aws-cdk-lib 2.179.0__py3-none-any.whl → 2.181.0__py3-none-any.whl

aws_cdk/aws_cognito/__init__.py

@@ -35,6 +35,7 @@ This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aw
       * [Multi-factor Authentication (MFA)](#multi-factor-authentication-mfa)
       * [Account Recovery Settings](#account-recovery-settings)
       * [Advanced Security Mode](#advanced-security-mode)
+      * [Threat Protection](#threat-protection)
     * [Emails](#emails)
     * [Device Tracking](#device-tracking)
     * [Lambda Triggers](#lambda-triggers)
@@ -472,7 +473,7 @@ A user will not be allowed to reset their password via phone if they are also us
 
 #### Advanced Security Mode
 
-⚠️ Advanced Security Mode is deprecated in favor of [user pool feature plans](#user-pool-feature-plans).
+⚠️ Advanced Security Mode is deprecated in favor of [Threat Protection](#threat-protection).
 
 User pools can be configured to use Advanced security. You can turn the user pool advanced security features on, and customize the actions that are taken in response to different risks. Or you can use audit mode to gather metrics on detected risks without taking action. In audit mode, the advanced security features publish metrics to Amazon CloudWatch. See the [documentation on Advanced security](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) to learn more.
 
@@ -483,6 +484,15 @@ cognito.UserPool(self, "myuserpool",
 )
 ```
 
+### Threat Protection
+
+This feature is only available if your Feature Plan is set to PLUS.
+
+Threat Protection can be set to configure enforcement levels and automatic responses for users in password-based and custom-challenge authentication flows.
+For configuration, there are 2 options for standard authentication and custom authentication.
+These are represented with properties `standardThreatProtectionMode` and `customThreatProtectionMode`.
+See the [documentation on Threat Protection](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html)
+
 ### Emails
 
 Cognito sends emails to users in the user pool, when particular actions take place, such as welcome emails, invitation
@@ -1349,9 +1359,9 @@ class AccountRecovery(enum.Enum):
 class AdvancedSecurityMode(enum.Enum):
     '''(deprecated) The different ways in which a user pool's Advanced Security Mode can be configured.
 
-    :deprecated: Advanced Security Mode is deprecated in favor of user pool feature plans.
+    :deprecated: Advanced Security Mode is deprecated due to user pool feature plans. Use StandardThreatProtectionMode and CustomThreatProtectionMode to set Thread Protection level.
 
-    :see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userpooladdons.html#cfn-cognito-userpool-userpooladdons-advancedsecuritymode
+    :see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userpooladdons.html
     :stability: deprecated
     :exampleMetadata: infused
 
@@ -9440,15 +9450,6 @@ class CfnUserPoolDomain(
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrCloudFrontDistribution"))
 
-    @builtins.property
-    @jsii.member(jsii_name="attrId")
-    def attr_id(self) -> builtins.str:
-        '''The resource ID.
-
-        :cloudformationAttribute: Id
-        '''
-        return typing.cast(builtins.str, jsii.get(self, "attrId"))
-
     @builtins.property
     @jsii.member(jsii_name="cfnProperties")
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
@@ -14053,6 +14054,21 @@ class CustomDomainOptions:
         )
 
 
+@jsii.enum(jsii_type="aws-cdk-lib.aws_cognito.CustomThreatProtectionMode")
+class CustomThreatProtectionMode(enum.Enum):
+    '''The Type of Threat Protection Enabled for Custom Authentication.
+
+    This feature only functions if your FeaturePlan is set to FeaturePlan.PLUS
+
+    :see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userpooladdons.html
+    '''
+
+    FULL_FUNCTION = "FULL_FUNCTION"
+    '''Cognito automatically takes preventative actions in response to different levels of risk that you configure for your user pool.'''
+    AUDIT_ONLY = "AUDIT_ONLY"
+    '''Cognito gathers metrics on detected risks, but doesn't take automatic action.'''
+
+
 @jsii.data_type(
     jsii_type="aws-cdk-lib.aws_cognito.DeviceTracking",
     jsii_struct_bases=[],
@@ -17390,6 +17406,23 @@ class StandardAttributesMask:
         )
 
 
+@jsii.enum(jsii_type="aws-cdk-lib.aws_cognito.StandardThreatProtectionMode")
+class StandardThreatProtectionMode(enum.Enum):
+    '''The Type of Threat Protection Enabled for Standard Authentication.
+
+    This feature only functions if your FeaturePlan is set to FeaturePlan.PLUS
+
+    :see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userpooladdons.html
+    '''
+
+    FULL_FUNCTION = "FULL_FUNCTION"
+    '''Cognito automatically takes preventative actions in response to different levels of risk that you configure for your user pool.'''
+    AUDIT_ONLY = "AUDIT_ONLY"
+    '''Cognito gathers metrics on detected risks, but doesn't take automatic action.'''
+    NO_ENFORCEMENT = "NO_ENFORCEMENT"
+    '''Cognito doesn't gather metrics on detected risks or automatically take preventative actions.'''
+
+
 @jsii.implements(ICustomAttribute)
 class StringAttribute(
     metaclass=jsii.JSIIMeta,
@@ -17736,6 +17769,7 @@ class UserPool(
         auto_verify: typing.Optional[typing.Union[AutoVerifiedAttrs, typing.Dict[builtins.str, typing.Any]]] = None,
         custom_attributes: typing.Optional[typing.Mapping[builtins.str, ICustomAttribute]] = None,
         custom_sender_kms_key: typing.Optional[_IKey_5f11635f] = None,
+        custom_threat_protection_mode: typing.Optional[CustomThreatProtectionMode] = None,
         deletion_protection: typing.Optional[builtins.bool] = None,
         device_tracking: typing.Optional[typing.Union[DeviceTracking, typing.Dict[builtins.str, typing.Any]]] = None,
         email: typing.Optional["UserPoolEmail"] = None,
@@ -17758,6 +17792,7 @@ class UserPool(
         sms_role_external_id: typing.Optional[builtins.str] = None,
         sns_region: typing.Optional[builtins.str] = None,
         standard_attributes: typing.Optional[typing.Union[StandardAttributes, typing.Dict[builtins.str, typing.Any]]] = None,
+        standard_threat_protection_mode: typing.Optional[StandardThreatProtectionMode] = None,
         user_invitation: typing.Optional[typing.Union[UserInvitationConfig, typing.Dict[builtins.str, typing.Any]]] = None,
         user_pool_name: typing.Optional[builtins.str] = None,
         user_verification: typing.Optional[typing.Union["UserVerificationConfig", typing.Dict[builtins.str, typing.Any]]] = None,
@@ -17770,6 +17805,7 @@ class UserPool(
         :param auto_verify: Attributes which Cognito will look to verify automatically upon user sign up. EMAIL and PHONE are the only available options. Default: - If ``signInAlias`` includes email and/or phone, they will be included in ``autoVerifiedAttributes`` by default. If absent, no attributes will be auto-verified.
         :param custom_attributes: Define a set of custom attributes that can be configured for each user in the user pool. Default: - No custom attributes.
         :param custom_sender_kms_key: This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates. Default: - no key ID configured
+        :param custom_threat_protection_mode: The Type of Threat Protection Enabled for Custom Authentication. This feature only functions if your FeaturePlan is set to FeaturePlan.PLUS Default: - no value
         :param deletion_protection: Indicates whether the user pool should have deletion protection enabled. Default: false
         :param device_tracking: Device tracking settings. Default: - see defaults on each property of DeviceTracking.
         :param email: Email settings for a user pool. Default: - cognito will use the default email configuration
@@ -17792,6 +17828,7 @@ class UserPool(
         :param sms_role_external_id: The 'ExternalId' that Cognito service must be using when assuming the ``smsRole``, if the role is restricted with an 'sts:ExternalId' conditional. Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html This property will be ignored if ``smsRole`` is not specified. Default: - No external id will be configured.
         :param sns_region: The region to integrate with SNS to send SMS messages. This property will do nothing if SMS configuration is not configured. Default: - The same region as the user pool, with a few exceptions - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html#user-pool-sms-settings-first-time
         :param standard_attributes: The set of attributes that are required for every user in the user pool. Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html Default: - All standard attributes are optional and mutable.
+        :param standard_threat_protection_mode: The Type of Threat Protection Enabled for Standard Authentication. This feature only functions if your FeaturePlan is set to FeaturePlan.PLUS Default: - StandardThreatProtectionMode.NO_ENFORCEMENT
         :param user_invitation: Configuration around admins signing up users into a user pool. Default: - see defaults in UserInvitationConfig.
         :param user_pool_name: Name of the user pool. Default: - automatically generated name by CloudFormation at deploy time.
         :param user_verification: Configuration around users signing themselves up to the user pool. Enable or disable self sign-up via the ``selfSignUpEnabled`` property. Default: - see defaults in UserVerificationConfig.
@@ -17806,6 +17843,7 @@ class UserPool(
             auto_verify=auto_verify,
             custom_attributes=custom_attributes,
             custom_sender_kms_key=custom_sender_kms_key,
+            custom_threat_protection_mode=custom_threat_protection_mode,
             deletion_protection=deletion_protection,
             device_tracking=device_tracking,
             email=email,
@@ -17828,6 +17866,7 @@ class UserPool(
             sms_role_external_id=sms_role_external_id,
             sns_region=sns_region,
             standard_attributes=standard_attributes,
+            standard_threat_protection_mode=standard_threat_protection_mode,
             user_invitation=user_invitation,
             user_pool_name=user_pool_name,
             user_verification=user_verification,
@@ -21154,6 +21193,7 @@ class UserPoolOperation(
         "auto_verify": "autoVerify",
         "custom_attributes": "customAttributes",
         "custom_sender_kms_key": "customSenderKmsKey",
+        "custom_threat_protection_mode": "customThreatProtectionMode",
         "deletion_protection": "deletionProtection",
         "device_tracking": "deviceTracking",
         "email": "email",
@@ -21176,6 +21216,7 @@ class UserPoolOperation(
         "sms_role_external_id": "smsRoleExternalId",
         "sns_region": "snsRegion",
         "standard_attributes": "standardAttributes",
+        "standard_threat_protection_mode": "standardThreatProtectionMode",
         "user_invitation": "userInvitation",
         "user_pool_name": "userPoolName",
         "user_verification": "userVerification",
@@ -21190,6 +21231,7 @@ class UserPoolProps:
         auto_verify: typing.Optional[typing.Union[AutoVerifiedAttrs, typing.Dict[builtins.str, typing.Any]]] = None,
         custom_attributes: typing.Optional[typing.Mapping[builtins.str, ICustomAttribute]] = None,
         custom_sender_kms_key: typing.Optional[_IKey_5f11635f] = None,
+        custom_threat_protection_mode: typing.Optional[CustomThreatProtectionMode] = None,
         deletion_protection: typing.Optional[builtins.bool] = None,
         device_tracking: typing.Optional[typing.Union[DeviceTracking, typing.Dict[builtins.str, typing.Any]]] = None,
         email: typing.Optional[UserPoolEmail] = None,
@@ -21212,6 +21254,7 @@ class UserPoolProps:
         sms_role_external_id: typing.Optional[builtins.str] = None,
         sns_region: typing.Optional[builtins.str] = None,
         standard_attributes: typing.Optional[typing.Union[StandardAttributes, typing.Dict[builtins.str, typing.Any]]] = None,
+        standard_threat_protection_mode: typing.Optional[StandardThreatProtectionMode] = None,
         user_invitation: typing.Optional[typing.Union[UserInvitationConfig, typing.Dict[builtins.str, typing.Any]]] = None,
         user_pool_name: typing.Optional[builtins.str] = None,
         user_verification: typing.Optional[typing.Union["UserVerificationConfig", typing.Dict[builtins.str, typing.Any]]] = None,
@@ -21223,6 +21266,7 @@ class UserPoolProps:
         :param auto_verify: Attributes which Cognito will look to verify automatically upon user sign up. EMAIL and PHONE are the only available options. Default: - If ``signInAlias`` includes email and/or phone, they will be included in ``autoVerifiedAttributes`` by default. If absent, no attributes will be auto-verified.
         :param custom_attributes: Define a set of custom attributes that can be configured for each user in the user pool. Default: - No custom attributes.
         :param custom_sender_kms_key: This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates. Default: - no key ID configured
+        :param custom_threat_protection_mode: The Type of Threat Protection Enabled for Custom Authentication. This feature only functions if your FeaturePlan is set to FeaturePlan.PLUS Default: - no value
         :param deletion_protection: Indicates whether the user pool should have deletion protection enabled. Default: false
         :param device_tracking: Device tracking settings. Default: - see defaults on each property of DeviceTracking.
         :param email: Email settings for a user pool. Default: - cognito will use the default email configuration
@@ -21245,6 +21289,7 @@ class UserPoolProps:
         :param sms_role_external_id: The 'ExternalId' that Cognito service must be using when assuming the ``smsRole``, if the role is restricted with an 'sts:ExternalId' conditional. Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html This property will be ignored if ``smsRole`` is not specified. Default: - No external id will be configured.
         :param sns_region: The region to integrate with SNS to send SMS messages. This property will do nothing if SMS configuration is not configured. Default: - The same region as the user pool, with a few exceptions - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html#user-pool-sms-settings-first-time
         :param standard_attributes: The set of attributes that are required for every user in the user pool. Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html Default: - All standard attributes are optional and mutable.
+        :param standard_threat_protection_mode: The Type of Threat Protection Enabled for Standard Authentication. This feature only functions if your FeaturePlan is set to FeaturePlan.PLUS Default: - StandardThreatProtectionMode.NO_ENFORCEMENT
         :param user_invitation: Configuration around admins signing up users into a user pool. Default: - see defaults in UserInvitationConfig.
         :param user_pool_name: Name of the user pool. Default: - automatically generated name by CloudFormation at deploy time.
         :param user_verification: Configuration around users signing themselves up to the user pool. Enable or disable self sign-up via the ``selfSignUpEnabled`` property. Default: - see defaults in UserVerificationConfig.
@@ -21290,6 +21335,7 @@ class UserPoolProps:
             check_type(argname="argument auto_verify", value=auto_verify, expected_type=type_hints["auto_verify"])
             check_type(argname="argument custom_attributes", value=custom_attributes, expected_type=type_hints["custom_attributes"])
             check_type(argname="argument custom_sender_kms_key", value=custom_sender_kms_key, expected_type=type_hints["custom_sender_kms_key"])
+            check_type(argname="argument custom_threat_protection_mode", value=custom_threat_protection_mode, expected_type=type_hints["custom_threat_protection_mode"])
             check_type(argname="argument deletion_protection", value=deletion_protection, expected_type=type_hints["deletion_protection"])
             check_type(argname="argument device_tracking", value=device_tracking, expected_type=type_hints["device_tracking"])
             check_type(argname="argument email", value=email, expected_type=type_hints["email"])
@@ -21312,6 +21358,7 @@ class UserPoolProps:
             check_type(argname="argument sms_role_external_id", value=sms_role_external_id, expected_type=type_hints["sms_role_external_id"])
             check_type(argname="argument sns_region", value=sns_region, expected_type=type_hints["sns_region"])
             check_type(argname="argument standard_attributes", value=standard_attributes, expected_type=type_hints["standard_attributes"])
+            check_type(argname="argument standard_threat_protection_mode", value=standard_threat_protection_mode, expected_type=type_hints["standard_threat_protection_mode"])
             check_type(argname="argument user_invitation", value=user_invitation, expected_type=type_hints["user_invitation"])
             check_type(argname="argument user_pool_name", value=user_pool_name, expected_type=type_hints["user_pool_name"])
             check_type(argname="argument user_verification", value=user_verification, expected_type=type_hints["user_verification"])
@@ -21326,6 +21373,8 @@ class UserPoolProps:
             self._values["custom_attributes"] = custom_attributes
         if custom_sender_kms_key is not None:
             self._values["custom_sender_kms_key"] = custom_sender_kms_key
+        if custom_threat_protection_mode is not None:
+            self._values["custom_threat_protection_mode"] = custom_threat_protection_mode
         if deletion_protection is not None:
             self._values["deletion_protection"] = deletion_protection
         if device_tracking is not None:
@@ -21370,6 +21419,8 @@ class UserPoolProps:
             self._values["sns_region"] = sns_region
         if standard_attributes is not None:
             self._values["standard_attributes"] = standard_attributes
+        if standard_threat_protection_mode is not None:
+            self._values["standard_threat_protection_mode"] = standard_threat_protection_mode
         if user_invitation is not None:
             self._values["user_invitation"] = user_invitation
         if user_pool_name is not None:
@@ -21392,7 +21443,7 @@ class UserPoolProps:
 
         :default: - no value
 
-        :deprecated: Advanced Security Mode is deprecated in favor of user pool feature plans.
+        :deprecated: Advanced Security Mode is deprecated due to user pool feature plans. Use StandardThreatProtectionMode and CustomThreatProtectionMode to set Thread Protection level.
 
         :stability: deprecated
         '''
@@ -21435,6 +21486,21 @@ class UserPoolProps:
         result = self._values.get("custom_sender_kms_key")
         return typing.cast(typing.Optional[_IKey_5f11635f], result)
 
+    @builtins.property
+    def custom_threat_protection_mode(
+        self,
+    ) -> typing.Optional[CustomThreatProtectionMode]:
+        '''The Type of Threat Protection Enabled for Custom Authentication.
+
+        This feature only functions if your FeaturePlan is set to FeaturePlan.PLUS
+
+        :default: - no value
+
+        :see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userpooladdons.html
+        '''
+        result = self._values.get("custom_threat_protection_mode")
+        return typing.cast(typing.Optional[CustomThreatProtectionMode], result)
+
     @builtins.property
     def deletion_protection(self) -> typing.Optional[builtins.bool]:
         '''Indicates whether the user pool should have deletion protection enabled.
@@ -21680,6 +21746,21 @@ class UserPoolProps:
         result = self._values.get("standard_attributes")
         return typing.cast(typing.Optional[StandardAttributes], result)
 
+    @builtins.property
+    def standard_threat_protection_mode(
+        self,
+    ) -> typing.Optional[StandardThreatProtectionMode]:
+        '''The Type of Threat Protection Enabled for Standard Authentication.
+
+        This feature only functions if your FeaturePlan is set to FeaturePlan.PLUS
+
+        :default: - StandardThreatProtectionMode.NO_ENFORCEMENT
+
+        :see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userpooladdons.html
+        '''
+        result = self._values.get("standard_threat_protection_mode")
+        return typing.cast(typing.Optional[StandardThreatProtectionMode], result)
+
     @builtins.property
     def user_invitation(self) -> typing.Optional[UserInvitationConfig]:
         '''Configuration around admins signing up users into a user pool.
@@ -23573,6 +23654,7 @@ __all__ = [
     "CustomAttributeConfig",
     "CustomAttributeProps",
     "CustomDomainOptions",
+    "CustomThreatProtectionMode",
     "DateTimeAttribute",
     "DeviceTracking",
     "EmailSettings",
@@ -23609,6 +23691,7 @@ __all__ = [
     "StandardAttribute",
     "StandardAttributes",
     "StandardAttributesMask",
+    "StandardThreatProtectionMode",
     "StringAttribute",
     "StringAttributeConstraints",
     "StringAttributeProps",
@@ -25798,6 +25881,7 @@ def _typecheckingstub__677a8ec9a3f2a22d2dfde6fd6818121e4a071dc4e942f6bbe219e5a9b
     auto_verify: typing.Optional[typing.Union[AutoVerifiedAttrs, typing.Dict[builtins.str, typing.Any]]] = None,
     custom_attributes: typing.Optional[typing.Mapping[builtins.str, ICustomAttribute]] = None,
     custom_sender_kms_key: typing.Optional[_IKey_5f11635f] = None,
+    custom_threat_protection_mode: typing.Optional[CustomThreatProtectionMode] = None,
     deletion_protection: typing.Optional[builtins.bool] = None,
     device_tracking: typing.Optional[typing.Union[DeviceTracking, typing.Dict[builtins.str, typing.Any]]] = None,
     email: typing.Optional[UserPoolEmail] = None,
@@ -25820,6 +25904,7 @@ def _typecheckingstub__677a8ec9a3f2a22d2dfde6fd6818121e4a071dc4e942f6bbe219e5a9b
     sms_role_external_id: typing.Optional[builtins.str] = None,
     sns_region: typing.Optional[builtins.str] = None,
     standard_attributes: typing.Optional[typing.Union[StandardAttributes, typing.Dict[builtins.str, typing.Any]]] = None,
+    standard_threat_protection_mode: typing.Optional[StandardThreatProtectionMode] = None,
     user_invitation: typing.Optional[typing.Union[UserInvitationConfig, typing.Dict[builtins.str, typing.Any]]] = None,
     user_pool_name: typing.Optional[builtins.str] = None,
     user_verification: typing.Optional[typing.Union[UserVerificationConfig, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -26258,6 +26343,7 @@ def _typecheckingstub__754b1af40b4712720733e130c63a8ec0ca9a35d4cfb25450725d5aa02
     auto_verify: typing.Optional[typing.Union[AutoVerifiedAttrs, typing.Dict[builtins.str, typing.Any]]] = None,
     custom_attributes: typing.Optional[typing.Mapping[builtins.str, ICustomAttribute]] = None,
     custom_sender_kms_key: typing.Optional[_IKey_5f11635f] = None,
+    custom_threat_protection_mode: typing.Optional[CustomThreatProtectionMode] = None,
     deletion_protection: typing.Optional[builtins.bool] = None,
     device_tracking: typing.Optional[typing.Union[DeviceTracking, typing.Dict[builtins.str, typing.Any]]] = None,
     email: typing.Optional[UserPoolEmail] = None,
@@ -26280,6 +26366,7 @@ def _typecheckingstub__754b1af40b4712720733e130c63a8ec0ca9a35d4cfb25450725d5aa02
     sms_role_external_id: typing.Optional[builtins.str] = None,
     sns_region: typing.Optional[builtins.str] = None,
     standard_attributes: typing.Optional[typing.Union[StandardAttributes, typing.Dict[builtins.str, typing.Any]]] = None,
+    standard_threat_protection_mode: typing.Optional[StandardThreatProtectionMode] = None,
     user_invitation: typing.Optional[typing.Union[UserInvitationConfig, typing.Dict[builtins.str, typing.Any]]] = None,
     user_pool_name: typing.Optional[builtins.str] = None,
     user_verification: typing.Optional[typing.Union[UserVerificationConfig, typing.Dict[builtins.str, typing.Any]]] = None,

aws_cdk/aws_config/__init__.py

@@ -698,7 +698,7 @@ class CfnConfigRule(
         :param evaluation_modes: The modes the AWS Config rule can be evaluated in. The valid values are distinct objects. By default, the value is Detective evaluation mode only.
         :param input_parameters: A string, in JSON format, that is passed to the AWS Config rule Lambda function.
         :param maximum_execution_frequency: The maximum frequency with which AWS Config runs evaluations for a rule. You can specify a value for ``MaximumExecutionFrequency`` when: - You are using an AWS managed rule that is triggered at a periodic frequency. - Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see `ConfigSnapshotDeliveryProperties <https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigSnapshotDeliveryProperties.html>`_ . .. epigraph:: By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the ``MaximumExecutionFrequency`` parameter.
-        :param scope: Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes. .. epigraph:: The scope can be empty.
+        :param scope: Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes. .. epigraph:: Scope is only supported for change-triggered rules. Scope is not supported for periodic or hybrid rules.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__deecc74e0a0f7e54fde16a159ece5d8f96f56f6b8aca025003adcc1d931d5d00)
@@ -1512,7 +1512,7 @@ class CfnConfigRuleProps:
         :param evaluation_modes: The modes the AWS Config rule can be evaluated in. The valid values are distinct objects. By default, the value is Detective evaluation mode only.
         :param input_parameters: A string, in JSON format, that is passed to the AWS Config rule Lambda function.
         :param maximum_execution_frequency: The maximum frequency with which AWS Config runs evaluations for a rule. You can specify a value for ``MaximumExecutionFrequency`` when: - You are using an AWS managed rule that is triggered at a periodic frequency. - Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see `ConfigSnapshotDeliveryProperties <https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigSnapshotDeliveryProperties.html>`_ . .. epigraph:: By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the ``MaximumExecutionFrequency`` parameter.
-        :param scope: Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes. .. epigraph:: The scope can be empty.
+        :param scope: Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes. .. epigraph:: Scope is only supported for change-triggered rules. Scope is not supported for periodic or hybrid rules.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html
         :exampleMetadata: fixture=_generated
@@ -1684,7 +1684,7 @@ class CfnConfigRuleProps:
         The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes.
         .. epigraph::
 
-           The scope can be empty.
+           Scope is only supported for change-triggered rules. Scope is not supported for periodic or hybrid rules.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-scope
         '''

aws_cdk/aws_connect/__init__.py

@@ -1427,6 +1427,219 @@ class CfnContactFlowProps:
         )
 
 
+@jsii.implements(_IInspectable_c2943556)
+class CfnContactFlowVersion(
+    _CfnResource_9df397a6,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_connect.CfnContactFlowVersion",
+):
+    '''Creates a version for the specified customer-managed flow within the specified instance.
+
+    :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-connect-contactflowversion.html
+    :cloudformationResource: AWS::Connect::ContactFlowVersion
+    :exampleMetadata: fixture=_generated
+
+    Example::
+
+        # The code below shows an example of how to instantiate this type.
+        # The values are placeholders you should change.
+        from aws_cdk import aws_connect as connect
+        
+        cfn_contact_flow_version = connect.CfnContactFlowVersion(self, "MyCfnContactFlowVersion",
+            contact_flow_id="contactFlowId",
+        
+            # the properties below are optional
+            description="description"
+        )
+    '''
+
+    def __init__(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        contact_flow_id: builtins.str,
+        description: typing.Optional[builtins.str] = None,
+    ) -> None:
+        '''
+        :param scope: Scope in which this resource is defined.
+        :param id: Construct identifier for this resource (unique in its scope).
+        :param contact_flow_id: The identifier of the flow.
+        :param description: The description of the flow version.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__a31de8fadfe8b204a6f20d104c9bd7e6d511bb0a98ca39db212f6ea6f6e7427b)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        props = CfnContactFlowVersionProps(
+            contact_flow_id=contact_flow_id, description=description
+        )
+
+        jsii.create(self.__class__, self, [scope, id, props])
+
+    @jsii.member(jsii_name="inspect")
+    def inspect(self, inspector: _TreeInspector_488e0dd5) -> None:
+        '''Examines the CloudFormation resource and discloses attributes.
+
+        :param inspector: tree inspector to collect and process attributes.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__13f86454b3bf4a5aaf2f2292d0d2d066b4877ddadcbc6f3f09833d142f628fc0)
+            check_type(argname="argument inspector", value=inspector, expected_type=type_hints["inspector"])
+        return typing.cast(None, jsii.invoke(self, "inspect", [inspector]))
+
+    @jsii.member(jsii_name="renderProperties")
+    def _render_properties(
+        self,
+        props: typing.Mapping[builtins.str, typing.Any],
+    ) -> typing.Mapping[builtins.str, typing.Any]:
+        '''
+        :param props: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__039e856ccb29689e4ae1a2b96e0d4d66d182b5df351b2638b7229f84798ea120)
+            check_type(argname="argument props", value=props, expected_type=type_hints["props"])
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.invoke(self, "renderProperties", [props]))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="CFN_RESOURCE_TYPE_NAME")
+    def CFN_RESOURCE_TYPE_NAME(cls) -> builtins.str:
+        '''The CloudFormation resource type name for this resource class.'''
+        return typing.cast(builtins.str, jsii.sget(cls, "CFN_RESOURCE_TYPE_NAME"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrContactFlowVersionArn")
+    def attr_contact_flow_version_arn(self) -> builtins.str:
+        '''The Amazon Resource Name (ARN) of the contact flow version.
+
+        :cloudformationAttribute: ContactFlowVersionARN
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrContactFlowVersionArn"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrFlowContentSha256")
+    def attr_flow_content_sha256(self) -> builtins.str:
+        '''Indicates the checksum value of the flow content.
+
+        :cloudformationAttribute: FlowContentSha256
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrFlowContentSha256"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrVersion")
+    def attr_version(self) -> jsii.Number:
+        '''The identifier of the flow version.
+
+        :cloudformationAttribute: Version
+        '''
+        return typing.cast(jsii.Number, jsii.get(self, "attrVersion"))
+
+    @builtins.property
+    @jsii.member(jsii_name="cfnProperties")
+    def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
+
+    @builtins.property
+    @jsii.member(jsii_name="contactFlowId")
+    def contact_flow_id(self) -> builtins.str:
+        '''The identifier of the flow.'''
+        return typing.cast(builtins.str, jsii.get(self, "contactFlowId"))
+
+    @contact_flow_id.setter
+    def contact_flow_id(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__8c67191011cdc1e35e2efe8a0fc1ca8eb70d92048915331d2c2304e2001167b1)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "contactFlowId", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="description")
+    def description(self) -> typing.Optional[builtins.str]:
+        '''The description of the flow version.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "description"))
+
+    @description.setter
+    def description(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__874c4dc9a5e63e7eb152e6db7e2794c6a1ded5d623873f917a2a60c5a6fbf154)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "description", value) # pyright: ignore[reportArgumentType]
+
+
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_connect.CfnContactFlowVersionProps",
+    jsii_struct_bases=[],
+    name_mapping={"contact_flow_id": "contactFlowId", "description": "description"},
+)
+class CfnContactFlowVersionProps:
+    def __init__(
+        self,
+        *,
+        contact_flow_id: builtins.str,
+        description: typing.Optional[builtins.str] = None,
+    ) -> None:
+        '''Properties for defining a ``CfnContactFlowVersion``.
+
+        :param contact_flow_id: The identifier of the flow.
+        :param description: The description of the flow version.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-connect-contactflowversion.html
+        :exampleMetadata: fixture=_generated
+
+        Example::
+
+            # The code below shows an example of how to instantiate this type.
+            # The values are placeholders you should change.
+            from aws_cdk import aws_connect as connect
+            
+            cfn_contact_flow_version_props = connect.CfnContactFlowVersionProps(
+                contact_flow_id="contactFlowId",
+            
+                # the properties below are optional
+                description="description"
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__1bd431a320275e8a984a962d58a7aaded6a06452a72a1bb623aefe40161e3d66)
+            check_type(argname="argument contact_flow_id", value=contact_flow_id, expected_type=type_hints["contact_flow_id"])
+            check_type(argname="argument description", value=description, expected_type=type_hints["description"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "contact_flow_id": contact_flow_id,
+        }
+        if description is not None:
+            self._values["description"] = description
+
+    @builtins.property
+    def contact_flow_id(self) -> builtins.str:
+        '''The identifier of the flow.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-connect-contactflowversion.html#cfn-connect-contactflowversion-contactflowid
+        '''
+        result = self._values.get("contact_flow_id")
+        assert result is not None, "Required property 'contact_flow_id' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def description(self) -> typing.Optional[builtins.str]:
+        '''The description of the flow version.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-connect-contactflowversion.html#cfn-connect-contactflowversion-description
+        '''
+        result = self._values.get("description")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "CfnContactFlowVersionProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
 @jsii.implements(_IInspectable_c2943556, _ITaggableV2_4e6798f8)
 class CfnEmailAddress(
     _CfnResource_9df397a6,
@@ -16284,6 +16497,8 @@ __all__ = [
     "CfnContactFlowModule",
     "CfnContactFlowModuleProps",
     "CfnContactFlowProps",
+    "CfnContactFlowVersion",
+    "CfnContactFlowVersionProps",
     "CfnEmailAddress",
     "CfnEmailAddressProps",
     "CfnEvaluationForm",
@@ -16620,6 +16835,48 @@ def _typecheckingstub__c0555b19a226cc1a8bd054951921ffd23e0c635fe29a3d69a330d8262
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__a31de8fadfe8b204a6f20d104c9bd7e6d511bb0a98ca39db212f6ea6f6e7427b(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    contact_flow_id: builtins.str,
+    description: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__13f86454b3bf4a5aaf2f2292d0d2d066b4877ddadcbc6f3f09833d142f628fc0(
+    inspector: _TreeInspector_488e0dd5,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__039e856ccb29689e4ae1a2b96e0d4d66d182b5df351b2638b7229f84798ea120(
+    props: typing.Mapping[builtins.str, typing.Any],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__8c67191011cdc1e35e2efe8a0fc1ca8eb70d92048915331d2c2304e2001167b1(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__874c4dc9a5e63e7eb152e6db7e2794c6a1ded5d623873f917a2a60c5a6fbf154(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__1bd431a320275e8a984a962d58a7aaded6a06452a72a1bb623aefe40161e3d66(
+    *,
+    contact_flow_id: builtins.str,
+    description: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__82663491f0adb2dbe44ce9a95c4b21bf5d7529ba2b8adcceab5da9bedc3d1370(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,