aws-cdk-lib 2.179.0__py3-none-any.whl → 2.181.0__py3-none-any.whl

aws_cdk/aws_ecs/__init__.py

@@ -7497,8 +7497,8 @@ class CfnCluster(
         ) -> None:
             '''The managed storage configuration for the cluster.
 
-            :param fargate_ephemeral_storage_kms_key_id: Specify the AWS Key Management Service key ID for the Fargate ephemeral storage.
-            :param kms_key_id: Specify a AWS Key Management Service key ID to encrypt the managed storage.
+            :param fargate_ephemeral_storage_kms_key_id: Specify the AWS Key Management Service key ID for the Fargate ephemeral storage. The key must be a single Region key.
+            :param kms_key_id: Specify a AWS Key Management Service key ID to encrypt the managed storage. The key must be a single Region key.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-managedstorageconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -7528,6 +7528,8 @@ class CfnCluster(
         def fargate_ephemeral_storage_kms_key_id(self) -> typing.Optional[builtins.str]:
             '''Specify the AWS Key Management Service key ID for the Fargate ephemeral storage.
 
+            The key must be a single Region key.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-managedstorageconfiguration.html#cfn-ecs-cluster-managedstorageconfiguration-fargateephemeralstoragekmskeyid
             '''
             result = self._values.get("fargate_ephemeral_storage_kms_key_id")
@@ -7537,6 +7539,8 @@ class CfnCluster(
         def kms_key_id(self) -> typing.Optional[builtins.str]:
             '''Specify a AWS Key Management Service key ID to encrypt the managed storage.
 
+            The key must be a single Region key.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-managedstorageconfiguration.html#cfn-ecs-cluster-managedstorageconfiguration-kmskeyid
             '''
             result = self._values.get("kms_key_id")
@@ -7566,7 +7570,7 @@ class CfnCluster(
 
             Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see `Service Connect <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
 
-            :param namespace: The namespace name or full Amazon Resource Name (ARN) of the AWS Cloud Map namespace that's used when you create a service and don't specify a Service Connect configuration. The namespace name can include up to 1024 characters. The name is case-sensitive. The name can't include hyphens (-), tilde (~), greater than (>), less than (<), or slash (/). If you enter an existing namespace name or ARN, then that namespace will be used. Any namespace type is supported. The namespace must be in this account and this AWS Region. If you enter a new name, a AWS Cloud Map namespace will be created. Amazon ECS creates a AWS Cloud Map namespace with the "API calls" method of instance discovery only. This instance discovery method is the "HTTP" namespace type in the AWS Command Line Interface . Other types of instance discovery aren't used by Service Connect. If you update the cluster with an empty string ``""`` for the namespace name, the cluster configuration for Service Connect is removed. Note that the namespace will remain in AWS Cloud Map and must be deleted separately. For more information about AWS Cloud Map , see `Working with Services <https://docs.aws.amazon.com/cloud-map/latest/dg/working-with-services.html>`_ in the *AWS Cloud Map Developer Guide* .
+            :param namespace: The namespace name or full Amazon Resource Name (ARN) of the AWS Cloud Map namespace that's used when you create a service and don't specify a Service Connect configuration. The namespace name can include up to 1024 characters. The name is case-sensitive. The name can't include greater than (>), less than (<), double quotation marks ("), or slash (/). If you enter an existing namespace name or ARN, then that namespace will be used. Any namespace type is supported. The namespace must be in this account and this AWS Region. If you enter a new name, a AWS Cloud Map namespace will be created. Amazon ECS creates a AWS Cloud Map namespace with the "API calls" method of instance discovery only. This instance discovery method is the "HTTP" namespace type in the AWS Command Line Interface . Other types of instance discovery aren't used by Service Connect. If you update the cluster with an empty string ``""`` for the namespace name, the cluster configuration for Service Connect is removed. Note that the namespace will remain in AWS Cloud Map and must be deleted separately. For more information about AWS Cloud Map , see `Working with Services <https://docs.aws.amazon.com/cloud-map/latest/dg/working-with-services.html>`_ in the *AWS Cloud Map Developer Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-serviceconnectdefaults.html
             :exampleMetadata: fixture=_generated
@@ -7592,7 +7596,7 @@ class CfnCluster(
         def namespace(self) -> typing.Optional[builtins.str]:
             '''The namespace name or full Amazon Resource Name (ARN) of the AWS Cloud Map namespace that's used when you create a service and don't specify a Service Connect configuration.
 
-            The namespace name can include up to 1024 characters. The name is case-sensitive. The name can't include hyphens (-), tilde (~), greater than (>), less than (<), or slash (/).
+            The namespace name can include up to 1024 characters. The name is case-sensitive. The name can't include greater than (>), less than (<), double quotation marks ("), or slash (/).
 
             If you enter an existing namespace name or ARN, then that namespace will be used. Any namespace type is supported. The namespace must be in this account and this AWS Region.
 
@@ -8565,7 +8569,6 @@ class CfnService(
                         )]
                     )],
                     throughput=123,
-                    volume_initialization_rate=123,
                     volume_type="volumeType"
                 )
             )],
@@ -8611,8 +8614,8 @@ class CfnService(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param availability_zone_rebalancing: Indicates whether to use Availability Zone rebalancing for the service. For more information, see `Balancing an Amazon ECS service across Availability Zones <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-rebalancing.html>`_ in the *Amazon Elastic Container Service Developer Guide* . Default: - "DISABLED"
-        :param capacity_provider_strategy: The capacity provider strategy to use for the service. If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used. A capacity provider strategy may contain a maximum of 6 capacity providers. .. epigraph:: To remove this property from your service resource, specify an empty ``CapacityProviderStrategyItem`` array.
+        :param availability_zone_rebalancing: Indicates whether to use Availability Zone rebalancing for the service. For more information, see `Balancing an Amazon ECS service across Availability Zones <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-rebalancing.html>`_ in the **Amazon Elastic Container Service Developer Guide** . Default: - "DISABLED"
+        :param capacity_provider_strategy: The capacity provider strategy to use for the service. If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used. A capacity provider strategy can contain a maximum of 20 capacity providers. .. epigraph:: To remove this property from your service resource, specify an empty ``CapacityProviderStrategyItem`` array.
         :param cluster: The short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed.
         :param deployment_configuration: Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.
         :param deployment_controller: The deployment controller to use for the service. If no deployment controller is specified, the default value of ``ECS`` is used.
@@ -9153,7 +9156,7 @@ class CfnService(
 
             For example ``awsVpcConfiguration={subnets=["subnet-12344321"],securityGroups=["sg-12344321"]}`` .
 
-            :param assign_public_ip: Whether the task's elastic network interface receives a public IP address. The default value is ``ENABLED`` .
+            :param assign_public_ip: Whether the task's elastic network interface receives a public IP address. Consider the following when you set this value: - When you use ``create-service`` or ``update-service`` , the default is ``DISABLED`` . - When the service ``deploymentController`` is ``ECS`` , the value must be ``DISABLED`` . - When you use ``create-service`` or ``update-service`` , the default is ``ENABLED`` .
             :param security_groups: The IDs of the security groups associated with the task or service. If you don't specify a security group, the default security group for the VPC is used. There's a limit of 5 security groups that can be specified. .. epigraph:: All specified security groups must be from the same VPC.
             :param subnets: The IDs of the subnets associated with the task or service. There's a limit of 16 subnets that can be specified. .. epigraph:: All specified subnets must be from the same VPC.
 
@@ -9189,7 +9192,11 @@ class CfnService(
         def assign_public_ip(self) -> typing.Optional[builtins.str]:
             '''Whether the task's elastic network interface receives a public IP address.
 
-            The default value is ``ENABLED`` .
+            Consider the following when you set this value:
+
+            - When you use ``create-service`` or ``update-service`` , the default is ``DISABLED`` .
+            - When the service ``deploymentController`` is ``ECS`` , the value must be ``DISABLED`` .
+            - When you use ``create-service`` or ``update-service`` , the default is ``ENABLED`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-awsvpcconfiguration.html#cfn-ecs-service-awsvpcconfiguration-assignpublicip
             '''
@@ -11075,7 +11082,6 @@ class CfnService(
             "snapshot_id": "snapshotId",
             "tag_specifications": "tagSpecifications",
             "throughput": "throughput",
-            "volume_initialization_rate": "volumeInitializationRate",
             "volume_type": "volumeType",
         },
     )
@@ -11092,7 +11098,6 @@ class CfnService(
             snapshot_id: typing.Optional[builtins.str] = None,
             tag_specifications: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnService.EBSTagSpecificationProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
             throughput: typing.Optional[jsii.Number] = None,
-            volume_initialization_rate: typing.Optional[jsii.Number] = None,
             volume_type: typing.Optional[builtins.str] = None,
         ) -> None:
             '''The configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf.
@@ -11110,7 +11115,6 @@ class CfnService(
             :param snapshot_id: The snapshot that Amazon ECS uses to create the volume. You must specify either a snapshot ID or a volume size. This parameter maps 1:1 with the ``SnapshotId`` parameter of the `CreateVolume API <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html>`_ in the *Amazon EC2 API Reference* .
             :param tag_specifications: The tags to apply to the volume. Amazon ECS applies service-managed tags by default. This parameter maps 1:1 with the ``TagSpecifications.N`` parameter of the `CreateVolume API <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html>`_ in the *Amazon EC2 API Reference* .
             :param throughput: The throughput to provision for a volume, in MiB/s, with a maximum of 1,000 MiB/s. This parameter maps 1:1 with the ``Throughput`` parameter of the `CreateVolume API <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html>`_ in the *Amazon EC2 API Reference* . .. epigraph:: This parameter is only supported for the ``gp3`` volume type.
-            :param volume_initialization_rate: 
             :param volume_type: The volume type. This parameter maps 1:1 with the ``VolumeType`` parameter of the `CreateVolume API <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html>`_ in the *Amazon EC2 API Reference* . For more information, see `Amazon EBS volume types <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html>`_ in the *Amazon EC2 User Guide* . The following are the supported volume types. - General Purpose SSD: ``gp2`` | ``gp3`` - Provisioned IOPS SSD: ``io1`` | ``io2`` - Throughput Optimized HDD: ``st1`` - Cold HDD: ``sc1`` - Magnetic: ``standard`` .. epigraph:: The magnetic volume type is not supported on Fargate.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-servicemanagedebsvolumeconfiguration.html
@@ -11143,7 +11147,6 @@ class CfnService(
                         )]
                     )],
                     throughput=123,
-                    volume_initialization_rate=123,
                     volume_type="volumeType"
                 )
             '''
@@ -11158,7 +11161,6 @@ class CfnService(
                 check_type(argname="argument snapshot_id", value=snapshot_id, expected_type=type_hints["snapshot_id"])
                 check_type(argname="argument tag_specifications", value=tag_specifications, expected_type=type_hints["tag_specifications"])
                 check_type(argname="argument throughput", value=throughput, expected_type=type_hints["throughput"])
-                check_type(argname="argument volume_initialization_rate", value=volume_initialization_rate, expected_type=type_hints["volume_initialization_rate"])
                 check_type(argname="argument volume_type", value=volume_type, expected_type=type_hints["volume_type"])
             self._values: typing.Dict[builtins.str, typing.Any] = {
                 "role_arn": role_arn,
@@ -11179,8 +11181,6 @@ class CfnService(
                 self._values["tag_specifications"] = tag_specifications
             if throughput is not None:
                 self._values["throughput"] = throughput
-            if volume_initialization_rate is not None:
-                self._values["volume_initialization_rate"] = volume_initialization_rate
             if volume_type is not None:
                 self._values["volume_type"] = volume_type
 
@@ -11315,14 +11315,6 @@ class CfnService(
             result = self._values.get("throughput")
             return typing.cast(typing.Optional[jsii.Number], result)
 
-        @builtins.property
-        def volume_initialization_rate(self) -> typing.Optional[jsii.Number]:
-            '''
-            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-service-servicemanagedebsvolumeconfiguration.html#cfn-ecs-service-servicemanagedebsvolumeconfiguration-volumeinitializationrate
-            '''
-            result = self._values.get("volume_initialization_rate")
-            return typing.cast(typing.Optional[jsii.Number], result)
-
         @builtins.property
         def volume_type(self) -> typing.Optional[builtins.str]:
             '''The volume type.
@@ -11527,7 +11519,6 @@ class CfnService(
                             )]
                         )],
                         throughput=123,
-                        volume_initialization_rate=123,
                         volume_type="volumeType"
                     )
                 )
@@ -11821,8 +11812,8 @@ class CfnServiceProps:
     ) -> None:
         '''Properties for defining a ``CfnService``.
 
-        :param availability_zone_rebalancing: Indicates whether to use Availability Zone rebalancing for the service. For more information, see `Balancing an Amazon ECS service across Availability Zones <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-rebalancing.html>`_ in the *Amazon Elastic Container Service Developer Guide* . Default: - "DISABLED"
-        :param capacity_provider_strategy: The capacity provider strategy to use for the service. If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used. A capacity provider strategy may contain a maximum of 6 capacity providers. .. epigraph:: To remove this property from your service resource, specify an empty ``CapacityProviderStrategyItem`` array.
+        :param availability_zone_rebalancing: Indicates whether to use Availability Zone rebalancing for the service. For more information, see `Balancing an Amazon ECS service across Availability Zones <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-rebalancing.html>`_ in the **Amazon Elastic Container Service Developer Guide** . Default: - "DISABLED"
+        :param capacity_provider_strategy: The capacity provider strategy to use for the service. If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used. A capacity provider strategy can contain a maximum of 20 capacity providers. .. epigraph:: To remove this property from your service resource, specify an empty ``CapacityProviderStrategyItem`` array.
         :param cluster: The short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed.
         :param deployment_configuration: Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.
         :param deployment_controller: The deployment controller to use for the service. If no deployment controller is specified, the default value of ``ECS`` is used.
@@ -11993,7 +11984,6 @@ class CfnServiceProps:
                             )]
                         )],
                         throughput=123,
-                        volume_initialization_rate=123,
                         volume_type="volumeType"
                     )
                 )],
@@ -12087,7 +12077,7 @@ class CfnServiceProps:
     def availability_zone_rebalancing(self) -> typing.Optional[builtins.str]:
         '''Indicates whether to use Availability Zone rebalancing for the service.
 
-        For more information, see `Balancing an Amazon ECS service across Availability Zones <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-rebalancing.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
+        For more information, see `Balancing an Amazon ECS service across Availability Zones <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-rebalancing.html>`_ in the **Amazon Elastic Container Service Developer Guide** .
 
         :default: - "DISABLED"
 
@@ -12104,7 +12094,7 @@ class CfnServiceProps:
 
         If a ``capacityProviderStrategy`` is specified, the ``launchType`` parameter must be omitted. If no ``capacityProviderStrategy`` or ``launchType`` is specified, the ``defaultCapacityProviderStrategy`` for the cluster is used.
 
-        A capacity provider strategy may contain a maximum of 6 capacity providers.
+        A capacity provider strategy can contain a maximum of 20 capacity providers.
         .. epigraph::
 
            To remove this property from your service resource, specify an empty ``CapacityProviderStrategyItem`` array.
@@ -12731,7 +12721,7 @@ class CfnTaskDefinition(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param container_definitions: A list of container definitions in JSON format that describe the different containers that make up your task. For more information about container definition parameters and defaults, see `Amazon ECS Task Definitions <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
-        :param cpu: The number of ``cpu`` units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the ``memory`` parameter. If you use the EC2 launch type, this field is optional. Supported values are between ``128`` CPU units ( ``0.125`` vCPUs) and ``10240`` CPU units ( ``10`` vCPUs). The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate. - 256 (.25 vCPU) - Available ``memory`` values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - 512 (.5 vCPU) - Available ``memory`` values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - 1024 (1 vCPU) - Available ``memory`` values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - 2048 (2 vCPU) - Available ``memory`` values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - 4096 (4 vCPU) - Available ``memory`` values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - 8192 (8 vCPU) - Available ``memory`` values: 16 GB and 60 GB in 4 GB increments This option requires Linux platform ``1.4.0`` or later. - 16384 (16vCPU) - Available ``memory`` values: 32GB and 120 GB in 8 GB increments This option requires Linux platform ``1.4.0`` or later.
+        :param cpu: The number of ``cpu`` units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the ``memory`` parameter. If you're using the EC2 launch type or the external launch type, this field is optional. Supported values are between ``128`` CPU units ( ``0.125`` vCPUs) and ``196608`` CPU units ( ``192`` vCPUs). The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate. - 256 (.25 vCPU) - Available ``memory`` values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - 512 (.5 vCPU) - Available ``memory`` values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - 1024 (1 vCPU) - Available ``memory`` values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - 2048 (2 vCPU) - Available ``memory`` values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - 4096 (4 vCPU) - Available ``memory`` values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - 8192 (8 vCPU) - Available ``memory`` values: 16 GB and 60 GB in 4 GB increments This option requires Linux platform ``1.4.0`` or later. - 16384 (16vCPU) - Available ``memory`` values: 32GB and 120 GB in 8 GB increments This option requires Linux platform ``1.4.0`` or later.
         :param enable_fault_injection: Enables fault injection and allows for fault injection requests to be accepted from the task's containers. The default value is ``false`` .
         :param ephemeral_storage: The ephemeral storage settings to use for tasks run with the task definition.
         :param execution_role_arn: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. For informationabout the required IAM roles for Amazon ECS, see `IAM roles for Amazon ECS <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-ecs-iam-role-overview.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
@@ -15198,10 +15188,10 @@ class CfnTaskDefinition(
             - Container health checks are not supported for tasks that are part of a service that is configured to use a Classic Load Balancer.
 
             :param command: A string array representing the command that the container runs to determine if it is healthy. The string array must start with ``CMD`` to run the command arguments directly, or ``CMD-SHELL`` to run the command with the container's default shell. When you use the AWS Management Console JSON panel, the AWS Command Line Interface , or the APIs, enclose the list of commands in double quotes and brackets. ``[ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ]`` You don't include the double quotes and brackets when you use the AWS Management Console. ``CMD-SHELL, curl -f http://localhost/ || exit 1`` An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see ``HealthCheck`` in the docker container create command.
-            :param interval: The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds.
-            :param retries: The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3.
-            :param start_period: The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the ``startPeriod`` is off. .. epigraph:: If a health check succeeds within the ``startPeriod`` , then the container is considered healthy and any subsequent failures count toward the maximum number of retries.
-            :param timeout: The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5.
+            :param interval: The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds. This value applies only when you specify a ``command`` .
+            :param retries: The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3. This value applies only when you specify a ``command`` .
+            :param start_period: The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the ``startPeriod`` is off. This value applies only when you specify a ``command`` . .. epigraph:: If a health check succeeds within the ``startPeriod`` , then the container is considered healthy and any subsequent failures count toward the maximum number of retries.
+            :param timeout: The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5. This value applies only when you specify a ``command`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html
             :exampleMetadata: fixture=_generated
@@ -15264,7 +15254,7 @@ class CfnTaskDefinition(
         def interval(self) -> typing.Optional[jsii.Number]:
             '''The time period in seconds between each health check execution.
 
-            You may specify between 5 and 300 seconds. The default value is 30 seconds.
+            You may specify between 5 and 300 seconds. The default value is 30 seconds. This value applies only when you specify a ``command`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html#cfn-ecs-taskdefinition-healthcheck-interval
             '''
@@ -15275,7 +15265,7 @@ class CfnTaskDefinition(
         def retries(self) -> typing.Optional[jsii.Number]:
             '''The number of times to retry a failed health check before the container is considered unhealthy.
 
-            You may specify between 1 and 10 retries. The default value is 3.
+            You may specify between 1 and 10 retries. The default value is 3. This value applies only when you specify a ``command`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html#cfn-ecs-taskdefinition-healthcheck-retries
             '''
@@ -15286,7 +15276,7 @@ class CfnTaskDefinition(
         def start_period(self) -> typing.Optional[jsii.Number]:
             '''The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries.
 
-            You can specify between 0 and 300 seconds. By default, the ``startPeriod`` is off.
+            You can specify between 0 and 300 seconds. By default, the ``startPeriod`` is off. This value applies only when you specify a ``command`` .
             .. epigraph::
 
                If a health check succeeds within the ``startPeriod`` , then the container is considered healthy and any subsequent failures count toward the maximum number of retries.
@@ -15300,7 +15290,7 @@ class CfnTaskDefinition(
         def timeout(self) -> typing.Optional[jsii.Number]:
             '''The time period in seconds to wait for a health check to succeed before it is considered a failure.
 
-            You may specify between 2 and 60 seconds. The default value is 5.
+            You may specify between 2 and 60 seconds. The default value is 5. This value applies only when you specify a ``command`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html#cfn-ecs-taskdefinition-healthcheck-timeout
             '''
@@ -17570,7 +17560,7 @@ class CfnTaskDefinitionProps:
         '''Properties for defining a ``CfnTaskDefinition``.
 
         :param container_definitions: A list of container definitions in JSON format that describe the different containers that make up your task. For more information about container definition parameters and defaults, see `Amazon ECS Task Definitions <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
-        :param cpu: The number of ``cpu`` units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the ``memory`` parameter. If you use the EC2 launch type, this field is optional. Supported values are between ``128`` CPU units ( ``0.125`` vCPUs) and ``10240`` CPU units ( ``10`` vCPUs). The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate. - 256 (.25 vCPU) - Available ``memory`` values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - 512 (.5 vCPU) - Available ``memory`` values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - 1024 (1 vCPU) - Available ``memory`` values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - 2048 (2 vCPU) - Available ``memory`` values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - 4096 (4 vCPU) - Available ``memory`` values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - 8192 (8 vCPU) - Available ``memory`` values: 16 GB and 60 GB in 4 GB increments This option requires Linux platform ``1.4.0`` or later. - 16384 (16vCPU) - Available ``memory`` values: 32GB and 120 GB in 8 GB increments This option requires Linux platform ``1.4.0`` or later.
+        :param cpu: The number of ``cpu`` units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the ``memory`` parameter. If you're using the EC2 launch type or the external launch type, this field is optional. Supported values are between ``128`` CPU units ( ``0.125`` vCPUs) and ``196608`` CPU units ( ``192`` vCPUs). The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate. - 256 (.25 vCPU) - Available ``memory`` values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - 512 (.5 vCPU) - Available ``memory`` values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - 1024 (1 vCPU) - Available ``memory`` values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - 2048 (2 vCPU) - Available ``memory`` values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - 4096 (4 vCPU) - Available ``memory`` values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - 8192 (8 vCPU) - Available ``memory`` values: 16 GB and 60 GB in 4 GB increments This option requires Linux platform ``1.4.0`` or later. - 16384 (16vCPU) - Available ``memory`` values: 32GB and 120 GB in 8 GB increments This option requires Linux platform ``1.4.0`` or later.
         :param enable_fault_injection: Enables fault injection and allows for fault injection requests to be accepted from the task's containers. The default value is ``false`` .
         :param ephemeral_storage: The ephemeral storage settings to use for tasks run with the task definition.
         :param execution_role_arn: The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. For informationabout the required IAM roles for Amazon ECS, see `IAM roles for Amazon ECS <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-ecs-iam-role-overview.html>`_ in the *Amazon Elastic Container Service Developer Guide* .
@@ -17894,9 +17884,7 @@ class CfnTaskDefinitionProps:
 
         If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the ``memory`` parameter.
 
-        If you use the EC2 launch type, this field is optional. Supported values are between ``128`` CPU units ( ``0.125`` vCPUs) and ``10240`` CPU units ( ``10`` vCPUs).
-
-        The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.
+        If you're using the EC2 launch type or the external launch type, this field is optional. Supported values are between ``128`` CPU units ( ``0.125`` vCPUs) and ``196608`` CPU units ( ``192`` vCPUs). The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.
 
         - 256 (.25 vCPU) - Available ``memory`` values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)
         - 512 (.5 vCPU) - Available ``memory`` values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)
@@ -18569,7 +18557,7 @@ class CfnTaskSet(
             For example ``awsVpcConfiguration={subnets=["subnet-12344321"],securityGroups=["sg-12344321"]}`` .
 
             :param subnets: The IDs of the subnets associated with the task or service. There's a limit of 16 subnets that can be specified. .. epigraph:: All specified subnets must be from the same VPC.
-            :param assign_public_ip: Whether the task's elastic network interface receives a public IP address. The default value is ``ENABLED`` .
+            :param assign_public_ip: Whether the task's elastic network interface receives a public IP address. Consider the following when you set this value: - When you use ``create-service`` or ``update-service`` , the default is ``DISABLED`` . - When the service ``deploymentController`` is ``ECS`` , the value must be ``DISABLED`` . - When you use ``create-service`` or ``update-service`` , the default is ``ENABLED`` .
             :param security_groups: The IDs of the security groups associated with the task or service. If you don't specify a security group, the default security group for the VPC is used. There's a limit of 5 security groups that can be specified. .. epigraph:: All specified security groups must be from the same VPC.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-awsvpcconfiguration.html
@@ -18621,7 +18609,11 @@ class CfnTaskSet(
         def assign_public_ip(self) -> typing.Optional[builtins.str]:
             '''Whether the task's elastic network interface receives a public IP address.
 
-            The default value is ``ENABLED`` .
+            Consider the following when you set this value:
+
+            - When you use ``create-service`` or ``update-service`` , the default is ``DISABLED`` .
+            - When the service ``deploymentController`` is ``ECS`` , the value must be ``DISABLED`` .
+            - When you use ``create-service`` or ``update-service`` , the default is ``ENABLED`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskset-awsvpcconfiguration.html#cfn-ecs-taskset-awsvpcconfiguration-assignpublicip
             '''
@@ -44013,7 +44005,6 @@ def _typecheckingstub__dfccfa8c4140c61b1030fe8ed564cee115f38fe8144d5ff6ac1654634
     snapshot_id: typing.Optional[builtins.str] = None,
     tag_specifications: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnService.EBSTagSpecificationProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     throughput: typing.Optional[jsii.Number] = None,
-    volume_initialization_rate: typing.Optional[jsii.Number] = None,
     volume_type: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""

aws_cdk/aws_efs/__init__.py

@@ -4419,7 +4419,7 @@ class ReplicationConfigurationProps:
 class ReplicationOverwriteProtection(enum.Enum):
     '''The status of the file system's replication overwrite protection.
 
-    :see: https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-filesystemprotection.html
+    :see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-efs-filesystem-filesystemprotection.html
     :exampleMetadata: infused
 
     Example::

aws_cdk/aws_eks/__init__.py

@@ -9464,7 +9464,9 @@ class CfnNodegroup(
 ):
     '''Creates a managed node group for an Amazon EKS cluster.
 
-    You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template. For more information about using launch templates, see `Customizing managed nodes with launch templates <https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html>`_ .
+    You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template.
+
+    For later updates, you will only be able to update a node group using a launch template only if it was originally deployed with a launch template. Additionally, the launch template ID or name must match what was used when the node group was created. You can update the launch template version with necessary changes. For more information about using launch templates, see `Customizing managed nodes with launch templates <https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html>`_ .
 
     An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by AWS for an Amazon EKS cluster. For more information, see `Managed node groups <https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html>`_ in the *Amazon EKS User Guide* .
     .. epigraph::
@@ -9570,7 +9572,7 @@ class CfnNodegroup(
         :param force_update_enabled: Force the update if any ``Pod`` on the existing node group can't be drained due to a ``Pod`` disruption budget issue. If an update fails because all Pods can't be drained, you can force the update after it fails to terminate the old node whether or not any ``Pod`` is running on the node. Default: - false
         :param instance_types: Specify the instance types for a node group. If you specify a GPU instance type, make sure to also specify an applicable GPU AMI type with the ``amiType`` parameter. If you specify ``launchTemplate`` , then you can specify zero or one instance type in your launch template *or* you can specify 0-20 instance types for ``instanceTypes`` . If however, you specify an instance type in your launch template *and* specify any ``instanceTypes`` , the node group deployment will fail. If you don't specify an instance type in a launch template or for ``instanceTypes`` , then ``t3.medium`` is used, by default. If you specify ``Spot`` for ``capacityType`` , then we recommend specifying multiple values for ``instanceTypes`` . For more information, see `Managed node group capacity types <https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html#managed-node-group-capacity-types>`_ and `Customizing managed nodes with launch templates <https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html>`_ in the *Amazon EKS User Guide* .
         :param labels: The Kubernetes ``labels`` applied to the nodes in the node group. .. epigraph:: Only ``labels`` that are applied with the Amazon EKS API are shown here. There may be other Kubernetes ``labels`` applied to the nodes in this group.
-        :param launch_template: An object representing a node group's launch template specification. When using this object, don't directly specify ``instanceTypes`` , ``diskSize`` , or ``remoteAccess`` . Make sure that the launch template meets the requirements in ``launchTemplateSpecification`` . Also refer to `Customizing managed nodes with launch templates <https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html>`_ in the *Amazon EKS User Guide* .
+        :param launch_template: An object representing a node group's launch template specification. When using this object, don't directly specify ``instanceTypes`` , ``diskSize`` , or ``remoteAccess`` . You cannot later specify a different launch template ID or name than what was used to create the node group. Make sure that the launch template meets the requirements in ``launchTemplateSpecification`` . Also refer to `Customizing managed nodes with launch templates <https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html>`_ in the *Amazon EKS User Guide* .
         :param nodegroup_name: The unique name to give your node group.
         :param node_repair_config: The node auto repair configuration for the node group.
         :param release_version: The AMI version of the Amazon EKS optimized AMI to use with your node group (for example, ``1.14.7- *YYYYMMDD*`` ). By default, the latest available AMI version for the node group's current Kubernetes version is used. For more information, see `Amazon EKS optimized Linux AMI Versions <https://docs.aws.amazon.com/eks/latest/userguide/eks-linux-ami-versions.html>`_ in the *Amazon EKS User Guide* . .. epigraph:: Changing this value triggers an update of the node group if one is available. You can't update other properties at the same time as updating ``Release Version`` .
@@ -9994,9 +9996,9 @@ class CfnNodegroup(
 
             You must specify either the launch template ID or the launch template name in the request, but not both.
 
-            :param id: The ID of the launch template. You must specify either the launch template ID or the launch template name in the request, but not both.
-            :param name: The name of the launch template. You must specify either the launch template name or the launch template ID in the request, but not both.
-            :param version: The version number of the launch template to use. If no version is specified, then the template's default version is used.
+            :param id: The ID of the launch template. You must specify either the launch template ID or the launch template name in the request, but not both. After node group creation, you cannot use a different ID.
+            :param name: The name of the launch template. You must specify either the launch template name or the launch template ID in the request, but not both. After node group creation, you cannot use a different name.
+            :param version: The version number of the launch template to use. If no version is specified, then the template's default version is used. You can use a different version for node group updates.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html
             :exampleMetadata: fixture=_generated
@@ -10030,7 +10032,7 @@ class CfnNodegroup(
         def id(self) -> typing.Optional[builtins.str]:
             '''The ID of the launch template.
 
-            You must specify either the launch template ID or the launch template name in the request, but not both.
+            You must specify either the launch template ID or the launch template name in the request, but not both. After node group creation, you cannot use a different ID.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-id
             '''
@@ -10041,7 +10043,7 @@ class CfnNodegroup(
         def name(self) -> typing.Optional[builtins.str]:
             '''The name of the launch template.
 
-            You must specify either the launch template name or the launch template ID in the request, but not both.
+            You must specify either the launch template name or the launch template ID in the request, but not both. After node group creation, you cannot use a different name.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-name
             '''
@@ -10052,7 +10054,7 @@ class CfnNodegroup(
         def version(self) -> typing.Optional[builtins.str]:
             '''The version number of the launch template to use.
 
-            If no version is specified, then the template's default version is used.
+            If no version is specified, then the template's default version is used. You can use a different version for node group updates.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-version
             '''
@@ -10418,7 +10420,7 @@ class CfnNodegroup(
 
             :param max_unavailable: The maximum number of nodes unavailable at once during a version update. Nodes are updated in parallel. This value or ``maxUnavailablePercentage`` is required to have a value.The maximum number is 100.
             :param max_unavailable_percentage: The maximum percentage of nodes unavailable during a version update. This percentage of nodes are updated in parallel, up to 100 nodes at once. This value or ``maxUnavailable`` is required to have a value.
-            :param update_strategy: The configuration for the behavior to follow during an node group version update of this managed node group. You choose between two possible strategies for replacing nodes during an UpdateNodegroupVersion action.
+            :param update_strategy: The configuration for the behavior to follow during a node group version update of this managed node group. You choose between two possible strategies for replacing nodes during an ```UpdateNodegroupVersion`` <https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateNodegroupVersion.html>`_ action. An Amazon EKS managed node group updates by replacing nodes with new nodes of newer AMI versions in parallel. The *update strategy* changes the managed node update behavior of the managed node group for each quantity. The *default* strategy has guardrails to protect you from misconfiguration and launches the new instances first, before terminating the old instances. The *minimal* strategy removes the guardrails and terminates the old instances before launching the new instances. This minimal strategy is useful in scenarios where you are constrained to resources or costs (for example, with hardware accelerators such as GPUs).
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-updateconfig.html
             :exampleMetadata: fixture=_generated
@@ -10472,9 +10474,11 @@ class CfnNodegroup(
 
         @builtins.property
         def update_strategy(self) -> typing.Optional[builtins.str]:
-            '''The configuration for the behavior to follow during an node group version update of this managed node group.
+            '''The configuration for the behavior to follow during a node group version update of this managed node group.
 
-            You choose between two possible strategies for replacing nodes during an UpdateNodegroupVersion action.
+            You choose between two possible strategies for replacing nodes during an ```UpdateNodegroupVersion`` <https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateNodegroupVersion.html>`_ action.
+
+            An Amazon EKS managed node group updates by replacing nodes with new nodes of newer AMI versions in parallel. The *update strategy* changes the managed node update behavior of the managed node group for each quantity. The *default* strategy has guardrails to protect you from misconfiguration and launches the new instances first, before terminating the old instances. The *minimal* strategy removes the guardrails and terminates the old instances before launching the new instances. This minimal strategy is useful in scenarios where you are constrained to resources or costs (for example, with hardware accelerators such as GPUs).
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-updateconfig.html#cfn-eks-nodegroup-updateconfig-updatestrategy
             '''
@@ -10553,7 +10557,7 @@ class CfnNodegroupProps:
         :param force_update_enabled: Force the update if any ``Pod`` on the existing node group can't be drained due to a ``Pod`` disruption budget issue. If an update fails because all Pods can't be drained, you can force the update after it fails to terminate the old node whether or not any ``Pod`` is running on the node. Default: - false
         :param instance_types: Specify the instance types for a node group. If you specify a GPU instance type, make sure to also specify an applicable GPU AMI type with the ``amiType`` parameter. If you specify ``launchTemplate`` , then you can specify zero or one instance type in your launch template *or* you can specify 0-20 instance types for ``instanceTypes`` . If however, you specify an instance type in your launch template *and* specify any ``instanceTypes`` , the node group deployment will fail. If you don't specify an instance type in a launch template or for ``instanceTypes`` , then ``t3.medium`` is used, by default. If you specify ``Spot`` for ``capacityType`` , then we recommend specifying multiple values for ``instanceTypes`` . For more information, see `Managed node group capacity types <https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html#managed-node-group-capacity-types>`_ and `Customizing managed nodes with launch templates <https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html>`_ in the *Amazon EKS User Guide* .
         :param labels: The Kubernetes ``labels`` applied to the nodes in the node group. .. epigraph:: Only ``labels`` that are applied with the Amazon EKS API are shown here. There may be other Kubernetes ``labels`` applied to the nodes in this group.
-        :param launch_template: An object representing a node group's launch template specification. When using this object, don't directly specify ``instanceTypes`` , ``diskSize`` , or ``remoteAccess`` . Make sure that the launch template meets the requirements in ``launchTemplateSpecification`` . Also refer to `Customizing managed nodes with launch templates <https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html>`_ in the *Amazon EKS User Guide* .
+        :param launch_template: An object representing a node group's launch template specification. When using this object, don't directly specify ``instanceTypes`` , ``diskSize`` , or ``remoteAccess`` . You cannot later specify a different launch template ID or name than what was used to create the node group. Make sure that the launch template meets the requirements in ``launchTemplateSpecification`` . Also refer to `Customizing managed nodes with launch templates <https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html>`_ in the *Amazon EKS User Guide* .
         :param nodegroup_name: The unique name to give your node group.
         :param node_repair_config: The node auto repair configuration for the node group.
         :param release_version: The AMI version of the Amazon EKS optimized AMI to use with your node group (for example, ``1.14.7- *YYYYMMDD*`` ). By default, the latest available AMI version for the node group's current Kubernetes version is used. For more information, see `Amazon EKS optimized Linux AMI Versions <https://docs.aws.amazon.com/eks/latest/userguide/eks-linux-ami-versions.html>`_ in the *Amazon EKS User Guide* . .. epigraph:: Changing this value triggers an update of the node group if one is available. You can't update other properties at the same time as updating ``Release Version`` .
@@ -10795,7 +10799,9 @@ class CfnNodegroupProps:
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnNodegroup.LaunchTemplateSpecificationProperty]]:
         '''An object representing a node group's launch template specification.
 
-        When using this object, don't directly specify ``instanceTypes`` , ``diskSize`` , or ``remoteAccess`` . Make sure that the launch template meets the requirements in ``launchTemplateSpecification`` . Also refer to `Customizing managed nodes with launch templates <https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html>`_ in the *Amazon EKS User Guide* .
+        When using this object, don't directly specify ``instanceTypes`` , ``diskSize`` , or ``remoteAccess`` . You cannot later specify a different launch template ID or name than what was used to create the node group.
+
+        Make sure that the launch template meets the requirements in ``launchTemplateSpecification`` . Also refer to `Customizing managed nodes with launch templates <https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html>`_ in the *Amazon EKS User Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate
         '''

aws_cdk/aws_elasticloadbalancingv2/__init__.py

@@ -5018,11 +5018,11 @@ class CfnListener(
             mode: typing.Optional[builtins.str] = None,
             trust_store_arn: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''Specifies the configuration information for mutual authentication.
+            '''The mutual authentication configuration information.
 
-            :param advertise_trust_store_ca_names: 
+            :param advertise_trust_store_ca_names: Indicates whether trust store CA certificate names are advertised. The default value is ``off`` .
             :param ignore_client_certificate_expiry: Indicates whether expired client certificates are ignored.
-            :param mode: The client certificate handling method. Options are ``off`` , ``passthrough`` or ``verify`` . The default value is ``off`` .
+            :param mode: The client certificate handling method. The possible values are ``off`` , ``passthrough`` , and ``verify`` . The default value is ``off`` .
             :param trust_store_arn: The Amazon Resource Name (ARN) of the trust store.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-mutualauthentication.html
@@ -5059,7 +5059,10 @@ class CfnListener(
 
         @builtins.property
         def advertise_trust_store_ca_names(self) -> typing.Optional[builtins.str]:
-            '''
+            '''Indicates whether trust store CA certificate names are advertised.
+
+            The default value is ``off`` .
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-mutualauthentication.html#cfn-elasticloadbalancingv2-listener-mutualauthentication-advertisetruststorecanames
             '''
             result = self._values.get("advertise_trust_store_ca_names")
@@ -5080,7 +5083,7 @@ class CfnListener(
         def mode(self) -> typing.Optional[builtins.str]:
             '''The client certificate handling method.
 
-            Options are ``off`` , ``passthrough`` or ``verify`` . The default value is ``off`` .
+            The possible values are ``off`` , ``passthrough`` , and ``verify`` . The default value is ``off`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-mutualauthentication.html#cfn-elasticloadbalancingv2-listener-mutualauthentication-mode
             '''
@@ -23725,35 +23728,18 @@ class ApplicationLoadBalancer(
 
     Example::
 
-        from aws_cdk.aws_autoscaling import AutoScalingGroup
-        # asg: AutoScalingGroup
         # vpc: ec2.Vpc
         
         
-        # Create the load balancer in a VPC. 'internetFacing' is 'false'
-        # by default, which creates an internal load balancer.
+        security_group1 = ec2.SecurityGroup(self, "SecurityGroup1", vpc=vpc)
         lb = elbv2.ApplicationLoadBalancer(self, "LB",
             vpc=vpc,
-            internet_facing=True
-        )
-        
-        # Add a listener and open up the load balancer's security group
-        # to the world.
-        listener = lb.add_listener("Listener",
-            port=80,
-        
-            # 'open: true' is the default, you can leave it out if you want. Set it
-            # to 'false' and use `listener.connections` if you want to be selective
-            # about who can access the load balancer.
-            open=True
+            internet_facing=True,
+            security_group=security_group1
         )
         
-        # Create an AutoScaling group and add it as a load balancing
-        # target to the listener.
-        listener.add_targets("ApplicationFleet",
-            port=8080,
-            targets=[asg]
-        )
+        security_group2 = ec2.SecurityGroup(self, "SecurityGroup2", vpc=vpc)
+        lb.add_security_group(security_group2)
     '''
 
     def __init__(