aws-cdk-lib 2.178.2__py3-none-any.whl → 2.180.0__py3-none-any.whl

aws_cdk/aws_cloudtrail/__init__.py

@@ -1871,9 +1871,6 @@ class CfnEventDataStore(
             - ``userIdentity.arn``
 
             *Supported CloudTrail event record fields for network activity events*
-            .. epigraph::
-
-               Network activity events is in preview release for CloudTrail and is subject to change.
 
             - ``eventCategory`` (required)
             - ``eventSource`` (required)
@@ -1983,7 +1980,7 @@ class CfnEventDataStore(
         ) -> None:
             '''A single selector statement in an advanced event selector.
 
-            :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported. For CloudTrail management events, supported fields include ``eventCategory`` (required), ``eventSource`` , and ``readOnly`` . The following additional fields are available for event data stores: ``eventName`` , ``eventType`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` . For CloudTrail data events, supported fields include ``eventCategory`` (required), ``resources.type`` (required), ``eventName`` , ``readOnly`` , and ``resources.ARN`` . The following additional fields are available for event data stores: ``eventSource`` , ``eventType`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` . For CloudTrail network activity events, supported fields include ``eventCategory`` (required), ``eventSource`` (required), ``eventName`` , ``errorCode`` , and ``vpcEndpointId`` . For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is ``eventCategory`` . .. epigraph:: Selectors don't support the use of wildcards like ``*`` . To match multiple values with a single condition, you may use ``StartsWith`` , ``EndsWith`` , ``NotStartsWith`` , or ``NotEndsWith`` to explicitly match the beginning or end of the event field. - *``readOnly``* - This is an optional field that is only used for management events and data events. This field can be set to ``Equals`` with a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - This field is only used for management events, data events (for event data stores only), and network activity events. For management events for trails, this is an optional field that can be set to ``NotEquals`` ``kms.amazonaws.com`` to exclude KMS management events, or ``NotEquals`` ``rdsdata.amazonaws.com`` to exclude RDS management events. For management and data events for event data stores, you can use it to include or exclude any event source and can use any operator. For network activity events, this is a required field that only uses the ``Equals`` operator. Set this field to the event source for which you want to log network activity events. If you want to log network activity events for multiple event sources, you must create a separate field selector for each event source. The following are valid values for network activity events: - ``cloudtrail.amazonaws.com`` - ``ec2.amazonaws.com`` - ``kms.amazonaws.com`` - ``secretsmanager.amazonaws.com`` - *``eventName``* - This is an optional field that is only used for data events, management events (for event data stores only), and network activity events. You can use any operator with ``eventName`` . You can use it to filter in or filter out specific events. You can have multiple values for this field, separated by commas. - *``eventCategory``* - This field is required and must be set to ``Equals`` . - For CloudTrail management events, the value must be ``Management`` . - For CloudTrail data events, the value must be ``Data`` . - For CloudTrail network activity events, the value must be ``NetworkActivity`` . The following are used only for event data stores: - For CloudTrail Insights events, the value must be ``Insight`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For events outside of AWS , the value must be ``ActivityAuditLog`` . - *``eventType``* - This is an optional field available only for event data stores, which is used to filter management and data events on the event type. For information about available event types, see `CloudTrail record contents <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html#ct-event-type>`_ in the *AWS CloudTrail user guide* . - *``errorCode``* - This field is only used to filter CloudTrail network activity events and is optional. This is the error code to filter on. Currently, the only valid ``errorCode`` is ``VpceAccessDenied`` . ``errorCode`` can only use the ``Equals`` operator. - *``sessionCredentialFromConsole``* - This is an optional field available only for event data stores, which is used to filter management and data events based on whether the events originated from an AWS Management Console session. ``sessionCredentialFromConsole`` can only use the ``Equals`` and ``NotEquals`` operators. - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator. For a list of available resource types for data events, see `Data events <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events>`_ in the *AWS CloudTrail User Guide* . You can have only one ``resources.type`` field per selector. To log events on more than one resource type, add another selector. - *``resources.ARN``* - The ``resources.ARN`` is an optional field for data events. You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. For information about filtering data events on the ``resources.ARN`` field, see `Filtering data events by resources.ARN <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/filtering-data-events.html#filtering-data-events-resourcearn>`_ in the *AWS CloudTrail User Guide* . .. epigraph:: You can't use the ``resources.ARN`` field to filter resource types that do not have ARNs. - *``userIdentity.arn``* - This is an optional field available only for event data stores, which is used to filter management and data events on the userIdentity ARN. You can use any operator with ``userIdentity.arn`` . For more information on the userIdentity element, see `CloudTrail userIdentity element <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html>`_ in the *AWS CloudTrail User Guide* . - *``vpcEndpointId``* - This field is only used to filter CloudTrail network activity events and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with ``vpcEndpointId`` .
+            :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported. For CloudTrail management events, supported fields include ``eventCategory`` (required), ``eventSource`` , and ``readOnly`` . The following additional fields are available for event data stores: ``eventName`` , ``eventType`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` . For CloudTrail data events, supported fields include ``eventCategory`` (required), ``resources.type`` (required), ``eventName`` , ``readOnly`` , and ``resources.ARN`` . The following additional fields are available for event data stores: ``eventSource`` , ``eventType`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` . For CloudTrail network activity events, supported fields include ``eventCategory`` (required), ``eventSource`` (required), ``eventName`` , ``errorCode`` , and ``vpcEndpointId`` . For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is ``eventCategory`` . .. epigraph:: Selectors don't support the use of wildcards like ``*`` . To match multiple values with a single condition, you may use ``StartsWith`` , ``EndsWith`` , ``NotStartsWith`` , or ``NotEndsWith`` to explicitly match the beginning or end of the event field. - *``readOnly``* - This is an optional field that is only used for management events and data events. This field can be set to ``Equals`` with a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - This field is only used for management events, data events (for event data stores only), and network activity events. For management events for trails, this is an optional field that can be set to ``NotEquals`` ``kms.amazonaws.com`` to exclude KMS management events, or ``NotEquals`` ``rdsdata.amazonaws.com`` to exclude RDS management events. For management and data events for event data stores, you can use it to include or exclude any event source and can use any operator. For network activity events, this is a required field that only uses the ``Equals`` operator. Set this field to the event source for which you want to log network activity events. If you want to log network activity events for multiple event sources, you must create a separate field selector for each event source. The following are valid values for network activity events: - ``cloudtrail.amazonaws.com`` - ``ec2.amazonaws.com`` - ``kms.amazonaws.com`` - ``s3.amazonaws.com`` - ``secretsmanager.amazonaws.com`` - *``eventName``* - This is an optional field that is only used for data events, management events (for event data stores only), and network activity events. You can use any operator with ``eventName`` . You can use it to filter in or filter out specific events. You can have multiple values for this field, separated by commas. - *``eventCategory``* - This field is required and must be set to ``Equals`` . - For CloudTrail management events, the value must be ``Management`` . - For CloudTrail data events, the value must be ``Data`` . - For CloudTrail network activity events, the value must be ``NetworkActivity`` . The following are used only for event data stores: - For CloudTrail Insights events, the value must be ``Insight`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For events outside of AWS , the value must be ``ActivityAuditLog`` . - *``eventType``* - This is an optional field available only for event data stores, which is used to filter management and data events on the event type. For information about available event types, see `CloudTrail record contents <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html#ct-event-type>`_ in the *AWS CloudTrail user guide* . - *``errorCode``* - This field is only used to filter CloudTrail network activity events and is optional. This is the error code to filter on. Currently, the only valid ``errorCode`` is ``VpceAccessDenied`` . ``errorCode`` can only use the ``Equals`` operator. - *``sessionCredentialFromConsole``* - This is an optional field available only for event data stores, which is used to filter management and data events based on whether the events originated from an AWS Management Console session. ``sessionCredentialFromConsole`` can only use the ``Equals`` and ``NotEquals`` operators. - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator. For a list of available resource types for data events, see `Data events <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events>`_ in the *AWS CloudTrail User Guide* . You can have only one ``resources.type`` field per selector. To log events on more than one resource type, add another selector. - *``resources.ARN``* - The ``resources.ARN`` is an optional field for data events. You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. For information about filtering data events on the ``resources.ARN`` field, see `Filtering data events by resources.ARN <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/filtering-data-events.html#filtering-data-events-resourcearn>`_ in the *AWS CloudTrail User Guide* . .. epigraph:: You can't use the ``resources.ARN`` field to filter resource types that do not have ARNs. - *``userIdentity.arn``* - This is an optional field available only for event data stores, which is used to filter management and data events on the userIdentity ARN. You can use any operator with ``userIdentity.arn`` . For more information on the userIdentity element, see `CloudTrail userIdentity element <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html>`_ in the *AWS CloudTrail User Guide* . - *``vpcEndpointId``* - This field is only used to filter CloudTrail network activity events and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with ``vpcEndpointId`` .
             :param ends_with: An operator that includes events that match the last few characters of the event record field specified as the value of ``Field`` .
             :param equal_to: An operator that includes events that match the exact value of the event record field specified as the value of ``Field`` . This is the only valid operator that you can use with the ``readOnly`` , ``eventCategory`` , and ``resources.type`` fields.
             :param not_ends_with: An operator that excludes events that match the last few characters of the event record field specified as the value of ``Field`` .
@@ -2068,6 +2065,7 @@ class CfnEventDataStore(
             - ``cloudtrail.amazonaws.com``
             - ``ec2.amazonaws.com``
             - ``kms.amazonaws.com``
+            - ``s3.amazonaws.com``
             - ``secretsmanager.amazonaws.com``
             - *``eventName``* - This is an optional field that is only used for data events, management events (for event data stores only), and network activity events. You can use any operator with ``eventName`` . You can use it to filter in or filter out specific events. You can have multiple values for this field, separated by commas.
             - *``eventCategory``* - This field is required and must be set to ``Equals`` .
@@ -3279,9 +3277,6 @@ class CfnTrail(
             - ``userIdentity.arn``
 
             *Supported CloudTrail event record fields for network activity events*
-            .. epigraph::
-
-               Network activity events is in preview release for CloudTrail and is subject to change.
 
             - ``eventCategory`` (required)
             - ``eventSource`` (required)
@@ -3391,7 +3386,7 @@ class CfnTrail(
         ) -> None:
             '''A single selector statement in an advanced event selector.
 
-            :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported. For CloudTrail management events, supported fields include ``eventCategory`` (required), ``eventSource`` , and ``readOnly`` . The following additional fields are available for event data stores: ``eventName`` , ``eventType`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` . For CloudTrail data events, supported fields include ``eventCategory`` (required), ``resources.type`` (required), ``eventName`` , ``readOnly`` , and ``resources.ARN`` . The following additional fields are available for event data stores: ``eventSource`` , ``eventType`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` . For CloudTrail network activity events, supported fields include ``eventCategory`` (required), ``eventSource`` (required), ``eventName`` , ``errorCode`` , and ``vpcEndpointId`` . For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is ``eventCategory`` . .. epigraph:: Selectors don't support the use of wildcards like ``*`` . To match multiple values with a single condition, you may use ``StartsWith`` , ``EndsWith`` , ``NotStartsWith`` , or ``NotEndsWith`` to explicitly match the beginning or end of the event field. - *``readOnly``* - This is an optional field that is only used for management events and data events. This field can be set to ``Equals`` with a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - This field is only used for management events, data events (for event data stores only), and network activity events. For management events for trails, this is an optional field that can be set to ``NotEquals`` ``kms.amazonaws.com`` to exclude KMS management events, or ``NotEquals`` ``rdsdata.amazonaws.com`` to exclude RDS management events. For management and data events for event data stores, you can use it to include or exclude any event source and can use any operator. For network activity events, this is a required field that only uses the ``Equals`` operator. Set this field to the event source for which you want to log network activity events. If you want to log network activity events for multiple event sources, you must create a separate field selector for each event source. The following are valid values for network activity events: - ``cloudtrail.amazonaws.com`` - ``ec2.amazonaws.com`` - ``kms.amazonaws.com`` - ``secretsmanager.amazonaws.com`` - *``eventName``* - This is an optional field that is only used for data events, management events (for event data stores only), and network activity events. You can use any operator with ``eventName`` . You can use it to filter in or filter out specific events. You can have multiple values for this field, separated by commas. - *``eventCategory``* - This field is required and must be set to ``Equals`` . - For CloudTrail management events, the value must be ``Management`` . - For CloudTrail data events, the value must be ``Data`` . - For CloudTrail network activity events, the value must be ``NetworkActivity`` . The following are used only for event data stores: - For CloudTrail Insights events, the value must be ``Insight`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For events outside of AWS , the value must be ``ActivityAuditLog`` . - *``eventType``* - This is an optional field available only for event data stores, which is used to filter management and data events on the event type. For information about available event types, see `CloudTrail record contents <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html#ct-event-type>`_ in the *AWS CloudTrail user guide* . - *``errorCode``* - This field is only used to filter CloudTrail network activity events and is optional. This is the error code to filter on. Currently, the only valid ``errorCode`` is ``VpceAccessDenied`` . ``errorCode`` can only use the ``Equals`` operator. - *``sessionCredentialFromConsole``* - This is an optional field available only for event data stores, which is used to filter management and data events based on whether the events originated from an AWS Management Console session. ``sessionCredentialFromConsole`` can only use the ``Equals`` and ``NotEquals`` operators. - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator. For a list of available resource types for data events, see `Data events <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events>`_ in the *AWS CloudTrail User Guide* . You can have only one ``resources.type`` field per selector. To log events on more than one resource type, add another selector. - *``resources.ARN``* - The ``resources.ARN`` is an optional field for data events. You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. For information about filtering data events on the ``resources.ARN`` field, see `Filtering data events by resources.ARN <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/filtering-data-events.html#filtering-data-events-resourcearn>`_ in the *AWS CloudTrail User Guide* . .. epigraph:: You can't use the ``resources.ARN`` field to filter resource types that do not have ARNs. - *``userIdentity.arn``* - This is an optional field available only for event data stores, which is used to filter management and data events on the userIdentity ARN. You can use any operator with ``userIdentity.arn`` . For more information on the userIdentity element, see `CloudTrail userIdentity element <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html>`_ in the *AWS CloudTrail User Guide* . - *``vpcEndpointId``* - This field is only used to filter CloudTrail network activity events and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with ``vpcEndpointId`` .
+            :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported. For CloudTrail management events, supported fields include ``eventCategory`` (required), ``eventSource`` , and ``readOnly`` . The following additional fields are available for event data stores: ``eventName`` , ``eventType`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` . For CloudTrail data events, supported fields include ``eventCategory`` (required), ``resources.type`` (required), ``eventName`` , ``readOnly`` , and ``resources.ARN`` . The following additional fields are available for event data stores: ``eventSource`` , ``eventType`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` . For CloudTrail network activity events, supported fields include ``eventCategory`` (required), ``eventSource`` (required), ``eventName`` , ``errorCode`` , and ``vpcEndpointId`` . For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is ``eventCategory`` . .. epigraph:: Selectors don't support the use of wildcards like ``*`` . To match multiple values with a single condition, you may use ``StartsWith`` , ``EndsWith`` , ``NotStartsWith`` , or ``NotEndsWith`` to explicitly match the beginning or end of the event field. - *``readOnly``* - This is an optional field that is only used for management events and data events. This field can be set to ``Equals`` with a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - This field is only used for management events, data events (for event data stores only), and network activity events. For management events for trails, this is an optional field that can be set to ``NotEquals`` ``kms.amazonaws.com`` to exclude KMS management events, or ``NotEquals`` ``rdsdata.amazonaws.com`` to exclude RDS management events. For management and data events for event data stores, you can use it to include or exclude any event source and can use any operator. For network activity events, this is a required field that only uses the ``Equals`` operator. Set this field to the event source for which you want to log network activity events. If you want to log network activity events for multiple event sources, you must create a separate field selector for each event source. The following are valid values for network activity events: - ``cloudtrail.amazonaws.com`` - ``ec2.amazonaws.com`` - ``kms.amazonaws.com`` - ``s3.amazonaws.com`` - ``secretsmanager.amazonaws.com`` - *``eventName``* - This is an optional field that is only used for data events, management events (for event data stores only), and network activity events. You can use any operator with ``eventName`` . You can use it to filter in or filter out specific events. You can have multiple values for this field, separated by commas. - *``eventCategory``* - This field is required and must be set to ``Equals`` . - For CloudTrail management events, the value must be ``Management`` . - For CloudTrail data events, the value must be ``Data`` . - For CloudTrail network activity events, the value must be ``NetworkActivity`` . The following are used only for event data stores: - For CloudTrail Insights events, the value must be ``Insight`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For events outside of AWS , the value must be ``ActivityAuditLog`` . - *``eventType``* - This is an optional field available only for event data stores, which is used to filter management and data events on the event type. For information about available event types, see `CloudTrail record contents <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html#ct-event-type>`_ in the *AWS CloudTrail user guide* . - *``errorCode``* - This field is only used to filter CloudTrail network activity events and is optional. This is the error code to filter on. Currently, the only valid ``errorCode`` is ``VpceAccessDenied`` . ``errorCode`` can only use the ``Equals`` operator. - *``sessionCredentialFromConsole``* - This is an optional field available only for event data stores, which is used to filter management and data events based on whether the events originated from an AWS Management Console session. ``sessionCredentialFromConsole`` can only use the ``Equals`` and ``NotEquals`` operators. - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator. For a list of available resource types for data events, see `Data events <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events>`_ in the *AWS CloudTrail User Guide* . You can have only one ``resources.type`` field per selector. To log events on more than one resource type, add another selector. - *``resources.ARN``* - The ``resources.ARN`` is an optional field for data events. You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. For information about filtering data events on the ``resources.ARN`` field, see `Filtering data events by resources.ARN <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/filtering-data-events.html#filtering-data-events-resourcearn>`_ in the *AWS CloudTrail User Guide* . .. epigraph:: You can't use the ``resources.ARN`` field to filter resource types that do not have ARNs. - *``userIdentity.arn``* - This is an optional field available only for event data stores, which is used to filter management and data events on the userIdentity ARN. You can use any operator with ``userIdentity.arn`` . For more information on the userIdentity element, see `CloudTrail userIdentity element <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html>`_ in the *AWS CloudTrail User Guide* . - *``vpcEndpointId``* - This field is only used to filter CloudTrail network activity events and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with ``vpcEndpointId`` .
             :param ends_with: An operator that includes events that match the last few characters of the event record field specified as the value of ``Field`` .
             :param equal_to: An operator that includes events that match the exact value of the event record field specified as the value of ``Field`` . This is the only valid operator that you can use with the ``readOnly`` , ``eventCategory`` , and ``resources.type`` fields.
             :param not_ends_with: An operator that excludes events that match the last few characters of the event record field specified as the value of ``Field`` .
@@ -3476,6 +3471,7 @@ class CfnTrail(
             - ``cloudtrail.amazonaws.com``
             - ``ec2.amazonaws.com``
             - ``kms.amazonaws.com``
+            - ``s3.amazonaws.com``
             - ``secretsmanager.amazonaws.com``
             - *``eventName``* - This is an optional field that is only used for data events, management events (for event data stores only), and network activity events. You can use any operator with ``eventName`` . You can use it to filter in or filter out specific events. You can have multiple values for this field, separated by commas.
             - *``eventCategory``* - This field is required and must be set to ``Equals`` .

aws_cdk/aws_cloudwatch/__init__.py

@@ -1873,7 +1873,7 @@ class CfnAlarm(
         def __init__(self, *, name: builtins.str, value: builtins.str) -> None:
             '''Dimension is an embedded property of the ``AWS::CloudWatch::Alarm`` type.
 
-            Dimensions are name/value pairs that can be associated with a CloudWatch metric. You can specify a maximum of 10 dimensions for a given metric.
+            Dimensions are name/value pairs that can be associated with a CloudWatch metric. You can specify a maximum of 30 dimensions for a given metric.
 
             :param name: The name of the dimension, from 1–255 characters in length. This dimension name must have been included when the metric was published.
             :param value: The value for the dimension, from 1–255 characters in length.

aws_cdk/aws_codebuild/__init__.py

@@ -497,6 +497,29 @@ codebuild.Project(self, "Project",
 )
 ```
 
+### Attribute-based compute
+
+You can use [attribute-based compute](https://docs.aws.amazon.com/codebuild/latest/userguide/fleets.html#fleets.attribute-compute) for your fleet by setting the `computeType` to `ATTRIBUTE_BASED`.
+This allows you to specify the attributes in `computeConfiguration` such as vCPUs, memory, disk space, and the machineType.
+After specifying some or all of the available attributes, CodeBuild will select the cheapest compute type from available instance types as that at least matches all given criteria.
+
+```python
+from aws_cdk import Size
+
+
+fleet = codebuild.Fleet(self, "MyFleet",
+    base_capacity=1,
+    compute_type=codebuild.FleetComputeType.ATTRIBUTE_BASED,
+    environment_type=codebuild.EnvironmentType.LINUX_CONTAINER,
+    compute_configuration=codebuild.ComputeConfiguration(
+        v_cpu=2,
+        memory=Size.gibibytes(4),
+        disk=Size.gibibytes(10),
+        machine_type=codebuild.MachineType.GENERAL
+    )
+)
+```
+
 ## Logs
 
 CodeBuild lets you specify an S3 Bucket, CloudWatch Log Group or both to receive logs from your projects.
@@ -1049,6 +1072,7 @@ from .. import (
     RemovalPolicy as _RemovalPolicy_9f93c814,
     Resource as _Resource_45bc6135,
     SecretValue as _SecretValue_3dd0ddae,
+    Size as _Size_7b441c34,
     SymlinkFollowMode as _SymlinkFollowMode_047ec1f6,
     TagManager as _TagManager_0a598cb3,
     TreeInspector as _TreeInspector_488e0dd5,
@@ -6460,7 +6484,7 @@ class CfnProject(
                The Webhook feature isn't available in AWS CloudFormation for GitHub Enterprise projects. Use the AWS CLI or AWS CodeBuild console to create the webhook.
 
             :param pattern: For a ``WebHookFilter`` that uses ``EVENT`` type, a comma-separated string that specifies one or more events. For example, the webhook filter ``PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED`` allows all push, pull request created, and pull request updated events to trigger a build. For a ``WebHookFilter`` that uses any of the other filter types, a regular expression pattern. For example, a ``WebHookFilter`` that uses ``HEAD_REF`` for its ``type`` and the pattern ``^refs/heads/`` triggers a build when the head reference is a branch with a reference name ``refs/heads/branch-name`` .
-            :param type: The type of webhook filter. There are nine webhook filter types: ``EVENT`` , ``ACTOR_ACCOUNT_ID`` , ``HEAD_REF`` , ``BASE_REF`` , ``FILE_PATH`` , ``COMMIT_MESSAGE`` , ``TAG_NAME`` , ``RELEASE_NAME`` , and ``WORKFLOW_NAME`` . - EVENT - A webhook event triggers a build when the provided ``pattern`` matches one of nine event types: ``PUSH`` , ``PULL_REQUEST_CREATED`` , ``PULL_REQUEST_UPDATED`` , ``PULL_REQUEST_CLOSED`` , ``PULL_REQUEST_REOPENED`` , ``PULL_REQUEST_MERGED`` , ``RELEASED`` , ``PRERELEASED`` , and ``WORKFLOW_JOB_QUEUED`` . The ``EVENT`` patterns are specified as a comma-separated string. For example, ``PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED`` filters all push, pull request created, and pull request updated events. .. epigraph:: Types ``PULL_REQUEST_REOPENED`` and ``WORKFLOW_JOB_QUEUED`` work with GitHub and GitHub Enterprise only. Types ``RELEASED`` and ``PRERELEASED`` work with GitHub only. - ACTOR_ACCOUNT_ID - A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression ``pattern`` . - HEAD_REF - A webhook event triggers a build when the head reference matches the regular expression ``pattern`` . For example, ``refs/heads/branch-name`` and ``refs/tags/tag-name`` . .. epigraph:: Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events. - BASE_REF - A webhook event triggers a build when the base reference matches the regular expression ``pattern`` . For example, ``refs/heads/branch-name`` . .. epigraph:: Works with pull request events only. - FILE_PATH - A webhook triggers a build when the path of a changed file matches the regular expression ``pattern`` . .. epigraph:: Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events. - COMMIT_MESSAGE - A webhook triggers a build when the head commit message matches the regular expression ``pattern`` . .. epigraph:: Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events. - TAG_NAME - A webhook triggers a build when the tag name of the release matches the regular expression ``pattern`` . .. epigraph:: Works with ``RELEASED`` and ``PRERELEASED`` events only. - RELEASE_NAME - A webhook triggers a build when the release name matches the regular expression ``pattern`` . .. epigraph:: Works with ``RELEASED`` and ``PRERELEASED`` events only. - REPOSITORY_NAME - A webhook triggers a build when the repository name matches the regular expression pattern. .. epigraph:: Works with GitHub global or organization webhooks only. - WORKFLOW_NAME - A webhook triggers a build when the workflow name matches the regular expression ``pattern`` . .. epigraph:: Works with ``WORKFLOW_JOB_QUEUED`` events only.
+            :param type: The type of webhook filter. There are nine webhook filter types: ``EVENT`` , ``ACTOR_ACCOUNT_ID`` , ``HEAD_REF`` , ``BASE_REF`` , ``FILE_PATH`` , ``COMMIT_MESSAGE`` , ``TAG_NAME`` , ``RELEASE_NAME`` , and ``WORKFLOW_NAME`` . - EVENT - A webhook event triggers a build when the provided ``pattern`` matches one of nine event types: ``PUSH`` , ``PULL_REQUEST_CREATED`` , ``PULL_REQUEST_UPDATED`` , ``PULL_REQUEST_CLOSED`` , ``PULL_REQUEST_REOPENED`` , ``PULL_REQUEST_MERGED`` , ``RELEASED`` , ``PRERELEASED`` , and ``WORKFLOW_JOB_QUEUED`` . The ``EVENT`` patterns are specified as a comma-separated string. For example, ``PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED`` filters all push, pull request created, and pull request updated events. .. epigraph:: Types ``PULL_REQUEST_REOPENED`` and ``WORKFLOW_JOB_QUEUED`` work with GitHub and GitHub Enterprise only. Types ``RELEASED`` and ``PRERELEASED`` work with GitHub only. - ACTOR_ACCOUNT_ID - A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression ``pattern`` . - HEAD_REF - A webhook event triggers a build when the head reference matches the regular expression ``pattern`` . For example, ``refs/heads/branch-name`` and ``refs/tags/tag-name`` . .. epigraph:: Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events. - BASE_REF - A webhook event triggers a build when the base reference matches the regular expression ``pattern`` . For example, ``refs/heads/branch-name`` . .. epigraph:: Works with pull request events only. - FILE_PATH - A webhook triggers a build when the path of a changed file matches the regular expression ``pattern`` . .. epigraph:: Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events. - COMMIT_MESSAGE - A webhook triggers a build when the head commit message matches the regular expression ``pattern`` . .. epigraph:: Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events. - TAG_NAME - A webhook triggers a build when the tag name of the release matches the regular expression ``pattern`` . .. epigraph:: Works with ``RELEASED`` and ``PRERELEASED`` events only. - RELEASE_NAME - A webhook triggers a build when the release name matches the regular expression ``pattern`` . .. epigraph:: Works with ``RELEASED`` and ``PRERELEASED`` events only. - REPOSITORY_NAME - A webhook triggers a build when the repository name matches the regular expression pattern. .. epigraph:: Works with GitHub global or organization webhooks only. - WORKFLOW_NAME - A webhook triggers a build when the workflow name matches the regular expression ``pattern`` . .. epigraph:: Works with ``WORKFLOW_JOB_QUEUED`` events only. > For CodeBuild-hosted Buildkite runner builds, WORKFLOW_NAME filters will filter by pipeline name.
             :param exclude_matched_pattern: Used to indicate that the ``pattern`` determines which webhook events do not trigger a build. If true, then a webhook event that does not match the ``pattern`` triggers a build. If false, then a webhook event that matches the ``pattern`` triggers a build.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-webhookfilter.html
@@ -6575,7 +6599,7 @@ class CfnProject(
 
             .. epigraph::
 
-               Works with ``WORKFLOW_JOB_QUEUED`` events only.
+               Works with ``WORKFLOW_JOB_QUEUED`` events only. > For CodeBuild-hosted Buildkite runner builds, WORKFLOW_NAME filters will filter by pipeline name.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-webhookfilter.html#cfn-codebuild-project-webhookfilter-type
             '''
@@ -8799,6 +8823,122 @@ class CommonProjectProps:
         )
 
 
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_codebuild.ComputeConfiguration",
+    jsii_struct_bases=[],
+    name_mapping={
+        "disk": "disk",
+        "machine_type": "machineType",
+        "memory": "memory",
+        "v_cpu": "vCpu",
+    },
+)
+class ComputeConfiguration:
+    def __init__(
+        self,
+        *,
+        disk: typing.Optional[_Size_7b441c34] = None,
+        machine_type: typing.Optional["MachineType"] = None,
+        memory: typing.Optional[_Size_7b441c34] = None,
+        v_cpu: typing.Optional[jsii.Number] = None,
+    ) -> None:
+        '''The compute configuration for the fleet.
+
+        Despite what the CloudFormation schema says, the numeric properties (disk, memory, vCpu) are not optional.
+        An ``undefined`` value will cause the CloudFormation deployment to fail, e.g.
+        .. epigraph::
+
+           Cannot invoke "java.lang.Integer.intValue()" because the return value of "software.amazon.codebuild.fleet.ComputeConfiguration.getMemory()" is null
+           Therefore, these properties default value is set to 0.
+
+        :param disk: The amount of disk space of the instance type included in your fleet. Default: - No requirement, the actual value will be based on the other selected configuration properties
+        :param machine_type: The machine type of the instance type included in your fleet. Default: - No requirement, the actual value will be based on the other selected configuration properties
+        :param memory: The amount of memory of the instance type included in your fleet. Default: - No requirement, the actual value will be based on the other selected configuration properties
+        :param v_cpu: The number of vCPUs of the instance type included in your fleet. Default: - No requirement, the actual value will be based on the other selected configuration properties
+
+        :exampleMetadata: infused
+
+        Example::
+
+            from aws_cdk import Size
+            
+            
+            fleet = codebuild.Fleet(self, "MyFleet",
+                base_capacity=1,
+                compute_type=codebuild.FleetComputeType.ATTRIBUTE_BASED,
+                environment_type=codebuild.EnvironmentType.LINUX_CONTAINER,
+                compute_configuration=codebuild.ComputeConfiguration(
+                    v_cpu=2,
+                    memory=Size.gibibytes(4),
+                    disk=Size.gibibytes(10),
+                    machine_type=codebuild.MachineType.GENERAL
+                )
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__b104977b55c72c0577553444ac08838cdefde5acef91d6c00ad996d1c464b61b)
+            check_type(argname="argument disk", value=disk, expected_type=type_hints["disk"])
+            check_type(argname="argument machine_type", value=machine_type, expected_type=type_hints["machine_type"])
+            check_type(argname="argument memory", value=memory, expected_type=type_hints["memory"])
+            check_type(argname="argument v_cpu", value=v_cpu, expected_type=type_hints["v_cpu"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {}
+        if disk is not None:
+            self._values["disk"] = disk
+        if machine_type is not None:
+            self._values["machine_type"] = machine_type
+        if memory is not None:
+            self._values["memory"] = memory
+        if v_cpu is not None:
+            self._values["v_cpu"] = v_cpu
+
+    @builtins.property
+    def disk(self) -> typing.Optional[_Size_7b441c34]:
+        '''The amount of disk space of the instance type included in your fleet.
+
+        :default: - No requirement, the actual value will be based on the other selected configuration properties
+        '''
+        result = self._values.get("disk")
+        return typing.cast(typing.Optional[_Size_7b441c34], result)
+
+    @builtins.property
+    def machine_type(self) -> typing.Optional["MachineType"]:
+        '''The machine type of the instance type included in your fleet.
+
+        :default: - No requirement, the actual value will be based on the other selected configuration properties
+        '''
+        result = self._values.get("machine_type")
+        return typing.cast(typing.Optional["MachineType"], result)
+
+    @builtins.property
+    def memory(self) -> typing.Optional[_Size_7b441c34]:
+        '''The amount of memory of the instance type included in your fleet.
+
+        :default: - No requirement, the actual value will be based on the other selected configuration properties
+        '''
+        result = self._values.get("memory")
+        return typing.cast(typing.Optional[_Size_7b441c34], result)
+
+    @builtins.property
+    def v_cpu(self) -> typing.Optional[jsii.Number]:
+        '''The number of vCPUs of the instance type included in your fleet.
+
+        :default: - No requirement, the actual value will be based on the other selected configuration properties
+        '''
+        result = self._values.get("v_cpu")
+        return typing.cast(typing.Optional[jsii.Number], result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "ComputeConfiguration(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
 @jsii.enum(jsii_type="aws-cdk-lib.aws_codebuild.ComputeType")
 class ComputeType(enum.Enum):
     '''Build machine compute type.
@@ -8868,6 +9008,7 @@ class ComputeType(enum.Enum):
     LAMBDA_4GB = "LAMBDA_4GB"
     LAMBDA_8GB = "LAMBDA_8GB"
     LAMBDA_10GB = "LAMBDA_10GB"
+    ATTRIBUTE_BASED = "ATTRIBUTE_BASED"
 
 
 @jsii.data_type(
@@ -9559,6 +9700,13 @@ class FleetComputeType(enum.Enum):
     {@link https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html#environment.types docs}
     for more information.
     '''
+    ATTRIBUTE_BASED = "ATTRIBUTE_BASED"
+    '''Specify the amount of vCPUs, memory, disk space, and the type of machine.
+
+    AWS CodeBuild will select the cheapest instance that satisfies your specified attributes from ``computeConfiguration``.
+
+    :see: https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html#environment-reserved-capacity.types
+    '''
 
 
 @jsii.data_type(
@@ -9568,6 +9716,7 @@ class FleetComputeType(enum.Enum):
         "base_capacity": "baseCapacity",
         "compute_type": "computeType",
         "environment_type": "environmentType",
+        "compute_configuration": "computeConfiguration",
         "fleet_name": "fleetName",
     },
 )
@@ -9578,6 +9727,7 @@ class FleetProps:
         base_capacity: jsii.Number,
         compute_type: FleetComputeType,
         environment_type: EnvironmentType,
+        compute_configuration: typing.Optional[typing.Union[ComputeConfiguration, typing.Dict[builtins.str, typing.Any]]] = None,
         fleet_name: typing.Optional[builtins.str] = None,
     ) -> None:
         '''Construction properties of a CodeBuild {@link Fleet}.
@@ -9585,6 +9735,7 @@ class FleetProps:
         :param base_capacity: The number of machines allocated to the compute fleet. Defines the number of builds that can run in parallel. Minimum value of 1.
         :param compute_type: The instance type of the compute fleet.
         :param environment_type: The build environment (operating system/architecture/accelerator) type made available to projects using this fleet.
+        :param compute_configuration: The compute configuration of the compute fleet. This is only required if ``computeType`` is set to ATTRIBUTE_BASED. Default: - do not specify compute configuration
         :param fleet_name: The name of the Fleet. Default: - CloudFormation generated name
 
         :exampleMetadata: infused
@@ -9604,17 +9755,22 @@ class FleetProps:
                 )
             )
         '''
+        if isinstance(compute_configuration, dict):
+            compute_configuration = ComputeConfiguration(**compute_configuration)
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__e7911aefc20674030e6eb6a13611d08046f9412fc45f97ff43a4ecf7591a2d5d)
             check_type(argname="argument base_capacity", value=base_capacity, expected_type=type_hints["base_capacity"])
             check_type(argname="argument compute_type", value=compute_type, expected_type=type_hints["compute_type"])
             check_type(argname="argument environment_type", value=environment_type, expected_type=type_hints["environment_type"])
+            check_type(argname="argument compute_configuration", value=compute_configuration, expected_type=type_hints["compute_configuration"])
             check_type(argname="argument fleet_name", value=fleet_name, expected_type=type_hints["fleet_name"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "base_capacity": base_capacity,
             "compute_type": compute_type,
             "environment_type": environment_type,
         }
+        if compute_configuration is not None:
+            self._values["compute_configuration"] = compute_configuration
         if fleet_name is not None:
             self._values["fleet_name"] = fleet_name
 
@@ -9645,6 +9801,19 @@ class FleetProps:
         assert result is not None, "Required property 'environment_type' is missing"
         return typing.cast(EnvironmentType, result)
 
+    @builtins.property
+    def compute_configuration(self) -> typing.Optional[ComputeConfiguration]:
+        '''The compute configuration of the compute fleet.
+
+        This is only required if ``computeType`` is set to ATTRIBUTE_BASED.
+
+        :default: - do not specify compute configuration
+
+        :see: https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html#environment-reserved-capacity.types
+        '''
+        result = self._values.get("compute_configuration")
+        return typing.cast(typing.Optional[ComputeConfiguration], result)
+
     @builtins.property
     def fleet_name(self) -> typing.Optional[builtins.str]:
         '''The name of the Fleet.
@@ -12862,6 +13031,36 @@ class MacBuildImage(
         return typing.cast(typing.Optional[_ISecret_6e020e6a], jsii.get(self, "secretsManagerCredentials"))
 
 
+@jsii.enum(jsii_type="aws-cdk-lib.aws_codebuild.MachineType")
+class MachineType(enum.Enum):
+    '''The compute type of the fleet.
+
+    :exampleMetadata: infused
+
+    Example::
+
+        from aws_cdk import Size
+        
+        
+        fleet = codebuild.Fleet(self, "MyFleet",
+            base_capacity=1,
+            compute_type=codebuild.FleetComputeType.ATTRIBUTE_BASED,
+            environment_type=codebuild.EnvironmentType.LINUX_CONTAINER,
+            compute_configuration=codebuild.ComputeConfiguration(
+                v_cpu=2,
+                memory=Size.gibibytes(4),
+                disk=Size.gibibytes(10),
+                machine_type=codebuild.MachineType.GENERAL
+            )
+        )
+    '''
+
+    GENERAL = "GENERAL"
+    '''General purpose compute type.'''
+    NVME = "NVME"
+    '''Non-Volatile Memory Express (NVMe) storage optimized compute type.'''
+
+
 class PhaseChangeEvent(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_codebuild.PhaseChangeEvent",
@@ -17049,6 +17248,7 @@ class Fleet(
         base_capacity: jsii.Number,
         compute_type: FleetComputeType,
         environment_type: EnvironmentType,
+        compute_configuration: typing.Optional[typing.Union[ComputeConfiguration, typing.Dict[builtins.str, typing.Any]]] = None,
         fleet_name: typing.Optional[builtins.str] = None,
     ) -> None:
         '''
@@ -17057,6 +17257,7 @@ class Fleet(
         :param base_capacity: The number of machines allocated to the compute fleet. Defines the number of builds that can run in parallel. Minimum value of 1.
         :param compute_type: The instance type of the compute fleet.
         :param environment_type: The build environment (operating system/architecture/accelerator) type made available to projects using this fleet.
+        :param compute_configuration: The compute configuration of the compute fleet. This is only required if ``computeType`` is set to ATTRIBUTE_BASED. Default: - do not specify compute configuration
         :param fleet_name: The name of the Fleet. Default: - CloudFormation generated name
         '''
         if __debug__:
@@ -17067,6 +17268,7 @@ class Fleet(
             base_capacity=base_capacity,
             compute_type=compute_type,
             environment_type=environment_type,
+            compute_configuration=compute_configuration,
             fleet_name=fleet_name,
         )
 
@@ -18222,6 +18424,7 @@ __all__ = [
     "CloudWatchLoggingOptions",
     "CodeCommitSourceProps",
     "CommonProjectProps",
+    "ComputeConfiguration",
     "ComputeType",
     "DockerImageOptions",
     "EfsFileSystemLocationProps",
@@ -18256,6 +18459,7 @@ __all__ = [
     "LocalCacheMode",
     "LoggingOptions",
     "MacBuildImage",
+    "MachineType",
     "PhaseChangeEvent",
     "PipelineProject",
     "PipelineProjectProps",
@@ -19191,6 +19395,16 @@ def _typecheckingstub__45bdedf6c9b38dcb0797768fa0fdec382e282ebd8679405f7dd9df6cb
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__b104977b55c72c0577553444ac08838cdefde5acef91d6c00ad996d1c464b61b(
+    *,
+    disk: typing.Optional[_Size_7b441c34] = None,
+    machine_type: typing.Optional[MachineType] = None,
+    memory: typing.Optional[_Size_7b441c34] = None,
+    v_cpu: typing.Optional[jsii.Number] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__a9bdff78eb0c7b03d745a4a031a5cd7fe7b54a46e7733dc247bae3735e3c5300(
     *,
     secrets_manager_credentials: typing.Optional[_ISecret_6e020e6a] = None,
@@ -19334,6 +19548,7 @@ def _typecheckingstub__e7911aefc20674030e6eb6a13611d08046f9412fc45f97ff43a4ecf75
     base_capacity: jsii.Number,
     compute_type: FleetComputeType,
     environment_type: EnvironmentType,
+    compute_configuration: typing.Optional[typing.Union[ComputeConfiguration, typing.Dict[builtins.str, typing.Any]]] = None,
     fleet_name: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
@@ -20157,6 +20372,7 @@ def _typecheckingstub__68e9f035c12fa2c35bc62bc8d306e3651814bea9f53875aeea43b85f6
     base_capacity: jsii.Number,
     compute_type: FleetComputeType,
     environment_type: EnvironmentType,
+    compute_configuration: typing.Optional[typing.Union[ComputeConfiguration, typing.Dict[builtins.str, typing.Any]]] = None,
     fleet_name: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""