption feature, see `Amazon S3 Default Encryption for S3 Buckets <https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html>`_ in the *Amazon S3 User Guide* .
-        :param bucket_name: A name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow `Amazon S3 bucket restrictions and limitations <https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html>`_ . For more information, see `Rules for naming Amazon S3 buckets <https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html#bucketnamingrules>`_ in the *Amazon S3 User Guide* . .. epigraph:: If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
+        :param bucket_name: A name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow `Amazon S3 bucket restrictions and limitations <https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html>`_ . For more information, see `Rules for naming Amazon S3 buckets <https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html>`_ in the *Amazon S3 User Guide* . .. epigraph:: If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
         :param cors_configuration: Describes the cross-origin access configuration for objects in an Amazon S3 bucket. For more information, see `Enabling Cross-Origin Resource Sharing <https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html>`_ in the *Amazon S3 User Guide* .
         :param intelligent_tiering_configurations: Defines how Amazon S3 handles Intelligent-Tiering storage.
         :param inventory_configurations: Specifies the inventory configuration for an Amazon S3 bucket. For more information, see `GET Bucket inventory <https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html>`_ in the *Amazon S3 API Reference* .
@@ -9507,7 +9508,7 @@ class CfnBucket(
             .. epigraph::
 
                - *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key ( ``aws/s3`` ) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS.
-               - *Directory buckets* - Your SSE-KMS configuration can only support 1 `customer managed key <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk>`_ per directory bucket for the lifetime of the bucket. The `AWS managed key <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk>`_ ( ``aws/s3`` ) isn't supported.
+               - *Directory buckets* - Your SSE-KMS configuration can only support 1 `customer managed key <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk>`_ per directory bucket's lifetime. The `AWS managed key <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk>`_ ( ``aws/s3`` ) isn't supported.
                - *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS.
 
             :param sse_algorithm: Server-side encryption algorithm to use for the default encryption. .. epigraph:: For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms`` .
@@ -9894,6 +9895,8 @@ class CfnBucket(
         def __init__(self, *, key: builtins.str, value: builtins.str) -> None:
             '''Specifies tags to use to identify a subset of objects for an Amazon S3 bucket.
 
+            For more information, see `Categorizing your storage using tags <https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html>`_ in the *Amazon Simple Storage Service User Guide* .
+
             :param key: The tag key.
             :param value: The tag value.
 
@@ -10512,6 +10515,13 @@ class CfnBucketPolicy(
 
        As a security precaution, the root user of the AWS account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.
 
+    When using the ``AWS::S3::BucketPolicy`` resource, you can create, update, and delete bucket policies for S3 buckets located in regions different from the stack's region. This cross-region bucket policy modification functionality is supported for backward compatibility with existing workflows.
+    .. epigraph::
+
+       If the `DeletionPolicy attribute <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html>`_ is not specified or set to ``Delete`` , the bucket policy will be removed when the stack is deleted. If set to ``Retain`` , the bucket policy will be preserved even after the stack is deleted.
+
+    For example, a CloudFormation stack in ``us-east-1`` can use the ``AWS::S3::BucketPolicy`` resource to manage the bucket policy for an S3 bucket in ``us-west-2`` . The retention or removal of the bucket policy during the stack deletion is determined by the ``DeletionPolicy`` attribute specified in the stack template.
+
     For more information, see `Bucket policy examples <https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html>`_ .
 
     The following operations are related to ``PutBucketPolicy`` :
@@ -10789,7 +10799,7 @@ class CfnBucketProps:
         :param access_control: .. epigraph:: This is a legacy property, and it is not recommended for most use cases. A majority of modern use cases in Amazon S3 no longer require the use of ACLs, and we recommend that you keep ACLs disabled. For more information, see `Controlling object ownership <https://docs.aws.amazon.com//AmazonS3/latest/userguide/about-object-ownership.html>`_ in the *Amazon S3 User Guide* . A canned access control list (ACL) that grants predefined permissions to the bucket. For more information about canned ACLs, see `Canned ACL <https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl>`_ in the *Amazon S3 User Guide* . S3 buckets are created with ACLs disabled by default. Therefore, unless you explicitly set the `AWS::S3::OwnershipControls <https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-ownershipcontrols.html>`_ property to enable ACLs, your resource will fail to deploy with any value other than Private. Use cases requiring ACLs are uncommon. The majority of access control configurations can be successfully and more easily achieved with bucket policies. For more information, see `AWS::S3::BucketPolicy <https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html>`_ . For examples of common policy configurations, including S3 Server Access Logs buckets and more, see `Bucket policy examples <https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html>`_ in the *Amazon S3 User Guide* .
         :param analytics_configurations: Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket.
         :param bucket_encryption: Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS). For information about the Amazon S3 default encryption feature, see `Amazon S3 Default Encryption for S3 Buckets <https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html>`_ in the *Amazon S3 User Guide* .
-        :param bucket_name: A name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow `Amazon S3 bucket restrictions and limitations <https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html>`_ . For more information, see `Rules for naming Amazon S3 buckets <https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html#bucketnamingrules>`_ in the *Amazon S3 User Guide* . .. epigraph:: If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
+        :param bucket_name: A name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow `Amazon S3 bucket restrictions and limitations <https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html>`_ . For more information, see `Rules for naming Amazon S3 buckets <https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html>`_ in the *Amazon S3 User Guide* . .. epigraph:: If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
         :param cors_configuration: Describes the cross-origin access configuration for objects in an Amazon S3 bucket. For more information, see `Enabling Cross-Origin Resource Sharing <https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html>`_ in the *Amazon S3 User Guide* .
         :param intelligent_tiering_configurations: Defines how Amazon S3 handles Intelligent-Tiering storage.
         :param inventory_configurations: Specifies the inventory configuration for an Amazon S3 bucket. For more information, see `GET Bucket inventory <https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html>`_ in the *Amazon S3 API Reference* .
@@ -10945,7 +10955,7 @@ class CfnBucketProps:
     def bucket_name(self) -> typing.Optional[builtins.str]:
         '''A name for the bucket.
 
-        If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow `Amazon S3 bucket restrictions and limitations <https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html>`_ . For more information, see `Rules for naming Amazon S3 buckets <https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html#bucketnamingrules>`_ in the *Amazon S3 User Guide* .
+        If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow `Amazon S3 bucket restrictions and limitations <https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html>`_ . For more information, see `Rules for naming Amazon S3 buckets <https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html>`_ in the *Amazon S3 User Guide* .
         .. epigraph::
 
            If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.

aws_cdk/aws_s3express/__init__.py

@@ -82,7 +82,7 @@ class CfnBucketPolicy(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_s3express.CfnBucketPolicy",
 ):
-    '''Applies an Amazon S3 bucket policy to an Amazon S3 directory bucket.
+    '''The ``AWS::S3Express::BucketPolicy`` resource defines an Amazon S3 bucket policy to an Amazon S3 directory bucket.
 
     - **Permissions** - If you are using an identity other than the root user of the AWS account that owns the bucket, the calling identity must both have the required permissions on the specified bucket and belong to the bucket owner's account in order to use this operation. For more information about directory bucket policies and permissions, see `AWS Identity and Access Management (IAM) for S3 Express One Zone <https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html>`_ in the *Amazon S3 User Guide* .
 
@@ -295,7 +295,7 @@ class CfnDirectoryBucket(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_s3express.CfnDirectoryBucket",
 ):
-    '''The ``AWS::S3Express::DirectoryBucket`` resource creates an Amazon S3 directory bucket in the same AWS Region where you create the AWS CloudFormation stack.
+    '''The ``AWS::S3Express::DirectoryBucket`` resource defines an Amazon S3 directory bucket in the same AWS Region where you create the AWS CloudFormation stack.
 
     To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to *retain* the bucket or to *delete* the bucket. For more information, see `DeletionPolicy attribute <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html>`_ .
     .. epigraph::
@@ -390,7 +390,7 @@ class CfnDirectoryBucket(
         :param data_redundancy: The number of Zone (Availability Zone or Local Zone) that's used for redundancy for the bucket.
         :param location_name: The name of the location where the bucket will be created. For directory buckets, the name of the location is the Zone ID of the Availability Zone (AZ) or Local Zone (LZ) where the bucket will be created. An example AZ ID value is ``usw2-az1`` .
         :param bucket_encryption: Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS). For information about default encryption for directory buckets, see `Setting and monitoring default encryption for directory buckets <https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html>`_ in the *Amazon S3 User Guide* .
-        :param bucket_name: A name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone. The bucket name must also follow the format ``*bucket_base_name* -- *az_id* --x-s3`` (for example, ``*bucket_base_name* -- *usw2-az1* --x-s3`` ). If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. For information about bucket naming restrictions, see `Directory bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html>`_ in the *Amazon S3 User Guide* . .. epigraph:: If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
+        :param bucket_name: A name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Zone (Availability Zone or Local Zone). The bucket name must also follow the format ``*bucket_base_name* -- *zone_id* --x-s3`` (for example, ``*bucket_base_name* -- *usw2-az1* --x-s3`` ). If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. For information about bucket naming restrictions, see `Directory bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html>`_ in the *Amazon S3 User Guide* . .. epigraph:: If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
         :param lifecycle_configuration: Container for lifecycle rules. You can add as many as 1000 rules. For more information see, `Creating and managing a lifecycle configuration for directory buckets <https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-lifecycle.html>`_ in the *Amazon S3 User Guide* .
         '''
         if __debug__:
@@ -451,9 +451,9 @@ class CfnDirectoryBucket(
     @builtins.property
     @jsii.member(jsii_name="attrAvailabilityZoneName")
     def attr_availability_zone_name(self) -> builtins.str:
-        '''Returns the code for the Availability Zone where the directory bucket was created.
+        '''Returns the code for the Availability Zone or the Local Zone where the directory bucket was created.
 
-        Example: *us-east-1f*
+        Example value for an Availability Zone code: *us-east-1f*
         .. epigraph::
 
            An Availability Zone code might not represent the same physical location for different AWS accounts. For more information, see `Availability Zones and Regions <https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Endpoints.html>`_ in the *Amazon S3 User Guide* .
@@ -1130,7 +1130,7 @@ class CfnDirectoryBucketProps:
         :param data_redundancy: The number of Zone (Availability Zone or Local Zone) that's used for redundancy for the bucket.
         :param location_name: The name of the location where the bucket will be created. For directory buckets, the name of the location is the Zone ID of the Availability Zone (AZ) or Local Zone (LZ) where the bucket will be created. An example AZ ID value is ``usw2-az1`` .
         :param bucket_encryption: Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS). For information about default encryption for directory buckets, see `Setting and monitoring default encryption for directory buckets <https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html>`_ in the *Amazon S3 User Guide* .
-        :param bucket_name: A name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone. The bucket name must also follow the format ``*bucket_base_name* -- *az_id* --x-s3`` (for example, ``*bucket_base_name* -- *usw2-az1* --x-s3`` ). If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. For information about bucket naming restrictions, see `Directory bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html>`_ in the *Amazon S3 User Guide* . .. epigraph:: If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
+        :param bucket_name: A name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Zone (Availability Zone or Local Zone). The bucket name must also follow the format ``*bucket_base_name* -- *zone_id* --x-s3`` (for example, ``*bucket_base_name* -- *usw2-az1* --x-s3`` ). If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. For information about bucket naming restrictions, see `Directory bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html>`_ in the *Amazon S3 User Guide* . .. epigraph:: If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
         :param lifecycle_configuration: Container for lifecycle rules. You can add as many as 1000 rules. For more information see, `Creating and managing a lifecycle configuration for directory buckets <https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-lifecycle.html>`_ in the *Amazon S3 User Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3express-directorybucket.html
@@ -1233,7 +1233,7 @@ class CfnDirectoryBucketProps:
     def bucket_name(self) -> typing.Optional[builtins.str]:
         '''A name for the bucket.
 
-        The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone. The bucket name must also follow the format ``*bucket_base_name* -- *az_id* --x-s3`` (for example, ``*bucket_base_name* -- *usw2-az1* --x-s3`` ). If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. For information about bucket naming restrictions, see `Directory bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html>`_ in the *Amazon S3 User Guide* .
+        The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Zone (Availability Zone or Local Zone). The bucket name must also follow the format ``*bucket_base_name* -- *zone_id* --x-s3`` (for example, ``*bucket_base_name* -- *usw2-az1* --x-s3`` ). If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. For information about bucket naming restrictions, see `Directory bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html>`_ in the *Amazon S3 User Guide* .
         .. epigraph::
 
            If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.