aws-cdk-lib 2.174.0__py3-none-any.whl → 2.174.1__py3-none-any.whl

aws_cdk/aws_dms/__init__.py

@@ -1281,11 +1281,11 @@ class CfnDataProvider(
             certificate_arn: typing.Optional[builtins.str] = None,
             ssl_mode: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''DocDbSettings property identifier.
+            '''Provides information that defines a DocumentDB endpoint.
 
-            :param database_name: 
-            :param port: 
-            :param server_name: 
+            :param database_name: The database name on the DocumentDB source endpoint.
+            :param port: The port value for the DocumentDB source endpoint.
+            :param server_name: The name of the server on the DocumentDB source endpoint.
             :param certificate_arn: 
             :param ssl_mode: 
 
@@ -1327,7 +1327,8 @@ class CfnDataProvider(
 
         @builtins.property
         def database_name(self) -> builtins.str:
-            '''
+            '''The database name on the DocumentDB source endpoint.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-dataprovider-docdbsettings.html#cfn-dms-dataprovider-docdbsettings-databasename
             '''
             result = self._values.get("database_name")
@@ -1336,7 +1337,8 @@ class CfnDataProvider(
 
         @builtins.property
         def port(self) -> jsii.Number:
-            '''
+            '''The port value for the DocumentDB source endpoint.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-dataprovider-docdbsettings.html#cfn-dms-dataprovider-docdbsettings-port
             '''
             result = self._values.get("port")
@@ -1345,7 +1347,8 @@ class CfnDataProvider(
 
         @builtins.property
         def server_name(self) -> builtins.str:
-            '''
+            '''The name of the server on the DocumentDB source endpoint.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-dataprovider-docdbsettings.html#cfn-dms-dataprovider-docdbsettings-servername
             '''
             result = self._values.get("server_name")
@@ -1634,15 +1637,15 @@ class CfnDataProvider(
             database_name: typing.Optional[builtins.str] = None,
             ssl_mode: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''MongoDbSettings property identifier.
+            '''Provides information that defines a MongoDB endpoint.
 
-            :param port: 
-            :param server_name: 
-            :param auth_mechanism: 
-            :param auth_source: 
-            :param auth_type: 
+            :param port: The port value for the MongoDB source endpoint.
+            :param server_name: The name of the server on the MongoDB source endpoint. For MongoDB Atlas, provide the server name for any of the servers in the replication set.
+            :param auth_mechanism: The authentication mechanism you use to access the MongoDB source endpoint. For the default value, in MongoDB version 2.x, ``"default"`` is ``"mongodb_cr"`` . For MongoDB version 3.x or later, ``"default"`` is ``"scram_sha_1"`` . This setting isn't used when ``AuthType`` is set to ``"no"`` .
+            :param auth_source: The MongoDB database name. This setting isn't used when ``AuthType`` is set to ``"no"`` . The default is ``"admin"`` .
+            :param auth_type: The authentication type you use to access the MongoDB source endpoint. When when set to ``"no"`` , user name and password parameters are not used and can be empty.
             :param certificate_arn: 
-            :param database_name: 
+            :param database_name: The database name on the MongoDB source endpoint.
             :param ssl_mode: 
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-dataprovider-mongodbsettings.html
@@ -1696,7 +1699,8 @@ class CfnDataProvider(
 
         @builtins.property
         def port(self) -> jsii.Number:
-            '''
+            '''The port value for the MongoDB source endpoint.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-dataprovider-mongodbsettings.html#cfn-dms-dataprovider-mongodbsettings-port
             '''
             result = self._values.get("port")
@@ -1705,7 +1709,10 @@ class CfnDataProvider(
 
         @builtins.property
         def server_name(self) -> builtins.str:
-            '''
+            '''The name of the server on the MongoDB source endpoint.
+
+            For MongoDB Atlas, provide the server name for any of the servers in the replication set.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-dataprovider-mongodbsettings.html#cfn-dms-dataprovider-mongodbsettings-servername
             '''
             result = self._values.get("server_name")
@@ -1714,7 +1721,10 @@ class CfnDataProvider(
 
         @builtins.property
         def auth_mechanism(self) -> typing.Optional[builtins.str]:
-            '''
+            '''The authentication mechanism you use to access the MongoDB source endpoint.
+
+            For the default value, in MongoDB version 2.x, ``"default"`` is ``"mongodb_cr"`` . For MongoDB version 3.x or later, ``"default"`` is ``"scram_sha_1"`` . This setting isn't used when ``AuthType`` is set to ``"no"`` .
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-dataprovider-mongodbsettings.html#cfn-dms-dataprovider-mongodbsettings-authmechanism
             '''
             result = self._values.get("auth_mechanism")
@@ -1722,7 +1732,10 @@ class CfnDataProvider(
 
         @builtins.property
         def auth_source(self) -> typing.Optional[builtins.str]:
-            '''
+            '''The MongoDB database name. This setting isn't used when ``AuthType`` is set to ``"no"`` .
+
+            The default is ``"admin"`` .
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-dataprovider-mongodbsettings.html#cfn-dms-dataprovider-mongodbsettings-authsource
             '''
             result = self._values.get("auth_source")
@@ -1730,7 +1743,10 @@ class CfnDataProvider(
 
         @builtins.property
         def auth_type(self) -> typing.Optional[builtins.str]:
-            '''
+            '''The authentication type you use to access the MongoDB source endpoint.
+
+            When when set to ``"no"`` , user name and password parameters are not used and can be empty.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-dataprovider-mongodbsettings.html#cfn-dms-dataprovider-mongodbsettings-authtype
             '''
             result = self._values.get("auth_type")
@@ -1746,7 +1762,8 @@ class CfnDataProvider(
 
         @builtins.property
         def database_name(self) -> typing.Optional[builtins.str]:
-            '''
+            '''The database name on the MongoDB source endpoint.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-dataprovider-mongodbsettings.html#cfn-dms-dataprovider-mongodbsettings-databasename
             '''
             result = self._values.get("database_name")
@@ -2243,11 +2260,11 @@ class CfnDataProvider(
             port: jsii.Number,
             server_name: builtins.str,
         ) -> None:
-            '''RedshiftSettings property identifier.
+            '''Provides information that defines an Amazon Redshift endpoint.
 
-            :param database_name: 
-            :param port: 
-            :param server_name: 
+            :param database_name: The name of the Amazon Redshift data warehouse (service) that you are working with.
+            :param port: The port number for Amazon Redshift. The default value is 5439.
+            :param server_name: The name of the Amazon Redshift cluster you are using.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-dataprovider-redshiftsettings.html
             :exampleMetadata: fixture=_generated
@@ -2277,7 +2294,8 @@ class CfnDataProvider(
 
         @builtins.property
         def database_name(self) -> builtins.str:
-            '''
+            '''The name of the Amazon Redshift data warehouse (service) that you are working with.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-dataprovider-redshiftsettings.html#cfn-dms-dataprovider-redshiftsettings-databasename
             '''
             result = self._values.get("database_name")
@@ -2286,7 +2304,10 @@ class CfnDataProvider(
 
         @builtins.property
         def port(self) -> jsii.Number:
-            '''
+            '''The port number for Amazon Redshift.
+
+            The default value is 5439.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-dataprovider-redshiftsettings.html#cfn-dms-dataprovider-redshiftsettings-port
             '''
             result = self._values.get("port")
@@ -2295,7 +2316,8 @@ class CfnDataProvider(
 
         @builtins.property
         def server_name(self) -> builtins.str:
-            '''
+            '''The name of the Amazon Redshift cluster you are using.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-dataprovider-redshiftsettings.html#cfn-dms-dataprovider-redshiftsettings-servername
             '''
             result = self._values.get("server_name")

aws_cdk/aws_docdb/__init__.py

@@ -567,13 +567,16 @@ class CfnDBCluster(
             enable_cloudwatch_logs_exports=["enableCloudwatchLogsExports"],
             engine_version="engineVersion",
             kms_key_id="kmsKeyId",
+            manage_master_user_password=False,
             master_username="masterUsername",
             master_user_password="masterUserPassword",
+            master_user_secret_kms_key_id="masterUserSecretKmsKeyId",
             port=123,
             preferred_backup_window="preferredBackupWindow",
             preferred_maintenance_window="preferredMaintenanceWindow",
             restore_to_time="restoreToTime",
             restore_type="restoreType",
+            rotate_master_user_password=False,
             serverless_v2_scaling_configuration=docdb.CfnDBCluster.ServerlessV2ScalingConfigurationProperty(
                 max_capacity=123,
                 min_capacity=123
@@ -606,13 +609,16 @@ class CfnDBCluster(
         enable_cloudwatch_logs_exports: typing.Optional[typing.Sequence[builtins.str]] = None,
         engine_version: typing.Optional[builtins.str] = None,
         kms_key_id: typing.Optional[builtins.str] = None,
+        manage_master_user_password: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         master_username: typing.Optional[builtins.str] = None,
         master_user_password: typing.Optional[builtins.str] = None,
+        master_user_secret_kms_key_id: typing.Optional[builtins.str] = None,
         port: typing.Optional[jsii.Number] = None,
         preferred_backup_window: typing.Optional[builtins.str] = None,
         preferred_maintenance_window: typing.Optional[builtins.str] = None,
         restore_to_time: typing.Optional[builtins.str] = None,
         restore_type: typing.Optional[builtins.str] = None,
+        rotate_master_user_password: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         serverless_v2_scaling_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnDBCluster.ServerlessV2ScalingConfigurationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         snapshot_identifier: typing.Optional[builtins.str] = None,
         source_db_cluster_identifier: typing.Optional[builtins.str] = None,
@@ -635,13 +641,16 @@ class CfnDBCluster(
         :param enable_cloudwatch_logs_exports: The list of log types that need to be enabled for exporting to Amazon CloudWatch Logs. You can enable audit logs or profiler logs. For more information, see `Auditing Amazon DocumentDB Events <https://docs.aws.amazon.com/documentdb/latest/developerguide/event-auditing.html>`_ and `Profiling Amazon DocumentDB Operations <https://docs.aws.amazon.com/documentdb/latest/developerguide/profiling.html>`_ .
         :param engine_version: The version number of the database engine to use. The ``--engine-version`` will default to the latest major engine version. For production workloads, we recommend explicitly declaring this parameter with the intended major engine version. Changing the ``EngineVersion`` will start an in-place engine version upgrade. Note that in-place engine version upgrade will cause downtime in the cluster. See `Amazon DocumentDB in-place major version upgrade <https://docs.aws.amazon.com/documentdb/latest/developerguide/docdb-mvu.html>`_ before starting an in-place engine version upgrade.
         :param kms_key_id: The AWS KMS key identifier for an encrypted cluster. The AWS KMS key identifier is the Amazon Resource Name (ARN) for the AWS KMS encryption key. If you are creating a cluster using the same AWS account that owns the AWS KMS encryption key that is used to encrypt the new cluster, you can use the AWS KMS key alias instead of the ARN for the AWS KMS encryption key. If an encryption key is not specified in ``KmsKeyId`` : - If the ``StorageEncrypted`` parameter is ``true`` , Amazon DocumentDB uses your default encryption key. AWS KMS creates the default encryption key for your AWS account . Your AWS account has a different default encryption key for each AWS Regions .
+        :param manage_master_user_password: 
         :param master_username: The name of the master user for the cluster. Constraints: - Must be from 1 to 63 letters or numbers. - The first character must be a letter. - Cannot be a reserved word for the chosen database engine.
         :param master_user_password: The password for the master database user. This password can contain any printable ASCII character except forward slash (/), double quote ("), or the "at" symbol (@). Constraints: Must contain from 8 to 100 characters.
+        :param master_user_secret_kms_key_id: 
         :param port: Specifies the port that the database engine is listening on.
         :param preferred_backup_window: The daily time range during which automated backups are created if automated backups are enabled using the ``BackupRetentionPeriod`` parameter. The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region . Constraints: - Must be in the format ``hh24:mi-hh24:mi`` . - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes.
         :param preferred_maintenance_window: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ``ddd:hh24:mi-ddd:hh24:mi`` The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region , occurring on a random day of the week. Valid days: Mon, Tue, Wed, Thu, Fri, Sat, Sun Constraints: Minimum 30-minute window.
         :param restore_to_time: The date and time to restore the cluster to. Valid values: A time in Universal Coordinated Time (UTC) format. Constraints: - Must be before the latest restorable time for the instance. - Must be specified if the ``UseLatestRestorableTime`` parameter is not provided. - Cannot be specified if the ``UseLatestRestorableTime`` parameter is ``true`` . - Cannot be specified if the ``RestoreType`` parameter is ``copy-on-write`` . Example: ``2015-03-07T23:45:00Z``
         :param restore_type: The type of restore to be performed. You can specify one of the following values:. - ``full-copy`` - The new DB cluster is restored as a full copy of the source DB cluster. - ``copy-on-write`` - The new DB cluster is restored as a clone of the source DB cluster. Constraints: You can't specify ``copy-on-write`` if the engine version of the source DB cluster is earlier than 1.11. If you don't specify a ``RestoreType`` value, then the new DB cluster is restored as a full copy of the source DB cluster.
+        :param rotate_master_user_password: 
         :param serverless_v2_scaling_configuration: 
         :param snapshot_identifier: The identifier for the snapshot or cluster snapshot to restore from. You can use either the name or the Amazon Resource Name (ARN) to specify a cluster snapshot. However, you can use only the ARN to specify a snapshot. Constraints: - Must match the identifier of an existing snapshot.
         :param source_db_cluster_identifier: The identifier of the source cluster from which to restore. Constraints: - Must match the identifier of an existing ``DBCluster`` .
@@ -666,13 +675,16 @@ class CfnDBCluster(
             enable_cloudwatch_logs_exports=enable_cloudwatch_logs_exports,
             engine_version=engine_version,
             kms_key_id=kms_key_id,
+            manage_master_user_password=manage_master_user_password,
             master_username=master_username,
             master_user_password=master_user_password,
+            master_user_secret_kms_key_id=master_user_secret_kms_key_id,
             port=port,
             preferred_backup_window=preferred_backup_window,
             preferred_maintenance_window=preferred_maintenance_window,
             restore_to_time=restore_to_time,
             restore_type=restore_type,
+            rotate_master_user_password=rotate_master_user_password,
             serverless_v2_scaling_configuration=serverless_v2_scaling_configuration,
             snapshot_identifier=snapshot_identifier,
             source_db_cluster_identifier=source_db_cluster_identifier,
@@ -933,6 +945,23 @@ class CfnDBCluster(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "kmsKeyId", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="manageMasterUserPassword")
+    def manage_master_user_password(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "manageMasterUserPassword"))
+
+    @manage_master_user_password.setter
+    def manage_master_user_password(
+        self,
+        value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__cdcd3cca26349ee0c4a653267f8614c14cebb3b1c16af84aa9d85681fe2b07dd)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "manageMasterUserPassword", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="masterUsername")
     def master_username(self) -> typing.Optional[builtins.str]:
@@ -959,6 +988,21 @@ class CfnDBCluster(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "masterUserPassword", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="masterUserSecretKmsKeyId")
+    def master_user_secret_kms_key_id(self) -> typing.Optional[builtins.str]:
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "masterUserSecretKmsKeyId"))
+
+    @master_user_secret_kms_key_id.setter
+    def master_user_secret_kms_key_id(
+        self,
+        value: typing.Optional[builtins.str],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__3a1df2c9ac1f613c512469d693487a300c74230885d5e260bf5ada30155d14d7)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "masterUserSecretKmsKeyId", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="port")
     def port(self) -> typing.Optional[jsii.Number]:
@@ -1030,6 +1074,23 @@ class CfnDBCluster(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "restoreType", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="rotateMasterUserPassword")
+    def rotate_master_user_password(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "rotateMasterUserPassword"))
+
+    @rotate_master_user_password.setter
+    def rotate_master_user_password(
+        self,
+        value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__8a962178d061c1e3b6b6e4c04690d1515176ca035477d280a9ddaee831ed19ae)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "rotateMasterUserPassword", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="serverlessV2ScalingConfiguration")
     def serverless_v2_scaling_configuration(
@@ -1567,13 +1628,16 @@ class CfnDBClusterParameterGroupProps:
         "enable_cloudwatch_logs_exports": "enableCloudwatchLogsExports",
         "engine_version": "engineVersion",
         "kms_key_id": "kmsKeyId",
+        "manage_master_user_password": "manageMasterUserPassword",
         "master_username": "masterUsername",
         "master_user_password": "masterUserPassword",
+        "master_user_secret_kms_key_id": "masterUserSecretKmsKeyId",
         "port": "port",
         "preferred_backup_window": "preferredBackupWindow",
         "preferred_maintenance_window": "preferredMaintenanceWindow",
         "restore_to_time": "restoreToTime",
         "restore_type": "restoreType",
+        "rotate_master_user_password": "rotateMasterUserPassword",
         "serverless_v2_scaling_configuration": "serverlessV2ScalingConfiguration",
         "snapshot_identifier": "snapshotIdentifier",
         "source_db_cluster_identifier": "sourceDbClusterIdentifier",
@@ -1598,13 +1662,16 @@ class CfnDBClusterProps:
         enable_cloudwatch_logs_exports: typing.Optional[typing.Sequence[builtins.str]] = None,
         engine_version: typing.Optional[builtins.str] = None,
         kms_key_id: typing.Optional[builtins.str] = None,
+        manage_master_user_password: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         master_username: typing.Optional[builtins.str] = None,
         master_user_password: typing.Optional[builtins.str] = None,
+        master_user_secret_kms_key_id: typing.Optional[builtins.str] = None,
         port: typing.Optional[jsii.Number] = None,
         preferred_backup_window: typing.Optional[builtins.str] = None,
         preferred_maintenance_window: typing.Optional[builtins.str] = None,
         restore_to_time: typing.Optional[builtins.str] = None,
         restore_type: typing.Optional[builtins.str] = None,
+        rotate_master_user_password: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         serverless_v2_scaling_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDBCluster.ServerlessV2ScalingConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         snapshot_identifier: typing.Optional[builtins.str] = None,
         source_db_cluster_identifier: typing.Optional[builtins.str] = None,
@@ -1626,13 +1693,16 @@ class CfnDBClusterProps:
         :param enable_cloudwatch_logs_exports: The list of log types that need to be enabled for exporting to Amazon CloudWatch Logs. You can enable audit logs or profiler logs. For more information, see `Auditing Amazon DocumentDB Events <https://docs.aws.amazon.com/documentdb/latest/developerguide/event-auditing.html>`_ and `Profiling Amazon DocumentDB Operations <https://docs.aws.amazon.com/documentdb/latest/developerguide/profiling.html>`_ .
         :param engine_version: The version number of the database engine to use. The ``--engine-version`` will default to the latest major engine version. For production workloads, we recommend explicitly declaring this parameter with the intended major engine version. Changing the ``EngineVersion`` will start an in-place engine version upgrade. Note that in-place engine version upgrade will cause downtime in the cluster. See `Amazon DocumentDB in-place major version upgrade <https://docs.aws.amazon.com/documentdb/latest/developerguide/docdb-mvu.html>`_ before starting an in-place engine version upgrade.
         :param kms_key_id: The AWS KMS key identifier for an encrypted cluster. The AWS KMS key identifier is the Amazon Resource Name (ARN) for the AWS KMS encryption key. If you are creating a cluster using the same AWS account that owns the AWS KMS encryption key that is used to encrypt the new cluster, you can use the AWS KMS key alias instead of the ARN for the AWS KMS encryption key. If an encryption key is not specified in ``KmsKeyId`` : - If the ``StorageEncrypted`` parameter is ``true`` , Amazon DocumentDB uses your default encryption key. AWS KMS creates the default encryption key for your AWS account . Your AWS account has a different default encryption key for each AWS Regions .
+        :param manage_master_user_password: 
         :param master_username: The name of the master user for the cluster. Constraints: - Must be from 1 to 63 letters or numbers. - The first character must be a letter. - Cannot be a reserved word for the chosen database engine.
         :param master_user_password: The password for the master database user. This password can contain any printable ASCII character except forward slash (/), double quote ("), or the "at" symbol (@). Constraints: Must contain from 8 to 100 characters.
+        :param master_user_secret_kms_key_id: 
         :param port: Specifies the port that the database engine is listening on.
         :param preferred_backup_window: The daily time range during which automated backups are created if automated backups are enabled using the ``BackupRetentionPeriod`` parameter. The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region . Constraints: - Must be in the format ``hh24:mi-hh24:mi`` . - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes.
         :param preferred_maintenance_window: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ``ddd:hh24:mi-ddd:hh24:mi`` The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region , occurring on a random day of the week. Valid days: Mon, Tue, Wed, Thu, Fri, Sat, Sun Constraints: Minimum 30-minute window.
         :param restore_to_time: The date and time to restore the cluster to. Valid values: A time in Universal Coordinated Time (UTC) format. Constraints: - Must be before the latest restorable time for the instance. - Must be specified if the ``UseLatestRestorableTime`` parameter is not provided. - Cannot be specified if the ``UseLatestRestorableTime`` parameter is ``true`` . - Cannot be specified if the ``RestoreType`` parameter is ``copy-on-write`` . Example: ``2015-03-07T23:45:00Z``
         :param restore_type: The type of restore to be performed. You can specify one of the following values:. - ``full-copy`` - The new DB cluster is restored as a full copy of the source DB cluster. - ``copy-on-write`` - The new DB cluster is restored as a clone of the source DB cluster. Constraints: You can't specify ``copy-on-write`` if the engine version of the source DB cluster is earlier than 1.11. If you don't specify a ``RestoreType`` value, then the new DB cluster is restored as a full copy of the source DB cluster.
+        :param rotate_master_user_password: 
         :param serverless_v2_scaling_configuration: 
         :param snapshot_identifier: The identifier for the snapshot or cluster snapshot to restore from. You can use either the name or the Amazon Resource Name (ARN) to specify a cluster snapshot. However, you can use only the ARN to specify a snapshot. Constraints: - Must match the identifier of an existing snapshot.
         :param source_db_cluster_identifier: The identifier of the source cluster from which to restore. Constraints: - Must match the identifier of an existing ``DBCluster`` .
@@ -1662,13 +1732,16 @@ class CfnDBClusterProps:
                 enable_cloudwatch_logs_exports=["enableCloudwatchLogsExports"],
                 engine_version="engineVersion",
                 kms_key_id="kmsKeyId",
+                manage_master_user_password=False,
                 master_username="masterUsername",
                 master_user_password="masterUserPassword",
+                master_user_secret_kms_key_id="masterUserSecretKmsKeyId",
                 port=123,
                 preferred_backup_window="preferredBackupWindow",
                 preferred_maintenance_window="preferredMaintenanceWindow",
                 restore_to_time="restoreToTime",
                 restore_type="restoreType",
+                rotate_master_user_password=False,
                 serverless_v2_scaling_configuration=docdb.CfnDBCluster.ServerlessV2ScalingConfigurationProperty(
                     max_capacity=123,
                     min_capacity=123
@@ -1697,13 +1770,16 @@ class CfnDBClusterProps:
             check_type(argname="argument enable_cloudwatch_logs_exports", value=enable_cloudwatch_logs_exports, expected_type=type_hints["enable_cloudwatch_logs_exports"])
             check_type(argname="argument engine_version", value=engine_version, expected_type=type_hints["engine_version"])
             check_type(argname="argument kms_key_id", value=kms_key_id, expected_type=type_hints["kms_key_id"])
+            check_type(argname="argument manage_master_user_password", value=manage_master_user_password, expected_type=type_hints["manage_master_user_password"])
             check_type(argname="argument master_username", value=master_username, expected_type=type_hints["master_username"])
             check_type(argname="argument master_user_password", value=master_user_password, expected_type=type_hints["master_user_password"])
+            check_type(argname="argument master_user_secret_kms_key_id", value=master_user_secret_kms_key_id, expected_type=type_hints["master_user_secret_kms_key_id"])
             check_type(argname="argument port", value=port, expected_type=type_hints["port"])
             check_type(argname="argument preferred_backup_window", value=preferred_backup_window, expected_type=type_hints["preferred_backup_window"])
             check_type(argname="argument preferred_maintenance_window", value=preferred_maintenance_window, expected_type=type_hints["preferred_maintenance_window"])
             check_type(argname="argument restore_to_time", value=restore_to_time, expected_type=type_hints["restore_to_time"])
             check_type(argname="argument restore_type", value=restore_type, expected_type=type_hints["restore_type"])
+            check_type(argname="argument rotate_master_user_password", value=rotate_master_user_password, expected_type=type_hints["rotate_master_user_password"])
             check_type(argname="argument serverless_v2_scaling_configuration", value=serverless_v2_scaling_configuration, expected_type=type_hints["serverless_v2_scaling_configuration"])
             check_type(argname="argument snapshot_identifier", value=snapshot_identifier, expected_type=type_hints["snapshot_identifier"])
             check_type(argname="argument source_db_cluster_identifier", value=source_db_cluster_identifier, expected_type=type_hints["source_db_cluster_identifier"])
@@ -1733,10 +1809,14 @@ class CfnDBClusterProps:
             self._values["engine_version"] = engine_version
         if kms_key_id is not None:
             self._values["kms_key_id"] = kms_key_id
+        if manage_master_user_password is not None:
+            self._values["manage_master_user_password"] = manage_master_user_password
         if master_username is not None:
             self._values["master_username"] = master_username
         if master_user_password is not None:
             self._values["master_user_password"] = master_user_password
+        if master_user_secret_kms_key_id is not None:
+            self._values["master_user_secret_kms_key_id"] = master_user_secret_kms_key_id
         if port is not None:
             self._values["port"] = port
         if preferred_backup_window is not None:
@@ -1747,6 +1827,8 @@ class CfnDBClusterProps:
             self._values["restore_to_time"] = restore_to_time
         if restore_type is not None:
             self._values["restore_type"] = restore_type
+        if rotate_master_user_password is not None:
+            self._values["rotate_master_user_password"] = rotate_master_user_password
         if serverless_v2_scaling_configuration is not None:
             self._values["serverless_v2_scaling_configuration"] = serverless_v2_scaling_configuration
         if snapshot_identifier is not None:
@@ -1896,6 +1978,16 @@ class CfnDBClusterProps:
         result = self._values.get("kms_key_id")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def manage_master_user_password(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        '''
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-docdb-dbcluster.html#cfn-docdb-dbcluster-managemasteruserpassword
+        '''
+        result = self._values.get("manage_master_user_password")
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
+
     @builtins.property
     def master_username(self) -> typing.Optional[builtins.str]:
         '''The name of the master user for the cluster.
@@ -1924,6 +2016,14 @@ class CfnDBClusterProps:
         result = self._values.get("master_user_password")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def master_user_secret_kms_key_id(self) -> typing.Optional[builtins.str]:
+        '''
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-docdb-dbcluster.html#cfn-docdb-dbcluster-masterusersecretkmskeyid
+        '''
+        result = self._values.get("master_user_secret_kms_key_id")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def port(self) -> typing.Optional[jsii.Number]:
         '''Specifies the port that the database engine is listening on.
@@ -2004,6 +2104,16 @@ class CfnDBClusterProps:
         result = self._values.get("restore_type")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def rotate_master_user_password(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        '''
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-docdb-dbcluster.html#cfn-docdb-dbcluster-rotatemasteruserpassword
+        '''
+        result = self._values.get("rotate_master_user_password")
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
+
     @builtins.property
     def serverless_v2_scaling_configuration(
         self,
@@ -5701,13 +5811,16 @@ def _typecheckingstub__7db61dc80f26049d79a38255d8a0b3abaf4b5019d7cbed64c937ec0f3
     enable_cloudwatch_logs_exports: typing.Optional[typing.Sequence[builtins.str]] = None,
     engine_version: typing.Optional[builtins.str] = None,
     kms_key_id: typing.Optional[builtins.str] = None,
+    manage_master_user_password: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     master_username: typing.Optional[builtins.str] = None,
     master_user_password: typing.Optional[builtins.str] = None,
+    master_user_secret_kms_key_id: typing.Optional[builtins.str] = None,
     port: typing.Optional[jsii.Number] = None,
     preferred_backup_window: typing.Optional[builtins.str] = None,
     preferred_maintenance_window: typing.Optional[builtins.str] = None,
     restore_to_time: typing.Optional[builtins.str] = None,
     restore_type: typing.Optional[builtins.str] = None,
+    rotate_master_user_password: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     serverless_v2_scaling_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDBCluster.ServerlessV2ScalingConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     snapshot_identifier: typing.Optional[builtins.str] = None,
     source_db_cluster_identifier: typing.Optional[builtins.str] = None,
@@ -5792,6 +5905,12 @@ def _typecheckingstub__03e9375b32d036932973e964a270516d21d155bd0db4369d824ccb7e7
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__cdcd3cca26349ee0c4a653267f8614c14cebb3b1c16af84aa9d85681fe2b07dd(
+    value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__c07cdadbef8a45e2db19e8559d89c8cec47c9d2d698c3fc441a996847907dfc0(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -5804,6 +5923,12 @@ def _typecheckingstub__e2998c76e0321a3f0bc1fe35b15ded5ba4f630cb6e5e7519736bf7455
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__3a1df2c9ac1f613c512469d693487a300c74230885d5e260bf5ada30155d14d7(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__a09b878a6d8b852d7eb17f26dcd8f718779776e12f67987303b1e944b3a40516(
     value: typing.Optional[jsii.Number],
 ) -> None:
@@ -5834,6 +5959,12 @@ def _typecheckingstub__43c278d2c39f8d3f098ad2320789939b448b2958965646678cb8dd9f2
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__8a962178d061c1e3b6b6e4c04690d1515176ca035477d280a9ddaee831ed19ae(
+    value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__f23cec17e6d5a308bc97faa6c2e987d67b01e77f99c6ad20b6019114adb90e97(
     value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnDBCluster.ServerlessV2ScalingConfigurationProperty]],
 ) -> None:
@@ -5968,13 +6099,16 @@ def _typecheckingstub__9e1a4213f95bc5df31b056bdc5858ecdc49954b349d7a647b8775edf5
     enable_cloudwatch_logs_exports: typing.Optional[typing.Sequence[builtins.str]] = None,
     engine_version: typing.Optional[builtins.str] = None,
     kms_key_id: typing.Optional[builtins.str] = None,
+    manage_master_user_password: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     master_username: typing.Optional[builtins.str] = None,
     master_user_password: typing.Optional[builtins.str] = None,
+    master_user_secret_kms_key_id: typing.Optional[builtins.str] = None,
     port: typing.Optional[jsii.Number] = None,
     preferred_backup_window: typing.Optional[builtins.str] = None,
     preferred_maintenance_window: typing.Optional[builtins.str] = None,
     restore_to_time: typing.Optional[builtins.str] = None,
     restore_type: typing.Optional[builtins.str] = None,
+    rotate_master_user_password: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     serverless_v2_scaling_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDBCluster.ServerlessV2ScalingConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     snapshot_identifier: typing.Optional[builtins.str] = None,
     source_db_cluster_identifier: typing.Optional[builtins.str] = None,