aws-cdk-lib 2.178.2__py3-none-any.whl → 2.180.0__py3-none-any.whl

aws_cdk/__init__.py

@@ -10658,12 +10658,12 @@ class CustomResourceProps:
     ) -> None:
         '''Properties to provide a Lambda-backed custom resource.
 
-        :param service_token: The ARN of the provider which implements this custom resource type. You can implement a provider by listening to raw AWS CloudFormation events and specify the ARN of an SNS topic (``topic.topicArn``) or the ARN of an AWS Lambda function (``lambda.functionArn``) or use the CDK's custom `resource provider framework <https://docs.aws.amazon.com/cdk/api/latest/docs/custom-resources-readme.html>`_ which makes it easier to implement robust providers. Provider framework:: // use the provider framework from aws-cdk/custom-resources: const provider = new customresources.Provider(this, 'ResourceProvider', { onEventHandler, isCompleteHandler, // optional }); new CustomResource(this, 'MyResource', { serviceToken: provider.serviceToken, }); AWS Lambda function (not recommended to use AWS Lambda Functions directly, see the module README):: // invoke an AWS Lambda function when a lifecycle event occurs: new CustomResource(this, 'MyResource', { serviceToken: myFunction.functionArn, }); SNS topic (not recommended to use AWS Lambda Functions directly, see the module README):: // publish lifecycle events to an SNS topic: new CustomResource(this, 'MyResource', { serviceToken: myTopic.topicArn, });
+        :param service_token: The ARN of the provider which implements this custom resource type. You can implement a provider by listening to raw AWS CloudFormation events and specify the ARN of an SNS topic (``topic.topicArn``) or the ARN of an AWS Lambda function (``lambda.functionArn``) or use the CDK's custom `resource provider framework <https://docs.aws.amazon.com/cdk/api/latest/docs/custom-resources-readme.html>`_ which makes it easier to implement robust providers. Provider framework:: // use the provider framework from aws-cdk/custom-resources: const provider = new customresources.Provider(this, 'ResourceProvider', { onEventHandler, isCompleteHandler, // optional }); new CustomResource(this, 'MyResource', { serviceToken: provider.serviceToken, }); AWS Lambda function (not recommended to use AWS Lambda Functions directly, see the module README):: // invoke an AWS Lambda function when a lifecycle event occurs: new CustomResource(this, 'MyResource', { serviceToken: myFunction.functionArn, }); SNS topic (not recommended to use AWS Lambda Functions directly, see the module README):: // publish lifecycle events to an SNS topic: new CustomResource(this, 'MyResource', { serviceToken: myTopic.topicArn, }); Maps to `ServiceToken <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-customresource.html#cfn-cloudformation-customresource-servicetoken>`_ property for the ``AWS::CloudFormation::CustomResource`` resource
         :param pascal_case_properties: Convert all property keys to pascal case. Default: false
-        :param properties: Properties to pass to the Lambda. Default: - No properties.
+        :param properties: Properties to pass to the Lambda. Values in this ``properties`` dictionary can possibly overwrite other values in ``CustomResourceProps`` E.g. ``ServiceToken`` and ``ServiceTimeout`` It is recommended to avoid using same keys that exist in ``CustomResourceProps`` Default: - No properties.
         :param removal_policy: The policy to apply when this resource is removed from the application. Default: cdk.RemovalPolicy.Destroy
         :param resource_type: For custom resources, you can specify AWS::CloudFormation::CustomResource (the default) as the resource type, or you can specify your own resource type name. For example, you can use "Custom::MyCustomResourceTypeName". Custom resource type names must begin with "Custom::" and can include alphanumeric characters and the following characters: _@-. You can specify a custom resource type name up to a maximum length of 60 characters. You cannot change the type during an update. Using your own resource type names helps you quickly differentiate the types of custom resources in your stack. For example, if you had two custom resources that conduct two different ping tests, you could name their type as Custom::PingTester to make them easily identifiable as ping testers (instead of using AWS::CloudFormation::CustomResource). Default: - AWS::CloudFormation::CustomResource
-        :param service_timeout: The maximum time that can elapse before a custom resource operation times out. The value must be between 1 second and 3600 seconds. Default: Duration.seconds(3600)
+        :param service_timeout: The maximum time that can elapse before a custom resource operation times out. The value must be between 1 second and 3600 seconds. Maps to `ServiceTimeout <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-customresource.html#cfn-cloudformation-customresource-servicetimeout>`_ property for the ``AWS::CloudFormation::CustomResource`` resource Default: Duration.seconds(3600)
 
         :exampleMetadata: infused
 
@@ -10738,6 +10738,8 @@ class CustomResourceProps:
            CustomResource(self, "MyResource",
                service_token=my_topic.topic_arn
            )
+
+        Maps to `ServiceToken <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-customresource.html#cfn-cloudformation-customresource-servicetoken>`_ property for the ``AWS::CloudFormation::CustomResource`` resource
         '''
         result = self._values.get("service_token")
         assert result is not None, "Required property 'service_token' is missing"
@@ -10756,6 +10758,10 @@ class CustomResourceProps:
     def properties(self) -> typing.Optional[typing.Mapping[builtins.str, typing.Any]]:
         '''Properties to pass to the Lambda.
 
+        Values in this ``properties`` dictionary can possibly overwrite other values in ``CustomResourceProps``
+        E.g. ``ServiceToken`` and ``ServiceTimeout``
+        It is recommended to avoid using same keys that exist in ``CustomResourceProps``
+
         :default: - No properties.
         '''
         result = self._values.get("properties")
@@ -10800,6 +10806,8 @@ class CustomResourceProps:
 
         The value must be between 1 second and 3600 seconds.
 
+        Maps to `ServiceTimeout <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-customresource.html#cfn-cloudformation-customresource-servicetimeout>`_ property for the ``AWS::CloudFormation::CustomResource`` resource
+
         :default: Duration.seconds(3600)
         '''
         result = self._values.get("service_timeout")
@@ -12975,17 +12983,16 @@ class Duration(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.Duration"):
             schedule=events.Schedule.rate(cdk.Duration.hours(1))
         )
         
-        rule.add_target(
-            targets.EcsTask(
-                cluster=cluster,
-                task_definition=task_definition,
-                propagate_tags=ecs.PropagatedTagSource.TASK_DEFINITION,
-                tags=[targets.Tag(
-                    key="my-tag",
-                    value="my-tag-value"
-                )
-                ]
-            ))
+        rule.add_target(targets.EcsTask(
+            cluster=cluster,
+            task_definition=task_definition,
+            task_count=1,
+            container_overrides=[targets.ContainerOverride(
+                container_name="TheContainer",
+                command=["echo", events.EventField.from_path("$.detail.event")]
+            )],
+            enable_execute_command=True
+        ))
     '''
 
     @jsii.member(jsii_name="days")
@@ -13386,6 +13393,34 @@ class Errors(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.Errors"):
     def __init__(self) -> None:
         jsii.create(self.__class__, self, [])
 
+    @jsii.member(jsii_name="isAssertionError")
+    @builtins.classmethod
+    def is_assertion_error(cls, x: typing.Any) -> builtins.bool:
+        '''Test whether the given error is a AssertionError.
+
+        An AssertionError is thrown when an assertion fails.
+
+        :param x: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__4b06766267738419297aaf93a2368e0c38c274adc14053ce29fd653d61c4cef4)
+            check_type(argname="argument x", value=x, expected_type=type_hints["x"])
+        return typing.cast(builtins.bool, jsii.sinvoke(cls, "isAssertionError", [x]))
+
+    @jsii.member(jsii_name="isCloudAssemblyError")
+    @builtins.classmethod
+    def is_cloud_assembly_error(cls, x: typing.Any) -> builtins.bool:
+        '''Test whether the given error is a CloudAssemblyError.
+
+        A CloudAssemblyError is thrown for unexpected problems with the synthesized assembly.
+
+        :param x: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__1cadecf7c75d3f55ff2fcddf8a0d000d9f8e54b48218f1336d97358901d38c0b)
+            check_type(argname="argument x", value=x, expected_type=type_hints["x"])
+        return typing.cast(builtins.bool, jsii.sinvoke(cls, "isCloudAssemblyError", [x]))
+
     @jsii.member(jsii_name="isConstructError")
     @builtins.classmethod
     def is_construct_error(cls, x: typing.Any) -> builtins.bool:
@@ -20389,27 +20424,24 @@ class Size(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.Size"):
 
     Example::
 
-        multi_node_job = batch.MultiNodeJobDefinition(self, "JobDefinition",
-            instance_type=ec2.InstanceType.of(ec2.InstanceClass.R4, ec2.InstanceSize.LARGE),  # optional, omit to let Batch choose the type for you
-            containers=[batch.MultiNodeContainer(
-                container=batch.EcsEc2ContainerDefinition(self, "mainMPIContainer",
-                    image=ecs.ContainerImage.from_registry("yourregsitry.com/yourMPIImage:latest"),
-                    cpu=256,
-                    memory=cdk.Size.mebibytes(2048)
-                ),
-                start_node=0,
-                end_node=5
-            )]
+        # bucket: s3.Bucket
+        # Provide a Lambda function that will transform records before delivery, with custom
+        # buffering and retry configuration
+        lambda_function = lambda_.Function(self, "Processor",
+            runtime=lambda_.Runtime.NODEJS_LATEST,
+            handler="index.handler",
+            code=lambda_.Code.from_asset(path.join(__dirname, "process-records"))
         )
-        # convenience method
-        multi_node_job.add_container(
-            start_node=6,
-            end_node=10,
-            container=batch.EcsEc2ContainerDefinition(self, "multiContainer",
-                image=ecs.ContainerImage.from_registry("amazon/amazon-ecs-sample"),
-                cpu=256,
-                memory=cdk.Size.mebibytes(2048)
-            )
+        lambda_processor = firehose.LambdaFunctionProcessor(lambda_function,
+            buffer_interval=Duration.minutes(5),
+            buffer_size=Size.mebibytes(5),
+            retries=5
+        )
+        s3_destination = firehose.S3Bucket(bucket,
+            processor=lambda_processor
+        )
+        firehose.DeliveryStream(self, "Delivery Stream",
+            destination=s3_destination
         )
     '''
 
@@ -21221,9 +21253,9 @@ class Stack(
         check that it is a concrete value an not an unresolved token. If this
         value is an unresolved token (``Token.isUnresolved(stack.account)`` returns
         ``true``), this implies that the user wishes that this stack will synthesize
-        into a **account-agnostic template**. In this case, your code should either
+        into an **account-agnostic template**. In this case, your code should either
         fail (throw an error, emit a synth error using ``Annotations.of(construct).addError()``) or
-        implement some other region-agnostic behavior.
+        implement some other account-agnostic behavior.
         '''
         return typing.cast(builtins.str, jsii.get(self, "account"))
 
@@ -33792,12 +33824,12 @@ class CustomResource(
         '''
         :param scope: -
         :param id: -
-        :param service_token: The ARN of the provider which implements this custom resource type. You can implement a provider by listening to raw AWS CloudFormation events and specify the ARN of an SNS topic (``topic.topicArn``) or the ARN of an AWS Lambda function (``lambda.functionArn``) or use the CDK's custom `resource provider framework <https://docs.aws.amazon.com/cdk/api/latest/docs/custom-resources-readme.html>`_ which makes it easier to implement robust providers. Provider framework:: // use the provider framework from aws-cdk/custom-resources: const provider = new customresources.Provider(this, 'ResourceProvider', { onEventHandler, isCompleteHandler, // optional }); new CustomResource(this, 'MyResource', { serviceToken: provider.serviceToken, }); AWS Lambda function (not recommended to use AWS Lambda Functions directly, see the module README):: // invoke an AWS Lambda function when a lifecycle event occurs: new CustomResource(this, 'MyResource', { serviceToken: myFunction.functionArn, }); SNS topic (not recommended to use AWS Lambda Functions directly, see the module README):: // publish lifecycle events to an SNS topic: new CustomResource(this, 'MyResource', { serviceToken: myTopic.topicArn, });
+        :param service_token: The ARN of the provider which implements this custom resource type. You can implement a provider by listening to raw AWS CloudFormation events and specify the ARN of an SNS topic (``topic.topicArn``) or the ARN of an AWS Lambda function (``lambda.functionArn``) or use the CDK's custom `resource provider framework <https://docs.aws.amazon.com/cdk/api/latest/docs/custom-resources-readme.html>`_ which makes it easier to implement robust providers. Provider framework:: // use the provider framework from aws-cdk/custom-resources: const provider = new customresources.Provider(this, 'ResourceProvider', { onEventHandler, isCompleteHandler, // optional }); new CustomResource(this, 'MyResource', { serviceToken: provider.serviceToken, }); AWS Lambda function (not recommended to use AWS Lambda Functions directly, see the module README):: // invoke an AWS Lambda function when a lifecycle event occurs: new CustomResource(this, 'MyResource', { serviceToken: myFunction.functionArn, }); SNS topic (not recommended to use AWS Lambda Functions directly, see the module README):: // publish lifecycle events to an SNS topic: new CustomResource(this, 'MyResource', { serviceToken: myTopic.topicArn, }); Maps to `ServiceToken <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-customresource.html#cfn-cloudformation-customresource-servicetoken>`_ property for the ``AWS::CloudFormation::CustomResource`` resource
         :param pascal_case_properties: Convert all property keys to pascal case. Default: false
-        :param properties: Properties to pass to the Lambda. Default: - No properties.
+        :param properties: Properties to pass to the Lambda. Values in this ``properties`` dictionary can possibly overwrite other values in ``CustomResourceProps`` E.g. ``ServiceToken`` and ``ServiceTimeout`` It is recommended to avoid using same keys that exist in ``CustomResourceProps`` Default: - No properties.
         :param removal_policy: The policy to apply when this resource is removed from the application. Default: cdk.RemovalPolicy.Destroy
         :param resource_type: For custom resources, you can specify AWS::CloudFormation::CustomResource (the default) as the resource type, or you can specify your own resource type name. For example, you can use "Custom::MyCustomResourceTypeName". Custom resource type names must begin with "Custom::" and can include alphanumeric characters and the following characters: _@-. You can specify a custom resource type name up to a maximum length of 60 characters. You cannot change the type during an update. Using your own resource type names helps you quickly differentiate the types of custom resources in your stack. For example, if you had two custom resources that conduct two different ping tests, you could name their type as Custom::PingTester to make them easily identifiable as ping testers (instead of using AWS::CloudFormation::CustomResource). Default: - AWS::CloudFormation::CustomResource
-        :param service_timeout: The maximum time that can elapse before a custom resource operation times out. The value must be between 1 second and 3600 seconds. Default: Duration.seconds(3600)
+        :param service_timeout: The maximum time that can elapse before a custom resource operation times out. The value must be between 1 second and 3600 seconds. Maps to `ServiceTimeout <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-customresource.html#cfn-cloudformation-customresource-servicetimeout>`_ property for the ``AWS::CloudFormation::CustomResource`` resource Default: Duration.seconds(3600)
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__5c89cdcdef1901fae8effe187c732f9fbf4ec5793ae2938cebb924671df2c26f)
@@ -36548,7 +36580,6 @@ __all__ = [
     "custom_resources",
     "cx_api",
     "lambda_layer_awscli",
-    "lambda_layer_kubectl",
     "lambda_layer_node_proxy_agent",
     "pipelines",
     "region_info",
@@ -36842,7 +36873,6 @@ from . import cloudformation_include
 from . import custom_resources
 from . import cx_api
 from . import lambda_layer_awscli
-from . import lambda_layer_kubectl
 from . import lambda_layer_node_proxy_agent
 from . import pipelines
 from . import region_info
@@ -38174,6 +38204,18 @@ def _typecheckingstub__779551ef0a4b144070fd2c3e88ff076e32ad12d30facdc65a940b7a87
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__4b06766267738419297aaf93a2368e0c38c274adc14053ce29fd653d61c4cef4(
+    x: typing.Any,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__1cadecf7c75d3f55ff2fcddf8a0d000d9f8e54b48218f1336d97358901d38c0b(
+    x: typing.Any,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__0c62bc5a6fe032556ae3c32e105ddaad3f4ca89286fd26884af6347d3364c5ae(
     x: typing.Any,
 ) -> None:

aws_cdk/_jsii/__init__.py

@@ -29,13 +29,12 @@ def check_type(argname: str, value: object, expected_type: typing.Any) -> typing
                 typeguard.check_type(value=value, expected_type=expected_type, collection_check_strategy=typeguard.CollectionCheckStrategy.ALL_ITEMS) # type:ignore
 
 import aws_cdk.asset_awscli_v1._jsii
-import aws_cdk.asset_kubectl_v20._jsii
 import aws_cdk.asset_node_proxy_agent_v6._jsii
 import aws_cdk.cloud_assembly_schema._jsii
 import constructs._jsii
 
 __jsii_assembly__ = jsii.JSIIAssembly.load(
-    "aws-cdk-lib", "2.178.2", __name__[0:-6], "aws-cdk-lib@2.178.2.jsii.tgz"
+    "aws-cdk-lib", "2.180.0", __name__[0:-6], "aws-cdk-lib@2.180.0.jsii.tgz"
 )
 
 __all__ = [

aws_cdk/aws_acmpca/__init__.py

@@ -2728,7 +2728,9 @@ class CfnCertificateAuthority(
         name_mapping={
             "enabled": "enabled",
             "crl_distribution_point_extension_configuration": "crlDistributionPointExtensionConfiguration",
+            "crl_type": "crlType",
             "custom_cname": "customCname",
+            "custom_path": "customPath",
             "expiration_in_days": "expirationInDays",
             "s3_bucket_name": "s3BucketName",
             "s3_object_acl": "s3ObjectAcl",
@@ -2740,7 +2742,9 @@ class CfnCertificateAuthority(
             *,
             enabled: typing.Union[builtins.bool, _IResolvable_da3f097b],
             crl_distribution_point_extension_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnCertificateAuthority.CrlDistributionPointExtensionConfigurationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
+            crl_type: typing.Optional[builtins.str] = None,
             custom_cname: typing.Optional[builtins.str] = None,
+            custom_path: typing.Optional[builtins.str] = None,
             expiration_in_days: typing.Optional[jsii.Number] = None,
             s3_bucket_name: typing.Optional[builtins.str] = None,
             s3_object_acl: typing.Optional[builtins.str] = None,
@@ -2781,7 +2785,9 @@ class CfnCertificateAuthority(
 
             :param enabled: Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this value to enable certificate revocation for a new CA when you call the ``CreateCertificateAuthority`` operation or for an existing CA when you call the ``UpdateCertificateAuthority`` operation.
             :param crl_distribution_point_extension_configuration: Configures the default behavior of the CRL Distribution Point extension for certificates issued by your CA. If this field is not provided, then the CRL Distribution Point extension will be present and contain the default CRL URL.
+            :param crl_type: Specifies the type of CRL. This setting determines the maximum number of certificates that the certificate authority can issue and revoke. For more information, see `AWS Private CA quotas <https://docs.aws.amazon.com/general/latest/gr/pca.html#limits_pca>`_ . - ``COMPLETE`` - The default setting. AWS Private CA maintains a single CRL file for all unexpired certificates issued by a CA that have been revoked for any reason. Each certificate that AWS Private CA issues is bound to a specific CRL through the CRL distribution point (CDP) defined in `RFC 5280 <https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280>`_ . - ``PARTITIONED`` - Compared to complete CRLs, partitioned CRLs dramatically increase the number of certificates your private CA can issue. .. epigraph:: When using partitioned CRLs, you must validate that the CRL's associated issuing distribution point (IDP) URI matches the certificate's CDP URI to ensure the right CRL has been fetched. AWS Private CA marks the IDP extension as critical, which your client must be able to process.
             :param custom_cname: Name inserted into the certificate *CRL Distribution Points* extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. .. epigraph:: The content of a Canonical Name (CNAME) record must conform to `RFC2396 <https://docs.aws.amazon.com/https://www.ietf.org/rfc/rfc2396.txt>`_ restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".
+            :param custom_path: Designates a custom file path in S3 for CRL(s). For example, ``http://<CustomName>/<CustomPath>/<CrlPartition_GUID>.crl`` .
             :param expiration_in_days: Validity period of the CRL in days.
             :param s3_bucket_name: Name of the S3 bucket that contains the CRL. If you do not provide a value for the *CustomCname* argument, the name of your S3 bucket is placed into the *CRL Distribution Points* extension of the issued certificate. You can change the name of your bucket by calling the `UpdateCertificateAuthority <https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html>`_ operation. You must specify a `bucket policy <https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-policies>`_ that allows AWS Private CA to write the CRL to your bucket. .. epigraph:: The ``S3BucketName`` parameter must conform to the `S3 bucket naming rules <https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html>`_ .
             :param s3_object_acl: Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access. If no value is specified, the default is PUBLIC_READ. *Note:* This default can cause CA creation to fail in some circumstances. If you have have enabled the Block Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as ``BUCKET_OWNER_FULL_CONTROL`` , and not doing so results in an error. If you have disabled BPA in S3, then you can specify either ``BUCKET_OWNER_FULL_CONTROL`` or ``PUBLIC_READ`` as the value. For more information, see `Blocking public access to the S3 bucket <https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-bpa>`_ .
@@ -2802,7 +2808,9 @@ class CfnCertificateAuthority(
                     crl_distribution_point_extension_configuration=acmpca.CfnCertificateAuthority.CrlDistributionPointExtensionConfigurationProperty(
                         omit_extension=False
                     ),
+                    crl_type="crlType",
                     custom_cname="customCname",
+                    custom_path="customPath",
                     expiration_in_days=123,
                     s3_bucket_name="s3BucketName",
                     s3_object_acl="s3ObjectAcl"
@@ -2812,7 +2820,9 @@ class CfnCertificateAuthority(
                 type_hints = typing.get_type_hints(_typecheckingstub__de72782a3b3117c1f101c2c6c2fad457863e581a5bdcd67a1280a825dc55ea17)
                 check_type(argname="argument enabled", value=enabled, expected_type=type_hints["enabled"])
                 check_type(argname="argument crl_distribution_point_extension_configuration", value=crl_distribution_point_extension_configuration, expected_type=type_hints["crl_distribution_point_extension_configuration"])
+                check_type(argname="argument crl_type", value=crl_type, expected_type=type_hints["crl_type"])
                 check_type(argname="argument custom_cname", value=custom_cname, expected_type=type_hints["custom_cname"])
+                check_type(argname="argument custom_path", value=custom_path, expected_type=type_hints["custom_path"])
                 check_type(argname="argument expiration_in_days", value=expiration_in_days, expected_type=type_hints["expiration_in_days"])
                 check_type(argname="argument s3_bucket_name", value=s3_bucket_name, expected_type=type_hints["s3_bucket_name"])
                 check_type(argname="argument s3_object_acl", value=s3_object_acl, expected_type=type_hints["s3_object_acl"])
@@ -2821,8 +2831,12 @@ class CfnCertificateAuthority(
             }
             if crl_distribution_point_extension_configuration is not None:
                 self._values["crl_distribution_point_extension_configuration"] = crl_distribution_point_extension_configuration
+            if crl_type is not None:
+                self._values["crl_type"] = crl_type
             if custom_cname is not None:
                 self._values["custom_cname"] = custom_cname
+            if custom_path is not None:
+                self._values["custom_path"] = custom_path
             if expiration_in_days is not None:
                 self._values["expiration_in_days"] = expiration_in_days
             if s3_bucket_name is not None:
@@ -2855,6 +2869,24 @@ class CfnCertificateAuthority(
             result = self._values.get("crl_distribution_point_extension_configuration")
             return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnCertificateAuthority.CrlDistributionPointExtensionConfigurationProperty"]], result)
 
+        @builtins.property
+        def crl_type(self) -> typing.Optional[builtins.str]:
+            '''Specifies the type of CRL.
+
+            This setting determines the maximum number of certificates that the certificate authority can issue and revoke. For more information, see `AWS Private CA quotas <https://docs.aws.amazon.com/general/latest/gr/pca.html#limits_pca>`_ .
+
+            - ``COMPLETE`` - The default setting. AWS Private CA maintains a single CRL file for all unexpired certificates issued by a CA that have been revoked for any reason. Each certificate that AWS Private CA issues is bound to a specific CRL through the CRL distribution point (CDP) defined in `RFC 5280 <https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280>`_ .
+            - ``PARTITIONED`` - Compared to complete CRLs, partitioned CRLs dramatically increase the number of certificates your private CA can issue.
+
+            .. epigraph::
+
+               When using partitioned CRLs, you must validate that the CRL's associated issuing distribution point (IDP) URI matches the certificate's CDP URI to ensure the right CRL has been fetched. AWS Private CA marks the IDP extension as critical, which your client must be able to process.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-crlconfiguration.html#cfn-acmpca-certificateauthority-crlconfiguration-crltype
+            '''
+            result = self._values.get("crl_type")
+            return typing.cast(typing.Optional[builtins.str], result)
+
         @builtins.property
         def custom_cname(self) -> typing.Optional[builtins.str]:
             '''Name inserted into the certificate *CRL Distribution Points* extension that enables the use of an alias for the CRL distribution point.
@@ -2869,6 +2901,17 @@ class CfnCertificateAuthority(
             result = self._values.get("custom_cname")
             return typing.cast(typing.Optional[builtins.str], result)
 
+        @builtins.property
+        def custom_path(self) -> typing.Optional[builtins.str]:
+            '''Designates a custom file path in S3 for CRL(s).
+
+            For example, ``http://<CustomName>/<CustomPath>/<CrlPartition_GUID>.crl`` .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-crlconfiguration.html#cfn-acmpca-certificateauthority-crlconfiguration-custompath
+            '''
+            result = self._values.get("custom_path")
+            return typing.cast(typing.Optional[builtins.str], result)
+
         @builtins.property
         def expiration_in_days(self) -> typing.Optional[jsii.Number]:
             '''Validity period of the CRL in days.
@@ -3876,7 +3919,9 @@ class CfnCertificateAuthority(
                         crl_distribution_point_extension_configuration=acmpca.CfnCertificateAuthority.CrlDistributionPointExtensionConfigurationProperty(
                             omit_extension=False
                         ),
+                        crl_type="crlType",
                         custom_cname="customCname",
+                        custom_path="customPath",
                         expiration_in_days=123,
                         s3_bucket_name="s3BucketName",
                         s3_object_acl="s3ObjectAcl"
@@ -5624,7 +5669,9 @@ def _typecheckingstub__de72782a3b3117c1f101c2c6c2fad457863e581a5bdcd67a1280a825d
     *,
     enabled: typing.Union[builtins.bool, _IResolvable_da3f097b],
     crl_distribution_point_extension_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnCertificateAuthority.CrlDistributionPointExtensionConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+    crl_type: typing.Optional[builtins.str] = None,
     custom_cname: typing.Optional[builtins.str] = None,
+    custom_path: typing.Optional[builtins.str] = None,
     expiration_in_days: typing.Optional[jsii.Number] = None,
     s3_bucket_name: typing.Optional[builtins.str] = None,
     s3_object_acl: typing.Optional[builtins.str] = None,