aws-cdk-lib 2.176.0__py3-none-any.whl → 2.178.0__py3-none-any.whl

aws_cdk/aws_ec2/__init__.py

@@ -476,7 +476,7 @@ DatabaseSubnet3   |`ISOLATED`|`10.0.6.32/28`|#3|Only routes within the VPC
 
 #### Dual Stack Configurations
 
-Here is a break down of IPv4 and IPv6 specifc `subnetConfiguration` properties in a dual stack VPC:
+Here is a break down of IPv4 and IPv6 specific `subnetConfiguration` properties in a dual stack VPC:
 
 ```python
 vpc = ec2.Vpc(self, "TheVPC",
@@ -5623,7 +5623,7 @@ class BlockDeviceVolume(
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "virtualName"))
 
 
-@jsii.implements(_IInspectable_c2943556)
+@jsii.implements(_IInspectable_c2943556, _ITaggableV2_4e6798f8)
 class CfnCapacityReservation(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
@@ -5644,12 +5644,13 @@ class CfnCapacityReservation(
         from aws_cdk import aws_ec2 as ec2
         
         cfn_capacity_reservation = ec2.CfnCapacityReservation(self, "MyCfnCapacityReservation",
-            availability_zone="availabilityZone",
             instance_count=123,
             instance_platform="instancePlatform",
             instance_type="instanceType",
         
             # the properties below are optional
+            availability_zone="availabilityZone",
+            availability_zone_id="availabilityZoneId",
             ebs_optimized=False,
             end_date="endDate",
             end_date_type="endDateType",
@@ -5674,10 +5675,11 @@ class CfnCapacityReservation(
         scope: _constructs_77d1e7e8.Construct,
         id: builtins.str,
         *,
-        availability_zone: builtins.str,
         instance_count: jsii.Number,
         instance_platform: builtins.str,
         instance_type: builtins.str,
+        availability_zone: typing.Optional[builtins.str] = None,
+        availability_zone_id: typing.Optional[builtins.str] = None,
         ebs_optimized: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         end_date: typing.Optional[builtins.str] = None,
         end_date_type: typing.Optional[builtins.str] = None,
@@ -5685,17 +5687,18 @@ class CfnCapacityReservation(
         instance_match_criteria: typing.Optional[builtins.str] = None,
         out_post_arn: typing.Optional[builtins.str] = None,
         placement_group_arn: typing.Optional[builtins.str] = None,
-        tag_specifications: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnCapacityReservation.TagSpecificationProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
+        tag_specifications: typing.Optional[typing.Sequence[typing.Union["CfnCapacityReservation.TagSpecificationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         tenancy: typing.Optional[builtins.str] = None,
         unused_reservation_billing_owner_id: typing.Optional[builtins.str] = None,
     ) -> None:
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param availability_zone: The Availability Zone in which to create the Capacity Reservation.
-        :param instance_count: The number of instances for which to reserve capacity. .. epigraph:: You can request future-dated Capacity Reservations for an instance count with a minimum of 100 VPUs. For example, if you request a future-dated Capacity Reservation for ``m5.xlarge`` instances, you must request at least 25 instances ( *25 * m5.xlarge = 100 vCPUs* ). Valid range: 1 - 1000
+        :param instance_count: The number of instances for which to reserve capacity. .. epigraph:: You can request future-dated Capacity Reservations for an instance count with a minimum of 100 vCPUs. For example, if you request a future-dated Capacity Reservation for ``m5.xlarge`` instances, you must request at least 25 instances ( *25 * m5.xlarge = 100 vCPUs* ). Valid range: 1 - 1000
         :param instance_platform: The type of operating system for which to reserve capacity.
         :param instance_type: The instance type for which to reserve capacity. .. epigraph:: You can request future-dated Capacity Reservations for instance types in the C, M, R, I, and T instance families only. For more information, see `Instance types <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html>`_ in the *Amazon EC2 User Guide* .
+        :param availability_zone: The Availability Zone in which to create the Capacity Reservation.
+        :param availability_zone_id: The Availability Zone ID of the Capacity Reservation.
         :param ebs_optimized: Indicates whether the Capacity Reservation supports EBS-optimized instances. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS- optimized instance.
         :param end_date: The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation's state changes to ``expired`` when it reaches its end date and time. You must provide an ``EndDate`` value if ``EndDateType`` is ``limited`` . Omit ``EndDate`` if ``EndDateType`` is ``unlimited`` . If the ``EndDateType`` is ``limited`` , the Capacity Reservation is cancelled within an hour from the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation is guaranteed to end between 13:30:55 and 14:30:55 on 5/31/2019. If you are requesting a future-dated Capacity Reservation, you can't specify an end date and time that is within the commitment duration.
         :param end_date_type: Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end types: - ``unlimited`` - The Capacity Reservation remains active until you explicitly cancel it. Do not provide an ``EndDate`` if the ``EndDateType`` is ``unlimited`` . - ``limited`` - The Capacity Reservation expires automatically at a specified date and time. You must provide an ``EndDate`` value if the ``EndDateType`` value is ``limited`` .
@@ -5712,10 +5715,11 @@ class CfnCapacityReservation(
             check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         props = CfnCapacityReservationProps(
-            availability_zone=availability_zone,
             instance_count=instance_count,
             instance_platform=instance_platform,
             instance_type=instance_type,
+            availability_zone=availability_zone,
+            availability_zone_id=availability_zone_id,
             ebs_optimized=ebs_optimized,
             end_date=end_date,
             end_date_type=end_date_type,
@@ -5824,24 +5828,17 @@ class CfnCapacityReservation(
         '''
         return typing.cast(jsii.Number, jsii.get(self, "attrTotalInstanceCount"))
 
+    @builtins.property
+    @jsii.member(jsii_name="cdkTagManager")
+    def cdk_tag_manager(self) -> _TagManager_0a598cb3:
+        '''Tag Manager which manages the tags for this resource.'''
+        return typing.cast(_TagManager_0a598cb3, jsii.get(self, "cdkTagManager"))
+
     @builtins.property
     @jsii.member(jsii_name="cfnProperties")
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
-    @builtins.property
-    @jsii.member(jsii_name="availabilityZone")
-    def availability_zone(self) -> builtins.str:
-        '''The Availability Zone in which to create the Capacity Reservation.'''
-        return typing.cast(builtins.str, jsii.get(self, "availabilityZone"))
-
-    @availability_zone.setter
-    def availability_zone(self, value: builtins.str) -> None:
-        if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__c78e4680a157e3466009de77e8aa625d8cf7fee8e6f0094ed98d312434e17d0f)
-            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "availabilityZone", value) # pyright: ignore[reportArgumentType]
-
     @builtins.property
     @jsii.member(jsii_name="instanceCount")
     def instance_count(self) -> jsii.Number:
@@ -5881,6 +5878,32 @@ class CfnCapacityReservation(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "instanceType", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="availabilityZone")
+    def availability_zone(self) -> typing.Optional[builtins.str]:
+        '''The Availability Zone in which to create the Capacity Reservation.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "availabilityZone"))
+
+    @availability_zone.setter
+    def availability_zone(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__c78e4680a157e3466009de77e8aa625d8cf7fee8e6f0094ed98d312434e17d0f)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "availabilityZone", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="availabilityZoneId")
+    def availability_zone_id(self) -> typing.Optional[builtins.str]:
+        '''The Availability Zone ID of the Capacity Reservation.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "availabilityZoneId"))
+
+    @availability_zone_id.setter
+    def availability_zone_id(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__3491534eeb43f169595d5744c952b4e6e91b59d668a8f0213de96d7e46d772f0)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "availabilityZoneId", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="ebsOptimized")
     def ebs_optimized(
@@ -5993,14 +6016,14 @@ class CfnCapacityReservation(
     @jsii.member(jsii_name="tagSpecifications")
     def tag_specifications(
         self,
-    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnCapacityReservation.TagSpecificationProperty"]]]]:
+    ) -> typing.Optional[typing.List["CfnCapacityReservation.TagSpecificationProperty"]]:
         '''The tags to apply to the Capacity Reservation during launch.'''
-        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnCapacityReservation.TagSpecificationProperty"]]]], jsii.get(self, "tagSpecifications"))
+        return typing.cast(typing.Optional[typing.List["CfnCapacityReservation.TagSpecificationProperty"]], jsii.get(self, "tagSpecifications"))
 
     @tag_specifications.setter
     def tag_specifications(
         self,
-        value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnCapacityReservation.TagSpecificationProperty"]]]],
+        value: typing.Optional[typing.List["CfnCapacityReservation.TagSpecificationProperty"]],
     ) -> None:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__d2d4ed674b30189cbf7b11b79e68ea556b2b7c9921a4d61f7610b58d25fed8ca)
@@ -6878,10 +6901,11 @@ class CfnCapacityReservationFleetProps:
     jsii_type="aws-cdk-lib.aws_ec2.CfnCapacityReservationProps",
     jsii_struct_bases=[],
     name_mapping={
-        "availability_zone": "availabilityZone",
         "instance_count": "instanceCount",
         "instance_platform": "instancePlatform",
         "instance_type": "instanceType",
+        "availability_zone": "availabilityZone",
+        "availability_zone_id": "availabilityZoneId",
         "ebs_optimized": "ebsOptimized",
         "end_date": "endDate",
         "end_date_type": "endDateType",
@@ -6898,10 +6922,11 @@ class CfnCapacityReservationProps:
     def __init__(
         self,
         *,
-        availability_zone: builtins.str,
         instance_count: jsii.Number,
         instance_platform: builtins.str,
         instance_type: builtins.str,
+        availability_zone: typing.Optional[builtins.str] = None,
+        availability_zone_id: typing.Optional[builtins.str] = None,
         ebs_optimized: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         end_date: typing.Optional[builtins.str] = None,
         end_date_type: typing.Optional[builtins.str] = None,
@@ -6909,16 +6934,17 @@ class CfnCapacityReservationProps:
         instance_match_criteria: typing.Optional[builtins.str] = None,
         out_post_arn: typing.Optional[builtins.str] = None,
         placement_group_arn: typing.Optional[builtins.str] = None,
-        tag_specifications: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnCapacityReservation.TagSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+        tag_specifications: typing.Optional[typing.Sequence[typing.Union[CfnCapacityReservation.TagSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         tenancy: typing.Optional[builtins.str] = None,
         unused_reservation_billing_owner_id: typing.Optional[builtins.str] = None,
     ) -> None:
         '''Properties for defining a ``CfnCapacityReservation``.
 
-        :param availability_zone: The Availability Zone in which to create the Capacity Reservation.
-        :param instance_count: The number of instances for which to reserve capacity. .. epigraph:: You can request future-dated Capacity Reservations for an instance count with a minimum of 100 VPUs. For example, if you request a future-dated Capacity Reservation for ``m5.xlarge`` instances, you must request at least 25 instances ( *25 * m5.xlarge = 100 vCPUs* ). Valid range: 1 - 1000
+        :param instance_count: The number of instances for which to reserve capacity. .. epigraph:: You can request future-dated Capacity Reservations for an instance count with a minimum of 100 vCPUs. For example, if you request a future-dated Capacity Reservation for ``m5.xlarge`` instances, you must request at least 25 instances ( *25 * m5.xlarge = 100 vCPUs* ). Valid range: 1 - 1000
         :param instance_platform: The type of operating system for which to reserve capacity.
         :param instance_type: The instance type for which to reserve capacity. .. epigraph:: You can request future-dated Capacity Reservations for instance types in the C, M, R, I, and T instance families only. For more information, see `Instance types <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html>`_ in the *Amazon EC2 User Guide* .
+        :param availability_zone: The Availability Zone in which to create the Capacity Reservation.
+        :param availability_zone_id: The Availability Zone ID of the Capacity Reservation.
         :param ebs_optimized: Indicates whether the Capacity Reservation supports EBS-optimized instances. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS- optimized instance.
         :param end_date: The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation's state changes to ``expired`` when it reaches its end date and time. You must provide an ``EndDate`` value if ``EndDateType`` is ``limited`` . Omit ``EndDate`` if ``EndDateType`` is ``unlimited`` . If the ``EndDateType`` is ``limited`` , the Capacity Reservation is cancelled within an hour from the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation is guaranteed to end between 13:30:55 and 14:30:55 on 5/31/2019. If you are requesting a future-dated Capacity Reservation, you can't specify an end date and time that is within the commitment duration.
         :param end_date_type: Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end types: - ``unlimited`` - The Capacity Reservation remains active until you explicitly cancel it. Do not provide an ``EndDate`` if the ``EndDateType`` is ``unlimited`` . - ``limited`` - The Capacity Reservation expires automatically at a specified date and time. You must provide an ``EndDate`` value if the ``EndDateType`` value is ``limited`` .
@@ -6940,12 +6966,13 @@ class CfnCapacityReservationProps:
             from aws_cdk import aws_ec2 as ec2
             
             cfn_capacity_reservation_props = ec2.CfnCapacityReservationProps(
-                availability_zone="availabilityZone",
                 instance_count=123,
                 instance_platform="instancePlatform",
                 instance_type="instanceType",
             
                 # the properties below are optional
+                availability_zone="availabilityZone",
+                availability_zone_id="availabilityZoneId",
                 ebs_optimized=False,
                 end_date="endDate",
                 end_date_type="endDateType",
@@ -6966,10 +6993,11 @@ class CfnCapacityReservationProps:
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__8a65d4e8bb2e678a9a6387fd809c3b5428c783211224ece5155ec92d1eda301d)
-            check_type(argname="argument availability_zone", value=availability_zone, expected_type=type_hints["availability_zone"])
             check_type(argname="argument instance_count", value=instance_count, expected_type=type_hints["instance_count"])
             check_type(argname="argument instance_platform", value=instance_platform, expected_type=type_hints["instance_platform"])
             check_type(argname="argument instance_type", value=instance_type, expected_type=type_hints["instance_type"])
+            check_type(argname="argument availability_zone", value=availability_zone, expected_type=type_hints["availability_zone"])
+            check_type(argname="argument availability_zone_id", value=availability_zone_id, expected_type=type_hints["availability_zone_id"])
             check_type(argname="argument ebs_optimized", value=ebs_optimized, expected_type=type_hints["ebs_optimized"])
             check_type(argname="argument end_date", value=end_date, expected_type=type_hints["end_date"])
             check_type(argname="argument end_date_type", value=end_date_type, expected_type=type_hints["end_date_type"])
@@ -6981,11 +7009,14 @@ class CfnCapacityReservationProps:
             check_type(argname="argument tenancy", value=tenancy, expected_type=type_hints["tenancy"])
             check_type(argname="argument unused_reservation_billing_owner_id", value=unused_reservation_billing_owner_id, expected_type=type_hints["unused_reservation_billing_owner_id"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
-            "availability_zone": availability_zone,
             "instance_count": instance_count,
             "instance_platform": instance_platform,
             "instance_type": instance_type,
         }
+        if availability_zone is not None:
+            self._values["availability_zone"] = availability_zone
+        if availability_zone_id is not None:
+            self._values["availability_zone_id"] = availability_zone_id
         if ebs_optimized is not None:
             self._values["ebs_optimized"] = ebs_optimized
         if end_date is not None:
@@ -7007,23 +7038,13 @@ class CfnCapacityReservationProps:
         if unused_reservation_billing_owner_id is not None:
             self._values["unused_reservation_billing_owner_id"] = unused_reservation_billing_owner_id
 
-    @builtins.property
-    def availability_zone(self) -> builtins.str:
-        '''The Availability Zone in which to create the Capacity Reservation.
-
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-capacityreservation.html#cfn-ec2-capacityreservation-availabilityzone
-        '''
-        result = self._values.get("availability_zone")
-        assert result is not None, "Required property 'availability_zone' is missing"
-        return typing.cast(builtins.str, result)
-
     @builtins.property
     def instance_count(self) -> jsii.Number:
         '''The number of instances for which to reserve capacity.
 
         .. epigraph::
 
-           You can request future-dated Capacity Reservations for an instance count with a minimum of 100 VPUs. For example, if you request a future-dated Capacity Reservation for ``m5.xlarge`` instances, you must request at least 25 instances ( *25 * m5.xlarge = 100 vCPUs* ).
+           You can request future-dated Capacity Reservations for an instance count with a minimum of 100 vCPUs. For example, if you request a future-dated Capacity Reservation for ``m5.xlarge`` instances, you must request at least 25 instances ( *25 * m5.xlarge = 100 vCPUs* ).
 
         Valid range: 1 - 1000
 
@@ -7059,6 +7080,24 @@ class CfnCapacityReservationProps:
         assert result is not None, "Required property 'instance_type' is missing"
         return typing.cast(builtins.str, result)
 
+    @builtins.property
+    def availability_zone(self) -> typing.Optional[builtins.str]:
+        '''The Availability Zone in which to create the Capacity Reservation.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-capacityreservation.html#cfn-ec2-capacityreservation-availabilityzone
+        '''
+        result = self._values.get("availability_zone")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def availability_zone_id(self) -> typing.Optional[builtins.str]:
+        '''The Availability Zone ID of the Capacity Reservation.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-capacityreservation.html#cfn-ec2-capacityreservation-availabilityzoneid
+        '''
+        result = self._values.get("availability_zone_id")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def ebs_optimized(
         self,
@@ -7161,13 +7200,13 @@ class CfnCapacityReservationProps:
     @builtins.property
     def tag_specifications(
         self,
-    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnCapacityReservation.TagSpecificationProperty]]]]:
+    ) -> typing.Optional[typing.List[CfnCapacityReservation.TagSpecificationProperty]]:
         '''The tags to apply to the Capacity Reservation during launch.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-capacityreservation.html#cfn-ec2-capacityreservation-tagspecifications
         '''
         result = self._values.get("tag_specifications")
-        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnCapacityReservation.TagSpecificationProperty]]]], result)
+        return typing.cast(typing.Optional[typing.List[CfnCapacityReservation.TagSpecificationProperty]], result)
 
     @builtins.property
     def tenancy(self) -> typing.Optional[builtins.str]:
@@ -7803,6 +7842,7 @@ class CfnClientVpnEndpoint(
                 banner_text="bannerText"
             ),
             description="description",
+            disconnect_on_session_timeout=False,
             dns_servers=["dnsServers"],
             security_group_ids=["securityGroupIds"],
             self_service_portal="selfServicePortal",
@@ -7833,6 +7873,7 @@ class CfnClientVpnEndpoint(
         client_connect_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnClientVpnEndpoint.ClientConnectOptionsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         client_login_banner_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnClientVpnEndpoint.ClientLoginBannerOptionsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         description: typing.Optional[builtins.str] = None,
+        disconnect_on_session_timeout: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
         security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
         self_service_portal: typing.Optional[builtins.str] = None,
@@ -7853,6 +7894,7 @@ class CfnClientVpnEndpoint(
         :param client_connect_options: The options for managing connection authorization for new client connections.
         :param client_login_banner_options: Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
         :param description: A brief description of the Client VPN endpoint.
+        :param disconnect_on_session_timeout: Indicates whether the client VPN session is disconnected after the maximum ``sessionTimeoutHours`` is reached. If ``true`` , users are prompted to reconnect client VPN. If ``false`` , client VPN attempts to reconnect automatically. The default value is ``false`` .
         :param dns_servers: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address configured on the device is used for the DNS server.
         :param security_group_ids: The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
         :param self_service_portal: Specify whether to enable the self-service portal for the Client VPN endpoint. Default Value: ``enabled``
@@ -7875,6 +7917,7 @@ class CfnClientVpnEndpoint(
             client_connect_options=client_connect_options,
             client_login_banner_options=client_login_banner_options,
             description=description,
+            disconnect_on_session_timeout=disconnect_on_session_timeout,
             dns_servers=dns_servers,
             security_group_ids=security_group_ids,
             self_service_portal=self_service_portal,
@@ -8042,6 +8085,24 @@ class CfnClientVpnEndpoint(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "description", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="disconnectOnSessionTimeout")
+    def disconnect_on_session_timeout(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        '''Indicates whether the client VPN session is disconnected after the maximum ``sessionTimeoutHours`` is reached.'''
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "disconnectOnSessionTimeout"))
+
+    @disconnect_on_session_timeout.setter
+    def disconnect_on_session_timeout(
+        self,
+        value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__7a04e648e3ab2786626daca4bea9d7e5d9f8fd502183ea90643aafd9a31a5f2c)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "disconnectOnSessionTimeout", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="dnsServers")
     def dns_servers(self) -> typing.Optional[typing.List[builtins.str]]:
@@ -8826,6 +8887,7 @@ class CfnClientVpnEndpoint(
         "client_connect_options": "clientConnectOptions",
         "client_login_banner_options": "clientLoginBannerOptions",
         "description": "description",
+        "disconnect_on_session_timeout": "disconnectOnSessionTimeout",
         "dns_servers": "dnsServers",
         "security_group_ids": "securityGroupIds",
         "self_service_portal": "selfServicePortal",
@@ -8848,6 +8910,7 @@ class CfnClientVpnEndpointProps:
         client_connect_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnClientVpnEndpoint.ClientConnectOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         client_login_banner_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnClientVpnEndpoint.ClientLoginBannerOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         description: typing.Optional[builtins.str] = None,
+        disconnect_on_session_timeout: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
         security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
         self_service_portal: typing.Optional[builtins.str] = None,
@@ -8867,6 +8930,7 @@ class CfnClientVpnEndpointProps:
         :param client_connect_options: The options for managing connection authorization for new client connections.
         :param client_login_banner_options: Options for enabling a customizable text banner that will be displayed on AWS provided clients when a VPN session is established.
         :param description: A brief description of the Client VPN endpoint.
+        :param disconnect_on_session_timeout: Indicates whether the client VPN session is disconnected after the maximum ``sessionTimeoutHours`` is reached. If ``true`` , users are prompted to reconnect client VPN. If ``false`` , client VPN attempts to reconnect automatically. The default value is ``false`` .
         :param dns_servers: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address configured on the device is used for the DNS server.
         :param security_group_ids: The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.
         :param self_service_portal: Specify whether to enable the self-service portal for the Client VPN endpoint. Default Value: ``enabled``
@@ -8928,6 +8992,7 @@ class CfnClientVpnEndpointProps:
                     banner_text="bannerText"
                 ),
                 description="description",
+                disconnect_on_session_timeout=False,
                 dns_servers=["dnsServers"],
                 security_group_ids=["securityGroupIds"],
                 self_service_portal="selfServicePortal",
@@ -8954,6 +9019,7 @@ class CfnClientVpnEndpointProps:
             check_type(argname="argument client_connect_options", value=client_connect_options, expected_type=type_hints["client_connect_options"])
             check_type(argname="argument client_login_banner_options", value=client_login_banner_options, expected_type=type_hints["client_login_banner_options"])
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
+            check_type(argname="argument disconnect_on_session_timeout", value=disconnect_on_session_timeout, expected_type=type_hints["disconnect_on_session_timeout"])
             check_type(argname="argument dns_servers", value=dns_servers, expected_type=type_hints["dns_servers"])
             check_type(argname="argument security_group_ids", value=security_group_ids, expected_type=type_hints["security_group_ids"])
             check_type(argname="argument self_service_portal", value=self_service_portal, expected_type=type_hints["self_service_portal"])
@@ -8975,6 +9041,8 @@ class CfnClientVpnEndpointProps:
             self._values["client_login_banner_options"] = client_login_banner_options
         if description is not None:
             self._values["description"] = description
+        if disconnect_on_session_timeout is not None:
+            self._values["disconnect_on_session_timeout"] = disconnect_on_session_timeout
         if dns_servers is not None:
             self._values["dns_servers"] = dns_servers
         if security_group_ids is not None:
@@ -9080,6 +9148,19 @@ class CfnClientVpnEndpointProps:
         result = self._values.get("description")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def disconnect_on_session_timeout(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        '''Indicates whether the client VPN session is disconnected after the maximum ``sessionTimeoutHours`` is reached.
+
+        If ``true`` , users are prompted to reconnect client VPN. If ``false`` , client VPN attempts to reconnect automatically. The default value is ``false`` .
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-clientvpnendpoint.html#cfn-ec2-clientvpnendpoint-disconnectonsessiontimeout
+        '''
+        result = self._values.get("disconnect_on_session_timeout")
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
+
     @builtins.property
     def dns_servers(self) -> typing.Optional[typing.List[builtins.str]]:
         '''Information about the DNS servers to be used for DNS resolution.
@@ -19974,7 +20055,7 @@ class CfnInstance(
         :param block_device_mappings: The block device mapping entries that defines the block devices to attach to the instance at launch. By default, the block devices specified in the block device mapping for the AMI are used. You can override the AMI block device mapping using the instance block device mapping. For the root volume, you can override only the volume size, volume type, volume encryption settings, and the ``DeleteOnTermination`` setting. .. epigraph:: After the instance is running, you can modify only the ``DeleteOnTermination`` parameter for the attached volumes without interrupting the instance. Modifying any other parameter results in instance `replacement <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement>`_ .
         :param cpu_options: The CPU options for the instance. For more information, see `Optimize CPU options <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html>`_ in the *Amazon Elastic Compute Cloud User Guide* .
         :param credit_specification: The credit option for CPU usage of the burstable performance instance. Valid values are ``standard`` and ``unlimited`` . To change this attribute after launch, use `ModifyInstanceCreditSpecification <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceCreditSpecification.html>`_ . For more information, see `Burstable performance instances <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html>`_ in the *Amazon EC2 User Guide* . Default: ``standard`` (T2 instances) or ``unlimited`` (T3/T3a/T4g instances) For T3 instances with ``host`` tenancy, only ``standard`` is supported.
-        :param disable_api_termination: If you set this parameter to ``true`` , you can't terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute after launch, use `ModifyInstanceAttribute <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html>`_ . Alternatively, if you set ``InstanceInitiatedShutdownBehavior`` to ``terminate`` , you can terminate the instance by running the shutdown command from the instance. Default: ``false``
+        :param disable_api_termination: Indicates whether termination protection is enabled for the instance. The default is ``false`` , which means that you can terminate the instance using the Amazon EC2 console, command line tools, or API. You can enable termination protection when you launch an instance, while the instance is running, or while the instance is stopped.
         :param ebs_optimized: Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS-optimized instance. Default: ``false``
         :param elastic_gpu_specifications: An elastic GPU to associate with the instance. .. epigraph:: Amazon Elastic Graphics reached end of life on January 8, 2024.
         :param elastic_inference_accelerators: An elastic inference accelerator to associate with the instance. .. epigraph:: Amazon Elastic Inference is no longer available.
@@ -20276,7 +20357,7 @@ class CfnInstance(
     def disable_api_termination(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''If you set this parameter to ``true`` , you can't terminate the instance using the Amazon EC2 console, CLI, or API;'''
+        '''Indicates whether termination protection is enabled for the instance.'''
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "disableApiTermination"))
 
     @disable_api_termination.setter
@@ -23048,7 +23129,7 @@ class CfnInstanceProps:
         :param block_device_mappings: The block device mapping entries that defines the block devices to attach to the instance at launch. By default, the block devices specified in the block device mapping for the AMI are used. You can override the AMI block device mapping using the instance block device mapping. For the root volume, you can override only the volume size, volume type, volume encryption settings, and the ``DeleteOnTermination`` setting. .. epigraph:: After the instance is running, you can modify only the ``DeleteOnTermination`` parameter for the attached volumes without interrupting the instance. Modifying any other parameter results in instance `replacement <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement>`_ .
         :param cpu_options: The CPU options for the instance. For more information, see `Optimize CPU options <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html>`_ in the *Amazon Elastic Compute Cloud User Guide* .
         :param credit_specification: The credit option for CPU usage of the burstable performance instance. Valid values are ``standard`` and ``unlimited`` . To change this attribute after launch, use `ModifyInstanceCreditSpecification <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceCreditSpecification.html>`_ . For more information, see `Burstable performance instances <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html>`_ in the *Amazon EC2 User Guide* . Default: ``standard`` (T2 instances) or ``unlimited`` (T3/T3a/T4g instances) For T3 instances with ``host`` tenancy, only ``standard`` is supported.
-        :param disable_api_termination: If you set this parameter to ``true`` , you can't terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute after launch, use `ModifyInstanceAttribute <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html>`_ . Alternatively, if you set ``InstanceInitiatedShutdownBehavior`` to ``terminate`` , you can terminate the instance by running the shutdown command from the instance. Default: ``false``
+        :param disable_api_termination: Indicates whether termination protection is enabled for the instance. The default is ``false`` , which means that you can terminate the instance using the Amazon EC2 console, command line tools, or API. You can enable termination protection when you launch an instance, while the instance is running, or while the instance is stopped.
         :param ebs_optimized: Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS-optimized instance. Default: ``false``
         :param elastic_gpu_specifications: An elastic GPU to associate with the instance. .. epigraph:: Amazon Elastic Graphics reached end of life on January 8, 2024.
         :param elastic_inference_accelerators: An elastic inference accelerator to associate with the instance. .. epigraph:: Amazon Elastic Inference is no longer available.
@@ -23424,11 +23505,9 @@ class CfnInstanceProps:
     def disable_api_termination(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''If you set this parameter to ``true`` , you can't terminate the instance using the Amazon EC2 console, CLI, or API;
-
-        otherwise, you can. To change this attribute after launch, use `ModifyInstanceAttribute <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html>`_ . Alternatively, if you set ``InstanceInitiatedShutdownBehavior`` to ``terminate`` , you can terminate the instance by running the shutdown command from the instance.
+        '''Indicates whether termination protection is enabled for the instance.
 
-        Default: ``false``
+        The default is ``false`` , which means that you can terminate the instance using the Amazon EC2 console, command line tools, or API. You can enable termination protection when you launch an instance, while the instance is running, or while the instance is stopped.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-instance.html#cfn-ec2-instance-disableapitermination
         '''
@@ -27102,7 +27181,7 @@ class CfnLaunchTemplate(
             :param cpu_options: The CPU options for the instance. For more information, see `Optimize CPU options <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html>`_ in the *Amazon EC2 User Guide* .
             :param credit_specification: The credit option for CPU usage of the instance. Valid only for T instances.
             :param disable_api_stop: Indicates whether to enable the instance for stop protection. For more information, see `Enable stop protection for your instance <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-stop-protection.html>`_ in the *Amazon EC2 User Guide* .
-            :param disable_api_termination: If you set this parameter to ``true`` , you can't terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute after launch, use `ModifyInstanceAttribute <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html>`_ . Alternatively, if you set ``InstanceInitiatedShutdownBehavior`` to ``terminate`` , you can terminate the instance by running the shutdown command from the instance.
+            :param disable_api_termination: Indicates whether termination protection is enabled for the instance. The default is ``false`` , which means that you can terminate the instance using the Amazon EC2 console, command line tools, or API. You can enable termination protection when you launch an instance, while the instance is running, or while the instance is stopped.
             :param ebs_optimized: Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS-optimized instance.
             :param elastic_gpu_specifications: Deprecated. .. epigraph:: Amazon Elastic Graphics reached end of life on January 8, 2024. For workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, G4dn, or G5 instances.
             :param elastic_inference_accelerators: .. epigraph:: Amazon Elastic Inference is no longer available. An elastic inference accelerator to associate with the instance. Elastic inference accelerators are a resource you can attach to your Amazon EC2 instances to accelerate your Deep Learning (DL) inference workloads. You cannot specify accelerators from different generations in the same request. .. epigraph:: Starting April 15, 2023, AWS will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.
@@ -27515,9 +27594,9 @@ class CfnLaunchTemplate(
         def disable_api_termination(
             self,
         ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-            '''If you set this parameter to ``true`` , you can't terminate the instance using the Amazon EC2 console, CLI, or API;
+            '''Indicates whether termination protection is enabled for the instance.
 
-            otherwise, you can. To change this attribute after launch, use `ModifyInstanceAttribute <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html>`_ . Alternatively, if you set ``InstanceInitiatedShutdownBehavior`` to ``terminate`` , you can terminate the instance by running the shutdown command from the instance.
+            The default is ``false`` , which means that you can terminate the instance using the Amazon EC2 console, command line tools, or API. You can enable termination protection when you launch an instance, while the instance is running, or while the instance is stopped.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-disableapitermination
             '''
@@ -28714,7 +28793,7 @@ class CfnLaunchTemplate(
             :param connection_tracking_specification: A connection tracking specification for the network interface.
             :param delete_on_termination: Indicates whether the network interface is deleted when the instance is terminated.
             :param description: A description for the network interface.
-            :param device_index: The device index for the network interface attachment. Each network interface requires a device index. If you create a launch template that includes secondary network interfaces but not a primary network interface, then you must add a primary network interface as a launch parameter when you launch an instance from the template.
+            :param device_index: The device index for the network interface attachment. If the network interface is of type ``interface`` , you must specify a device index. If you create a launch template that includes secondary network interfaces but no primary network interface, and you specify it using the ``LaunchTemplate`` property of ``AWS::EC2::Instance`` , then you must include a primary network interface using the ``NetworkInterfaces`` property of ``AWS::EC2::Instance`` .
             :param ena_srd_specification: The ENA Express configuration for the network interface.
             :param groups: The IDs of one or more security groups.
             :param interface_type: The type of network interface. To create an Elastic Fabric Adapter (EFA), specify ``efa`` or ``efa`` . For more information, see `Elastic Fabric Adapter <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html>`_ in the *Amazon EC2 User Guide* . If you are not creating an EFA, specify ``interface`` or omit this parameter. If you specify ``efa-only`` , do not assign any IP addresses to the network interface. EFA-only network interfaces do not support IP addresses. Valid values: ``interface`` | ``efa`` | ``efa-only``
@@ -28915,7 +28994,9 @@ class CfnLaunchTemplate(
         def device_index(self) -> typing.Optional[jsii.Number]:
             '''The device index for the network interface attachment.
 
-            Each network interface requires a device index. If you create a launch template that includes secondary network interfaces but not a primary network interface, then you must add a primary network interface as a launch parameter when you launch an instance from the template.
+            If the network interface is of type ``interface`` , you must specify a device index.
+
+            If you create a launch template that includes secondary network interfaces but no primary network interface, and you specify it using the ``LaunchTemplate`` property of ``AWS::EC2::Instance`` , then you must include a primary network interface using the ``NetworkInterfaces`` property of ``AWS::EC2::Instance`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-networkinterface.html#cfn-ec2-launchtemplate-networkinterface-deviceindex
             '''
@@ -63056,28 +63137,54 @@ class CfnVerifiedAccessEndpoint(
         from aws_cdk import aws_ec2 as ec2
         
         cfn_verified_access_endpoint = ec2.CfnVerifiedAccessEndpoint(self, "MyCfnVerifiedAccessEndpoint",
-            application_domain="applicationDomain",
             attachment_type="attachmentType",
-            domain_certificate_arn="domainCertificateArn",
-            endpoint_domain_prefix="endpointDomainPrefix",
             endpoint_type="endpointType",
             verified_access_group_id="verifiedAccessGroupId",
         
             # the properties below are optional
+            application_domain="applicationDomain",
+            cidr_options=ec2.CfnVerifiedAccessEndpoint.CidrOptionsProperty(
+                cidr="cidr",
+                port_ranges=[ec2.CfnVerifiedAccessEndpoint.PortRangeProperty(
+                    from_port=123,
+                    to_port=123
+                )],
+                protocol="protocol",
+                subnet_ids=["subnetIds"]
+            ),
             description="description",
+            domain_certificate_arn="domainCertificateArn",
+            endpoint_domain_prefix="endpointDomainPrefix",
             load_balancer_options=ec2.CfnVerifiedAccessEndpoint.LoadBalancerOptionsProperty(
                 load_balancer_arn="loadBalancerArn",
                 port=123,
+                port_ranges=[ec2.CfnVerifiedAccessEndpoint.PortRangeProperty(
+                    from_port=123,
+                    to_port=123
+                )],
                 protocol="protocol",
                 subnet_ids=["subnetIds"]
             ),
             network_interface_options=ec2.CfnVerifiedAccessEndpoint.NetworkInterfaceOptionsProperty(
                 network_interface_id="networkInterfaceId",
                 port=123,
+                port_ranges=[ec2.CfnVerifiedAccessEndpoint.PortRangeProperty(
+                    from_port=123,
+                    to_port=123
+                )],
                 protocol="protocol"
             ),
             policy_document="policyDocument",
             policy_enabled=False,
+            rds_options=ec2.CfnVerifiedAccessEndpoint.RdsOptionsProperty(
+                port=123,
+                protocol="protocol",
+                rds_db_cluster_arn="rdsDbClusterArn",
+                rds_db_instance_arn="rdsDbInstanceArn",
+                rds_db_proxy_arn="rdsDbProxyArn",
+                rds_endpoint="rdsEndpoint",
+                subnet_ids=["subnetIds"]
+            ),
             security_group_ids=["securityGroupIds"],
             sse_specification=ec2.CfnVerifiedAccessEndpoint.SseSpecificationProperty(
                 customer_managed_key_enabled=False,
@@ -63095,17 +63202,19 @@ class CfnVerifiedAccessEndpoint(
         scope: _constructs_77d1e7e8.Construct,
         id: builtins.str,
         *,
-        application_domain: builtins.str,
         attachment_type: builtins.str,
-        domain_certificate_arn: builtins.str,
-        endpoint_domain_prefix: builtins.str,
         endpoint_type: builtins.str,
         verified_access_group_id: builtins.str,
+        application_domain: typing.Optional[builtins.str] = None,
+        cidr_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnVerifiedAccessEndpoint.CidrOptionsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         description: typing.Optional[builtins.str] = None,
+        domain_certificate_arn: typing.Optional[builtins.str] = None,
+        endpoint_domain_prefix: typing.Optional[builtins.str] = None,
         load_balancer_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnVerifiedAccessEndpoint.LoadBalancerOptionsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         network_interface_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnVerifiedAccessEndpoint.NetworkInterfaceOptionsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         policy_document: typing.Optional[builtins.str] = None,
         policy_enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+        rds_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnVerifiedAccessEndpoint.RdsOptionsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
         sse_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnVerifiedAccessEndpoint.SseSpecificationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -63113,17 +63222,19 @@ class CfnVerifiedAccessEndpoint(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param application_domain: The DNS name for users to reach your application.
         :param attachment_type: The type of attachment used to provide connectivity between the AWS Verified Access endpoint and the application.
-        :param domain_certificate_arn: The ARN of a public TLS/SSL certificate imported into or created with ACM.
-        :param endpoint_domain_prefix: A custom identifier that is prepended to the DNS name that is generated for the endpoint.
         :param endpoint_type: The type of AWS Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified.
         :param verified_access_group_id: The ID of the AWS Verified Access group.
+        :param application_domain: The DNS name for users to reach your application.
+        :param cidr_options: The options for a CIDR endpoint.
         :param description: A description for the AWS Verified Access endpoint.
+        :param domain_certificate_arn: The ARN of a public TLS/SSL certificate imported into or created with ACM.
+        :param endpoint_domain_prefix: A custom identifier that is prepended to the DNS name that is generated for the endpoint.
         :param load_balancer_options: The load balancer details if creating the AWS Verified Access endpoint as ``load-balancer`` type.
         :param network_interface_options: The options for network-interface type endpoint.
         :param policy_document: The Verified Access policy document.
         :param policy_enabled: The status of the Verified Access policy.
+        :param rds_options: The options for an RDS endpoint.
         :param security_group_ids: The IDs of the security groups for the endpoint.
         :param sse_specification: The options for additional server side encryption.
         :param tags: The tags.
@@ -63133,17 +63244,19 @@ class CfnVerifiedAccessEndpoint(
             check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         props = CfnVerifiedAccessEndpointProps(
-            application_domain=application_domain,
             attachment_type=attachment_type,
-            domain_certificate_arn=domain_certificate_arn,
-            endpoint_domain_prefix=endpoint_domain_prefix,
             endpoint_type=endpoint_type,
             verified_access_group_id=verified_access_group_id,
+            application_domain=application_domain,
+            cidr_options=cidr_options,
             description=description,
+            domain_certificate_arn=domain_certificate_arn,
+            endpoint_domain_prefix=endpoint_domain_prefix,
             load_balancer_options=load_balancer_options,
             network_interface_options=network_interface_options,
             policy_document=policy_document,
             policy_enabled=policy_enabled,
+            rds_options=rds_options,
             security_group_ids=security_group_ids,
             sse_specification=sse_specification,
             tags=tags,
@@ -63255,19 +63368,6 @@ class CfnVerifiedAccessEndpoint(
         '''Tag Manager which manages the tags for this resource.'''
         return typing.cast(_TagManager_0a598cb3, jsii.get(self, "tags"))
 
-    @builtins.property
-    @jsii.member(jsii_name="applicationDomain")
-    def application_domain(self) -> builtins.str:
-        '''The DNS name for users to reach your application.'''
-        return typing.cast(builtins.str, jsii.get(self, "applicationDomain"))
-
-    @application_domain.setter
-    def application_domain(self, value: builtins.str) -> None:
-        if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__b28061f28b3f28be486d48f7dc7fd621f3103258eb9e7885ff475e46e5fd902b)
-            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "applicationDomain", value) # pyright: ignore[reportArgumentType]
-
     @builtins.property
     @jsii.member(jsii_name="attachmentType")
     def attachment_type(self) -> builtins.str:
@@ -63281,32 +63381,6 @@ class CfnVerifiedAccessEndpoint(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "attachmentType", value) # pyright: ignore[reportArgumentType]
 
-    @builtins.property
-    @jsii.member(jsii_name="domainCertificateArn")
-    def domain_certificate_arn(self) -> builtins.str:
-        '''The ARN of a public TLS/SSL certificate imported into or created with ACM.'''
-        return typing.cast(builtins.str, jsii.get(self, "domainCertificateArn"))
-
-    @domain_certificate_arn.setter
-    def domain_certificate_arn(self, value: builtins.str) -> None:
-        if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__efc1ee2a591d8925ff2f8ca9eaba761d65c8b57e365164d2a86e578e910f175f)
-            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "domainCertificateArn", value) # pyright: ignore[reportArgumentType]
-
-    @builtins.property
-    @jsii.member(jsii_name="endpointDomainPrefix")
-    def endpoint_domain_prefix(self) -> builtins.str:
-        '''A custom identifier that is prepended to the DNS name that is generated for the endpoint.'''
-        return typing.cast(builtins.str, jsii.get(self, "endpointDomainPrefix"))
-
-    @endpoint_domain_prefix.setter
-    def endpoint_domain_prefix(self, value: builtins.str) -> None:
-        if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__ff9d0e5773a8d9ea22993cc66220368ac095ea17382c558d7190b96a647f458f)
-            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "endpointDomainPrefix", value) # pyright: ignore[reportArgumentType]
-
     @builtins.property
     @jsii.member(jsii_name="endpointType")
     def endpoint_type(self) -> builtins.str:
@@ -63333,6 +63407,37 @@ class CfnVerifiedAccessEndpoint(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "verifiedAccessGroupId", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="applicationDomain")
+    def application_domain(self) -> typing.Optional[builtins.str]:
+        '''The DNS name for users to reach your application.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "applicationDomain"))
+
+    @application_domain.setter
+    def application_domain(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__b28061f28b3f28be486d48f7dc7fd621f3103258eb9e7885ff475e46e5fd902b)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "applicationDomain", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="cidrOptions")
+    def cidr_options(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnVerifiedAccessEndpoint.CidrOptionsProperty"]]:
+        '''The options for a CIDR endpoint.'''
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnVerifiedAccessEndpoint.CidrOptionsProperty"]], jsii.get(self, "cidrOptions"))
+
+    @cidr_options.setter
+    def cidr_options(
+        self,
+        value: typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnVerifiedAccessEndpoint.CidrOptionsProperty"]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__2962dac3960398d69fb7ac9839727efce1ad5405f068e725a9f41e9e8c48552a)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "cidrOptions", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="description")
     def description(self) -> typing.Optional[builtins.str]:
@@ -63346,6 +63451,32 @@ class CfnVerifiedAccessEndpoint(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "description", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="domainCertificateArn")
+    def domain_certificate_arn(self) -> typing.Optional[builtins.str]:
+        '''The ARN of a public TLS/SSL certificate imported into or created with ACM.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "domainCertificateArn"))
+
+    @domain_certificate_arn.setter
+    def domain_certificate_arn(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__efc1ee2a591d8925ff2f8ca9eaba761d65c8b57e365164d2a86e578e910f175f)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "domainCertificateArn", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="endpointDomainPrefix")
+    def endpoint_domain_prefix(self) -> typing.Optional[builtins.str]:
+        '''A custom identifier that is prepended to the DNS name that is generated for the endpoint.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "endpointDomainPrefix"))
+
+    @endpoint_domain_prefix.setter
+    def endpoint_domain_prefix(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__ff9d0e5773a8d9ea22993cc66220368ac095ea17382c558d7190b96a647f458f)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "endpointDomainPrefix", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="loadBalancerOptions")
     def load_balancer_options(
@@ -63413,6 +63544,24 @@ class CfnVerifiedAccessEndpoint(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "policyEnabled", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="rdsOptions")
+    def rds_options(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnVerifiedAccessEndpoint.RdsOptionsProperty"]]:
+        '''The options for an RDS endpoint.'''
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnVerifiedAccessEndpoint.RdsOptionsProperty"]], jsii.get(self, "rdsOptions"))
+
+    @rds_options.setter
+    def rds_options(
+        self,
+        value: typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnVerifiedAccessEndpoint.RdsOptionsProperty"]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__a912f808eff9a847eb56334d2df19bc7f437ffc6f1b217c0836ef2f6397dfd6c)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "rdsOptions", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="securityGroupIds")
     def security_group_ids(self) -> typing.Optional[typing.List[builtins.str]]:
@@ -63460,12 +63609,123 @@ class CfnVerifiedAccessEndpoint(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "tagsRaw", value) # pyright: ignore[reportArgumentType]
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_ec2.CfnVerifiedAccessEndpoint.CidrOptionsProperty",
+        jsii_struct_bases=[],
+        name_mapping={
+            "cidr": "cidr",
+            "port_ranges": "portRanges",
+            "protocol": "protocol",
+            "subnet_ids": "subnetIds",
+        },
+    )
+    class CidrOptionsProperty:
+        def __init__(
+            self,
+            *,
+            cidr: typing.Optional[builtins.str] = None,
+            port_ranges: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnVerifiedAccessEndpoint.PortRangeProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
+            protocol: typing.Optional[builtins.str] = None,
+            subnet_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+        ) -> None:
+            '''The options for cidr type endpoint.
+
+            :param cidr: The IP address range, in CIDR notation.
+            :param port_ranges: The list of port range.
+            :param protocol: The IP protocol.
+            :param subnet_ids: The IDs of the subnets.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-cidroptions.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_ec2 as ec2
+                
+                cidr_options_property = ec2.CfnVerifiedAccessEndpoint.CidrOptionsProperty(
+                    cidr="cidr",
+                    port_ranges=[ec2.CfnVerifiedAccessEndpoint.PortRangeProperty(
+                        from_port=123,
+                        to_port=123
+                    )],
+                    protocol="protocol",
+                    subnet_ids=["subnetIds"]
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__23c52461363ac544508e25c4abd78eefe3541bba29d66ed3b2861949b0f67c1c)
+                check_type(argname="argument cidr", value=cidr, expected_type=type_hints["cidr"])
+                check_type(argname="argument port_ranges", value=port_ranges, expected_type=type_hints["port_ranges"])
+                check_type(argname="argument protocol", value=protocol, expected_type=type_hints["protocol"])
+                check_type(argname="argument subnet_ids", value=subnet_ids, expected_type=type_hints["subnet_ids"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if cidr is not None:
+                self._values["cidr"] = cidr
+            if port_ranges is not None:
+                self._values["port_ranges"] = port_ranges
+            if protocol is not None:
+                self._values["protocol"] = protocol
+            if subnet_ids is not None:
+                self._values["subnet_ids"] = subnet_ids
+
+        @builtins.property
+        def cidr(self) -> typing.Optional[builtins.str]:
+            '''The IP address range, in CIDR notation.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-cidroptions.html#cfn-ec2-verifiedaccessendpoint-cidroptions-cidr
+            '''
+            result = self._values.get("cidr")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def port_ranges(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnVerifiedAccessEndpoint.PortRangeProperty"]]]]:
+            '''The list of port range.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-cidroptions.html#cfn-ec2-verifiedaccessendpoint-cidroptions-portranges
+            '''
+            result = self._values.get("port_ranges")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnVerifiedAccessEndpoint.PortRangeProperty"]]]], result)
+
+        @builtins.property
+        def protocol(self) -> typing.Optional[builtins.str]:
+            '''The IP protocol.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-cidroptions.html#cfn-ec2-verifiedaccessendpoint-cidroptions-protocol
+            '''
+            result = self._values.get("protocol")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def subnet_ids(self) -> typing.Optional[typing.List[builtins.str]]:
+            '''The IDs of the subnets.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-cidroptions.html#cfn-ec2-verifiedaccessendpoint-cidroptions-subnetids
+            '''
+            result = self._values.get("subnet_ids")
+            return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "CidrOptionsProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_ec2.CfnVerifiedAccessEndpoint.LoadBalancerOptionsProperty",
         jsii_struct_bases=[],
         name_mapping={
             "load_balancer_arn": "loadBalancerArn",
             "port": "port",
+            "port_ranges": "portRanges",
             "protocol": "protocol",
             "subnet_ids": "subnetIds",
         },
@@ -63476,6 +63736,7 @@ class CfnVerifiedAccessEndpoint(
             *,
             load_balancer_arn: typing.Optional[builtins.str] = None,
             port: typing.Optional[jsii.Number] = None,
+            port_ranges: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnVerifiedAccessEndpoint.PortRangeProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
             protocol: typing.Optional[builtins.str] = None,
             subnet_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
         ) -> None:
@@ -63483,6 +63744,7 @@ class CfnVerifiedAccessEndpoint(
 
             :param load_balancer_arn: The ARN of the load balancer.
             :param port: The IP port number.
+            :param port_ranges: The list of port range.
             :param protocol: The IP protocol.
             :param subnet_ids: The IDs of the subnets.
 
@@ -63498,6 +63760,10 @@ class CfnVerifiedAccessEndpoint(
                 load_balancer_options_property = ec2.CfnVerifiedAccessEndpoint.LoadBalancerOptionsProperty(
                     load_balancer_arn="loadBalancerArn",
                     port=123,
+                    port_ranges=[ec2.CfnVerifiedAccessEndpoint.PortRangeProperty(
+                        from_port=123,
+                        to_port=123
+                    )],
                     protocol="protocol",
                     subnet_ids=["subnetIds"]
                 )
@@ -63506,6 +63772,7 @@ class CfnVerifiedAccessEndpoint(
                 type_hints = typing.get_type_hints(_typecheckingstub__748e5ad8bcd3de0f9d4460d24ba08621e5769f4aa625427a31af6f4cfad10c64)
                 check_type(argname="argument load_balancer_arn", value=load_balancer_arn, expected_type=type_hints["load_balancer_arn"])
                 check_type(argname="argument port", value=port, expected_type=type_hints["port"])
+                check_type(argname="argument port_ranges", value=port_ranges, expected_type=type_hints["port_ranges"])
                 check_type(argname="argument protocol", value=protocol, expected_type=type_hints["protocol"])
                 check_type(argname="argument subnet_ids", value=subnet_ids, expected_type=type_hints["subnet_ids"])
             self._values: typing.Dict[builtins.str, typing.Any] = {}
@@ -63513,6 +63780,8 @@ class CfnVerifiedAccessEndpoint(
                 self._values["load_balancer_arn"] = load_balancer_arn
             if port is not None:
                 self._values["port"] = port
+            if port_ranges is not None:
+                self._values["port_ranges"] = port_ranges
             if protocol is not None:
                 self._values["protocol"] = protocol
             if subnet_ids is not None:
@@ -63536,6 +63805,17 @@ class CfnVerifiedAccessEndpoint(
             result = self._values.get("port")
             return typing.cast(typing.Optional[jsii.Number], result)
 
+        @builtins.property
+        def port_ranges(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnVerifiedAccessEndpoint.PortRangeProperty"]]]]:
+            '''The list of port range.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-loadbalanceroptions.html#cfn-ec2-verifiedaccessendpoint-loadbalanceroptions-portranges
+            '''
+            result = self._values.get("port_ranges")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnVerifiedAccessEndpoint.PortRangeProperty"]]]], result)
+
         @builtins.property
         def protocol(self) -> typing.Optional[builtins.str]:
             '''The IP protocol.
@@ -63571,6 +63851,7 @@ class CfnVerifiedAccessEndpoint(
         name_mapping={
             "network_interface_id": "networkInterfaceId",
             "port": "port",
+            "port_ranges": "portRanges",
             "protocol": "protocol",
         },
     )
@@ -63580,12 +63861,14 @@ class CfnVerifiedAccessEndpoint(
             *,
             network_interface_id: typing.Optional[builtins.str] = None,
             port: typing.Optional[jsii.Number] = None,
+            port_ranges: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnVerifiedAccessEndpoint.PortRangeProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
             protocol: typing.Optional[builtins.str] = None,
         ) -> None:
             '''Describes the network interface options when creating an AWS Verified Access endpoint using the ``network-interface`` type.
 
             :param network_interface_id: The ID of the network interface.
             :param port: The IP port number.
+            :param port_ranges: The list of port ranges.
             :param protocol: The IP protocol.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-networkinterfaceoptions.html
@@ -63600,6 +63883,10 @@ class CfnVerifiedAccessEndpoint(
                 network_interface_options_property = ec2.CfnVerifiedAccessEndpoint.NetworkInterfaceOptionsProperty(
                     network_interface_id="networkInterfaceId",
                     port=123,
+                    port_ranges=[ec2.CfnVerifiedAccessEndpoint.PortRangeProperty(
+                        from_port=123,
+                        to_port=123
+                    )],
                     protocol="protocol"
                 )
             '''
@@ -63607,12 +63894,15 @@ class CfnVerifiedAccessEndpoint(
                 type_hints = typing.get_type_hints(_typecheckingstub__87a3b1db27ee0d26aa10f209574558cadfa966a187d72396dc2453f49f105d43)
                 check_type(argname="argument network_interface_id", value=network_interface_id, expected_type=type_hints["network_interface_id"])
                 check_type(argname="argument port", value=port, expected_type=type_hints["port"])
+                check_type(argname="argument port_ranges", value=port_ranges, expected_type=type_hints["port_ranges"])
                 check_type(argname="argument protocol", value=protocol, expected_type=type_hints["protocol"])
             self._values: typing.Dict[builtins.str, typing.Any] = {}
             if network_interface_id is not None:
                 self._values["network_interface_id"] = network_interface_id
             if port is not None:
                 self._values["port"] = port
+            if port_ranges is not None:
+                self._values["port_ranges"] = port_ranges
             if protocol is not None:
                 self._values["protocol"] = protocol
 
@@ -63634,6 +63924,17 @@ class CfnVerifiedAccessEndpoint(
             result = self._values.get("port")
             return typing.cast(typing.Optional[jsii.Number], result)
 
+        @builtins.property
+        def port_ranges(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnVerifiedAccessEndpoint.PortRangeProperty"]]]]:
+            '''The list of port ranges.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-networkinterfaceoptions.html#cfn-ec2-verifiedaccessendpoint-networkinterfaceoptions-portranges
+            '''
+            result = self._values.get("port_ranges")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnVerifiedAccessEndpoint.PortRangeProperty"]]]], result)
+
         @builtins.property
         def protocol(self) -> typing.Optional[builtins.str]:
             '''The IP protocol.
@@ -63654,6 +63955,229 @@ class CfnVerifiedAccessEndpoint(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_ec2.CfnVerifiedAccessEndpoint.PortRangeProperty",
+        jsii_struct_bases=[],
+        name_mapping={"from_port": "fromPort", "to_port": "toPort"},
+    )
+    class PortRangeProperty:
+        def __init__(
+            self,
+            *,
+            from_port: typing.Optional[jsii.Number] = None,
+            to_port: typing.Optional[jsii.Number] = None,
+        ) -> None:
+            '''Describes a range of ports.
+
+            :param from_port: The first port in the range.
+            :param to_port: The last port in the range.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-portrange.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_ec2 as ec2
+                
+                port_range_property = ec2.CfnVerifiedAccessEndpoint.PortRangeProperty(
+                    from_port=123,
+                    to_port=123
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__d7afca99a963532ddc95e640bb20b45750c4dabaa33fd2123aa2480165409544)
+                check_type(argname="argument from_port", value=from_port, expected_type=type_hints["from_port"])
+                check_type(argname="argument to_port", value=to_port, expected_type=type_hints["to_port"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if from_port is not None:
+                self._values["from_port"] = from_port
+            if to_port is not None:
+                self._values["to_port"] = to_port
+
+        @builtins.property
+        def from_port(self) -> typing.Optional[jsii.Number]:
+            '''The first port in the range.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-portrange.html#cfn-ec2-verifiedaccessendpoint-portrange-fromport
+            '''
+            result = self._values.get("from_port")
+            return typing.cast(typing.Optional[jsii.Number], result)
+
+        @builtins.property
+        def to_port(self) -> typing.Optional[jsii.Number]:
+            '''The last port in the range.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-portrange.html#cfn-ec2-verifiedaccessendpoint-portrange-toport
+            '''
+            result = self._values.get("to_port")
+            return typing.cast(typing.Optional[jsii.Number], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "PortRangeProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_ec2.CfnVerifiedAccessEndpoint.RdsOptionsProperty",
+        jsii_struct_bases=[],
+        name_mapping={
+            "port": "port",
+            "protocol": "protocol",
+            "rds_db_cluster_arn": "rdsDbClusterArn",
+            "rds_db_instance_arn": "rdsDbInstanceArn",
+            "rds_db_proxy_arn": "rdsDbProxyArn",
+            "rds_endpoint": "rdsEndpoint",
+            "subnet_ids": "subnetIds",
+        },
+    )
+    class RdsOptionsProperty:
+        def __init__(
+            self,
+            *,
+            port: typing.Optional[jsii.Number] = None,
+            protocol: typing.Optional[builtins.str] = None,
+            rds_db_cluster_arn: typing.Optional[builtins.str] = None,
+            rds_db_instance_arn: typing.Optional[builtins.str] = None,
+            rds_db_proxy_arn: typing.Optional[builtins.str] = None,
+            rds_endpoint: typing.Optional[builtins.str] = None,
+            subnet_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+        ) -> None:
+            '''The options for rds type endpoint.
+
+            :param port: The IP port number.
+            :param protocol: The IP protocol.
+            :param rds_db_cluster_arn: The ARN of the RDS DB cluster.
+            :param rds_db_instance_arn: The ARN of the RDS DB instance.
+            :param rds_db_proxy_arn: The ARN of the RDS DB proxy.
+            :param rds_endpoint: The RDS endpoint.
+            :param subnet_ids: The IDs of the subnets.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-rdsoptions.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_ec2 as ec2
+                
+                rds_options_property = ec2.CfnVerifiedAccessEndpoint.RdsOptionsProperty(
+                    port=123,
+                    protocol="protocol",
+                    rds_db_cluster_arn="rdsDbClusterArn",
+                    rds_db_instance_arn="rdsDbInstanceArn",
+                    rds_db_proxy_arn="rdsDbProxyArn",
+                    rds_endpoint="rdsEndpoint",
+                    subnet_ids=["subnetIds"]
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__217add2f23506262e3f92eedf9ff65affe5c95dd71451ad448b5a12db367d5f1)
+                check_type(argname="argument port", value=port, expected_type=type_hints["port"])
+                check_type(argname="argument protocol", value=protocol, expected_type=type_hints["protocol"])
+                check_type(argname="argument rds_db_cluster_arn", value=rds_db_cluster_arn, expected_type=type_hints["rds_db_cluster_arn"])
+                check_type(argname="argument rds_db_instance_arn", value=rds_db_instance_arn, expected_type=type_hints["rds_db_instance_arn"])
+                check_type(argname="argument rds_db_proxy_arn", value=rds_db_proxy_arn, expected_type=type_hints["rds_db_proxy_arn"])
+                check_type(argname="argument rds_endpoint", value=rds_endpoint, expected_type=type_hints["rds_endpoint"])
+                check_type(argname="argument subnet_ids", value=subnet_ids, expected_type=type_hints["subnet_ids"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if port is not None:
+                self._values["port"] = port
+            if protocol is not None:
+                self._values["protocol"] = protocol
+            if rds_db_cluster_arn is not None:
+                self._values["rds_db_cluster_arn"] = rds_db_cluster_arn
+            if rds_db_instance_arn is not None:
+                self._values["rds_db_instance_arn"] = rds_db_instance_arn
+            if rds_db_proxy_arn is not None:
+                self._values["rds_db_proxy_arn"] = rds_db_proxy_arn
+            if rds_endpoint is not None:
+                self._values["rds_endpoint"] = rds_endpoint
+            if subnet_ids is not None:
+                self._values["subnet_ids"] = subnet_ids
+
+        @builtins.property
+        def port(self) -> typing.Optional[jsii.Number]:
+            '''The IP port number.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-rdsoptions.html#cfn-ec2-verifiedaccessendpoint-rdsoptions-port
+            '''
+            result = self._values.get("port")
+            return typing.cast(typing.Optional[jsii.Number], result)
+
+        @builtins.property
+        def protocol(self) -> typing.Optional[builtins.str]:
+            '''The IP protocol.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-rdsoptions.html#cfn-ec2-verifiedaccessendpoint-rdsoptions-protocol
+            '''
+            result = self._values.get("protocol")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def rds_db_cluster_arn(self) -> typing.Optional[builtins.str]:
+            '''The ARN of the RDS DB cluster.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-rdsoptions.html#cfn-ec2-verifiedaccessendpoint-rdsoptions-rdsdbclusterarn
+            '''
+            result = self._values.get("rds_db_cluster_arn")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def rds_db_instance_arn(self) -> typing.Optional[builtins.str]:
+            '''The ARN of the RDS DB instance.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-rdsoptions.html#cfn-ec2-verifiedaccessendpoint-rdsoptions-rdsdbinstancearn
+            '''
+            result = self._values.get("rds_db_instance_arn")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def rds_db_proxy_arn(self) -> typing.Optional[builtins.str]:
+            '''The ARN of the RDS DB proxy.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-rdsoptions.html#cfn-ec2-verifiedaccessendpoint-rdsoptions-rdsdbproxyarn
+            '''
+            result = self._values.get("rds_db_proxy_arn")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def rds_endpoint(self) -> typing.Optional[builtins.str]:
+            '''The RDS endpoint.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-rdsoptions.html#cfn-ec2-verifiedaccessendpoint-rdsoptions-rdsendpoint
+            '''
+            result = self._values.get("rds_endpoint")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def subnet_ids(self) -> typing.Optional[typing.List[builtins.str]]:
+            '''The IDs of the subnets.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-rdsoptions.html#cfn-ec2-verifiedaccessendpoint-rdsoptions-subnetids
+            '''
+            result = self._values.get("subnet_ids")
+            return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "RdsOptionsProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_ec2.CfnVerifiedAccessEndpoint.SseSpecificationProperty",
         jsii_struct_bases=[],
@@ -63738,17 +64262,19 @@ class CfnVerifiedAccessEndpoint(
     jsii_type="aws-cdk-lib.aws_ec2.CfnVerifiedAccessEndpointProps",
     jsii_struct_bases=[],
     name_mapping={
-        "application_domain": "applicationDomain",
         "attachment_type": "attachmentType",
-        "domain_certificate_arn": "domainCertificateArn",
-        "endpoint_domain_prefix": "endpointDomainPrefix",
         "endpoint_type": "endpointType",
         "verified_access_group_id": "verifiedAccessGroupId",
+        "application_domain": "applicationDomain",
+        "cidr_options": "cidrOptions",
         "description": "description",
+        "domain_certificate_arn": "domainCertificateArn",
+        "endpoint_domain_prefix": "endpointDomainPrefix",
         "load_balancer_options": "loadBalancerOptions",
         "network_interface_options": "networkInterfaceOptions",
         "policy_document": "policyDocument",
         "policy_enabled": "policyEnabled",
+        "rds_options": "rdsOptions",
         "security_group_ids": "securityGroupIds",
         "sse_specification": "sseSpecification",
         "tags": "tags",
@@ -63758,34 +64284,38 @@ class CfnVerifiedAccessEndpointProps:
     def __init__(
         self,
         *,
-        application_domain: builtins.str,
         attachment_type: builtins.str,
-        domain_certificate_arn: builtins.str,
-        endpoint_domain_prefix: builtins.str,
         endpoint_type: builtins.str,
         verified_access_group_id: builtins.str,
+        application_domain: typing.Optional[builtins.str] = None,
+        cidr_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessEndpoint.CidrOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         description: typing.Optional[builtins.str] = None,
+        domain_certificate_arn: typing.Optional[builtins.str] = None,
+        endpoint_domain_prefix: typing.Optional[builtins.str] = None,
         load_balancer_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessEndpoint.LoadBalancerOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         network_interface_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessEndpoint.NetworkInterfaceOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         policy_document: typing.Optional[builtins.str] = None,
         policy_enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+        rds_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessEndpoint.RdsOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
         sse_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessEndpoint.SseSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''Properties for defining a ``CfnVerifiedAccessEndpoint``.
 
-        :param application_domain: The DNS name for users to reach your application.
         :param attachment_type: The type of attachment used to provide connectivity between the AWS Verified Access endpoint and the application.
-        :param domain_certificate_arn: The ARN of a public TLS/SSL certificate imported into or created with ACM.
-        :param endpoint_domain_prefix: A custom identifier that is prepended to the DNS name that is generated for the endpoint.
         :param endpoint_type: The type of AWS Verified Access endpoint. Incoming application requests will be sent to an IP address, load balancer or a network interface depending on the endpoint type specified.
         :param verified_access_group_id: The ID of the AWS Verified Access group.
+        :param application_domain: The DNS name for users to reach your application.
+        :param cidr_options: The options for a CIDR endpoint.
         :param description: A description for the AWS Verified Access endpoint.
+        :param domain_certificate_arn: The ARN of a public TLS/SSL certificate imported into or created with ACM.
+        :param endpoint_domain_prefix: A custom identifier that is prepended to the DNS name that is generated for the endpoint.
         :param load_balancer_options: The load balancer details if creating the AWS Verified Access endpoint as ``load-balancer`` type.
         :param network_interface_options: The options for network-interface type endpoint.
         :param policy_document: The Verified Access policy document.
         :param policy_enabled: The status of the Verified Access policy.
+        :param rds_options: The options for an RDS endpoint.
         :param security_group_ids: The IDs of the security groups for the endpoint.
         :param sse_specification: The options for additional server side encryption.
         :param tags: The tags.
@@ -63800,28 +64330,54 @@ class CfnVerifiedAccessEndpointProps:
             from aws_cdk import aws_ec2 as ec2
             
             cfn_verified_access_endpoint_props = ec2.CfnVerifiedAccessEndpointProps(
-                application_domain="applicationDomain",
                 attachment_type="attachmentType",
-                domain_certificate_arn="domainCertificateArn",
-                endpoint_domain_prefix="endpointDomainPrefix",
                 endpoint_type="endpointType",
                 verified_access_group_id="verifiedAccessGroupId",
             
                 # the properties below are optional
+                application_domain="applicationDomain",
+                cidr_options=ec2.CfnVerifiedAccessEndpoint.CidrOptionsProperty(
+                    cidr="cidr",
+                    port_ranges=[ec2.CfnVerifiedAccessEndpoint.PortRangeProperty(
+                        from_port=123,
+                        to_port=123
+                    )],
+                    protocol="protocol",
+                    subnet_ids=["subnetIds"]
+                ),
                 description="description",
+                domain_certificate_arn="domainCertificateArn",
+                endpoint_domain_prefix="endpointDomainPrefix",
                 load_balancer_options=ec2.CfnVerifiedAccessEndpoint.LoadBalancerOptionsProperty(
                     load_balancer_arn="loadBalancerArn",
                     port=123,
+                    port_ranges=[ec2.CfnVerifiedAccessEndpoint.PortRangeProperty(
+                        from_port=123,
+                        to_port=123
+                    )],
                     protocol="protocol",
                     subnet_ids=["subnetIds"]
                 ),
                 network_interface_options=ec2.CfnVerifiedAccessEndpoint.NetworkInterfaceOptionsProperty(
                     network_interface_id="networkInterfaceId",
                     port=123,
+                    port_ranges=[ec2.CfnVerifiedAccessEndpoint.PortRangeProperty(
+                        from_port=123,
+                        to_port=123
+                    )],
                     protocol="protocol"
                 ),
                 policy_document="policyDocument",
                 policy_enabled=False,
+                rds_options=ec2.CfnVerifiedAccessEndpoint.RdsOptionsProperty(
+                    port=123,
+                    protocol="protocol",
+                    rds_db_cluster_arn="rdsDbClusterArn",
+                    rds_db_instance_arn="rdsDbInstanceArn",
+                    rds_db_proxy_arn="rdsDbProxyArn",
+                    rds_endpoint="rdsEndpoint",
+                    subnet_ids=["subnetIds"]
+                ),
                 security_group_ids=["securityGroupIds"],
                 sse_specification=ec2.CfnVerifiedAccessEndpoint.SseSpecificationProperty(
                     customer_managed_key_enabled=False,
@@ -63835,30 +64391,37 @@ class CfnVerifiedAccessEndpointProps:
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__a6b5fcbc7d5ca5da1405e117289abdd54dfab30dc79e867da0da32239d886ee5)
-            check_type(argname="argument application_domain", value=application_domain, expected_type=type_hints["application_domain"])
             check_type(argname="argument attachment_type", value=attachment_type, expected_type=type_hints["attachment_type"])
-            check_type(argname="argument domain_certificate_arn", value=domain_certificate_arn, expected_type=type_hints["domain_certificate_arn"])
-            check_type(argname="argument endpoint_domain_prefix", value=endpoint_domain_prefix, expected_type=type_hints["endpoint_domain_prefix"])
             check_type(argname="argument endpoint_type", value=endpoint_type, expected_type=type_hints["endpoint_type"])
             check_type(argname="argument verified_access_group_id", value=verified_access_group_id, expected_type=type_hints["verified_access_group_id"])
+            check_type(argname="argument application_domain", value=application_domain, expected_type=type_hints["application_domain"])
+            check_type(argname="argument cidr_options", value=cidr_options, expected_type=type_hints["cidr_options"])
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
+            check_type(argname="argument domain_certificate_arn", value=domain_certificate_arn, expected_type=type_hints["domain_certificate_arn"])
+            check_type(argname="argument endpoint_domain_prefix", value=endpoint_domain_prefix, expected_type=type_hints["endpoint_domain_prefix"])
             check_type(argname="argument load_balancer_options", value=load_balancer_options, expected_type=type_hints["load_balancer_options"])
             check_type(argname="argument network_interface_options", value=network_interface_options, expected_type=type_hints["network_interface_options"])
             check_type(argname="argument policy_document", value=policy_document, expected_type=type_hints["policy_document"])
             check_type(argname="argument policy_enabled", value=policy_enabled, expected_type=type_hints["policy_enabled"])
+            check_type(argname="argument rds_options", value=rds_options, expected_type=type_hints["rds_options"])
             check_type(argname="argument security_group_ids", value=security_group_ids, expected_type=type_hints["security_group_ids"])
             check_type(argname="argument sse_specification", value=sse_specification, expected_type=type_hints["sse_specification"])
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
-            "application_domain": application_domain,
             "attachment_type": attachment_type,
-            "domain_certificate_arn": domain_certificate_arn,
-            "endpoint_domain_prefix": endpoint_domain_prefix,
             "endpoint_type": endpoint_type,
             "verified_access_group_id": verified_access_group_id,
         }
+        if application_domain is not None:
+            self._values["application_domain"] = application_domain
+        if cidr_options is not None:
+            self._values["cidr_options"] = cidr_options
         if description is not None:
             self._values["description"] = description
+        if domain_certificate_arn is not None:
+            self._values["domain_certificate_arn"] = domain_certificate_arn
+        if endpoint_domain_prefix is not None:
+            self._values["endpoint_domain_prefix"] = endpoint_domain_prefix
         if load_balancer_options is not None:
             self._values["load_balancer_options"] = load_balancer_options
         if network_interface_options is not None:
@@ -63867,6 +64430,8 @@ class CfnVerifiedAccessEndpointProps:
             self._values["policy_document"] = policy_document
         if policy_enabled is not None:
             self._values["policy_enabled"] = policy_enabled
+        if rds_options is not None:
+            self._values["rds_options"] = rds_options
         if security_group_ids is not None:
             self._values["security_group_ids"] = security_group_ids
         if sse_specification is not None:
@@ -63874,16 +64439,6 @@ class CfnVerifiedAccessEndpointProps:
         if tags is not None:
             self._values["tags"] = tags
 
-    @builtins.property
-    def application_domain(self) -> builtins.str:
-        '''The DNS name for users to reach your application.
-
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-verifiedaccessendpoint.html#cfn-ec2-verifiedaccessendpoint-applicationdomain
-        '''
-        result = self._values.get("application_domain")
-        assert result is not None, "Required property 'application_domain' is missing"
-        return typing.cast(builtins.str, result)
-
     @builtins.property
     def attachment_type(self) -> builtins.str:
         '''The type of attachment used to provide connectivity between the AWS Verified Access endpoint and the application.
@@ -63894,26 +64449,6 @@ class CfnVerifiedAccessEndpointProps:
         assert result is not None, "Required property 'attachment_type' is missing"
         return typing.cast(builtins.str, result)
 
-    @builtins.property
-    def domain_certificate_arn(self) -> builtins.str:
-        '''The ARN of a public TLS/SSL certificate imported into or created with ACM.
-
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-verifiedaccessendpoint.html#cfn-ec2-verifiedaccessendpoint-domaincertificatearn
-        '''
-        result = self._values.get("domain_certificate_arn")
-        assert result is not None, "Required property 'domain_certificate_arn' is missing"
-        return typing.cast(builtins.str, result)
-
-    @builtins.property
-    def endpoint_domain_prefix(self) -> builtins.str:
-        '''A custom identifier that is prepended to the DNS name that is generated for the endpoint.
-
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-verifiedaccessendpoint.html#cfn-ec2-verifiedaccessendpoint-endpointdomainprefix
-        '''
-        result = self._values.get("endpoint_domain_prefix")
-        assert result is not None, "Required property 'endpoint_domain_prefix' is missing"
-        return typing.cast(builtins.str, result)
-
     @builtins.property
     def endpoint_type(self) -> builtins.str:
         '''The type of AWS Verified Access endpoint.
@@ -63936,6 +64471,26 @@ class CfnVerifiedAccessEndpointProps:
         assert result is not None, "Required property 'verified_access_group_id' is missing"
         return typing.cast(builtins.str, result)
 
+    @builtins.property
+    def application_domain(self) -> typing.Optional[builtins.str]:
+        '''The DNS name for users to reach your application.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-verifiedaccessendpoint.html#cfn-ec2-verifiedaccessendpoint-applicationdomain
+        '''
+        result = self._values.get("application_domain")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def cidr_options(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnVerifiedAccessEndpoint.CidrOptionsProperty]]:
+        '''The options for a CIDR endpoint.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-verifiedaccessendpoint.html#cfn-ec2-verifiedaccessendpoint-cidroptions
+        '''
+        result = self._values.get("cidr_options")
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, CfnVerifiedAccessEndpoint.CidrOptionsProperty]], result)
+
     @builtins.property
     def description(self) -> typing.Optional[builtins.str]:
         '''A description for the AWS Verified Access endpoint.
@@ -63945,6 +64500,24 @@ class CfnVerifiedAccessEndpointProps:
         result = self._values.get("description")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def domain_certificate_arn(self) -> typing.Optional[builtins.str]:
+        '''The ARN of a public TLS/SSL certificate imported into or created with ACM.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-verifiedaccessendpoint.html#cfn-ec2-verifiedaccessendpoint-domaincertificatearn
+        '''
+        result = self._values.get("domain_certificate_arn")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def endpoint_domain_prefix(self) -> typing.Optional[builtins.str]:
+        '''A custom identifier that is prepended to the DNS name that is generated for the endpoint.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-verifiedaccessendpoint.html#cfn-ec2-verifiedaccessendpoint-endpointdomainprefix
+        '''
+        result = self._values.get("endpoint_domain_prefix")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def load_balancer_options(
         self,
@@ -63987,6 +64560,17 @@ class CfnVerifiedAccessEndpointProps:
         result = self._values.get("policy_enabled")
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
 
+    @builtins.property
+    def rds_options(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnVerifiedAccessEndpoint.RdsOptionsProperty]]:
+        '''The options for an RDS endpoint.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-verifiedaccessendpoint.html#cfn-ec2-verifiedaccessendpoint-rdsoptions
+        '''
+        result = self._values.get("rds_options")
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, CfnVerifiedAccessEndpoint.RdsOptionsProperty]], result)
+
     @builtins.property
     def security_group_ids(self) -> typing.Optional[typing.List[builtins.str]]:
         '''The IDs of the security groups for the endpoint.
@@ -64527,6 +65111,7 @@ class CfnVerifiedAccessInstance(
         from aws_cdk import aws_ec2 as ec2
         
         cfn_verified_access_instance = ec2.CfnVerifiedAccessInstance(self, "MyCfnVerifiedAccessInstance",
+            cidr_endpoints_custom_sub_domain="cidrEndpointsCustomSubDomain",
             description="description",
             fips_enabled=False,
             logging_configurations=ec2.CfnVerifiedAccessInstance.VerifiedAccessLogsProperty(
@@ -64567,6 +65152,7 @@ class CfnVerifiedAccessInstance(
         scope: _constructs_77d1e7e8.Construct,
         id: builtins.str,
         *,
+        cidr_endpoints_custom_sub_domain: typing.Optional[builtins.str] = None,
         description: typing.Optional[builtins.str] = None,
         fips_enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         logging_configurations: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnVerifiedAccessInstance.VerifiedAccessLogsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -64577,6 +65163,7 @@ class CfnVerifiedAccessInstance(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
+        :param cidr_endpoints_custom_sub_domain: The custom subdomain.
         :param description: A description for the AWS Verified Access instance.
         :param fips_enabled: Indicates whether support for Federal Information Processing Standards (FIPS) is enabled on the instance.
         :param logging_configurations: The logging configuration for the Verified Access instances.
@@ -64589,6 +65176,7 @@ class CfnVerifiedAccessInstance(
             check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         props = CfnVerifiedAccessInstanceProps(
+            cidr_endpoints_custom_sub_domain=cidr_endpoints_custom_sub_domain,
             description=description,
             fips_enabled=fips_enabled,
             logging_configurations=logging_configurations,
@@ -64629,6 +65217,17 @@ class CfnVerifiedAccessInstance(
         '''The CloudFormation resource type name for this resource class.'''
         return typing.cast(builtins.str, jsii.sget(cls, "CFN_RESOURCE_TYPE_NAME"))
 
+    @builtins.property
+    @jsii.member(jsii_name="attrCidrEndpointsCustomSubDomainNameServers")
+    def attr_cidr_endpoints_custom_sub_domain_name_servers(
+        self,
+    ) -> typing.List[builtins.str]:
+        '''Property to represent the name servers assoicated with the domain that AVA manages (say, ['ns1.amazonaws.com', 'ns2.amazonaws.com', 'ns3.amazonaws.com', 'ns4.amazonaws.com']).
+
+        :cloudformationAttribute: CidrEndpointsCustomSubDomainNameServers
+        '''
+        return typing.cast(typing.List[builtins.str], jsii.get(self, "attrCidrEndpointsCustomSubDomainNameServers"))
+
     @builtins.property
     @jsii.member(jsii_name="attrCreationTime")
     def attr_creation_time(self) -> builtins.str:
@@ -64667,6 +65266,22 @@ class CfnVerifiedAccessInstance(
         '''Tag Manager which manages the tags for this resource.'''
         return typing.cast(_TagManager_0a598cb3, jsii.get(self, "tags"))
 
+    @builtins.property
+    @jsii.member(jsii_name="cidrEndpointsCustomSubDomain")
+    def cidr_endpoints_custom_sub_domain(self) -> typing.Optional[builtins.str]:
+        '''The custom subdomain.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "cidrEndpointsCustomSubDomain"))
+
+    @cidr_endpoints_custom_sub_domain.setter
+    def cidr_endpoints_custom_sub_domain(
+        self,
+        value: typing.Optional[builtins.str],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__3448e803dabba9774e7b7492ef1b28e3424db8c132d0424e38e9c949f6517948)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "cidrEndpointsCustomSubDomain", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="description")
     def description(self) -> typing.Optional[builtins.str]:
@@ -65286,6 +65901,7 @@ class CfnVerifiedAccessInstance(
     jsii_type="aws-cdk-lib.aws_ec2.CfnVerifiedAccessInstanceProps",
     jsii_struct_bases=[],
     name_mapping={
+        "cidr_endpoints_custom_sub_domain": "cidrEndpointsCustomSubDomain",
         "description": "description",
         "fips_enabled": "fipsEnabled",
         "logging_configurations": "loggingConfigurations",
@@ -65298,6 +65914,7 @@ class CfnVerifiedAccessInstanceProps:
     def __init__(
         self,
         *,
+        cidr_endpoints_custom_sub_domain: typing.Optional[builtins.str] = None,
         description: typing.Optional[builtins.str] = None,
         fips_enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         logging_configurations: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessInstance.VerifiedAccessLogsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -65307,6 +65924,7 @@ class CfnVerifiedAccessInstanceProps:
     ) -> None:
         '''Properties for defining a ``CfnVerifiedAccessInstance``.
 
+        :param cidr_endpoints_custom_sub_domain: The custom subdomain.
         :param description: A description for the AWS Verified Access instance.
         :param fips_enabled: Indicates whether support for Federal Information Processing Standards (FIPS) is enabled on the instance.
         :param logging_configurations: The logging configuration for the Verified Access instances.
@@ -65324,6 +65942,7 @@ class CfnVerifiedAccessInstanceProps:
             from aws_cdk import aws_ec2 as ec2
             
             cfn_verified_access_instance_props = ec2.CfnVerifiedAccessInstanceProps(
+                cidr_endpoints_custom_sub_domain="cidrEndpointsCustomSubDomain",
                 description="description",
                 fips_enabled=False,
                 logging_configurations=ec2.CfnVerifiedAccessInstance.VerifiedAccessLogsProperty(
@@ -65360,6 +65979,7 @@ class CfnVerifiedAccessInstanceProps:
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__d9a24ec455946fcefd05480c5a9ec8b48ab899be4d2ad63a1acb976abdf7df46)
+            check_type(argname="argument cidr_endpoints_custom_sub_domain", value=cidr_endpoints_custom_sub_domain, expected_type=type_hints["cidr_endpoints_custom_sub_domain"])
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
             check_type(argname="argument fips_enabled", value=fips_enabled, expected_type=type_hints["fips_enabled"])
             check_type(argname="argument logging_configurations", value=logging_configurations, expected_type=type_hints["logging_configurations"])
@@ -65367,6 +65987,8 @@ class CfnVerifiedAccessInstanceProps:
             check_type(argname="argument verified_access_trust_provider_ids", value=verified_access_trust_provider_ids, expected_type=type_hints["verified_access_trust_provider_ids"])
             check_type(argname="argument verified_access_trust_providers", value=verified_access_trust_providers, expected_type=type_hints["verified_access_trust_providers"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
+        if cidr_endpoints_custom_sub_domain is not None:
+            self._values["cidr_endpoints_custom_sub_domain"] = cidr_endpoints_custom_sub_domain
         if description is not None:
             self._values["description"] = description
         if fips_enabled is not None:
@@ -65380,6 +66002,15 @@ class CfnVerifiedAccessInstanceProps:
         if verified_access_trust_providers is not None:
             self._values["verified_access_trust_providers"] = verified_access_trust_providers
 
+    @builtins.property
+    def cidr_endpoints_custom_sub_domain(self) -> typing.Optional[builtins.str]:
+        '''The custom subdomain.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-verifiedaccessinstance.html#cfn-ec2-verifiedaccessinstance-cidrendpointscustomsubdomain
+        '''
+        result = self._values.get("cidr_endpoints_custom_sub_domain")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def description(self) -> typing.Optional[builtins.str]:
         '''A description for the AWS Verified Access instance.
@@ -65485,6 +66116,16 @@ class CfnVerifiedAccessTrustProvider(
                 tenant_id="tenantId"
             ),
             device_trust_provider_type="deviceTrustProviderType",
+            native_application_oidc_options=ec2.CfnVerifiedAccessTrustProvider.NativeApplicationOidcOptionsProperty(
+                authorization_endpoint="authorizationEndpoint",
+                client_id="clientId",
+                client_secret="clientSecret",
+                issuer="issuer",
+                public_signing_key_endpoint="publicSigningKeyEndpoint",
+                scope="scope",
+                token_endpoint="tokenEndpoint",
+                user_info_endpoint="userInfoEndpoint"
+            ),
             oidc_options=ec2.CfnVerifiedAccessTrustProvider.OidcOptionsProperty(
                 authorization_endpoint="authorizationEndpoint",
                 client_id="clientId",
@@ -65516,6 +66157,7 @@ class CfnVerifiedAccessTrustProvider(
         description: typing.Optional[builtins.str] = None,
         device_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnVerifiedAccessTrustProvider.DeviceOptionsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         device_trust_provider_type: typing.Optional[builtins.str] = None,
+        native_application_oidc_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnVerifiedAccessTrustProvider.NativeApplicationOidcOptionsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         oidc_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnVerifiedAccessTrustProvider.OidcOptionsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         sse_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnVerifiedAccessTrustProvider.SseSpecificationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -65529,6 +66171,7 @@ class CfnVerifiedAccessTrustProvider(
         :param description: A description for the AWS Verified Access trust provider.
         :param device_options: The options for device-identity trust provider.
         :param device_trust_provider_type: The type of device-based trust provider.
+        :param native_application_oidc_options: The OpenID Connect (OIDC) options.
         :param oidc_options: The options for an OpenID Connect-compatible user-identity trust provider.
         :param sse_specification: The options for additional server side encryption.
         :param tags: The tags.
@@ -65544,6 +66187,7 @@ class CfnVerifiedAccessTrustProvider(
             description=description,
             device_options=device_options,
             device_trust_provider_type=device_trust_provider_type,
+            native_application_oidc_options=native_application_oidc_options,
             oidc_options=oidc_options,
             sse_specification=sse_specification,
             tags=tags,
@@ -65690,6 +66334,24 @@ class CfnVerifiedAccessTrustProvider(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "deviceTrustProviderType", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="nativeApplicationOidcOptions")
+    def native_application_oidc_options(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnVerifiedAccessTrustProvider.NativeApplicationOidcOptionsProperty"]]:
+        '''The OpenID Connect (OIDC) options.'''
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnVerifiedAccessTrustProvider.NativeApplicationOidcOptionsProperty"]], jsii.get(self, "nativeApplicationOidcOptions"))
+
+    @native_application_oidc_options.setter
+    def native_application_oidc_options(
+        self,
+        value: typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnVerifiedAccessTrustProvider.NativeApplicationOidcOptionsProperty"]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__a19babfcaf12861d8da4710896c25acd65a9ceb94d68196b6ad7990a0e71fa6a)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "nativeApplicationOidcOptions", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="oidcOptions")
     def oidc_options(
@@ -65825,6 +66487,175 @@ class CfnVerifiedAccessTrustProvider(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_ec2.CfnVerifiedAccessTrustProvider.NativeApplicationOidcOptionsProperty",
+        jsii_struct_bases=[],
+        name_mapping={
+            "authorization_endpoint": "authorizationEndpoint",
+            "client_id": "clientId",
+            "client_secret": "clientSecret",
+            "issuer": "issuer",
+            "public_signing_key_endpoint": "publicSigningKeyEndpoint",
+            "scope": "scope",
+            "token_endpoint": "tokenEndpoint",
+            "user_info_endpoint": "userInfoEndpoint",
+        },
+    )
+    class NativeApplicationOidcOptionsProperty:
+        def __init__(
+            self,
+            *,
+            authorization_endpoint: typing.Optional[builtins.str] = None,
+            client_id: typing.Optional[builtins.str] = None,
+            client_secret: typing.Optional[builtins.str] = None,
+            issuer: typing.Optional[builtins.str] = None,
+            public_signing_key_endpoint: typing.Optional[builtins.str] = None,
+            scope: typing.Optional[builtins.str] = None,
+            token_endpoint: typing.Optional[builtins.str] = None,
+            user_info_endpoint: typing.Optional[builtins.str] = None,
+        ) -> None:
+            '''Describes the OpenID Connect (OIDC) options.
+
+            :param authorization_endpoint: The authorization endpoint of the IdP.
+            :param client_id: The OAuth 2.0 client identifier.
+            :param client_secret: The client secret.
+            :param issuer: The OIDC issuer identifier of the IdP.
+            :param public_signing_key_endpoint: The public signing key endpoint.
+            :param scope: The set of user claims to be requested from the IdP.
+            :param token_endpoint: The token endpoint of the IdP.
+            :param user_info_endpoint: The user info endpoint of the IdP.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_ec2 as ec2
+                
+                native_application_oidc_options_property = ec2.CfnVerifiedAccessTrustProvider.NativeApplicationOidcOptionsProperty(
+                    authorization_endpoint="authorizationEndpoint",
+                    client_id="clientId",
+                    client_secret="clientSecret",
+                    issuer="issuer",
+                    public_signing_key_endpoint="publicSigningKeyEndpoint",
+                    scope="scope",
+                    token_endpoint="tokenEndpoint",
+                    user_info_endpoint="userInfoEndpoint"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__5c206bc52aa945d69e4f73ab5f629575d922ab0ab8d447140631e1dfaa161aad)
+                check_type(argname="argument authorization_endpoint", value=authorization_endpoint, expected_type=type_hints["authorization_endpoint"])
+                check_type(argname="argument client_id", value=client_id, expected_type=type_hints["client_id"])
+                check_type(argname="argument client_secret", value=client_secret, expected_type=type_hints["client_secret"])
+                check_type(argname="argument issuer", value=issuer, expected_type=type_hints["issuer"])
+                check_type(argname="argument public_signing_key_endpoint", value=public_signing_key_endpoint, expected_type=type_hints["public_signing_key_endpoint"])
+                check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+                check_type(argname="argument token_endpoint", value=token_endpoint, expected_type=type_hints["token_endpoint"])
+                check_type(argname="argument user_info_endpoint", value=user_info_endpoint, expected_type=type_hints["user_info_endpoint"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if authorization_endpoint is not None:
+                self._values["authorization_endpoint"] = authorization_endpoint
+            if client_id is not None:
+                self._values["client_id"] = client_id
+            if client_secret is not None:
+                self._values["client_secret"] = client_secret
+            if issuer is not None:
+                self._values["issuer"] = issuer
+            if public_signing_key_endpoint is not None:
+                self._values["public_signing_key_endpoint"] = public_signing_key_endpoint
+            if scope is not None:
+                self._values["scope"] = scope
+            if token_endpoint is not None:
+                self._values["token_endpoint"] = token_endpoint
+            if user_info_endpoint is not None:
+                self._values["user_info_endpoint"] = user_info_endpoint
+
+        @builtins.property
+        def authorization_endpoint(self) -> typing.Optional[builtins.str]:
+            '''The authorization endpoint of the IdP.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions-authorizationendpoint
+            '''
+            result = self._values.get("authorization_endpoint")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def client_id(self) -> typing.Optional[builtins.str]:
+            '''The OAuth 2.0 client identifier.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions-clientid
+            '''
+            result = self._values.get("client_id")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def client_secret(self) -> typing.Optional[builtins.str]:
+            '''The client secret.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions-clientsecret
+            '''
+            result = self._values.get("client_secret")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def issuer(self) -> typing.Optional[builtins.str]:
+            '''The OIDC issuer identifier of the IdP.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions-issuer
+            '''
+            result = self._values.get("issuer")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def public_signing_key_endpoint(self) -> typing.Optional[builtins.str]:
+            '''The public signing key endpoint.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions-publicsigningkeyendpoint
+            '''
+            result = self._values.get("public_signing_key_endpoint")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def scope(self) -> typing.Optional[builtins.str]:
+            '''The set of user claims to be requested from the IdP.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions-scope
+            '''
+            result = self._values.get("scope")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def token_endpoint(self) -> typing.Optional[builtins.str]:
+            '''The token endpoint of the IdP.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions-tokenendpoint
+            '''
+            result = self._values.get("token_endpoint")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def user_info_endpoint(self) -> typing.Optional[builtins.str]:
+            '''The user info endpoint of the IdP.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions-userinfoendpoint
+            '''
+            result = self._values.get("user_info_endpoint")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "NativeApplicationOidcOptionsProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_ec2.CfnVerifiedAccessTrustProvider.OidcOptionsProperty",
         jsii_struct_bases=[],
@@ -66067,6 +66898,7 @@ class CfnVerifiedAccessTrustProvider(
         "description": "description",
         "device_options": "deviceOptions",
         "device_trust_provider_type": "deviceTrustProviderType",
+        "native_application_oidc_options": "nativeApplicationOidcOptions",
         "oidc_options": "oidcOptions",
         "sse_specification": "sseSpecification",
         "tags": "tags",
@@ -66082,6 +66914,7 @@ class CfnVerifiedAccessTrustProviderProps:
         description: typing.Optional[builtins.str] = None,
         device_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessTrustProvider.DeviceOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         device_trust_provider_type: typing.Optional[builtins.str] = None,
+        native_application_oidc_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessTrustProvider.NativeApplicationOidcOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         oidc_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessTrustProvider.OidcOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         sse_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessTrustProvider.SseSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -66094,6 +66927,7 @@ class CfnVerifiedAccessTrustProviderProps:
         :param description: A description for the AWS Verified Access trust provider.
         :param device_options: The options for device-identity trust provider.
         :param device_trust_provider_type: The type of device-based trust provider.
+        :param native_application_oidc_options: The OpenID Connect (OIDC) options.
         :param oidc_options: The options for an OpenID Connect-compatible user-identity trust provider.
         :param sse_specification: The options for additional server side encryption.
         :param tags: The tags.
@@ -66119,6 +66953,16 @@ class CfnVerifiedAccessTrustProviderProps:
                     tenant_id="tenantId"
                 ),
                 device_trust_provider_type="deviceTrustProviderType",
+                native_application_oidc_options=ec2.CfnVerifiedAccessTrustProvider.NativeApplicationOidcOptionsProperty(
+                    authorization_endpoint="authorizationEndpoint",
+                    client_id="clientId",
+                    client_secret="clientSecret",
+                    issuer="issuer",
+                    public_signing_key_endpoint="publicSigningKeyEndpoint",
+                    scope="scope",
+                    token_endpoint="tokenEndpoint",
+                    user_info_endpoint="userInfoEndpoint"
+                ),
                 oidc_options=ec2.CfnVerifiedAccessTrustProvider.OidcOptionsProperty(
                     authorization_endpoint="authorizationEndpoint",
                     client_id="clientId",
@@ -66146,6 +66990,7 @@ class CfnVerifiedAccessTrustProviderProps:
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
             check_type(argname="argument device_options", value=device_options, expected_type=type_hints["device_options"])
             check_type(argname="argument device_trust_provider_type", value=device_trust_provider_type, expected_type=type_hints["device_trust_provider_type"])
+            check_type(argname="argument native_application_oidc_options", value=native_application_oidc_options, expected_type=type_hints["native_application_oidc_options"])
             check_type(argname="argument oidc_options", value=oidc_options, expected_type=type_hints["oidc_options"])
             check_type(argname="argument sse_specification", value=sse_specification, expected_type=type_hints["sse_specification"])
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
@@ -66160,6 +67005,8 @@ class CfnVerifiedAccessTrustProviderProps:
             self._values["device_options"] = device_options
         if device_trust_provider_type is not None:
             self._values["device_trust_provider_type"] = device_trust_provider_type
+        if native_application_oidc_options is not None:
+            self._values["native_application_oidc_options"] = native_application_oidc_options
         if oidc_options is not None:
             self._values["oidc_options"] = oidc_options
         if sse_specification is not None:
@@ -66218,6 +67065,17 @@ class CfnVerifiedAccessTrustProviderProps:
         result = self._values.get("device_trust_provider_type")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def native_application_oidc_options(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnVerifiedAccessTrustProvider.NativeApplicationOidcOptionsProperty]]:
+        '''The OpenID Connect (OIDC) options.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-verifiedaccesstrustprovider.html#cfn-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions
+        '''
+        result = self._values.get("native_application_oidc_options")
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, CfnVerifiedAccessTrustProvider.NativeApplicationOidcOptionsProperty]], result)
+
     @builtins.property
     def oidc_options(
         self,
@@ -78827,6 +79685,11 @@ class InterfaceVpcEndpointAwsService(
     def KAFKA(cls) -> "InterfaceVpcEndpointAwsService":
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "KAFKA"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="KAFKA_CONNECT")
+    def KAFKA_CONNECT(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "KAFKA_CONNECT"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="KAFKA_FIPS")
     def KAFKA_FIPS(cls) -> "InterfaceVpcEndpointAwsService":
@@ -98254,7 +99117,7 @@ class ClientVpnEndpoint(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_ec2.ClientVpnEndpoint",
 ):
-    '''A client VPN connnection.
+    '''A client VPN connection.
 
     :exampleMetadata: fixture=client-vpn infused
 
@@ -99311,10 +100174,11 @@ def _typecheckingstub__96fb3bc559aaa9df971e86ea7cdd3cdc3de550019a2d3bf247d3fb169
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
     *,
-    availability_zone: builtins.str,
     instance_count: jsii.Number,
     instance_platform: builtins.str,
     instance_type: builtins.str,
+    availability_zone: typing.Optional[builtins.str] = None,
+    availability_zone_id: typing.Optional[builtins.str] = None,
     ebs_optimized: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     end_date: typing.Optional[builtins.str] = None,
     end_date_type: typing.Optional[builtins.str] = None,
@@ -99322,7 +100186,7 @@ def _typecheckingstub__96fb3bc559aaa9df971e86ea7cdd3cdc3de550019a2d3bf247d3fb169
     instance_match_criteria: typing.Optional[builtins.str] = None,
     out_post_arn: typing.Optional[builtins.str] = None,
     placement_group_arn: typing.Optional[builtins.str] = None,
-    tag_specifications: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnCapacityReservation.TagSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+    tag_specifications: typing.Optional[typing.Sequence[typing.Union[CfnCapacityReservation.TagSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     tenancy: typing.Optional[builtins.str] = None,
     unused_reservation_billing_owner_id: typing.Optional[builtins.str] = None,
 ) -> None:
@@ -99341,12 +100205,6 @@ def _typecheckingstub__4b837e3858811127cec4a1a49ef5fbc9c4920b9ca228950a0e8797ab4
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__c78e4680a157e3466009de77e8aa625d8cf7fee8e6f0094ed98d312434e17d0f(
-    value: builtins.str,
-) -> None:
-    """Type checking stubs"""
-    pass
-
 def _typecheckingstub__22b368a04915e99dd5744c69aee4e5f18ce694f374f86d57efdd11669b182094(
     value: jsii.Number,
 ) -> None:
@@ -99365,6 +100223,18 @@ def _typecheckingstub__77123d0c19c0832f7509cd76b26aa9299b7596606999f89281b470a4f
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__c78e4680a157e3466009de77e8aa625d8cf7fee8e6f0094ed98d312434e17d0f(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__3491534eeb43f169595d5744c952b4e6e91b59d668a8f0213de96d7e46d772f0(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__678dbc8559016cf13cc067fc0b1a2efbca67b43c58a19ad6cb861f9f92eaffde(
     value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
 ) -> None:
@@ -99408,7 +100278,7 @@ def _typecheckingstub__16fa52eb55faf78ebc17e0e8d27a241715110e3c4255fe91c5b59c36a
     pass
 
 def _typecheckingstub__d2d4ed674b30189cbf7b11b79e68ea556b2b7c9921a4d61f7610b58d25fed8ca(
-    value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnCapacityReservation.TagSpecificationProperty]]]],
+    value: typing.Optional[typing.List[CfnCapacityReservation.TagSpecificationProperty]],
 ) -> None:
     """Type checking stubs"""
     pass
@@ -99554,10 +100424,11 @@ def _typecheckingstub__43bd0a52cfe7402bf156151a3e760ed1bd133935bd29982a3798f854c
 
 def _typecheckingstub__8a65d4e8bb2e678a9a6387fd809c3b5428c783211224ece5155ec92d1eda301d(
     *,
-    availability_zone: builtins.str,
     instance_count: jsii.Number,
     instance_platform: builtins.str,
     instance_type: builtins.str,
+    availability_zone: typing.Optional[builtins.str] = None,
+    availability_zone_id: typing.Optional[builtins.str] = None,
     ebs_optimized: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     end_date: typing.Optional[builtins.str] = None,
     end_date_type: typing.Optional[builtins.str] = None,
@@ -99565,7 +100436,7 @@ def _typecheckingstub__8a65d4e8bb2e678a9a6387fd809c3b5428c783211224ece5155ec92d1
     instance_match_criteria: typing.Optional[builtins.str] = None,
     out_post_arn: typing.Optional[builtins.str] = None,
     placement_group_arn: typing.Optional[builtins.str] = None,
-    tag_specifications: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnCapacityReservation.TagSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+    tag_specifications: typing.Optional[typing.Sequence[typing.Union[CfnCapacityReservation.TagSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     tenancy: typing.Optional[builtins.str] = None,
     unused_reservation_billing_owner_id: typing.Optional[builtins.str] = None,
 ) -> None:
@@ -99691,6 +100562,7 @@ def _typecheckingstub__1880bffa9253aaedfa6af6175da6262a96ea34dadf82dc678a1eef91c
     client_connect_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnClientVpnEndpoint.ClientConnectOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     client_login_banner_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnClientVpnEndpoint.ClientLoginBannerOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     description: typing.Optional[builtins.str] = None,
+    disconnect_on_session_timeout: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
     security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
     self_service_portal: typing.Optional[builtins.str] = None,
@@ -99758,6 +100630,12 @@ def _typecheckingstub__bb1d5fb0102c1b6de24ad13acfc13837ec5422291e23048395fe03350
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__7a04e648e3ab2786626daca4bea9d7e5d9f8fd502183ea90643aafd9a31a5f2c(
+    value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__1ebcac79eb30395bbcc38271559390a74d75a7ae45dfe368c2cd3b996b81b462(
     value: typing.Optional[typing.List[builtins.str]],
 ) -> None:
@@ -99886,6 +100764,7 @@ def _typecheckingstub__05994467e800c33b4a01e884b4b20bef2569d710f5dc323617cd814e5
     client_connect_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnClientVpnEndpoint.ClientConnectOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     client_login_banner_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnClientVpnEndpoint.ClientLoginBannerOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     description: typing.Optional[builtins.str] = None,
+    disconnect_on_session_timeout: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
     security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
     self_service_portal: typing.Optional[builtins.str] = None,
@@ -107738,17 +108617,19 @@ def _typecheckingstub__4d36b12d1ab3c67a3dfcd9bfed6cbbcb2f1267d23c43d3209213bf009
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
     *,
-    application_domain: builtins.str,
     attachment_type: builtins.str,
-    domain_certificate_arn: builtins.str,
-    endpoint_domain_prefix: builtins.str,
     endpoint_type: builtins.str,
     verified_access_group_id: builtins.str,
+    application_domain: typing.Optional[builtins.str] = None,
+    cidr_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessEndpoint.CidrOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     description: typing.Optional[builtins.str] = None,
+    domain_certificate_arn: typing.Optional[builtins.str] = None,
+    endpoint_domain_prefix: typing.Optional[builtins.str] = None,
     load_balancer_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessEndpoint.LoadBalancerOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     network_interface_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessEndpoint.NetworkInterfaceOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     policy_document: typing.Optional[builtins.str] = None,
     policy_enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+    rds_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessEndpoint.RdsOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
     sse_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessEndpoint.SseSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -107768,43 +108649,49 @@ def _typecheckingstub__bc2a2c5e187d55f32f86bed24144fa2c14723e28c2c028062d6941f44
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__b28061f28b3f28be486d48f7dc7fd621f3103258eb9e7885ff475e46e5fd902b(
+def _typecheckingstub__1d10e167e554b430eb1ac5650dc7e833d44fb08c080f0db7bddc1e8a7fc72cb1(
     value: builtins.str,
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__1d10e167e554b430eb1ac5650dc7e833d44fb08c080f0db7bddc1e8a7fc72cb1(
+def _typecheckingstub__e1c912930012351cff79ab0fb5325f42f80c3484801d0cbe19a20d7a19cd8f3a(
     value: builtins.str,
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__efc1ee2a591d8925ff2f8ca9eaba761d65c8b57e365164d2a86e578e910f175f(
+def _typecheckingstub__89c39e6200e18904b3557bcd57dab1d8a26e87af526f5462ad34ddbffada9d08(
     value: builtins.str,
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__ff9d0e5773a8d9ea22993cc66220368ac095ea17382c558d7190b96a647f458f(
-    value: builtins.str,
+def _typecheckingstub__b28061f28b3f28be486d48f7dc7fd621f3103258eb9e7885ff475e46e5fd902b(
+    value: typing.Optional[builtins.str],
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__e1c912930012351cff79ab0fb5325f42f80c3484801d0cbe19a20d7a19cd8f3a(
-    value: builtins.str,
+def _typecheckingstub__2962dac3960398d69fb7ac9839727efce1ad5405f068e725a9f41e9e8c48552a(
+    value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnVerifiedAccessEndpoint.CidrOptionsProperty]],
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__89c39e6200e18904b3557bcd57dab1d8a26e87af526f5462ad34ddbffada9d08(
-    value: builtins.str,
+def _typecheckingstub__d4d12173aa39d537b02fbd1df1f0478890f6c89c75db9f7940f5afee0f771734(
+    value: typing.Optional[builtins.str],
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__d4d12173aa39d537b02fbd1df1f0478890f6c89c75db9f7940f5afee0f771734(
+def _typecheckingstub__efc1ee2a591d8925ff2f8ca9eaba761d65c8b57e365164d2a86e578e910f175f(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__ff9d0e5773a8d9ea22993cc66220368ac095ea17382c558d7190b96a647f458f(
     value: typing.Optional[builtins.str],
 ) -> None:
     """Type checking stubs"""
@@ -107834,6 +108721,12 @@ def _typecheckingstub__d544f882cc7fa74d192a81ca201822cd80d9f91a6c0680be92961c818
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__a912f808eff9a847eb56334d2df19bc7f437ffc6f1b217c0836ef2f6397dfd6c(
+    value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnVerifiedAccessEndpoint.RdsOptionsProperty]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__102770719c6031007d664c25a6414989d2e114f24811888a51575fc6a9fbbea8(
     value: typing.Optional[typing.List[builtins.str]],
 ) -> None:
@@ -107852,10 +108745,21 @@ def _typecheckingstub__b3d819c87bb8f385fc1e857a7fa5b0c4d1892fee609cc4cc3aa402645
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__23c52461363ac544508e25c4abd78eefe3541bba29d66ed3b2861949b0f67c1c(
+    *,
+    cidr: typing.Optional[builtins.str] = None,
+    port_ranges: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessEndpoint.PortRangeProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+    protocol: typing.Optional[builtins.str] = None,
+    subnet_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__748e5ad8bcd3de0f9d4460d24ba08621e5769f4aa625427a31af6f4cfad10c64(
     *,
     load_balancer_arn: typing.Optional[builtins.str] = None,
     port: typing.Optional[jsii.Number] = None,
+    port_ranges: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessEndpoint.PortRangeProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     protocol: typing.Optional[builtins.str] = None,
     subnet_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
 ) -> None:
@@ -107866,11 +108770,33 @@ def _typecheckingstub__87a3b1db27ee0d26aa10f209574558cadfa966a187d72396dc2453f49
     *,
     network_interface_id: typing.Optional[builtins.str] = None,
     port: typing.Optional[jsii.Number] = None,
+    port_ranges: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessEndpoint.PortRangeProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     protocol: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__d7afca99a963532ddc95e640bb20b45750c4dabaa33fd2123aa2480165409544(
+    *,
+    from_port: typing.Optional[jsii.Number] = None,
+    to_port: typing.Optional[jsii.Number] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__217add2f23506262e3f92eedf9ff65affe5c95dd71451ad448b5a12db367d5f1(
+    *,
+    port: typing.Optional[jsii.Number] = None,
+    protocol: typing.Optional[builtins.str] = None,
+    rds_db_cluster_arn: typing.Optional[builtins.str] = None,
+    rds_db_instance_arn: typing.Optional[builtins.str] = None,
+    rds_db_proxy_arn: typing.Optional[builtins.str] = None,
+    rds_endpoint: typing.Optional[builtins.str] = None,
+    subnet_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__02c635a2da8a4b8f86f38bec4cdb7864386d5f2c0ddad83ce923502ececa7167(
     *,
     customer_managed_key_enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
@@ -107881,17 +108807,19 @@ def _typecheckingstub__02c635a2da8a4b8f86f38bec4cdb7864386d5f2c0ddad83ce923502ec
 
 def _typecheckingstub__a6b5fcbc7d5ca5da1405e117289abdd54dfab30dc79e867da0da32239d886ee5(
     *,
-    application_domain: builtins.str,
     attachment_type: builtins.str,
-    domain_certificate_arn: builtins.str,
-    endpoint_domain_prefix: builtins.str,
     endpoint_type: builtins.str,
     verified_access_group_id: builtins.str,
+    application_domain: typing.Optional[builtins.str] = None,
+    cidr_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessEndpoint.CidrOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     description: typing.Optional[builtins.str] = None,
+    domain_certificate_arn: typing.Optional[builtins.str] = None,
+    endpoint_domain_prefix: typing.Optional[builtins.str] = None,
     load_balancer_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessEndpoint.LoadBalancerOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     network_interface_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessEndpoint.NetworkInterfaceOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     policy_document: typing.Optional[builtins.str] = None,
     policy_enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+    rds_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessEndpoint.RdsOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
     sse_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessEndpoint.SseSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -107985,6 +108913,7 @@ def _typecheckingstub__210b67953502d567079f8663990436a4ba8d53414d251da116ccd8eac
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
     *,
+    cidr_endpoints_custom_sub_domain: typing.Optional[builtins.str] = None,
     description: typing.Optional[builtins.str] = None,
     fips_enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     logging_configurations: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessInstance.VerifiedAccessLogsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -108007,6 +108936,12 @@ def _typecheckingstub__0310f5df079f4d94843fdb4879da8562ae3108d66ec4cd10201c900af
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__3448e803dabba9774e7b7492ef1b28e3424db8c132d0424e38e9c949f6517948(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__0ba3dd03cf8f2db417bb16a3849e48282d3bd41790a0db527717302f3459305f(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -108093,6 +109028,7 @@ def _typecheckingstub__aa1b1a9d00743fb82589cb1d8f7514bfaa414568bff92a69bc361d830
 
 def _typecheckingstub__d9a24ec455946fcefd05480c5a9ec8b48ab899be4d2ad63a1acb976abdf7df46(
     *,
+    cidr_endpoints_custom_sub_domain: typing.Optional[builtins.str] = None,
     description: typing.Optional[builtins.str] = None,
     fips_enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     logging_configurations: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessInstance.VerifiedAccessLogsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -108112,6 +109048,7 @@ def _typecheckingstub__e7fe983b5e05e5227bb52a4924627b4c6164af2055ac21783dbe757c2
     description: typing.Optional[builtins.str] = None,
     device_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessTrustProvider.DeviceOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     device_trust_provider_type: typing.Optional[builtins.str] = None,
+    native_application_oidc_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessTrustProvider.NativeApplicationOidcOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     oidc_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessTrustProvider.OidcOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     sse_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessTrustProvider.SseSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -108162,6 +109099,12 @@ def _typecheckingstub__86233e326be8a89b76683cacdc12855026065941b80a6573d40ec5ed9
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__a19babfcaf12861d8da4710896c25acd65a9ceb94d68196b6ad7990a0e71fa6a(
+    value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnVerifiedAccessTrustProvider.NativeApplicationOidcOptionsProperty]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__b3732e232bbcf8298bc1fd1eb5a3f0b56a229a30c2b1db74d6c78fcfc80e5e77(
     value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnVerifiedAccessTrustProvider.OidcOptionsProperty]],
 ) -> None:
@@ -108194,6 +109137,20 @@ def _typecheckingstub__ff8d5f091c9e68a3470f9e83329b9ea9e8e9c3d69327e30f7c804de09
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__5c206bc52aa945d69e4f73ab5f629575d922ab0ab8d447140631e1dfaa161aad(
+    *,
+    authorization_endpoint: typing.Optional[builtins.str] = None,
+    client_id: typing.Optional[builtins.str] = None,
+    client_secret: typing.Optional[builtins.str] = None,
+    issuer: typing.Optional[builtins.str] = None,
+    public_signing_key_endpoint: typing.Optional[builtins.str] = None,
+    scope: typing.Optional[builtins.str] = None,
+    token_endpoint: typing.Optional[builtins.str] = None,
+    user_info_endpoint: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__c7104c0ccee8d56cc5467c88b16f90245f04363672ad962c4ba9a01b66966498(
     *,
     authorization_endpoint: typing.Optional[builtins.str] = None,
@@ -108222,6 +109179,7 @@ def _typecheckingstub__a76a73a6fde22e9c9fa58fb20740e000e9153307f66b7f13cb4d7fe8b
     description: typing.Optional[builtins.str] = None,
     device_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessTrustProvider.DeviceOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     device_trust_provider_type: typing.Optional[builtins.str] = None,
+    native_application_oidc_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessTrustProvider.NativeApplicationOidcOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     oidc_options: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessTrustProvider.OidcOptionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     sse_specification: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnVerifiedAccessTrustProvider.SseSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,