aws-cdk-lib 2.178.2__py3-none-any.whl → 2.180.0__py3-none-any.whl

aws_cdk/aws_ec2/__init__.py

@@ -11700,7 +11700,7 @@ class CfnEC2Fleet(
             :param availability_zone: The Availability Zone in which to launch the instances.
             :param instance_requirements: The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with those attributes. .. epigraph:: If you specify ``InstanceRequirements`` , you can't specify ``InstanceType`` .
             :param instance_type: The instance type. ``mac1.metal`` is not supported as a launch template override. .. epigraph:: If you specify ``InstanceType`` , you can't specify ``InstanceRequirements`` .
-            :param max_price: The maximum price per unit hour that you are willing to pay for a Spot Instance. We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price. .. epigraph:: If you specify a maximum price, your instances will be interrupted more frequently than if you do not specify this parameter.
+            :param max_price: The maximum price per unit hour that you are willing to pay for a Spot Instance. We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price. .. epigraph:: If you specify a maximum price, your instances will be interrupted more frequently than if you do not specify this parameter. If you specify a maximum price, it must be more than USD $0.001. Specifying a value below USD $0.001 will result in an ``InvalidParameterValue`` error message.
             :param placement: The location where the instance launched, if applicable.
             :param priority: The priority for the launch template override. The highest priority is launched first. If the On-Demand ``AllocationStrategy`` is set to ``prioritized`` , EC2 Fleet uses priority to determine which launch template override to use first in fulfilling On-Demand capacity. If the Spot ``AllocationStrategy`` is set to ``capacity-optimized-prioritized`` , EC2 Fleet uses priority on a best-effort basis to determine which launch template override to use in fulfilling Spot capacity, but optimizes for capacity first. Valid values are whole numbers starting at ``0`` . The lower the number, the higher the priority. If no number is set, the launch template override has the lowest priority. You can set the same priority for different launch template overrides.
             :param subnet_id: The IDs of the subnets in which to launch the instances. Separate multiple subnet IDs using commas (for example, ``subnet-1234abcdeexample1, subnet-0987cdef6example2`` ). A request of type ``instant`` can have only one subnet ID.
@@ -11870,6 +11870,8 @@ class CfnEC2Fleet(
 
                If you specify a maximum price, your instances will be interrupted more frequently than if you do not specify this parameter.
 
+               If you specify a maximum price, it must be more than USD $0.001. Specifying a value below USD $0.001 will result in an ``InvalidParameterValue`` error message.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ec2fleet-fleetlaunchtemplateoverridesrequest.html#cfn-ec2-ec2fleet-fleetlaunchtemplateoverridesrequest-maxprice
             '''
             result = self._values.get("max_price")
@@ -16920,6 +16922,9 @@ class CfnIPAM(
         from aws_cdk import aws_ec2 as ec2
         
         cfn_iPAM = ec2.CfnIPAM(self, "MyCfnIPAM",
+            default_resource_discovery_organizational_unit_exclusions=[ec2.CfnIPAM.IpamOrganizationalUnitExclusionProperty(
+                organizations_entity_path="organizationsEntityPath"
+            )],
             description="description",
             enable_private_gua=False,
             operating_regions=[ec2.CfnIPAM.IpamOperatingRegionProperty(
@@ -16938,6 +16943,7 @@ class CfnIPAM(
         scope: _constructs_77d1e7e8.Construct,
         id: builtins.str,
         *,
+        default_resource_discovery_organizational_unit_exclusions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnIPAM.IpamOrganizationalUnitExclusionProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
         description: typing.Optional[builtins.str] = None,
         enable_private_gua: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         operating_regions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnIPAM.IpamOperatingRegionProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
@@ -16947,6 +16953,7 @@ class CfnIPAM(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
+        :param default_resource_discovery_organizational_unit_exclusions: A set of organizational unit (OU) exclusions for the default resource discovery, created with this IPAM.
         :param description: The description for the IPAM.
         :param enable_private_gua: Enable this option to use your own GUA ranges as private IPv6 addresses. This option is disabled by default.
         :param operating_regions: The operating Regions for an IPAM. Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the AWS Regions you select as operating Regions. For more information about operating Regions, see `Create an IPAM <https://docs.aws.amazon.com//vpc/latest/ipam/create-ipam.html>`_ in the *Amazon VPC IPAM User Guide* .
@@ -16958,6 +16965,7 @@ class CfnIPAM(
             check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         props = CfnIPAMProps(
+            default_resource_discovery_organizational_unit_exclusions=default_resource_discovery_organizational_unit_exclusions,
             description=description,
             enable_private_gua=enable_private_gua,
             operating_regions=operating_regions,
@@ -17080,6 +17088,24 @@ class CfnIPAM(
         '''Tag Manager which manages the tags for this resource.'''
         return typing.cast(_TagManager_0a598cb3, jsii.get(self, "tags"))
 
+    @builtins.property
+    @jsii.member(jsii_name="defaultResourceDiscoveryOrganizationalUnitExclusions")
+    def default_resource_discovery_organizational_unit_exclusions(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnIPAM.IpamOrganizationalUnitExclusionProperty"]]]]:
+        '''A set of organizational unit (OU) exclusions for the default resource discovery, created with this IPAM.'''
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnIPAM.IpamOrganizationalUnitExclusionProperty"]]]], jsii.get(self, "defaultResourceDiscoveryOrganizationalUnitExclusions"))
+
+    @default_resource_discovery_organizational_unit_exclusions.setter
+    def default_resource_discovery_organizational_unit_exclusions(
+        self,
+        value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnIPAM.IpamOrganizationalUnitExclusionProperty"]]]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__df7dc542d06b2df113e30582e811e678d8d8aa54b5759d2ebb6ea3563a53a791)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "defaultResourceDiscoveryOrganizationalUnitExclusions", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="description")
     def description(self) -> typing.Optional[builtins.str]:
@@ -17211,6 +17237,60 @@ class CfnIPAM(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_ec2.CfnIPAM.IpamOrganizationalUnitExclusionProperty",
+        jsii_struct_bases=[],
+        name_mapping={"organizations_entity_path": "organizationsEntityPath"},
+    )
+    class IpamOrganizationalUnitExclusionProperty:
+        def __init__(self, *, organizations_entity_path: builtins.str) -> None:
+            '''If your IPAM is integrated with AWS Organizations and you add an organizational unit (OU) exclusion, IPAM will not manage the IP addresses in accounts in that OU exclusion.
+
+            :param organizations_entity_path: An AWS Organizations entity path. For more information on the entity path, see `Understand the AWS Organizations entity path <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_last-accessed-view-data-orgs.html#access_policies_access-advisor-viewing-orgs-entity-path>`_ in the *AWS Identity and Access Management User Guide* .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ipam-ipamorganizationalunitexclusion.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_ec2 as ec2
+                
+                ipam_organizational_unit_exclusion_property = ec2.CfnIPAM.IpamOrganizationalUnitExclusionProperty(
+                    organizations_entity_path="organizationsEntityPath"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__3a1e082fe403508d7f87288dfed02281b9ed00551965db1ff48cbbe30d9d4b25)
+                check_type(argname="argument organizations_entity_path", value=organizations_entity_path, expected_type=type_hints["organizations_entity_path"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "organizations_entity_path": organizations_entity_path,
+            }
+
+        @builtins.property
+        def organizations_entity_path(self) -> builtins.str:
+            '''An AWS Organizations entity path.
+
+            For more information on the entity path, see `Understand the AWS Organizations entity path <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_last-accessed-view-data-orgs.html#access_policies_access-advisor-viewing-orgs-entity-path>`_ in the *AWS Identity and Access Management User Guide* .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ipam-ipamorganizationalunitexclusion.html#cfn-ec2-ipam-ipamorganizationalunitexclusion-organizationsentitypath
+            '''
+            result = self._values.get("organizations_entity_path")
+            assert result is not None, "Required property 'organizations_entity_path' is missing"
+            return typing.cast(builtins.str, result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "IpamOrganizationalUnitExclusionProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
 
 @jsii.implements(_IInspectable_c2943556)
 class CfnIPAMAllocation(
@@ -18738,6 +18818,7 @@ class CfnIPAMPoolProps:
     jsii_type="aws-cdk-lib.aws_ec2.CfnIPAMProps",
     jsii_struct_bases=[],
     name_mapping={
+        "default_resource_discovery_organizational_unit_exclusions": "defaultResourceDiscoveryOrganizationalUnitExclusions",
         "description": "description",
         "enable_private_gua": "enablePrivateGua",
         "operating_regions": "operatingRegions",
@@ -18749,6 +18830,7 @@ class CfnIPAMProps:
     def __init__(
         self,
         *,
+        default_resource_discovery_organizational_unit_exclusions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnIPAM.IpamOrganizationalUnitExclusionProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
         description: typing.Optional[builtins.str] = None,
         enable_private_gua: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         operating_regions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnIPAM.IpamOperatingRegionProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
@@ -18757,6 +18839,7 @@ class CfnIPAMProps:
     ) -> None:
         '''Properties for defining a ``CfnIPAM``.
 
+        :param default_resource_discovery_organizational_unit_exclusions: A set of organizational unit (OU) exclusions for the default resource discovery, created with this IPAM.
         :param description: The description for the IPAM.
         :param enable_private_gua: Enable this option to use your own GUA ranges as private IPv6 addresses. This option is disabled by default.
         :param operating_regions: The operating Regions for an IPAM. Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the AWS Regions you select as operating Regions. For more information about operating Regions, see `Create an IPAM <https://docs.aws.amazon.com//vpc/latest/ipam/create-ipam.html>`_ in the *Amazon VPC IPAM User Guide* .
@@ -18773,6 +18856,9 @@ class CfnIPAMProps:
             from aws_cdk import aws_ec2 as ec2
             
             cfn_iPAMProps = ec2.CfnIPAMProps(
+                default_resource_discovery_organizational_unit_exclusions=[ec2.CfnIPAM.IpamOrganizationalUnitExclusionProperty(
+                    organizations_entity_path="organizationsEntityPath"
+                )],
                 description="description",
                 enable_private_gua=False,
                 operating_regions=[ec2.CfnIPAM.IpamOperatingRegionProperty(
@@ -18787,12 +18873,15 @@ class CfnIPAMProps:
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__f1252b3f41198f9c0d9b0c751334626e1084e0106d3be9d92d77200730b95e90)
+            check_type(argname="argument default_resource_discovery_organizational_unit_exclusions", value=default_resource_discovery_organizational_unit_exclusions, expected_type=type_hints["default_resource_discovery_organizational_unit_exclusions"])
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
             check_type(argname="argument enable_private_gua", value=enable_private_gua, expected_type=type_hints["enable_private_gua"])
             check_type(argname="argument operating_regions", value=operating_regions, expected_type=type_hints["operating_regions"])
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
             check_type(argname="argument tier", value=tier, expected_type=type_hints["tier"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
+        if default_resource_discovery_organizational_unit_exclusions is not None:
+            self._values["default_resource_discovery_organizational_unit_exclusions"] = default_resource_discovery_organizational_unit_exclusions
         if description is not None:
             self._values["description"] = description
         if enable_private_gua is not None:
@@ -18804,6 +18893,17 @@ class CfnIPAMProps:
         if tier is not None:
             self._values["tier"] = tier
 
+    @builtins.property
+    def default_resource_discovery_organizational_unit_exclusions(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnIPAM.IpamOrganizationalUnitExclusionProperty]]]]:
+        '''A set of organizational unit (OU) exclusions for the default resource discovery, created with this IPAM.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipam.html#cfn-ec2-ipam-defaultresourcediscoveryorganizationalunitexclusions
+        '''
+        result = self._values.get("default_resource_discovery_organizational_unit_exclusions")
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnIPAM.IpamOrganizationalUnitExclusionProperty]]]], result)
+
     @builtins.property
     def description(self) -> typing.Optional[builtins.str]:
         '''The description for the IPAM.
@@ -18898,6 +18998,9 @@ class CfnIPAMResourceDiscovery(
             operating_regions=[ec2.CfnIPAMResourceDiscovery.IpamOperatingRegionProperty(
                 region_name="regionName"
             )],
+            organizational_unit_exclusions=[ec2.CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty(
+                organizations_entity_path="organizationsEntityPath"
+            )],
             tags=[CfnTag(
                 key="key",
                 value="value"
@@ -18912,6 +19015,7 @@ class CfnIPAMResourceDiscovery(
         *,
         description: typing.Optional[builtins.str] = None,
         operating_regions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnIPAMResourceDiscovery.IpamOperatingRegionProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
+        organizational_unit_exclusions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''
@@ -18919,6 +19023,7 @@ class CfnIPAMResourceDiscovery(
         :param id: Construct identifier for this resource (unique in its scope).
         :param description: The resource discovery description.
         :param operating_regions: The operating Regions for the resource discovery. Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the AWS Regions you select as operating Regions.
+        :param organizational_unit_exclusions: A set of organizational unit (OU) exclusions for this resource.
         :param tags: A tag is a label that you assign to an AWS resource. Each tag consists of a key and an optional value. You can use tags to search and filter your resources or track your AWS costs.
         '''
         if __debug__:
@@ -18926,7 +19031,10 @@ class CfnIPAMResourceDiscovery(
             check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         props = CfnIPAMResourceDiscoveryProps(
-            description=description, operating_regions=operating_regions, tags=tags
+            description=description,
+            operating_regions=operating_regions,
+            organizational_unit_exclusions=organizational_unit_exclusions,
+            tags=tags,
         )
 
         jsii.create(self.__class__, self, [scope, id, props])
@@ -19072,6 +19180,24 @@ class CfnIPAMResourceDiscovery(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "operatingRegions", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="organizationalUnitExclusions")
+    def organizational_unit_exclusions(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty"]]]]:
+        '''A set of organizational unit (OU) exclusions for this resource.'''
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty"]]]], jsii.get(self, "organizationalUnitExclusions"))
+
+    @organizational_unit_exclusions.setter
+    def organizational_unit_exclusions(
+        self,
+        value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty"]]]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__0f878fbe931fb7dc474a97e5f158b779f737ec5e5643363296656c4a479af6ae)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "organizationalUnitExclusions", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
     def tags_raw(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
@@ -19141,6 +19267,60 @@ class CfnIPAMResourceDiscovery(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_ec2.CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty",
+        jsii_struct_bases=[],
+        name_mapping={"organizations_entity_path": "organizationsEntityPath"},
+    )
+    class IpamResourceDiscoveryOrganizationalUnitExclusionProperty:
+        def __init__(self, *, organizations_entity_path: builtins.str) -> None:
+            '''If your IPAM is integrated with AWS Organizations and you add an organizational unit (OU) exclusion, IPAM will not manage the IP addresses in accounts in that OU exclusion.
+
+            :param organizations_entity_path: An AWS Organizations entity path. Build the path for the OU(s) using AWS Organizations IDs separated by a '/'. Include all child OUs by ending the path with '/*'.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ipamresourcediscovery-ipamresourcediscoveryorganizationalunitexclusion.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_ec2 as ec2
+                
+                ipam_resource_discovery_organizational_unit_exclusion_property = ec2.CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty(
+                    organizations_entity_path="organizationsEntityPath"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__ccd001ab1c5cbf012c760b05292306e2019f0f9adffc25c67a35cfb3050d8d9f)
+                check_type(argname="argument organizations_entity_path", value=organizations_entity_path, expected_type=type_hints["organizations_entity_path"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "organizations_entity_path": organizations_entity_path,
+            }
+
+        @builtins.property
+        def organizations_entity_path(self) -> builtins.str:
+            '''An AWS Organizations entity path.
+
+            Build the path for the OU(s) using AWS Organizations IDs separated by a '/'. Include all child OUs by ending the path with '/*'.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ipamresourcediscovery-ipamresourcediscoveryorganizationalunitexclusion.html#cfn-ec2-ipamresourcediscovery-ipamresourcediscoveryorganizationalunitexclusion-organizationsentitypath
+            '''
+            result = self._values.get("organizations_entity_path")
+            assert result is not None, "Required property 'organizations_entity_path' is missing"
+            return typing.cast(builtins.str, result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "IpamResourceDiscoveryOrganizationalUnitExclusionProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
 
 @jsii.implements(_IInspectable_c2943556, _ITaggable_36806126)
 class CfnIPAMResourceDiscoveryAssociation(
@@ -19474,6 +19654,7 @@ class CfnIPAMResourceDiscoveryAssociationProps:
     name_mapping={
         "description": "description",
         "operating_regions": "operatingRegions",
+        "organizational_unit_exclusions": "organizationalUnitExclusions",
         "tags": "tags",
     },
 )
@@ -19483,12 +19664,14 @@ class CfnIPAMResourceDiscoveryProps:
         *,
         description: typing.Optional[builtins.str] = None,
         operating_regions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnIPAMResourceDiscovery.IpamOperatingRegionProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+        organizational_unit_exclusions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''Properties for defining a ``CfnIPAMResourceDiscovery``.
 
         :param description: The resource discovery description.
         :param operating_regions: The operating Regions for the resource discovery. Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the AWS Regions you select as operating Regions.
+        :param organizational_unit_exclusions: A set of organizational unit (OU) exclusions for this resource.
         :param tags: A tag is a label that you assign to an AWS resource. Each tag consists of a key and an optional value. You can use tags to search and filter your resources or track your AWS costs.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipamresourcediscovery.html
@@ -19505,6 +19688,9 @@ class CfnIPAMResourceDiscoveryProps:
                 operating_regions=[ec2.CfnIPAMResourceDiscovery.IpamOperatingRegionProperty(
                     region_name="regionName"
                 )],
+                organizational_unit_exclusions=[ec2.CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty(
+                    organizations_entity_path="organizationsEntityPath"
+                )],
                 tags=[CfnTag(
                     key="key",
                     value="value"
@@ -19515,12 +19701,15 @@ class CfnIPAMResourceDiscoveryProps:
             type_hints = typing.get_type_hints(_typecheckingstub__f109dd2c7d7c94b25622dd13433c13abb153fa5092da9272630e94ba4005e9e2)
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
             check_type(argname="argument operating_regions", value=operating_regions, expected_type=type_hints["operating_regions"])
+            check_type(argname="argument organizational_unit_exclusions", value=organizational_unit_exclusions, expected_type=type_hints["organizational_unit_exclusions"])
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
         if description is not None:
             self._values["description"] = description
         if operating_regions is not None:
             self._values["operating_regions"] = operating_regions
+        if organizational_unit_exclusions is not None:
+            self._values["organizational_unit_exclusions"] = organizational_unit_exclusions
         if tags is not None:
             self._values["tags"] = tags
 
@@ -19546,6 +19735,17 @@ class CfnIPAMResourceDiscoveryProps:
         result = self._values.get("operating_regions")
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnIPAMResourceDiscovery.IpamOperatingRegionProperty]]]], result)
 
+    @builtins.property
+    def organizational_unit_exclusions(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty]]]]:
+        '''A set of organizational unit (OU) exclusions for this resource.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipamresourcediscovery.html#cfn-ec2-ipamresourcediscovery-organizationalunitexclusions
+        '''
+        result = self._values.get("organizational_unit_exclusions")
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty]]]], result)
+
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
         '''A tag is a label that you assign to an AWS resource.
@@ -25369,7 +25569,7 @@ class CfnLaunchTemplate(
 
             ``CpuOptions`` is a property of `AWS::EC2::LaunchTemplate LaunchTemplateData <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html>`_ .
 
-            :param amd_sev_snp: Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. For more information, see `AMD SEV-SNP <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html>`_ .
+            :param amd_sev_snp: Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. For more information, see `AMD SEV-SNP for Amazon EC2 instances <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html>`_ .
             :param core_count: The number of CPU cores for the instance.
             :param threads_per_core: The number of threads per CPU core. To disable multithreading for the instance, specify a value of ``1`` . Otherwise, specify the default value of ``2`` .
 
@@ -25405,7 +25605,7 @@ class CfnLaunchTemplate(
         def amd_sev_snp(self) -> typing.Optional[builtins.str]:
             '''Indicates whether to enable the instance for AMD SEV-SNP.
 
-            AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. For more information, see `AMD SEV-SNP <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html>`_ .
+            AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. For more information, see `AMD SEV-SNP for Amazon EC2 instances <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-cpuoptions.html#cfn-ec2-launchtemplate-cpuoptions-amdsevsnp
             '''
@@ -25596,7 +25796,7 @@ class CfnLaunchTemplate(
 
             :param delete_on_termination: Indicates whether the EBS volume is deleted on instance termination.
             :param encrypted: Indicates whether the EBS volume is encrypted. Encrypted volumes can only be attached to instances that support Amazon EBS encryption. If you are creating a volume from a snapshot, you can't specify an encryption value.
-            :param iops: The number of I/O operations per second (IOPS). For ``gp3`` , ``io1`` , and ``io2`` volumes, this represents the number of IOPS that are provisioned for the volume. For ``gp2`` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. The following are the supported values for each volume type: - ``gp3`` : 3,000 - 16,000 IOPS - ``io1`` : 100 - 64,000 IOPS - ``io2`` : 100 - 256,000 IOPS For ``io2`` volumes, you can achieve up to 256,000 IOPS on `instances built on the Nitro System <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances>`_ . On other instances, you can achieve performance up to 32,000 IOPS. This parameter is supported for ``io1`` , ``io2`` , and ``gp3`` volumes only.
+            :param iops: The number of I/O operations per second (IOPS). For ``gp3`` , ``io1`` , and ``io2`` volumes, this represents the number of IOPS that are provisioned for the volume. For ``gp2`` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. The following are the supported values for each volume type: - ``gp3`` : 3,000 - 16,000 IOPS - ``io1`` : 100 - 64,000 IOPS - ``io2`` : 100 - 256,000 IOPS For ``io2`` volumes, you can achieve up to 256,000 IOPS on `instances built on the Nitro System <https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html>`_ . On other instances, you can achieve performance up to 32,000 IOPS. This parameter is supported for ``io1`` , ``io2`` , and ``gp3`` volumes only.
             :param kms_key_id: Identifier (key ID, key alias, key ARN, or alias ARN) of the customer managed KMS key to use for EBS encryption.
             :param snapshot_id: The ID of the snapshot.
             :param throughput: The throughput to provision for a ``gp3`` volume, with a maximum of 1,000 MiB/s. Valid Range: Minimum value of 125. Maximum value of 1000.
@@ -25687,7 +25887,7 @@ class CfnLaunchTemplate(
             - ``io1`` : 100 - 64,000 IOPS
             - ``io2`` : 100 - 256,000 IOPS
 
-            For ``io2`` volumes, you can achieve up to 256,000 IOPS on `instances built on the Nitro System <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances>`_ . On other instances, you can achieve performance up to 32,000 IOPS.
+            For ``io2`` volumes, you can achieve up to 256,000 IOPS on `instances built on the Nitro System <https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html>`_ . On other instances, you can achieve performance up to 32,000 IOPS.
 
             This parameter is supported for ``io1`` , ``io2`` , and ``gp3`` volumes only.
 
@@ -27178,14 +27378,14 @@ class CfnLaunchTemplate(
 
             :param block_device_mappings: The block device mapping.
             :param capacity_reservation_specification: The Capacity Reservation targeting option. If you do not specify this parameter, the instance's Capacity Reservation preference defaults to ``open`` , which enables it to run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone).
-            :param cpu_options: The CPU options for the instance. For more information, see `Optimize CPU options <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html>`_ in the *Amazon EC2 User Guide* .
+            :param cpu_options: The CPU options for the instance. For more information, see `CPU options for Amazon EC2 instances <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html>`_ in the *Amazon EC2 User Guide* .
             :param credit_specification: The credit option for CPU usage of the instance. Valid only for T instances.
-            :param disable_api_stop: Indicates whether to enable the instance for stop protection. For more information, see `Enable stop protection for your instance <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-stop-protection.html>`_ in the *Amazon EC2 User Guide* .
+            :param disable_api_stop: Indicates whether to enable the instance for stop protection. For more information, see `Enable stop protection for your EC2 instances <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-stop-protection.html>`_ in the *Amazon EC2 User Guide* .
             :param disable_api_termination: Indicates whether termination protection is enabled for the instance. The default is ``false`` , which means that you can terminate the instance using the Amazon EC2 console, command line tools, or API. You can enable termination protection when you launch an instance, while the instance is running, or while the instance is stopped.
             :param ebs_optimized: Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS-optimized instance.
             :param elastic_gpu_specifications: Deprecated. .. epigraph:: Amazon Elastic Graphics reached end of life on January 8, 2024. For workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, G4dn, or G5 instances.
             :param elastic_inference_accelerators: .. epigraph:: Amazon Elastic Inference is no longer available. An elastic inference accelerator to associate with the instance. Elastic inference accelerators are a resource you can attach to your Amazon EC2 instances to accelerate your Deep Learning (DL) inference workloads. You cannot specify accelerators from different generations in the same request. .. epigraph:: Starting April 15, 2023, AWS will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.
-            :param enclave_options: Indicates whether the instance is enabled for AWS Nitro Enclaves. For more information, see `What is AWS Nitro Enclaves? <https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html>`_ in the *AWS Nitro Enclaves User Guide* . You can't enable AWS Nitro Enclaves and hibernation on the same instance.
+            :param enclave_options: Indicates whether the instance is enabled for AWS Nitro Enclaves. For more information, see `What is Nitro Enclaves? <https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html>`_ in the *AWS Nitro Enclaves User Guide* . You can't enable AWS Nitro Enclaves and hibernation on the same instance.
             :param hibernation_options: Indicates whether an instance is enabled for hibernation. This parameter is valid only if the instance meets the `hibernation prerequisites <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/hibernating-prerequisites.html>`_ . For more information, see `Hibernate your Amazon EC2 instance <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html>`_ in the *Amazon EC2 User Guide* .
             :param iam_instance_profile: The name or Amazon Resource Name (ARN) of an IAM instance profile.
             :param image_id: The ID of the AMI. Alternatively, you can specify a Systems Manager parameter, which will resolve to an AMI ID on launch. Valid formats: - ``ami-0ac394d6a3example`` - ``resolve:ssm:parameter-name`` - ``resolve:ssm:parameter-name:version-number`` - ``resolve:ssm:parameter-name:label`` For more information, see `Use a Systems Manager parameter to find an AMI <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/finding-an-ami.html#using-systems-manager-parameter-to-find-AMI>`_ in the *Amazon Elastic Compute Cloud User Guide* .
@@ -27197,7 +27397,7 @@ class CfnLaunchTemplate(
             :param key_name: The name of the key pair. You can create a key pair using `CreateKeyPair <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateKeyPair.html>`_ or `ImportKeyPair <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportKeyPair.html>`_ . .. epigraph:: If you do not specify a key pair, you can't connect to the instance unless you choose an AMI that is configured to allow users another way to log in.
             :param license_specifications: The license configurations.
             :param maintenance_options: The maintenance options of your instance.
-            :param metadata_options: The metadata options for the instance. For more information, see `Instance metadata and user data <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html>`_ in the *Amazon EC2 User Guide* .
+            :param metadata_options: The metadata options for the instance. For more information, see `Configure the Instance Metadata Service options <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html>`_ in the *Amazon EC2 User Guide* .
             :param monitoring: The monitoring for the instance.
             :param network_interfaces: The network interfaces for the instance.
             :param placement: The placement for the instance.
@@ -27206,7 +27406,7 @@ class CfnLaunchTemplate(
             :param security_group_ids: The IDs of the security groups. You can specify the IDs of existing security groups and references to resources created by the stack template. If you specify a network interface, you must specify any security groups as part of the network interface instead.
             :param security_groups: The names of the security groups. For a nondefault VPC, you must use security group IDs instead. If you specify a network interface, you must specify any security groups as part of the network interface instead of using this parameter.
             :param tag_specifications: The tags to apply to resources that are created during instance launch. To tag the launch template itself, use `TagSpecifications <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-tagspecifications>`_ .
-            :param user_data: The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see `Run commands on your Amazon EC2 instance at launch <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html>`_ in the *Amazon EC2 User Guide* . If you are creating the launch template for use with AWS Batch , the user data must be provided in the `MIME multi-part archive format <https://docs.aws.amazon.com/https://cloudinit.readthedocs.io/en/latest/topics/format.html#mime-multi-part-archive>`_ . For more information, see `Amazon EC2 user data in launch templates <https://docs.aws.amazon.com/batch/latest/userguide/launch-templates.html>`_ in the *AWS Batch User Guide* .
+            :param user_data: The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see `Run commands when you launch an EC2 instance with user data input <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html>`_ in the *Amazon EC2 User Guide* . If you are creating the launch template for use with AWS Batch , the user data must be provided in the `MIME multi-part archive format <https://docs.aws.amazon.com/https://cloudinit.readthedocs.io/en/latest/topics/format.html#mime-multi-part-archive>`_ . For more information, see `Amazon EC2 user data in launch templates <https://docs.aws.amazon.com/batch/latest/userguide/launch-templates.html#lt-user-data>`_ in the *AWS Batch User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html
             :exampleMetadata: fixture=_generated
@@ -27557,7 +27757,7 @@ class CfnLaunchTemplate(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnLaunchTemplate.CpuOptionsProperty"]]:
             '''The CPU options for the instance.
 
-            For more information, see `Optimize CPU options <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html>`_ in the *Amazon EC2 User Guide* .
+            For more information, see `CPU options for Amazon EC2 instances <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html>`_ in the *Amazon EC2 User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-cpuoptions
             '''
@@ -27583,7 +27783,7 @@ class CfnLaunchTemplate(
         ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
             '''Indicates whether to enable the instance for stop protection.
 
-            For more information, see `Enable stop protection for your instance <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-stop-protection.html>`_ in the *Amazon EC2 User Guide* .
+            For more information, see `Enable stop protection for your EC2 instances <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-stop-protection.html>`_ in the *Amazon EC2 User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-disableapistop
             '''
@@ -27657,7 +27857,7 @@ class CfnLaunchTemplate(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnLaunchTemplate.EnclaveOptionsProperty"]]:
             '''Indicates whether the instance is enabled for AWS Nitro Enclaves.
 
-            For more information, see `What is AWS Nitro Enclaves? <https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html>`_ in the *AWS Nitro Enclaves User Guide* .
+            For more information, see `What is Nitro Enclaves? <https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html>`_ in the *AWS Nitro Enclaves User Guide* .
 
             You can't enable AWS Nitro Enclaves and hibernation on the same instance.
 
@@ -27825,7 +28025,7 @@ class CfnLaunchTemplate(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnLaunchTemplate.MetadataOptionsProperty"]]:
             '''The metadata options for the instance.
 
-            For more information, see `Instance metadata and user data <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html>`_ in the *Amazon EC2 User Guide* .
+            For more information, see `Configure the Instance Metadata Service options <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html>`_ in the *Amazon EC2 User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-metadataoptions
             '''
@@ -27932,9 +28132,9 @@ class CfnLaunchTemplate(
         def user_data(self) -> typing.Optional[builtins.str]:
             '''The user data to make available to the instance.
 
-            You must provide base64-encoded text. User data is limited to 16 KB. For more information, see `Run commands on your Amazon EC2 instance at launch <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html>`_ in the *Amazon EC2 User Guide* .
+            You must provide base64-encoded text. User data is limited to 16 KB. For more information, see `Run commands when you launch an EC2 instance with user data input <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html>`_ in the *Amazon EC2 User Guide* .
 
-            If you are creating the launch template for use with AWS Batch , the user data must be provided in the `MIME multi-part archive format <https://docs.aws.amazon.com/https://cloudinit.readthedocs.io/en/latest/topics/format.html#mime-multi-part-archive>`_ . For more information, see `Amazon EC2 user data in launch templates <https://docs.aws.amazon.com/batch/latest/userguide/launch-templates.html>`_ in the *AWS Batch User Guide* .
+            If you are creating the launch template for use with AWS Batch , the user data must be provided in the `MIME multi-part archive format <https://docs.aws.amazon.com/https://cloudinit.readthedocs.io/en/latest/topics/format.html#mime-multi-part-archive>`_ . For more information, see `Amazon EC2 user data in launch templates <https://docs.aws.amazon.com/batch/latest/userguide/launch-templates.html#lt-user-data>`_ in the *AWS Batch User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-userdata
             '''
@@ -28398,7 +28598,7 @@ class CfnLaunchTemplate(
             :param http_protocol_ipv6: Enables or disables the IPv6 endpoint for the instance metadata service. Default: ``disabled``
             :param http_put_response_hop_limit: The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Default: ``1`` Possible values: Integers from 1 to 64
             :param http_tokens: Indicates whether IMDSv2 is required. - ``optional`` - IMDSv2 is optional. You can choose whether to send a session token in your instance metadata retrieval requests. If you retrieve IAM role credentials without a session token, you receive the IMDSv1 role credentials. If you retrieve IAM role credentials using a valid session token, you receive the IMDSv2 role credentials. - ``required`` - IMDSv2 is required. You must send a session token in your instance metadata retrieval requests. With this option, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available. Default: If the value of ``ImdsSupport`` for the Amazon Machine Image (AMI) for your instance is ``v2.0`` , the default is ``required`` .
-            :param instance_metadata_tags: Set to ``enabled`` to allow access to instance tags from the instance metadata. Set to ``disabled`` to turn off access to instance tags from the instance metadata. For more information, see `Work with instance tags using the instance metadata <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS>`_ . Default: ``disabled``
+            :param instance_metadata_tags: Set to ``enabled`` to allow access to instance tags from the instance metadata. Set to ``disabled`` to turn off access to instance tags from the instance metadata. For more information, see `View tags for your EC2 instances using instance metadata <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/work-with-tags-in-IMDS.html>`_ . Default: ``disabled``
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-metadataoptions.html
             :exampleMetadata: fixture=_generated
@@ -28494,7 +28694,7 @@ class CfnLaunchTemplate(
         def instance_metadata_tags(self) -> typing.Optional[builtins.str]:
             '''Set to ``enabled`` to allow access to instance tags from the instance metadata.
 
-            Set to ``disabled`` to turn off access to instance tags from the instance metadata. For more information, see `Work with instance tags using the instance metadata <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS>`_ .
+            Set to ``disabled`` to turn off access to instance tags from the instance metadata. For more information, see `View tags for your EC2 instances using instance metadata <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/work-with-tags-in-IMDS.html>`_ .
 
             Default: ``disabled``
 
@@ -28796,7 +28996,7 @@ class CfnLaunchTemplate(
             :param device_index: The device index for the network interface attachment. If the network interface is of type ``interface`` , you must specify a device index. If you create a launch template that includes secondary network interfaces but no primary network interface, and you specify it using the ``LaunchTemplate`` property of ``AWS::EC2::Instance`` , then you must include a primary network interface using the ``NetworkInterfaces`` property of ``AWS::EC2::Instance`` .
             :param ena_srd_specification: The ENA Express configuration for the network interface.
             :param groups: The IDs of one or more security groups.
-            :param interface_type: The type of network interface. To create an Elastic Fabric Adapter (EFA), specify ``efa`` or ``efa`` . For more information, see `Elastic Fabric Adapter <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html>`_ in the *Amazon EC2 User Guide* . If you are not creating an EFA, specify ``interface`` or omit this parameter. If you specify ``efa-only`` , do not assign any IP addresses to the network interface. EFA-only network interfaces do not support IP addresses. Valid values: ``interface`` | ``efa`` | ``efa-only``
+            :param interface_type: The type of network interface. To create an Elastic Fabric Adapter (EFA), specify ``efa`` or ``efa`` . For more information, see `Elastic Fabric Adapter for AI/ML and HPC workloads on Amazon EC2 <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html>`_ in the *Amazon EC2 User Guide* . If you are not creating an EFA, specify ``interface`` or omit this parameter. If you specify ``efa-only`` , do not assign any IP addresses to the network interface. EFA-only network interfaces do not support IP addresses. Valid values: ``interface`` | ``efa`` | ``efa-only``
             :param ipv4_prefix_count: The number of IPv4 prefixes to be automatically assigned to the network interface. You cannot use this option if you use the ``Ipv4Prefix`` option.
             :param ipv4_prefixes: One or more IPv4 prefixes to be assigned to the network interface. You cannot use this option if you use the ``Ipv4PrefixCount`` option.
             :param ipv6_address_count: The number of IPv6 addresses to assign to a network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. You can't use this option if specifying specific IPv6 addresses.
@@ -29027,7 +29227,7 @@ class CfnLaunchTemplate(
         def interface_type(self) -> typing.Optional[builtins.str]:
             '''The type of network interface.
 
-            To create an Elastic Fabric Adapter (EFA), specify ``efa`` or ``efa`` . For more information, see `Elastic Fabric Adapter <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html>`_ in the *Amazon EC2 User Guide* .
+            To create an Elastic Fabric Adapter (EFA), specify ``efa`` or ``efa`` . For more information, see `Elastic Fabric Adapter for AI/ML and HPC workloads on Amazon EC2 <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html>`_ in the *Amazon EC2 User Guide* .
 
             If you are not creating an EFA, specify ``interface`` or omit this parameter.
 
@@ -29661,7 +29861,7 @@ class CfnLaunchTemplate(
 
             :param block_duration_minutes: Deprecated.
             :param instance_interruption_behavior: The behavior when a Spot Instance is interrupted. The default is ``terminate`` .
-            :param max_price: The maximum hourly price you're willing to pay for the Spot Instances. We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price. .. epigraph:: If you specify a maximum price, your Spot Instances will be interrupted more frequently than if you do not specify this parameter.
+            :param max_price: The maximum hourly price you're willing to pay for a Spot Instance. We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price. If you do specify this parameter, it must be more than USD $0.001. Specifying a value below USD $0.001 will result in an ``InvalidParameterValue`` error message when the launch template is used to launch an instance. .. epigraph:: If you specify a maximum price, your Spot Instances will be interrupted more frequently than if you do not specify this parameter.
             :param spot_instance_type: The Spot Instance request type. If you are using Spot Instances with an Auto Scaling group, use ``one-time`` requests, as the Amazon EC2 Auto Scaling service handles requesting new Spot Instances whenever the group is below its desired capacity.
             :param valid_until: The end date of the request, in UTC format ( *YYYY-MM-DD* T *HH:MM:SS* Z). Supported only for persistent requests. - For a persistent request, the request remains active until the ``ValidUntil`` date and time is reached. Otherwise, the request remains active until you cancel it. - For a one-time request, ``ValidUntil`` is not supported. The request remains active until all instances launch or you cancel the request. Default: 7 days from the current date
 
@@ -29723,9 +29923,9 @@ class CfnLaunchTemplate(
 
         @builtins.property
         def max_price(self) -> typing.Optional[builtins.str]:
-            '''The maximum hourly price you're willing to pay for the Spot Instances.
+            '''The maximum hourly price you're willing to pay for a Spot Instance.
 
-            We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price.
+            We do not recommend using this parameter because it can lead to increased interruptions. If you do not specify this parameter, you will pay the current Spot price. If you do specify this parameter, it must be more than USD $0.001. Specifying a value below USD $0.001 will result in an ``InvalidParameterValue`` error message when the launch template is used to launch an instance.
             .. epigraph::
 
                If you specify a maximum price, your Spot Instances will be interrupted more frequently than if you do not specify this parameter.
@@ -41611,9 +41811,9 @@ class CfnSecurityGroup(
 ):
     '''Specifies a security group.
 
-    To create a security group, use the `VpcId <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-vpcid>`_ property to specify the VPC for which to create the security group.
+    You must specify ingress rules to allow inbound traffic. By default, no inbound traffic is allowed.
 
-    If you do not specify an egress rule, we add egress rules that allow IPv4 and IPv6 traffic on all ports and protocols to any destination. We do not add these rules if you specify your own egress rules.
+    If you do not specify an egress rule, we add egress rules that allow outbound IPv4 and IPv6 traffic on all ports and protocols to any destination. We do not add these rules if you specify your own egress rules.
 
     This type supports updates. For more information about updating stacks, see `AWS CloudFormation Stacks Updates <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html>`_ .
     .. epigraph::
@@ -49346,6 +49546,7 @@ class CfnSubnet(
 
     Example::
 
+        from aws_cdk.lambda_layer_kubectl_v32 import KubectlV32Layer
         # vpc: ec2.Vpc
         
         
@@ -49370,10 +49571,11 @@ class CfnSubnet(
             subnetcount = subnetcount + 1
         
         cluster = eks.Cluster(self, "hello-eks",
-            version=eks.KubernetesVersion.V1_31,
+            version=eks.KubernetesVersion.V1_32,
             vpc=vpc,
             ip_family=eks.IpFamily.IP_V6,
-            vpc_subnets=[ec2.SubnetSelection(subnets=vpc.public_subnets)]
+            vpc_subnets=[ec2.SubnetSelection(subnets=vpc.public_subnets)],
+            kubectl_layer=KubectlV32Layer(self, "kubectl")
         )
     '''
 
@@ -57668,6 +57870,7 @@ class CfnVPCCidrBlock(
 
     Example::
 
+        from aws_cdk.lambda_layer_kubectl_v32 import KubectlV32Layer
         # vpc: ec2.Vpc
         
         
@@ -57692,10 +57895,11 @@ class CfnVPCCidrBlock(
             subnetcount = subnetcount + 1
         
         cluster = eks.Cluster(self, "hello-eks",
-            version=eks.KubernetesVersion.V1_31,
+            version=eks.KubernetesVersion.V1_32,
             vpc=vpc,
             ip_family=eks.IpFamily.IP_V6,
-            vpc_subnets=[ec2.SubnetSelection(subnets=vpc.public_subnets)]
+            vpc_subnets=[ec2.SubnetSelection(subnets=vpc.public_subnets)],
+            kubectl_layer=KubectlV32Layer(self, "kubectl")
         )
     '''
 
@@ -57724,7 +57928,7 @@ class CfnVPCCidrBlock(
         :param ipv4_ipam_pool_id: Associate a CIDR allocated from an IPv4 IPAM pool to a VPC. For more information about Amazon VPC IP Address Manager (IPAM), see `What is IPAM? <https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html>`_ in the *Amazon VPC IPAM User Guide* .
         :param ipv4_netmask_length: The netmask length of the IPv4 CIDR you would like to associate from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see `What is IPAM? <https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html>`_ in the *Amazon VPC IPAM User Guide* .
         :param ipv6_cidr_block: An IPv6 CIDR block from the IPv6 address pool. You must also specify ``Ipv6Pool`` in the request. To let Amazon choose the IPv6 CIDR block for you, omit this parameter.
-        :param ipv6_cidr_block_network_border_group: The name of the location from which we advertise the IPV6 CIDR block.
+        :param ipv6_cidr_block_network_border_group: The name of the location from which we advertise the IPV6 CIDR block. Use this parameter to limit the CIDR block to this location. You must set ``AmazonProvidedIpv6CidrBlock`` to ``true`` to use this parameter. You can have one IPv6 CIDR block association per network border group.
         :param ipv6_ipam_pool_id: Associates a CIDR allocated from an IPv6 IPAM pool to a VPC. For more information about Amazon VPC IP Address Manager (IPAM), see `What is IPAM? <https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html>`_ in the *Amazon VPC IPAM User Guide* .
         :param ipv6_netmask_length: The netmask length of the IPv6 CIDR you would like to associate from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see `What is IPAM? <https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html>`_ in the *Amazon VPC IPAM User Guide* .
         :param ipv6_pool: The ID of an IPv6 address pool from which to allocate the IPv6 CIDR block.
@@ -57995,7 +58199,7 @@ class CfnVPCCidrBlockProps:
         :param ipv4_ipam_pool_id: Associate a CIDR allocated from an IPv4 IPAM pool to a VPC. For more information about Amazon VPC IP Address Manager (IPAM), see `What is IPAM? <https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html>`_ in the *Amazon VPC IPAM User Guide* .
         :param ipv4_netmask_length: The netmask length of the IPv4 CIDR you would like to associate from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see `What is IPAM? <https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html>`_ in the *Amazon VPC IPAM User Guide* .
         :param ipv6_cidr_block: An IPv6 CIDR block from the IPv6 address pool. You must also specify ``Ipv6Pool`` in the request. To let Amazon choose the IPv6 CIDR block for you, omit this parameter.
-        :param ipv6_cidr_block_network_border_group: The name of the location from which we advertise the IPV6 CIDR block.
+        :param ipv6_cidr_block_network_border_group: The name of the location from which we advertise the IPV6 CIDR block. Use this parameter to limit the CIDR block to this location. You must set ``AmazonProvidedIpv6CidrBlock`` to ``true`` to use this parameter. You can have one IPv6 CIDR block association per network border group.
         :param ipv6_ipam_pool_id: Associates a CIDR allocated from an IPv6 IPAM pool to a VPC. For more information about Amazon VPC IP Address Manager (IPAM), see `What is IPAM? <https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html>`_ in the *Amazon VPC IPAM User Guide* .
         :param ipv6_netmask_length: The netmask length of the IPv6 CIDR you would like to associate from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see `What is IPAM? <https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html>`_ in the *Amazon VPC IPAM User Guide* .
         :param ipv6_pool: The ID of an IPv6 address pool from which to allocate the IPv6 CIDR block.
@@ -58005,6 +58209,7 @@ class CfnVPCCidrBlockProps:
 
         Example::
 
+            from aws_cdk.lambda_layer_kubectl_v32 import KubectlV32Layer
             # vpc: ec2.Vpc
             
             
@@ -58029,10 +58234,11 @@ class CfnVPCCidrBlockProps:
                 subnetcount = subnetcount + 1
             
             cluster = eks.Cluster(self, "hello-eks",
-                version=eks.KubernetesVersion.V1_31,
+                version=eks.KubernetesVersion.V1_32,
                 vpc=vpc,
                 ip_family=eks.IpFamily.IP_V6,
-                vpc_subnets=[ec2.SubnetSelection(subnets=vpc.public_subnets)]
+                vpc_subnets=[ec2.SubnetSelection(subnets=vpc.public_subnets)],
+                kubectl_layer=KubectlV32Layer(self, "kubectl")
             )
         '''
         if __debug__:
@@ -58138,6 +58344,12 @@ class CfnVPCCidrBlockProps:
     def ipv6_cidr_block_network_border_group(self) -> typing.Optional[builtins.str]:
         '''The name of the location from which we advertise the IPV6 CIDR block.
 
+        Use this parameter to limit the CIDR block to this location.
+
+        You must set ``AmazonProvidedIpv6CidrBlock`` to ``true`` to use this parameter.
+
+        You can have one IPv6 CIDR block association per network border group.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpccidrblock.html#cfn-ec2-vpccidrblock-ipv6cidrblocknetworkbordergroup
         '''
         result = self._values.get("ipv6_cidr_block_network_border_group")
@@ -58451,7 +58663,7 @@ class CfnVPCEndpoint(
         :param service_name: The name of the endpoint service.
         :param service_network_arn: The Amazon Resource Name (ARN) of the service network.
         :param subnet_ids: The IDs of the subnets in which to create endpoint network interfaces. You must specify this property for an interface endpoint or a Gateway Load Balancer endpoint. You can't specify this property for a gateway endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet.
-        :param tags: 
+        :param tags: The tags to associate with the endpoint.
         :param vpc_endpoint_type: The type of endpoint. Default: Gateway
         '''
         if __debug__:
@@ -58727,6 +58939,7 @@ class CfnVPCEndpoint(
     @builtins.property
     @jsii.member(jsii_name="tags")
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
+        '''The tags to associate with the endpoint.'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tags"))
 
     @tags.setter
@@ -59148,7 +59361,7 @@ class CfnVPCEndpointProps:
         :param service_name: The name of the endpoint service.
         :param service_network_arn: The Amazon Resource Name (ARN) of the service network.
         :param subnet_ids: The IDs of the subnets in which to create endpoint network interfaces. You must specify this property for an interface endpoint or a Gateway Load Balancer endpoint. You can't specify this property for a gateway endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet.
-        :param tags: 
+        :param tags: The tags to associate with the endpoint.
         :param vpc_endpoint_type: The type of endpoint. Default: Gateway
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html
@@ -59355,7 +59568,8 @@ class CfnVPCEndpointProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''
+        '''The tags to associate with the endpoint.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html#cfn-ec2-vpcendpoint-tags
         '''
         result = self._values.get("tags")
@@ -59442,7 +59656,7 @@ class CfnVPCEndpointService(
         :param gateway_load_balancer_arns: The Amazon Resource Names (ARNs) of the Gateway Load Balancers.
         :param network_load_balancer_arns: The Amazon Resource Names (ARNs) of the Network Load Balancers.
         :param payer_responsibility: The entity that is responsible for the endpoint costs. The default is the endpoint owner. If you set the payer responsibility to the service owner, you cannot set it back to the endpoint owner.
-        :param tags: The tags to add to the VPC endpoint service.
+        :param tags: The tags to associate with the service.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__bd65bb2d0beb1d62ef8b72a33a352ac48e00600bc2b025bdec06b82cf7cf57ee)
@@ -59593,7 +59807,7 @@ class CfnVPCEndpointService(
     @builtins.property
     @jsii.member(jsii_name="tags")
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''The tags to add to the VPC endpoint service.'''
+        '''The tags to associate with the service.'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tags"))
 
     @tags.setter
@@ -59830,7 +60044,7 @@ class CfnVPCEndpointServiceProps:
         :param gateway_load_balancer_arns: The Amazon Resource Names (ARNs) of the Gateway Load Balancers.
         :param network_load_balancer_arns: The Amazon Resource Names (ARNs) of the Network Load Balancers.
         :param payer_responsibility: The entity that is responsible for the endpoint costs. The default is the endpoint owner. If you set the payer responsibility to the service owner, you cannot set it back to the endpoint owner.
-        :param tags: The tags to add to the VPC endpoint service.
+        :param tags: The tags to associate with the service.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpointservice.html
         :exampleMetadata: fixture=_generated
@@ -59928,7 +60142,7 @@ class CfnVPCEndpointServiceProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''The tags to add to the VPC endpoint service.
+        '''The tags to associate with the service.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpointservice.html#cfn-ec2-vpcendpointservice-tags
         '''
@@ -63628,11 +63842,11 @@ class CfnVerifiedAccessEndpoint(
             protocol: typing.Optional[builtins.str] = None,
             subnet_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
         ) -> None:
-            '''The options for cidr type endpoint.
+            '''Describes the CIDR options for a Verified Access endpoint.
 
-            :param cidr: The IP address range, in CIDR notation.
-            :param port_ranges: The list of port range.
-            :param protocol: The IP protocol.
+            :param cidr: The CIDR.
+            :param port_ranges: The port ranges.
+            :param protocol: The protocol.
             :param subnet_ids: The IDs of the subnets.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-cidroptions.html
@@ -63672,7 +63886,7 @@ class CfnVerifiedAccessEndpoint(
 
         @builtins.property
         def cidr(self) -> typing.Optional[builtins.str]:
-            '''The IP address range, in CIDR notation.
+            '''The CIDR.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-cidroptions.html#cfn-ec2-verifiedaccessendpoint-cidroptions-cidr
             '''
@@ -63683,7 +63897,7 @@ class CfnVerifiedAccessEndpoint(
         def port_ranges(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnVerifiedAccessEndpoint.PortRangeProperty"]]]]:
-            '''The list of port range.
+            '''The port ranges.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-cidroptions.html#cfn-ec2-verifiedaccessendpoint-cidroptions-portranges
             '''
@@ -63692,7 +63906,7 @@ class CfnVerifiedAccessEndpoint(
 
         @builtins.property
         def protocol(self) -> typing.Optional[builtins.str]:
-            '''The IP protocol.
+            '''The protocol.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-cidroptions.html#cfn-ec2-verifiedaccessendpoint-cidroptions-protocol
             '''
@@ -63744,9 +63958,9 @@ class CfnVerifiedAccessEndpoint(
 
             :param load_balancer_arn: The ARN of the load balancer.
             :param port: The IP port number.
-            :param port_ranges: The list of port range.
+            :param port_ranges: The port ranges.
             :param protocol: The IP protocol.
-            :param subnet_ids: The IDs of the subnets.
+            :param subnet_ids: The IDs of the subnets. You can specify only one subnet per Availability Zone.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-loadbalanceroptions.html
             :exampleMetadata: fixture=_generated
@@ -63809,7 +64023,7 @@ class CfnVerifiedAccessEndpoint(
         def port_ranges(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnVerifiedAccessEndpoint.PortRangeProperty"]]]]:
-            '''The list of port range.
+            '''The port ranges.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-loadbalanceroptions.html#cfn-ec2-verifiedaccessendpoint-loadbalanceroptions-portranges
             '''
@@ -63829,6 +64043,8 @@ class CfnVerifiedAccessEndpoint(
         def subnet_ids(self) -> typing.Optional[typing.List[builtins.str]]:
             '''The IDs of the subnets.
 
+            You can specify only one subnet per Availability Zone.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-loadbalanceroptions.html#cfn-ec2-verifiedaccessendpoint-loadbalanceroptions-subnetids
             '''
             result = self._values.get("subnet_ids")
@@ -63868,7 +64084,7 @@ class CfnVerifiedAccessEndpoint(
 
             :param network_interface_id: The ID of the network interface.
             :param port: The IP port number.
-            :param port_ranges: The list of port ranges.
+            :param port_ranges: The port ranges.
             :param protocol: The IP protocol.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-networkinterfaceoptions.html
@@ -63928,7 +64144,7 @@ class CfnVerifiedAccessEndpoint(
         def port_ranges(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnVerifiedAccessEndpoint.PortRangeProperty"]]]]:
-            '''The list of port ranges.
+            '''The port ranges.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-networkinterfaceoptions.html#cfn-ec2-verifiedaccessendpoint-networkinterfaceoptions-portranges
             '''
@@ -63967,10 +64183,10 @@ class CfnVerifiedAccessEndpoint(
             from_port: typing.Optional[jsii.Number] = None,
             to_port: typing.Optional[jsii.Number] = None,
         ) -> None:
-            '''Describes a range of ports.
+            '''Describes the port range for a Verified Access endpoint.
 
-            :param from_port: The first port in the range.
-            :param to_port: The last port in the range.
+            :param from_port: The start of the port range.
+            :param to_port: The end of the port range.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-portrange.html
             :exampleMetadata: fixture=_generated
@@ -63998,7 +64214,7 @@ class CfnVerifiedAccessEndpoint(
 
         @builtins.property
         def from_port(self) -> typing.Optional[jsii.Number]:
-            '''The first port in the range.
+            '''The start of the port range.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-portrange.html#cfn-ec2-verifiedaccessendpoint-portrange-fromport
             '''
@@ -64007,7 +64223,7 @@ class CfnVerifiedAccessEndpoint(
 
         @builtins.property
         def to_port(self) -> typing.Optional[jsii.Number]:
-            '''The last port in the range.
+            '''The end of the port range.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-portrange.html#cfn-ec2-verifiedaccessendpoint-portrange-toport
             '''
@@ -64050,15 +64266,15 @@ class CfnVerifiedAccessEndpoint(
             rds_endpoint: typing.Optional[builtins.str] = None,
             subnet_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
         ) -> None:
-            '''The options for rds type endpoint.
+            '''Describes the RDS options for a Verified Access endpoint.
 
-            :param port: The IP port number.
-            :param protocol: The IP protocol.
-            :param rds_db_cluster_arn: The ARN of the RDS DB cluster.
-            :param rds_db_instance_arn: The ARN of the RDS DB instance.
-            :param rds_db_proxy_arn: The ARN of the RDS DB proxy.
+            :param port: The port.
+            :param protocol: The protocol.
+            :param rds_db_cluster_arn: The ARN of the DB cluster.
+            :param rds_db_instance_arn: The ARN of the RDS instance.
+            :param rds_db_proxy_arn: The ARN of the RDS proxy.
             :param rds_endpoint: The RDS endpoint.
-            :param subnet_ids: The IDs of the subnets.
+            :param subnet_ids: The IDs of the subnets. You can specify only one subnet per Availability Zone.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-rdsoptions.html
             :exampleMetadata: fixture=_generated
@@ -64106,7 +64322,7 @@ class CfnVerifiedAccessEndpoint(
 
         @builtins.property
         def port(self) -> typing.Optional[jsii.Number]:
-            '''The IP port number.
+            '''The port.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-rdsoptions.html#cfn-ec2-verifiedaccessendpoint-rdsoptions-port
             '''
@@ -64115,7 +64331,7 @@ class CfnVerifiedAccessEndpoint(
 
         @builtins.property
         def protocol(self) -> typing.Optional[builtins.str]:
-            '''The IP protocol.
+            '''The protocol.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-rdsoptions.html#cfn-ec2-verifiedaccessendpoint-rdsoptions-protocol
             '''
@@ -64124,7 +64340,7 @@ class CfnVerifiedAccessEndpoint(
 
         @builtins.property
         def rds_db_cluster_arn(self) -> typing.Optional[builtins.str]:
-            '''The ARN of the RDS DB cluster.
+            '''The ARN of the DB cluster.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-rdsoptions.html#cfn-ec2-verifiedaccessendpoint-rdsoptions-rdsdbclusterarn
             '''
@@ -64133,7 +64349,7 @@ class CfnVerifiedAccessEndpoint(
 
         @builtins.property
         def rds_db_instance_arn(self) -> typing.Optional[builtins.str]:
-            '''The ARN of the RDS DB instance.
+            '''The ARN of the RDS instance.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-rdsoptions.html#cfn-ec2-verifiedaccessendpoint-rdsoptions-rdsdbinstancearn
             '''
@@ -64142,7 +64358,7 @@ class CfnVerifiedAccessEndpoint(
 
         @builtins.property
         def rds_db_proxy_arn(self) -> typing.Optional[builtins.str]:
-            '''The ARN of the RDS DB proxy.
+            '''The ARN of the RDS proxy.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-rdsoptions.html#cfn-ec2-verifiedaccessendpoint-rdsoptions-rdsdbproxyarn
             '''
@@ -64162,6 +64378,8 @@ class CfnVerifiedAccessEndpoint(
         def subnet_ids(self) -> typing.Optional[typing.List[builtins.str]]:
             '''The IDs of the subnets.
 
+            You can specify only one subnet per Availability Zone.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccessendpoint-rdsoptions.html#cfn-ec2-verifiedaccessendpoint-rdsoptions-subnetids
             '''
             result = self._values.get("subnet_ids")
@@ -65222,7 +65440,7 @@ class CfnVerifiedAccessInstance(
     def attr_cidr_endpoints_custom_sub_domain_name_servers(
         self,
     ) -> typing.List[builtins.str]:
-        '''Property to represent the name servers assoicated with the domain that AVA manages (say, ['ns1.amazonaws.com', 'ns2.amazonaws.com', 'ns3.amazonaws.com', 'ns4.amazonaws.com']).
+        '''The name servers.
 
         :cloudformationAttribute: CidrEndpointsCustomSubDomainNameServers
         '''
@@ -66518,7 +66736,7 @@ class CfnVerifiedAccessTrustProvider(
 
             :param authorization_endpoint: The authorization endpoint of the IdP.
             :param client_id: The OAuth 2.0 client identifier.
-            :param client_secret: The client secret.
+            :param client_secret: The OAuth 2.0 client secret.
             :param issuer: The OIDC issuer identifier of the IdP.
             :param public_signing_key_endpoint: The public signing key endpoint.
             :param scope: The set of user claims to be requested from the IdP.
@@ -66593,7 +66811,7 @@ class CfnVerifiedAccessTrustProvider(
 
         @builtins.property
         def client_secret(self) -> typing.Optional[builtins.str]:
-            '''The client secret.
+            '''The OAuth 2.0 client secret.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions-clientsecret
             '''
@@ -76609,20 +76827,19 @@ class Instance(
 
     Example::
 
-        # vpc: ec2.IVpc
+        # Creates a distribution from an EC2 instance
+        # vpc: ec2.Vpc
         
-        lb = elb.LoadBalancer(self, "LB",
+        # Create an EC2 instance in a VPC. 'subnetType' can be private.
+        instance = ec2.Instance(self, "Instance",
             vpc=vpc,
-            internet_facing=True
+            instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MICRO),
+            machine_image=ec2.MachineImage.latest_amazon_linux2023(),
+            vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS)
         )
-        
-        # instance to add as the target for load balancer.
-        instance = ec2.Instance(self, "targetInstance",
-            vpc=vpc,
-            instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO),
-            machine_image=ec2.AmazonLinuxImage(generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX_2)
+        cloudfront.Distribution(self, "myDist",
+            default_behavior=cloudfront.BehaviorOptions(origin=origins.VpcOrigin.with_ec2_instance(instance))
         )
-        lb.add_target(elb.InstanceTarget(instance))
     '''
 
     def __init__(
@@ -76945,17 +77162,18 @@ class InstanceClass(enum.Enum):
 
     Example::
 
+        # Creates a distribution from an EC2 instance
         # vpc: ec2.Vpc
         
-        instance = rds.DatabaseInstance(self, "Instance",
-            engine=rds.DatabaseInstanceEngine.oracle_se2(version=rds.OracleEngineVersion.VER_19_0_0_0_2020_04_R1),
-            # optional, defaults to m5.large
-            instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.SMALL),
-            credentials=rds.Credentials.from_generated_secret("syscdk"),  # Optional - will default to 'admin' username and generated password
+        # Create an EC2 instance in a VPC. 'subnetType' can be private.
+        instance = ec2.Instance(self, "Instance",
             vpc=vpc,
-            vpc_subnets=ec2.SubnetSelection(
-                subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS
-            )
+            instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MICRO),
+            machine_image=ec2.MachineImage.latest_amazon_linux2023(),
+            vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS)
+        )
+        cloudfront.Distribution(self, "myDist",
+            default_behavior=cloudfront.BehaviorOptions(origin=origins.VpcOrigin.with_ec2_instance(instance))
         )
     '''
 
@@ -77725,20 +77943,19 @@ class InstanceProps:
 
         Example::
 
-            # vpc: ec2.IVpc
+            # Creates a distribution from an EC2 instance
+            # vpc: ec2.Vpc
             
-            lb = elb.LoadBalancer(self, "LB",
+            # Create an EC2 instance in a VPC. 'subnetType' can be private.
+            instance = ec2.Instance(self, "Instance",
                 vpc=vpc,
-                internet_facing=True
+                instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MICRO),
+                machine_image=ec2.MachineImage.latest_amazon_linux2023(),
+                vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS)
             )
-            
-            # instance to add as the target for load balancer.
-            instance = ec2.Instance(self, "targetInstance",
-                vpc=vpc,
-                instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO),
-                machine_image=ec2.AmazonLinuxImage(generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX_2)
+            cloudfront.Distribution(self, "myDist",
+                default_behavior=cloudfront.BehaviorOptions(origin=origins.VpcOrigin.with_ec2_instance(instance))
             )
-            lb.add_target(elb.InstanceTarget(instance))
         '''
         if isinstance(init_options, dict):
             init_options = ApplyCloudFormationInitOptions(**init_options)
@@ -78417,17 +78634,18 @@ class InstanceSize(enum.Enum):
 
     Example::
 
+        # Creates a distribution from an EC2 instance
         # vpc: ec2.Vpc
         
-        instance = rds.DatabaseInstance(self, "Instance",
-            engine=rds.DatabaseInstanceEngine.oracle_se2(version=rds.OracleEngineVersion.VER_19_0_0_0_2020_04_R1),
-            # optional, defaults to m5.large
-            instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.SMALL),
-            credentials=rds.Credentials.from_generated_secret("syscdk"),  # Optional - will default to 'admin' username and generated password
+        # Create an EC2 instance in a VPC. 'subnetType' can be private.
+        instance = ec2.Instance(self, "Instance",
             vpc=vpc,
-            vpc_subnets=ec2.SubnetSelection(
-                subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS
-            )
+            instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MICRO),
+            machine_image=ec2.MachineImage.latest_amazon_linux2023(),
+            vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS)
+        )
+        cloudfront.Distribution(self, "myDist",
+            default_behavior=cloudfront.BehaviorOptions(origin=origins.VpcOrigin.with_ec2_instance(instance))
         )
     '''
 
@@ -79982,9 +80200,19 @@ class InterfaceVpcEndpointAwsService(
     def PAYMENT_CRYPTOGRAPHY_CONTROLPLANE(cls) -> "InterfaceVpcEndpointAwsService":
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "PAYMENT_CRYPTOGRAPHY_CONTROLPLANE"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="PAYMENT_CRYPTOGRAPHY_DATAPLANE")
+    def PAYMENT_CRYPTOGRAPHY_DATAPLANE(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "PAYMENT_CRYPTOGRAPHY_DATAPLANE"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="PAYMENT_CRYTOGRAPHY_DATAPLANE")
     def PAYMENT_CRYTOGRAPHY_DATAPLANE(cls) -> "InterfaceVpcEndpointAwsService":
+        '''
+        :deprecated: - Use InterfaceVpcEndpointAwsService.PAYMENT_CRYPTOGRAPHY_DATAPLANE instead.
+
+        :stability: deprecated
+        '''
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "PAYMENT_CRYTOGRAPHY_DATAPLANE"))
 
     @jsii.python.classproperty
@@ -85539,20 +85767,17 @@ class Peer(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_ec2.Peer"):
 
     Example::
 
-        # vpc: ec2.Vpc
+        # instance_type: ec2.InstanceType
         
-        cluster = msk.Cluster(self, "Cluster",
-            cluster_name="myCluster",
-            kafka_version=msk.KafkaVersion.V2_8_1,
-            vpc=vpc
-        )
         
-        cluster.connections.allow_from(
-            ec2.Peer.ipv4("1.2.3.4/8"),
-            ec2.Port.tcp(2181))
-        cluster.connections.allow_from(
-            ec2.Peer.ipv4("1.2.3.4/8"),
-            ec2.Port.tcp(9094))
+        provider = ec2.NatProvider.instance_v2(
+            instance_type=instance_type,
+            default_allowed_traffic=ec2.NatTrafficDirection.OUTBOUND_ONLY
+        )
+        ec2.Vpc(self, "TheVPC",
+            nat_gateway_provider=provider
+        )
+        provider.connections.allow_from(ec2.Peer.ipv4("1.2.3.4/8"), ec2.Port.HTTP)
     '''
 
     def __init__(self) -> None:
@@ -87301,7 +87526,7 @@ class SecurityGroup(
         :param allow_all_ipv6_outbound: Whether to allow all outbound ipv6 traffic by default. If this is set to true, there will only be a single egress rule which allows all outbound ipv6 traffic. If this is set to false, no outbound traffic will be allowed by default and all egress ipv6 traffic must be explicitly authorized. To allow all ipv4 traffic use allowAllOutbound Default: false
         :param allow_all_outbound: Whether to allow all outbound traffic by default. If this is set to true, there will only be a single egress rule which allows all outbound traffic. If this is set to false, no outbound traffic will be allowed by default and all egress traffic must be explicitly authorized. To allow all ipv6 traffic use allowAllIpv6Outbound Default: true
         :param description: A description of the security group. Default: The default name will be the construct's CDK path.
-        :param disable_inline_rules: Whether to disable inline ingress and egress rule optimization. If this is set to true, ingress and egress rules will not be declared under the SecurityGroup in cloudformation, but will be separate elements. Inlining rules is an optimization for producing smaller stack templates. Sometimes this is not desirable, for example when security group access is managed via tags. The default value can be overriden globally by setting the context variable '@aws-cdk/aws-ec2.securityGroupDisableInlineRules'. Default: false
+        :param disable_inline_rules: Whether to disable inline ingress and egress rule optimization. If this is set to true, ingress and egress rules will not be declared under the SecurityGroup in cloudformation, but will be separate elements. Inlining rules is an optimization for producing smaller stack templates. Sometimes this is not desirable, for example when security group access is managed via tags. The default value can be overridden globally by setting the context variable '@aws-cdk/aws-ec2.securityGroupDisableInlineRules'. Default: false
         :param security_group_name: The name of the security group. For valid values, see the GroupName parameter of the CreateSecurityGroup action in the Amazon EC2 API Reference. It is not recommended to use an explicit group name. Default: If you don't specify a GroupName, AWS CloudFormation generates a unique physical ID and uses that ID for the group name.
         '''
         if __debug__:
@@ -87729,7 +87954,7 @@ class SecurityGroupProps:
         :param allow_all_ipv6_outbound: Whether to allow all outbound ipv6 traffic by default. If this is set to true, there will only be a single egress rule which allows all outbound ipv6 traffic. If this is set to false, no outbound traffic will be allowed by default and all egress ipv6 traffic must be explicitly authorized. To allow all ipv4 traffic use allowAllOutbound Default: false
         :param allow_all_outbound: Whether to allow all outbound traffic by default. If this is set to true, there will only be a single egress rule which allows all outbound traffic. If this is set to false, no outbound traffic will be allowed by default and all egress traffic must be explicitly authorized. To allow all ipv6 traffic use allowAllIpv6Outbound Default: true
         :param description: A description of the security group. Default: The default name will be the construct's CDK path.
-        :param disable_inline_rules: Whether to disable inline ingress and egress rule optimization. If this is set to true, ingress and egress rules will not be declared under the SecurityGroup in cloudformation, but will be separate elements. Inlining rules is an optimization for producing smaller stack templates. Sometimes this is not desirable, for example when security group access is managed via tags. The default value can be overriden globally by setting the context variable '@aws-cdk/aws-ec2.securityGroupDisableInlineRules'. Default: false
+        :param disable_inline_rules: Whether to disable inline ingress and egress rule optimization. If this is set to true, ingress and egress rules will not be declared under the SecurityGroup in cloudformation, but will be separate elements. Inlining rules is an optimization for producing smaller stack templates. Sometimes this is not desirable, for example when security group access is managed via tags. The default value can be overridden globally by setting the context variable '@aws-cdk/aws-ec2.securityGroupDisableInlineRules'. Default: false
         :param security_group_name: The name of the security group. For valid values, see the GroupName parameter of the CreateSecurityGroup action in the Amazon EC2 API Reference. It is not recommended to use an explicit group name. Default: If you don't specify a GroupName, AWS CloudFormation generates a unique physical ID and uses that ID for the group name.
 
         :exampleMetadata: infused
@@ -87739,13 +87964,19 @@ class SecurityGroupProps:
             # vpc: ec2.Vpc
             
             
-            my_security_group = ec2.SecurityGroup(self, "SecurityGroup", vpc=vpc)
-            autoscaling.AutoScalingGroup(self, "ASG",
-                vpc=vpc,
-                instance_type=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO),
-                machine_image=ec2.MachineImage.latest_amazon_linux2(),
-                security_group=my_security_group
+            sg1 = ec2.SecurityGroup(self, "sg1",
+                vpc=vpc
             )
+            sg2 = ec2.SecurityGroup(self, "sg2",
+                vpc=vpc
+            )
+            
+            launch_template = ec2.LaunchTemplate(self, "LaunchTemplate",
+                machine_image=ec2.MachineImage.latest_amazon_linux2023(),
+                security_group=sg1
+            )
+            
+            launch_template.add_security_group(sg2)
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__4e55e0c52b51f92e83b1f8d6b7a5b22268d0369a14dab808b8f2f5f233e5b622)
@@ -87825,7 +88056,7 @@ class SecurityGroupProps:
         Inlining rules is an optimization for producing smaller stack templates. Sometimes
         this is not desirable, for example when security group access is managed via tags.
 
-        The default value can be overriden globally by setting the context variable
+        The default value can be overridden globally by setting the context variable
         '@aws-cdk/aws-ec2.securityGroupDisableInlineRules'.
 
         :default: false
@@ -94226,6 +94457,17 @@ class WindowsVersion(enum.Enum):
     WINDOWS_SERVER_2022_ENGLISH_FULL_SQL_2022_STANDARD = "WINDOWS_SERVER_2022_ENGLISH_FULL_SQL_2022_STANDARD"
     WINDOWS_SERVER_2022_JAPANESE_FULL_SQL_2022_STANDARD = "WINDOWS_SERVER_2022_JAPANESE_FULL_SQL_2022_STANDARD"
     WINDOWS_SERVER_2022_JAPANESE_FULL_SQL_2022_ENTERPRISE = "WINDOWS_SERVER_2022_JAPANESE_FULL_SQL_2022_ENTERPRISE"
+    WINDOWS_SERVER_2025_CHINESE_SIMPLIFIED_FULL_BASE = "WINDOWS_SERVER_2025_CHINESE_SIMPLIFIED_FULL_BASE"
+    '''2025 - Start.'''
+    WINDOWS_SERVER_2025_CHINESE_TRADITIONAL_FULL_BASE = "WINDOWS_SERVER_2025_CHINESE_TRADITIONAL_FULL_BASE"
+    WINDOWS_SERVER_2025_ENGLISH_CORE_BASE = "WINDOWS_SERVER_2025_ENGLISH_CORE_BASE"
+    WINDOWS_SERVER_2025_ENGLISH_FULL_BASE = "WINDOWS_SERVER_2025_ENGLISH_FULL_BASE"
+    WINDOWS_SERVER_2025_ENGLISH_FULL_SQL_2022_ENTERPRISE = "WINDOWS_SERVER_2025_ENGLISH_FULL_SQL_2022_ENTERPRISE"
+    WINDOWS_SERVER_2025_ENGLISH_FULL_SQL_2022_EXPRESS = "WINDOWS_SERVER_2025_ENGLISH_FULL_SQL_2022_EXPRESS"
+    WINDOWS_SERVER_2025_ENGLISH_FULL_SQL_2022_STANDARD = "WINDOWS_SERVER_2025_ENGLISH_FULL_SQL_2022_STANDARD"
+    WINDOWS_SERVER_2025_ENGLISH_FULL_SQL_2022_WEB = "WINDOWS_SERVER_2025_ENGLISH_FULL_SQL_2022_WEB"
+    WINDOWS_SERVER_2025_JAPANESE_FULL_BASE = "WINDOWS_SERVER_2025_JAPANESE_FULL_BASE"
+    WINDOWS_SERVER_2025_KOREAN_FULL_BASE = "WINDOWS_SERVER_2025_KOREAN_FULL_BASE"
 
 
 @jsii.data_type(
@@ -101899,6 +102141,7 @@ def _typecheckingstub__5dd8d015864426e689ac2f72f1fdd70371d242931964ab4d571ea5601
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
     *,
+    default_resource_discovery_organizational_unit_exclusions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnIPAM.IpamOrganizationalUnitExclusionProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     description: typing.Optional[builtins.str] = None,
     enable_private_gua: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     operating_regions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnIPAM.IpamOperatingRegionProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
@@ -101920,6 +102163,12 @@ def _typecheckingstub__901ef9223e06c12f769b4bd36857fd88adae614a05385d54a0dd6f535
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__df7dc542d06b2df113e30582e811e678d8d8aa54b5759d2ebb6ea3563a53a791(
+    value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnIPAM.IpamOrganizationalUnitExclusionProperty]]]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__959c716c17871ad25c09c928583239d9973366c81c48b69bfc39c5c2a70898ce(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -101957,6 +102206,13 @@ def _typecheckingstub__76ae7ea9478fca86299eafd84b20c22db0b753cea0096278a3be708fd
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__3a1e082fe403508d7f87288dfed02281b9ed00551965db1ff48cbbe30d9d4b25(
+    *,
+    organizations_entity_path: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__ea7a8d7dc762f36c7c42acf390ff33a5d901404e11e9316d7df8d7c29c9e6af0(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
@@ -102238,6 +102494,7 @@ def _typecheckingstub__c42f207097d7881d4b52878ebd2ec0ae90f2bf68e18d515c40977733d
 
 def _typecheckingstub__f1252b3f41198f9c0d9b0c751334626e1084e0106d3be9d92d77200730b95e90(
     *,
+    default_resource_discovery_organizational_unit_exclusions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnIPAM.IpamOrganizationalUnitExclusionProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     description: typing.Optional[builtins.str] = None,
     enable_private_gua: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     operating_regions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnIPAM.IpamOperatingRegionProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
@@ -102253,6 +102510,7 @@ def _typecheckingstub__b9865e76fdfd7caecfedb4df232a297c92dc11c534785272c111c4d0b
     *,
     description: typing.Optional[builtins.str] = None,
     operating_regions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnIPAMResourceDiscovery.IpamOperatingRegionProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+    organizational_unit_exclusions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""
@@ -102282,6 +102540,12 @@ def _typecheckingstub__08b5ef93b946df5cb347a5d9e125f158c9a540a9ac51f8d045f6c3951
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__0f878fbe931fb7dc474a97e5f158b779f737ec5e5643363296656c4a479af6ae(
+    value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty]]]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__6e5af2028bd620ac6af11e15ae308dbbee822aa725e6ce8b9b68acafc97810a0(
     value: typing.Optional[typing.List[_CfnTag_f6864754]],
 ) -> None:
@@ -102295,6 +102559,13 @@ def _typecheckingstub__fffd1bd7ad0ffb1481907684f9ea6caa474483fe9be95e99ef7b5bd42
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__ccd001ab1c5cbf012c760b05292306e2019f0f9adffc25c67a35cfb3050d8d9f(
+    *,
+    organizations_entity_path: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__fd4a98893481afc827d51d87886f223e1b30f0a19b4c90a338e76e2be3699926(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
@@ -102349,6 +102620,7 @@ def _typecheckingstub__f109dd2c7d7c94b25622dd13433c13abb153fa5092da9272630e94ba4
     *,
     description: typing.Optional[builtins.str] = None,
     operating_regions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnIPAMResourceDiscovery.IpamOperatingRegionProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+    organizational_unit_exclusions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""