PyPI - aws-cdk-lib - Versions diffs - 2.177.0__py3-none-any.whl → 2.178.1__py3-none-any.whl - Mend

aws-cdk-lib 2.177.0py3-none-any.whl → 2.178.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (111) hide show

aws_cdk/__init__.py +95 -61
aws_cdk/_jsii/__init__.py +1 -1
aws_cdk/_jsii/{aws-cdk-lib@2.177.0.jsii.tgz → aws-cdk-lib@2.178.1.jsii.tgz} +0 -0
aws_cdk/aws_amplifyuibuilder/__init__.py +8 -8
aws_cdk/aws_apigateway/__init__.py +97 -97
aws_cdk/aws_apigatewayv2/__init__.py +35 -10
aws_cdk/aws_appconfig/__init__.py +10 -10
aws_cdk/aws_appflow/__init__.py +20 -20
aws_cdk/aws_applicationsignals/__init__.py +8 -8
aws_cdk/aws_appmesh/__init__.py +8 -8
aws_cdk/aws_appsync/__init__.py +10383 -7035
aws_cdk/aws_apptest/__init__.py +4 -4
aws_cdk/aws_aps/__init__.py +135 -0
aws_cdk/aws_athena/__init__.py +10 -10
aws_cdk/aws_backup/__init__.py +14 -14
aws_cdk/aws_batch/__init__.py +185 -22
aws_cdk/aws_bcmdataexports/__init__.py +4 -4
aws_cdk/aws_bedrock/__init__.py +266 -177
aws_cdk/aws_certificatemanager/__init__.py +15 -14
aws_cdk/aws_chatbot/__init__.py +4 -4
aws_cdk/aws_cloudformation/__init__.py +22 -18
aws_cdk/aws_cloudfront/__init__.py +674 -7
aws_cdk/aws_cloudfront_origins/__init__.py +40 -0
aws_cdk/aws_cloudtrail/__init__.py +4 -4
aws_cdk/aws_cloudwatch/__init__.py +53 -53
aws_cdk/aws_codedeploy/__init__.py +2 -2
aws_cdk/aws_codepipeline/__init__.py +24 -6
aws_cdk/aws_codepipeline_actions/__init__.py +2 -2
aws_cdk/aws_cognito/__init__.py +42 -20
aws_cdk/aws_connect/__init__.py +4 -4
aws_cdk/aws_customerprofiles/__init__.py +3 -1
aws_cdk/aws_databrew/__init__.py +16 -16
aws_cdk/aws_datasync/__init__.py +14 -11
aws_cdk/aws_datazone/__init__.py +5 -5
aws_cdk/aws_dms/__init__.py +4 -4
aws_cdk/aws_dynamodb/__init__.py +267 -25
aws_cdk/aws_ec2/__init__.py +1137 -181
aws_cdk/aws_ecs/__init__.py +740 -116
aws_cdk/aws_ecs_patterns/__init__.py +49 -0
aws_cdk/aws_efs/__init__.py +3 -3
aws_cdk/aws_eks/__init__.py +31 -32
aws_cdk/aws_elasticache/__init__.py +10 -10
aws_cdk/aws_elasticloadbalancingv2/__init__.py +47 -18
aws_cdk/aws_elasticsearch/__init__.py +10 -10
aws_cdk/aws_emr/__init__.py +16 -16
aws_cdk/aws_emrserverless/__init__.py +12 -9
aws_cdk/aws_entityresolution/__init__.py +31 -17
aws_cdk/aws_events/__init__.py +12 -12
aws_cdk/aws_fis/__init__.py +16 -16
aws_cdk/aws_fms/__init__.py +7 -3
aws_cdk/aws_glue/__init__.py +1326 -7
aws_cdk/aws_greengrassv2/__init__.py +8 -8
aws_cdk/aws_guardduty/__init__.py +521 -0
aws_cdk/aws_healthlake/__init__.py +10 -2
aws_cdk/aws_imagebuilder/__init__.py +26 -26
aws_cdk/aws_iot/__init__.py +40 -40
aws_cdk/aws_iotanalytics/__init__.py +4 -4
aws_cdk/aws_iotfleetwise/__init__.py +424 -10
aws_cdk/aws_iotsitewise/__init__.py +84 -13
aws_cdk/aws_iottwinmaker/__init__.py +18 -18
aws_cdk/aws_iotwireless/__init__.py +4 -4
aws_cdk/aws_kafkaconnect/__init__.py +10 -10
aws_cdk/aws_kendra/__init__.py +0 -10
aws_cdk/aws_kinesisanalytics/__init__.py +4 -4
aws_cdk/aws_kinesisanalyticsv2/__init__.py +4 -4
aws_cdk/aws_kinesisfirehose/__init__.py +4544 -183
aws_cdk/aws_kms/__init__.py +11 -10
aws_cdk/aws_lambda/__init__.py +34 -4
aws_cdk/aws_lambda_nodejs/__init__.py +24 -5
aws_cdk/aws_launchwizard/__init__.py +10 -10
aws_cdk/aws_logs/__init__.py +19 -15
aws_cdk/aws_mediaconnect/__init__.py +509 -12
aws_cdk/aws_medialive/__init__.py +16 -16
aws_cdk/aws_mediatailor/__init__.py +10 -10
aws_cdk/aws_networkfirewall/__init__.py +12 -12
aws_cdk/aws_notifications/__init__.py +602 -65
aws_cdk/aws_omics/__init__.py +4 -4
aws_cdk/aws_opensearchservice/__init__.py +10 -10
aws_cdk/aws_opsworks/__init__.py +58 -58
aws_cdk/aws_personalize/__init__.py +8 -8
aws_cdk/aws_pipes/__init__.py +20 -20
aws_cdk/aws_qbusiness/__init__.py +119 -0
aws_cdk/aws_quicksight/__init__.py +247 -92
aws_cdk/aws_rds/__init__.py +21 -15
aws_cdk/aws_redshift/__init__.py +10 -10
aws_cdk/aws_resiliencehub/__init__.py +0 -41
aws_cdk/aws_route53/__init__.py +6 -0
aws_cdk/aws_rum/__init__.py +4 -4
aws_cdk/aws_s3/__init__.py +12 -2
aws_cdk/aws_sagemaker/__init__.py +84 -60
aws_cdk/aws_sam/__init__.py +48 -48
aws_cdk/aws_secretsmanager/__init__.py +30 -14
aws_cdk/aws_securityhub/__init__.py +12 -12
aws_cdk/aws_sns/__init__.py +101 -15
aws_cdk/aws_ssmquicksetup/__init__.py +10 -10
aws_cdk/aws_stepfunctions/__init__.py +13207 -4740
aws_cdk/aws_stepfunctions_tasks/__init__.py +77615 -22817
aws_cdk/aws_synthetics/__init__.py +4 -4
aws_cdk/aws_timestream/__init__.py +41 -0
aws_cdk/aws_transfer/__init__.py +9 -10
aws_cdk/aws_wafv2/__init__.py +24 -22
aws_cdk/aws_wisdom/__init__.py +8 -8
aws_cdk/aws_workspacesweb/__init__.py +60 -60
aws_cdk/aws_xray/__init__.py +8 -8
aws_cdk/cx_api/__init__.py +18 -0
{aws_cdk_lib-2.177.0.dist-info → aws_cdk_lib-2.178.1.dist-info}/METADATA +1 -1
{aws_cdk_lib-2.177.0.dist-info → aws_cdk_lib-2.178.1.dist-info}/RECORD +111 -111
{aws_cdk_lib-2.177.0.dist-info → aws_cdk_lib-2.178.1.dist-info}/LICENSE +0 -0
{aws_cdk_lib-2.177.0.dist-info → aws_cdk_lib-2.178.1.dist-info}/NOTICE +0 -0
{aws_cdk_lib-2.177.0.dist-info → aws_cdk_lib-2.178.1.dist-info}/WHEEL +0 -0
{aws_cdk_lib-2.177.0.dist-info → aws_cdk_lib-2.178.1.dist-info}/top_level.txt +0 -0

aws_cdk/aws_sam/__init__.py CHANGED Viewed

@@ -188,7 +188,7 @@ class CfnApi(
         open_api_version: typing.Optional[builtins.str] = None,
         tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         tracing_enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
-        variables: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+        variables: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
     ) -> None:
         '''
         :param scope: Scope in which this resource is defined.
@@ -644,13 +644,13 @@ class CfnApi(
     @jsii.member(jsii_name="variables")
     def variables(
         self,
-    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]]:
-        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]], jsii.get(self, "variables"))
+    ) -> typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]]:
+        return typing.cast(typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]], jsii.get(self, "variables"))
     @variables.setter
     def variables(
         self,
-        value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]],
+        value: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]],
     ) -> None:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__e18d5b2f60202118ae9b46b2c208eab95ae644832c6148e75937bc7ad0ae9622)
@@ -829,7 +829,7 @@ class CfnApi(
             *,
             deployment_id: typing.Optional[builtins.str] = None,
             percent_traffic: typing.Optional[jsii.Number] = None,
-            stage_variable_overrides: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+            stage_variable_overrides: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
             use_stage_cache: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         ) -> None:
             '''
@@ -891,12 +891,12 @@ class CfnApi(
         @builtins.property
         def stage_variable_overrides(
             self,
-        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]]:
+        ) -> typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]]:
             '''
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-serverless-api-canarysetting.html#cfn-serverless-api-canarysetting-stagevariableoverrides
             '''
             result = self._values.get("stage_variable_overrides")
-            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]], result)
+            return typing.cast(typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]], result)
         @builtins.property
         def use_stage_cache(
@@ -1613,7 +1613,7 @@ class CfnApiProps:
         open_api_version: typing.Optional[builtins.str] = None,
         tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         tracing_enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
-        variables: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+        variables: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
     ) -> None:
         '''Properties for defining a ``CfnApi``.
@@ -2012,12 +2012,12 @@ class CfnApiProps:
     @builtins.property
     def variables(
         self,
-    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]]:
+    ) -> typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]]:
         '''
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-serverless-api.html#cfn-serverless-api-variables
         '''
         result = self._values.get("variables")
-        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]], result)
+        return typing.cast(typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]], result)
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
@@ -2071,7 +2071,7 @@ class CfnApplication(
         *,
         location: typing.Union[builtins.str, _IResolvable_da3f097b, typing.Union["CfnApplication.ApplicationLocationProperty", typing.Dict[builtins.str, typing.Any]]],
         notification_arns: typing.Optional[typing.Sequence[builtins.str]] = None,
-        parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+        parameters: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
         tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         timeout_in_minutes: typing.Optional[jsii.Number] = None,
     ) -> None:
@@ -2181,13 +2181,13 @@ class CfnApplication(
     @jsii.member(jsii_name="parameters")
     def parameters(
         self,
-    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]]:
-        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]], jsii.get(self, "parameters"))
+    ) -> typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]]:
+        return typing.cast(typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]], jsii.get(self, "parameters"))
     @parameters.setter
     def parameters(
         self,
-        value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]],
+        value: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]],
     ) -> None:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__05c9df790cddd4512e3cf1277ea55b48b4d5ddfef54d5b82a13d917e4712e8d8)
@@ -2310,7 +2310,7 @@ class CfnApplicationProps:
         *,
         location: typing.Union[builtins.str, _IResolvable_da3f097b, typing.Union[CfnApplication.ApplicationLocationProperty, typing.Dict[builtins.str, typing.Any]]],
         notification_arns: typing.Optional[typing.Sequence[builtins.str]] = None,
-        parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+        parameters: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
         tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
         timeout_in_minutes: typing.Optional[jsii.Number] = None,
     ) -> None:
@@ -2386,12 +2386,12 @@ class CfnApplicationProps:
     @builtins.property
     def parameters(
         self,
-    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]]:
+    ) -> typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]]:
         '''
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-serverless-application.html#cfn-serverless-application-parameters
         '''
         result = self._values.get("parameters")
-        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]], result)
+        return typing.cast(typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]], result)
     @builtins.property
     def tags(self) -> typing.Optional[typing.Mapping[builtins.str, builtins.str]]:
@@ -5283,7 +5283,7 @@ class CfnFunction(
         def __init__(
             self,
             *,
-            variables: typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]],
+            variables: typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b],
         ) -> None:
             '''
             :param variables:
@@ -5313,13 +5313,13 @@ class CfnFunction(
         @builtins.property
         def variables(
             self,
-        ) -> typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]:
+        ) -> typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]:
             '''
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-serverless-function-functionenvironment.html#cfn-serverless-function-functionenvironment-variables
             '''
             result = self._values.get("variables")
             assert result is not None, "Required property 'variables' is missing"
-            return typing.cast(typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]], result)
+            return typing.cast(typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b], result)
         def __eq__(self, rhs: typing.Any) -> builtins.bool:
             return isinstance(rhs, self.__class__) and rhs._values == self._values
@@ -9150,7 +9150,7 @@ class CfnHttpApi(
         fail_on_warnings: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         route_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnHttpApi.RouteSettingsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         stage_name: typing.Optional[builtins.str] = None,
-        stage_variables: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+        stage_variables: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
         tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     ) -> None:
         '''
@@ -9434,13 +9434,13 @@ class CfnHttpApi(
     @jsii.member(jsii_name="stageVariables")
     def stage_variables(
         self,
-    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]]:
-        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]], jsii.get(self, "stageVariables"))
+    ) -> typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]]:
+        return typing.cast(typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]], jsii.get(self, "stageVariables"))
     @stage_variables.setter
     def stage_variables(
         self,
-        value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]],
+        value: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]],
     ) -> None:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__449af0a02d8005f7a293a627e1cb45ddbc2347c0cd6d00355c6149e405bd71de)
@@ -10323,7 +10323,7 @@ class CfnHttpApiProps:
         fail_on_warnings: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         route_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnHttpApi.RouteSettingsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         stage_name: typing.Optional[builtins.str] = None,
-        stage_variables: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+        stage_variables: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
         tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     ) -> None:
         '''Properties for defining a ``CfnHttpApi``.
@@ -10576,12 +10576,12 @@ class CfnHttpApiProps:
     @builtins.property
     def stage_variables(
         self,
-    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]]:
+    ) -> typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]]:
         '''
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-serverless-httpapi.html#cfn-serverless-httpapi-stagevariables
         '''
         result = self._values.get("stage_variables")
-        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]], result)
+        return typing.cast(typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]], result)
     @builtins.property
     def tags(self) -> typing.Optional[typing.Mapping[builtins.str, builtins.str]]:
@@ -11611,7 +11611,7 @@ class CfnStateMachine(
         id: builtins.str,
         *,
         definition: typing.Any = None,
-        definition_substitutions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+        definition_substitutions: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
         definition_uri: typing.Optional[typing.Union[builtins.str, _IResolvable_da3f097b, typing.Union["CfnStateMachine.S3LocationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         events: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, typing.Union[_IResolvable_da3f097b, typing.Union["CfnStateMachine.EventSourceProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
         logging: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnStateMachine.LoggingConfigurationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -11723,13 +11723,13 @@ class CfnStateMachine(
     @jsii.member(jsii_name="definitionSubstitutions")
     def definition_substitutions(
         self,
-    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]]:
-        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]], jsii.get(self, "definitionSubstitutions"))
+    ) -> typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]]:
+        return typing.cast(typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]], jsii.get(self, "definitionSubstitutions"))
     @definition_substitutions.setter
     def definition_substitutions(
         self,
-        value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]],
+        value: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]],
     ) -> None:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__5775a6876026b1a8c899a35d8111a4a33d5e70eba087059cf927fee69bfcad24)
@@ -12932,7 +12932,7 @@ class CfnStateMachineProps:
         self,
         *,
         definition: typing.Any = None,
-        definition_substitutions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+        definition_substitutions: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
         definition_uri: typing.Optional[typing.Union[builtins.str, _IResolvable_da3f097b, typing.Union[CfnStateMachine.S3LocationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         events: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, typing.Union[_IResolvable_da3f097b, typing.Union[CfnStateMachine.EventSourceProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
         logging: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnStateMachine.LoggingConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -13061,12 +13061,12 @@ class CfnStateMachineProps:
     @builtins.property
     def definition_substitutions(
         self,
-    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]]:
+    ) -> typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]]:
         '''
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-serverless-statemachine.html#cfn-serverless-statemachine-definitionsubstitutions
         '''
         result = self._values.get("definition_substitutions")
-        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]], result)
+        return typing.cast(typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]], result)
     @builtins.property
     def definition_uri(
@@ -13216,7 +13216,7 @@ def _typecheckingstub__3135996bb5e2b67d63a2144c699a4377166e2b1ebabc180e4c43b45b5
     open_api_version: typing.Optional[builtins.str] = None,
     tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     tracing_enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
-    variables: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+    variables: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -13372,7 +13372,7 @@ def _typecheckingstub__381be80448e4bb2d0dfa01f12de99215cac54995a787d289c523b6d8b
     pass
 def _typecheckingstub__e18d5b2f60202118ae9b46b2c208eab95ae644832c6148e75937bc7ad0ae9622(
-    value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]],
+    value: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]],
 ) -> None:
     """Type checking stubs"""
     pass
@@ -13398,7 +13398,7 @@ def _typecheckingstub__a04c0e58764c2325f15e42a28ebefd2c7e52c177703a95e3b0742576c
     *,
     deployment_id: typing.Optional[builtins.str] = None,
     percent_traffic: typing.Optional[jsii.Number] = None,
-    stage_variable_overrides: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+    stage_variable_overrides: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
     use_stage_cache: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
 ) -> None:
     """Type checking stubs"""
@@ -13490,7 +13490,7 @@ def _typecheckingstub__0c3541ced1e3b9f417bf5019481767d1f0ed3628dc1464b54b8ea1849
     open_api_version: typing.Optional[builtins.str] = None,
     tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     tracing_enabled: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
-    variables: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+    variables: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -13501,7 +13501,7 @@ def _typecheckingstub__64c7803062c8244dab10c00b85c3ab7470f7dfeddb1993dc048523593
     *,
     location: typing.Union[builtins.str, _IResolvable_da3f097b, typing.Union[CfnApplication.ApplicationLocationProperty, typing.Dict[builtins.str, typing.Any]]],
     notification_arns: typing.Optional[typing.Sequence[builtins.str]] = None,
-    parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+    parameters: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
     tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     timeout_in_minutes: typing.Optional[jsii.Number] = None,
 ) -> None:
@@ -13533,7 +13533,7 @@ def _typecheckingstub__fdba732f0fdb414d7b870bb171355caae720f58a2e5c1495b6c5a846d
     pass
 def _typecheckingstub__05c9df790cddd4512e3cf1277ea55b48b4d5ddfef54d5b82a13d917e4712e8d8(
-    value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]],
+    value: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]],
 ) -> None:
     """Type checking stubs"""
     pass
@@ -13562,7 +13562,7 @@ def _typecheckingstub__5cdd3da86c77e72e8f53daca88bd679d2d41f1881eeba6c4c20c6c5e7
     *,
     location: typing.Union[builtins.str, _IResolvable_da3f097b, typing.Union[CfnApplication.ApplicationLocationProperty, typing.Dict[builtins.str, typing.Any]]],
     notification_arns: typing.Optional[typing.Sequence[builtins.str]] = None,
-    parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+    parameters: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
     tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
     timeout_in_minutes: typing.Optional[jsii.Number] = None,
 ) -> None:
@@ -14039,7 +14039,7 @@ def _typecheckingstub__042927e3bdc41bb37d7a425bbdfe932f3c1c939361ff5d3c2e6aecdc7
 def _typecheckingstub__cede0a875bba921466167c6599c161022b6030dbd7aafacc22aff1e6368d599c(
     *,
-    variables: typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]],
+    variables: typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b],
 ) -> None:
     """Type checking stubs"""
     pass
@@ -14411,7 +14411,7 @@ def _typecheckingstub__2810a638ba3e7320fe893fabc5f6e87ff6c30d560aa983c6a0d6c0f8b
     fail_on_warnings: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     route_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnHttpApi.RouteSettingsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     stage_name: typing.Optional[builtins.str] = None,
-    stage_variables: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+    stage_variables: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
     tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
 ) -> None:
     """Type checking stubs"""
@@ -14502,7 +14502,7 @@ def _typecheckingstub__690006efe3a8bbd86d333485a6f43ce5a5088b2ade6688f66fa4ed3f2
     pass
 def _typecheckingstub__449af0a02d8005f7a293a627e1cb45ddbc2347c0cd6d00355c6149e405bd71de(
-    value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]],
+    value: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]],
 ) -> None:
     """Type checking stubs"""
     pass
@@ -14607,7 +14607,7 @@ def _typecheckingstub__8fee3d57c5905e9ae9b8f419c1e059cc2543719f1378802233950cf6f
     fail_on_warnings: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     route_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnHttpApi.RouteSettingsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     stage_name: typing.Optional[builtins.str] = None,
-    stage_variables: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+    stage_variables: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
     tags: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
 ) -> None:
     """Type checking stubs"""
@@ -14790,7 +14790,7 @@ def _typecheckingstub__aa34f84b79e27e3369f06403c6b18551d70f35e4a3b615bb7cd7c7098
     id: builtins.str,
     *,
     definition: typing.Any = None,
-    definition_substitutions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+    definition_substitutions: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
     definition_uri: typing.Optional[typing.Union[builtins.str, _IResolvable_da3f097b, typing.Union[CfnStateMachine.S3LocationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     events: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, typing.Union[_IResolvable_da3f097b, typing.Union[CfnStateMachine.EventSourceProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     logging: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnStateMachine.LoggingConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -14824,7 +14824,7 @@ def _typecheckingstub__2d3d4f6819243ae5cfa1d9d6defa295a3b23790f17ebd02c4d51d355d
     pass
 def _typecheckingstub__5775a6876026b1a8c899a35d8111a4a33d5e70eba087059cf927fee69bfcad24(
-    value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]],
+    value: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]],
 ) -> None:
     """Type checking stubs"""
     pass
@@ -15006,7 +15006,7 @@ def _typecheckingstub__8568d1e5362e81260a69221e107002da0809dc2714f5960aaa894d488
 def _typecheckingstub__505a369e8f3bf625077dedf7f13099c6e0c8e2c05182396505111670528d74d7(
     *,
     definition: typing.Any = None,
-    definition_substitutions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+    definition_substitutions: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
     definition_uri: typing.Optional[typing.Union[builtins.str, _IResolvable_da3f097b, typing.Union[CfnStateMachine.S3LocationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     events: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, typing.Union[_IResolvable_da3f097b, typing.Union[CfnStateMachine.EventSourceProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     logging: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnStateMachine.LoggingConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,

aws_cdk/aws_secretsmanager/__init__.py CHANGED Viewed

@@ -700,20 +700,24 @@ class CfnRotationSchedule(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_secretsmanager.CfnRotationSchedule",
 ):
-    '''Sets the rotation schedule and Lambda rotation function for a secret. For more information, see `How rotation works <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ .
+    '''Configure the rotation schedule and Lambda rotation function for a secret. For more information, see `How rotation works <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ .
-    For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ .
+    For database credentials, refer to the following resources:
-    For Amazon Redshift admin user credentials, see `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_ .
+    - Amazon RDS master user credentials: `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_
+    - Amazon Redshift admin user credentials: `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_
+    Choose one of the following options for the rotation function:
-    For the rotation function, you have two options:
+    - Create a new rotation function using ``HostedRotationLambda`` based on a `Secrets Manager rotation function template <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ .
+    - Use an existing rotation function by specifying its ARN with ``RotationLambdaARN`` .
-    - You can create a new rotation function based on one of the `Secrets Manager rotation function templates <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ by using ``HostedRotationLambda`` .
-    - You can choose an existing rotation function by using ``RotationLambdaARN`` .
+    .. epigraph::
-    For database secrets, if you define both the secret and the database or service in the AWS CloudFormation template, then you need to define the `AWS::SecretsManager::SecretTargetAttachment <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html>`_ resource to populate the secret with the connection details of the database or service before you attempt to configure rotation.
+       For database secrets defined in the same AWS CloudFormation template as the database or service:
-    For a single secret, you can only define one rotation schedule with it.
+       - Use the `AWS::SecretsManager::SecretTargetAttachment <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html>`_ resource to populate the secret with connection details.
+       - Add a ``DependsOn`` attribute to the ``RotationSchedule`` resource that uses a ``SecretTargetAttachment`` . This ensures the rotation is configured after the secret is populated with connection details. > You can define only one rotation schedule per secret.
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-rotationschedule.html
     :cloudformationResource: AWS::SecretsManager::RotationSchedule
@@ -770,7 +774,7 @@ class CfnRotationSchedule(
         :param id: Construct identifier for this resource (unique in its scope).
         :param secret_id: The ARN or name of the secret to rotate. This is unique for each rotation schedule definition. To reference a secret also created in this template, use the `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function with the secret's logical ID.
         :param hosted_rotation_lambda: Creates a new Lambda rotation function based on one of the `Secrets Manager rotation function templates <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ . To use a rotation function that already exists, specify ``RotationLambdaARN`` instead. You must specify ``Transform: AWS::SecretsManager-2024-09-16`` at the beginning of the CloudFormation template. Transforms are macros hosted by AWS CloudFormation that help you create and manage complex infrastructure. The ``Transform: AWS::SecretsManager-2024-09-16`` transform automatically extends the CloudFormation stack to include a nested stack (of type ``AWS::CloudFormation::Stack`` ), which then creates and updates on your behalf during subsequent stack operations, the appropriate rotation Lambda function for your database or service. For general information on transforms, see the `AWS CloudFormation documentation. <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-reference.html>`_ For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ . For Amazon Redshift admin user credentials, see `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_ .
-        :param rotate_immediately_on_update: Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. The rotation schedule is defined in ``RotationRules`` . If you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the ```testSecret`` step <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ of the Lambda rotation function. The test creates an ``AWSPENDING`` version of the secret and then removes it. If you don't specify this value, then by default, Secrets Manager rotates the secret immediately. Rotation is an asynchronous process. For more information, see `How rotation works <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ .
+        :param rotate_immediately_on_update: Determines whether to rotate the secret immediately or wait until the next scheduled rotation window when the rotation schedule is updated. The rotation schedule is defined in ``RotationRules`` . The default for ``RotateImmediatelyOnUpdate`` is ``true`` . If you don't specify this value, Secrets Manager rotates the secret immediately. If you set ``RotateImmediatelyOnUpdate`` to ``false`` , Secrets Manager tests the rotation configuration by running the ```testSecret`` step <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ of the Lambda rotation function. This test creates an ``AWSPENDING`` version of the secret and then removes it. .. epigraph:: When changing an existing rotation schedule and setting ``RotateImmediatelyOnUpdate`` to ``false`` : - If using ``AutomaticallyAfterDays`` or a ``ScheduleExpression`` with ``rate()`` , the previously scheduled rotation might still occur. - To prevent unintended rotations, use a ``ScheduleExpression`` with ``cron()`` for granular control over rotation windows. Rotation is an asynchronous process. For more information, see `How rotation works <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ .
         :param rotation_lambda_arn: The ARN of an existing Lambda rotation function. To specify a rotation function that is also defined in this template, use the `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function. For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ . For Amazon Redshift admin user credentials, see `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_ . To create a new rotation function based on one of the `Secrets Manager rotation function templates <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ , specify ``HostedRotationLambda`` instead.
         :param rotation_rules: A structure that defines the rotation configuration for this secret.
         '''
@@ -871,7 +875,7 @@ class CfnRotationSchedule(
     def rotate_immediately_on_update(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window.'''
+        '''Determines whether to rotate the secret immediately or wait until the next scheduled rotation window when the rotation schedule is updated.'''
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "rotateImmediatelyOnUpdate"))
     @rotate_immediately_on_update.setter
@@ -1217,6 +1221,12 @@ class CfnRotationSchedule(
             '''The rotation schedule and window.
             We recommend you use ``ScheduleExpression`` to set a cron or rate expression for the schedule and ``Duration`` to set the length of the rotation window.
+            .. epigraph::
+               When changing an existing rotation schedule and setting ``RotateImmediatelyOnUpdate`` to ``false`` :
+               - If using ``AutomaticallyAfterDays`` or a ``ScheduleExpression`` with ``rate()`` , the previously scheduled rotation might still occur.
+               - To prevent unintended rotations, use a ``ScheduleExpression`` with ``cron()`` for granular control over rotation windows.
             :param automatically_after_days: The number of days between automatic scheduled rotations of the secret. You can use this value to check that your secret meets your compliance guidelines for how often secrets must be rotated. In ``DescribeSecret`` and ``ListSecrets`` , this value is calculated from the rotation schedule after every successful rotation. In ``RotateSecret`` , you can set the rotation schedule in ``RotationRules`` with ``AutomaticallyAfterDays`` or ``ScheduleExpression`` , but not both.
             :param duration: The length of the rotation window in hours, for example ``3h`` for a three hour window. Secrets Manager rotates your secret at any time during this window. The window must not extend into the next rotation window or the next UTC day. The window starts according to the ``ScheduleExpression`` . If you don't specify a ``Duration`` , for a ``ScheduleExpression`` in hours, the window automatically closes after one hour. For a ``ScheduleExpression`` in days, the window automatically closes at the end of the UTC day. For more information, including examples, see `Schedule expressions in Secrets Manager rotation <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_schedule.html>`_ in the *Secrets Manager Users Guide* .
@@ -1326,7 +1336,7 @@ class CfnRotationScheduleProps:
         :param secret_id: The ARN or name of the secret to rotate. This is unique for each rotation schedule definition. To reference a secret also created in this template, use the `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function with the secret's logical ID.
         :param hosted_rotation_lambda: Creates a new Lambda rotation function based on one of the `Secrets Manager rotation function templates <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ . To use a rotation function that already exists, specify ``RotationLambdaARN`` instead. You must specify ``Transform: AWS::SecretsManager-2024-09-16`` at the beginning of the CloudFormation template. Transforms are macros hosted by AWS CloudFormation that help you create and manage complex infrastructure. The ``Transform: AWS::SecretsManager-2024-09-16`` transform automatically extends the CloudFormation stack to include a nested stack (of type ``AWS::CloudFormation::Stack`` ), which then creates and updates on your behalf during subsequent stack operations, the appropriate rotation Lambda function for your database or service. For general information on transforms, see the `AWS CloudFormation documentation. <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-reference.html>`_ For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ . For Amazon Redshift admin user credentials, see `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_ .
-        :param rotate_immediately_on_update: Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. The rotation schedule is defined in ``RotationRules`` . If you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the ```testSecret`` step <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ of the Lambda rotation function. The test creates an ``AWSPENDING`` version of the secret and then removes it. If you don't specify this value, then by default, Secrets Manager rotates the secret immediately. Rotation is an asynchronous process. For more information, see `How rotation works <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ .
+        :param rotate_immediately_on_update: Determines whether to rotate the secret immediately or wait until the next scheduled rotation window when the rotation schedule is updated. The rotation schedule is defined in ``RotationRules`` . The default for ``RotateImmediatelyOnUpdate`` is ``true`` . If you don't specify this value, Secrets Manager rotates the secret immediately. If you set ``RotateImmediatelyOnUpdate`` to ``false`` , Secrets Manager tests the rotation configuration by running the ```testSecret`` step <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ of the Lambda rotation function. This test creates an ``AWSPENDING`` version of the secret and then removes it. .. epigraph:: When changing an existing rotation schedule and setting ``RotateImmediatelyOnUpdate`` to ``false`` : - If using ``AutomaticallyAfterDays`` or a ``ScheduleExpression`` with ``rate()`` , the previously scheduled rotation might still occur. - To prevent unintended rotations, use a ``ScheduleExpression`` with ``cron()`` for granular control over rotation windows. Rotation is an asynchronous process. For more information, see `How rotation works <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ .
         :param rotation_lambda_arn: The ARN of an existing Lambda rotation function. To specify a rotation function that is also defined in this template, use the `Ref <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html>`_ function. For Amazon RDS master user credentials, see `AWS::RDS::DBCluster MasterUserSecret <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html>`_ . For Amazon Redshift admin user credentials, see `AWS::Redshift::Cluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html>`_ . To create a new rotation function based on one of the `Secrets Manager rotation function templates <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html>`_ , specify ``HostedRotationLambda`` instead.
         :param rotation_rules: A structure that defines the rotation configuration for this secret.
@@ -1419,13 +1429,19 @@ class CfnRotationScheduleProps:
     def rotate_immediately_on_update(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window.
+        '''Determines whether to rotate the secret immediately or wait until the next scheduled rotation window when the rotation schedule is updated.
         The rotation schedule is defined in ``RotationRules`` .
-        If you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the ```testSecret`` step <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ of the Lambda rotation function. The test creates an ``AWSPENDING`` version of the secret and then removes it.
+        The default for ``RotateImmediatelyOnUpdate`` is ``true`` . If you don't specify this value, Secrets Manager rotates the secret immediately.
+        If you set ``RotateImmediatelyOnUpdate`` to ``false`` , Secrets Manager tests the rotation configuration by running the ```testSecret`` step <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ of the Lambda rotation function. This test creates an ``AWSPENDING`` version of the secret and then removes it.
+        .. epigraph::
+           When changing an existing rotation schedule and setting ``RotateImmediatelyOnUpdate`` to ``false`` :
-        If you don't specify this value, then by default, Secrets Manager rotates the secret immediately.
+           - If using ``AutomaticallyAfterDays`` or a ``ScheduleExpression`` with ``rate()`` , the previously scheduled rotation might still occur.
+           - To prevent unintended rotations, use a ``ScheduleExpression`` with ``cron()`` for granular control over rotation windows.
         Rotation is an asynchronous process. For more information, see `How rotation works <https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html>`_ .

aws_cdk/aws_securityhub/__init__.py CHANGED Viewed

@@ -676,7 +676,7 @@ class CfnAutomationRule(
             related_findings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRule.RelatedFindingProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
             severity: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRule.SeverityUpdateProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             types: typing.Optional[typing.Sequence[builtins.str]] = None,
-            user_defined_fields: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+            user_defined_fields: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
             verification_state: typing.Optional[builtins.str] = None,
             workflow: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAutomationRule.WorkflowUpdateProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         ) -> None:
@@ -824,13 +824,13 @@ class CfnAutomationRule(
         @builtins.property
         def user_defined_fields(
             self,
-        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]]:
+        ) -> typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]]:
             '''The rule action updates the ``UserDefinedFields`` field of a finding.
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-automationrulesfindingfieldsupdate.html#cfn-securityhub-automationrule-automationrulesfindingfieldsupdate-userdefinedfields
             '''
             result = self._values.get("user_defined_fields")
-            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]], result)
+            return typing.cast(typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]], result)
         @builtins.property
         def verification_state(self) -> typing.Optional[builtins.str]:
@@ -3254,7 +3254,7 @@ class CfnConfigurationPolicy(
             enum: typing.Optional[builtins.str] = None,
             enum_list: typing.Optional[typing.Sequence[builtins.str]] = None,
             integer: typing.Optional[jsii.Number] = None,
-            integer_list: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[jsii.Number]]] = None,
+            integer_list: typing.Optional[typing.Union[typing.Sequence[jsii.Number], _IResolvable_da3f097b]] = None,
             string: typing.Optional[builtins.str] = None,
             string_list: typing.Optional[typing.Sequence[builtins.str]] = None,
         ) -> None:
@@ -3367,13 +3367,13 @@ class CfnConfigurationPolicy(
         @builtins.property
         def integer_list(
             self,
-        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[jsii.Number]]]:
+        ) -> typing.Optional[typing.Union[typing.List[jsii.Number], _IResolvable_da3f097b]]:
             '''A control parameter that is a list of integers.
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-configurationpolicy-parametervalue.html#cfn-securityhub-configurationpolicy-parametervalue-integerlist
             '''
             result = self._values.get("integer_list")
-            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[jsii.Number]]], result)
+            return typing.cast(typing.Optional[typing.Union[typing.List[jsii.Number], _IResolvable_da3f097b]], result)
         @builtins.property
         def string(self) -> typing.Optional[builtins.str]:
@@ -9849,7 +9849,7 @@ class CfnSecurityControl(
             enum: typing.Optional[builtins.str] = None,
             enum_list: typing.Optional[typing.Sequence[builtins.str]] = None,
             integer: typing.Optional[jsii.Number] = None,
-            integer_list: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[jsii.Number]]] = None,
+            integer_list: typing.Optional[typing.Union[typing.Sequence[jsii.Number], _IResolvable_da3f097b]] = None,
             string: typing.Optional[builtins.str] = None,
             string_list: typing.Optional[typing.Sequence[builtins.str]] = None,
         ) -> None:
@@ -9962,13 +9962,13 @@ class CfnSecurityControl(
         @builtins.property
         def integer_list(
             self,
-        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[jsii.Number]]]:
+        ) -> typing.Optional[typing.Union[typing.List[jsii.Number], _IResolvable_da3f097b]]:
             '''A control parameter that is a list of integers.
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-securitycontrol-parametervalue.html#cfn-securityhub-securitycontrol-parametervalue-integerlist
             '''
             result = self._values.get("integer_list")
-            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[jsii.Number]]], result)
+            return typing.cast(typing.Optional[typing.Union[typing.List[jsii.Number], _IResolvable_da3f097b]], result)
         @builtins.property
         def string(self) -> typing.Optional[builtins.str]:
@@ -10556,7 +10556,7 @@ def _typecheckingstub__46649258d4db7d36012fa064d0d3a3c3e3937ea1364fbd532ef0e84d4
     related_findings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRule.RelatedFindingProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     severity: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRule.SeverityUpdateProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     types: typing.Optional[typing.Sequence[builtins.str]] = None,
-    user_defined_fields: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+    user_defined_fields: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
     verification_state: typing.Optional[builtins.str] = None,
     workflow: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAutomationRule.WorkflowUpdateProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
@@ -10756,7 +10756,7 @@ def _typecheckingstub__969ca8061fcd5bd0e97fbdd1aa2f0797cdbe22b447375480430ca26de
     enum: typing.Optional[builtins.str] = None,
     enum_list: typing.Optional[typing.Sequence[builtins.str]] = None,
     integer: typing.Optional[jsii.Number] = None,
-    integer_list: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[jsii.Number]]] = None,
+    integer_list: typing.Optional[typing.Union[typing.Sequence[jsii.Number], _IResolvable_da3f097b]] = None,
     string: typing.Optional[builtins.str] = None,
     string_list: typing.Optional[typing.Sequence[builtins.str]] = None,
 ) -> None:
@@ -11361,7 +11361,7 @@ def _typecheckingstub__0cc6352822613fffa320be35bf75f34228be34d529ce2169c19a447dc
     enum: typing.Optional[builtins.str] = None,
     enum_list: typing.Optional[typing.Sequence[builtins.str]] = None,
     integer: typing.Optional[jsii.Number] = None,
-    integer_list: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[jsii.Number]]] = None,
+    integer_list: typing.Optional[typing.Union[typing.Sequence[jsii.Number], _IResolvable_da3f097b]] = None,
     string: typing.Optional[builtins.str] = None,
     string_list: typing.Optional[typing.Sequence[builtins.str]] = None,
 ) -> None:

aws-cdk-lib 2.177.0__py3-none-any.whl → 2.178.1__py3-none-any.whl

aws-cdk-lib 2.177.0py3-none-any.whl → 2.178.1py3-none-any.whl