aws-cdk-lib 2.181.1__py3-none-any.whl → 2.182.0__py3-none-any.whl

aws_cdk/aws_datazone/__init__.py

@@ -2004,7 +2004,9 @@ class CfnDomain(
         
             # the properties below are optional
             description="description",
+            domain_version="domainVersion",
             kms_key_identifier="kmsKeyIdentifier",
+            service_role="serviceRole",
             single_sign_on=datazone.CfnDomain.SingleSignOnProperty(
                 type="type",
                 user_assignment="userAssignment"
@@ -2024,7 +2026,9 @@ class CfnDomain(
         domain_execution_role: builtins.str,
         name: builtins.str,
         description: typing.Optional[builtins.str] = None,
+        domain_version: typing.Optional[builtins.str] = None,
         kms_key_identifier: typing.Optional[builtins.str] = None,
+        service_role: typing.Optional[builtins.str] = None,
         single_sign_on: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnDomain.SingleSignOnProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
@@ -2034,7 +2038,9 @@ class CfnDomain(
         :param domain_execution_role: The domain execution role that is created when an Amazon DataZone domain is created. The domain execution role is created in the AWS account that houses the Amazon DataZone domain.
         :param name: The name of the Amazon DataZone domain.
         :param description: The description of the Amazon DataZone domain.
+        :param domain_version: The domain version.
         :param kms_key_identifier: The identifier of the AWS Key Management Service (KMS) key that is used to encrypt the Amazon DataZone domain, metadata, and reporting data.
+        :param service_role: The service role of the domain that is created.
         :param single_sign_on: The single sign-on details in Amazon DataZone.
         :param tags: The tags specified for the Amazon DataZone domain.
         '''
@@ -2046,7 +2052,9 @@ class CfnDomain(
             domain_execution_role=domain_execution_role,
             name=name,
             description=description,
+            domain_version=domain_version,
             kms_key_identifier=kms_key_identifier,
+            service_role=service_role,
             single_sign_on=single_sign_on,
             tags=tags,
         )
@@ -2196,6 +2204,19 @@ class CfnDomain(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "description", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="domainVersion")
+    def domain_version(self) -> typing.Optional[builtins.str]:
+        '''The domain version.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "domainVersion"))
+
+    @domain_version.setter
+    def domain_version(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__01acac61c7163cf6379c6cbe162a62434376eca50700d6cfaaea6008ea3ec333)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "domainVersion", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="kmsKeyIdentifier")
     def kms_key_identifier(self) -> typing.Optional[builtins.str]:
@@ -2209,6 +2230,19 @@ class CfnDomain(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "kmsKeyIdentifier", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="serviceRole")
+    def service_role(self) -> typing.Optional[builtins.str]:
+        '''The service role of the domain that is created.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "serviceRole"))
+
+    @service_role.setter
+    def service_role(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__8fd383448cae4473b200d8583b604eef942f85827467ce9f6bf4b1fc6f61390c)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "serviceRole", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="singleSignOn")
     def single_sign_on(
@@ -2318,7 +2352,9 @@ class CfnDomain(
         "domain_execution_role": "domainExecutionRole",
         "name": "name",
         "description": "description",
+        "domain_version": "domainVersion",
         "kms_key_identifier": "kmsKeyIdentifier",
+        "service_role": "serviceRole",
         "single_sign_on": "singleSignOn",
         "tags": "tags",
     },
@@ -2330,7 +2366,9 @@ class CfnDomainProps:
         domain_execution_role: builtins.str,
         name: builtins.str,
         description: typing.Optional[builtins.str] = None,
+        domain_version: typing.Optional[builtins.str] = None,
         kms_key_identifier: typing.Optional[builtins.str] = None,
+        service_role: typing.Optional[builtins.str] = None,
         single_sign_on: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDomain.SingleSignOnProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
@@ -2339,7 +2377,9 @@ class CfnDomainProps:
         :param domain_execution_role: The domain execution role that is created when an Amazon DataZone domain is created. The domain execution role is created in the AWS account that houses the Amazon DataZone domain.
         :param name: The name of the Amazon DataZone domain.
         :param description: The description of the Amazon DataZone domain.
+        :param domain_version: The domain version.
         :param kms_key_identifier: The identifier of the AWS Key Management Service (KMS) key that is used to encrypt the Amazon DataZone domain, metadata, and reporting data.
+        :param service_role: The service role of the domain that is created.
         :param single_sign_on: The single sign-on details in Amazon DataZone.
         :param tags: The tags specified for the Amazon DataZone domain.
 
@@ -2358,7 +2398,9 @@ class CfnDomainProps:
             
                 # the properties below are optional
                 description="description",
+                domain_version="domainVersion",
                 kms_key_identifier="kmsKeyIdentifier",
+                service_role="serviceRole",
                 single_sign_on=datazone.CfnDomain.SingleSignOnProperty(
                     type="type",
                     user_assignment="userAssignment"
@@ -2374,7 +2416,9 @@ class CfnDomainProps:
             check_type(argname="argument domain_execution_role", value=domain_execution_role, expected_type=type_hints["domain_execution_role"])
             check_type(argname="argument name", value=name, expected_type=type_hints["name"])
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
+            check_type(argname="argument domain_version", value=domain_version, expected_type=type_hints["domain_version"])
             check_type(argname="argument kms_key_identifier", value=kms_key_identifier, expected_type=type_hints["kms_key_identifier"])
+            check_type(argname="argument service_role", value=service_role, expected_type=type_hints["service_role"])
             check_type(argname="argument single_sign_on", value=single_sign_on, expected_type=type_hints["single_sign_on"])
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
@@ -2383,8 +2427,12 @@ class CfnDomainProps:
         }
         if description is not None:
             self._values["description"] = description
+        if domain_version is not None:
+            self._values["domain_version"] = domain_version
         if kms_key_identifier is not None:
             self._values["kms_key_identifier"] = kms_key_identifier
+        if service_role is not None:
+            self._values["service_role"] = service_role
         if single_sign_on is not None:
             self._values["single_sign_on"] = single_sign_on
         if tags is not None:
@@ -2421,6 +2469,15 @@ class CfnDomainProps:
         result = self._values.get("description")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def domain_version(self) -> typing.Optional[builtins.str]:
+        '''The domain version.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-datazone-domain.html#cfn-datazone-domain-domainversion
+        '''
+        result = self._values.get("domain_version")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def kms_key_identifier(self) -> typing.Optional[builtins.str]:
         '''The identifier of the AWS Key Management Service (KMS) key that is used to encrypt the Amazon DataZone domain, metadata, and reporting data.
@@ -2430,6 +2487,15 @@ class CfnDomainProps:
         result = self._values.get("kms_key_identifier")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def service_role(self) -> typing.Optional[builtins.str]:
+        '''The service role of the domain that is created.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-datazone-domain.html#cfn-datazone-domain-servicerole
+        '''
+        result = self._values.get("service_role")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def single_sign_on(
         self,
@@ -6764,7 +6830,9 @@ def _typecheckingstub__047efef40bc572d080b2e64b8f32c1db40e40ba16fc7d29d887073e9c
     domain_execution_role: builtins.str,
     name: builtins.str,
     description: typing.Optional[builtins.str] = None,
+    domain_version: typing.Optional[builtins.str] = None,
     kms_key_identifier: typing.Optional[builtins.str] = None,
+    service_role: typing.Optional[builtins.str] = None,
     single_sign_on: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDomain.SingleSignOnProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
@@ -6801,12 +6869,24 @@ def _typecheckingstub__cfb0d62a189dbc4d1b327c1e7f651b95f580a2f6196abce203f4709bc
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__01acac61c7163cf6379c6cbe162a62434376eca50700d6cfaaea6008ea3ec333(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__49d22f79e701c8bd8ae540b270f397204f2285f1dc76ab7d1556d659a050f38b(
     value: typing.Optional[builtins.str],
 ) -> None:
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__8fd383448cae4473b200d8583b604eef942f85827467ce9f6bf4b1fc6f61390c(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__ee4595d765303396b66c3b59368637f839b950667fb4c707c509ac63e084f20b(
     value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnDomain.SingleSignOnProperty]],
 ) -> None:
@@ -6832,7 +6912,9 @@ def _typecheckingstub__6d98e07f58a8aeb53fe8b36894639594f83be43ac8d182e1c384572cf
     domain_execution_role: builtins.str,
     name: builtins.str,
     description: typing.Optional[builtins.str] = None,
+    domain_version: typing.Optional[builtins.str] = None,
     kms_key_identifier: typing.Optional[builtins.str] = None,
+    service_role: typing.Optional[builtins.str] = None,
     single_sign_on: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDomain.SingleSignOnProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:

aws_cdk/aws_ec2/__init__.py

@@ -16953,7 +16953,7 @@ class CfnIPAM(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param default_resource_discovery_organizational_unit_exclusions: A set of organizational unit (OU) exclusions for the default resource discovery, created with this IPAM.
+        :param default_resource_discovery_organizational_unit_exclusions: If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .
         :param description: The description for the IPAM.
         :param enable_private_gua: Enable this option to use your own GUA ranges as private IPv6 addresses. This option is disabled by default.
         :param operating_regions: The operating Regions for an IPAM. Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the AWS Regions you select as operating Regions. For more information about operating Regions, see `Create an IPAM <https://docs.aws.amazon.com//vpc/latest/ipam/create-ipam.html>`_ in the *Amazon VPC IPAM User Guide* .
@@ -17093,7 +17093,7 @@ class CfnIPAM(
     def default_resource_discovery_organizational_unit_exclusions(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnIPAM.IpamOrganizationalUnitExclusionProperty"]]]]:
-        '''A set of organizational unit (OU) exclusions for the default resource discovery, created with this IPAM.'''
+        '''If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnIPAM.IpamOrganizationalUnitExclusionProperty"]]]], jsii.get(self, "defaultResourceDiscoveryOrganizationalUnitExclusions"))
 
     @default_resource_discovery_organizational_unit_exclusions.setter
@@ -17244,7 +17244,7 @@ class CfnIPAM(
     )
     class IpamOrganizationalUnitExclusionProperty:
         def __init__(self, *, organizations_entity_path: builtins.str) -> None:
-            '''If your IPAM is integrated with AWS Organizations and you add an organizational unit (OU) exclusion, IPAM will not manage the IP addresses in accounts in that OU exclusion.
+            '''If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .
 
             :param organizations_entity_path: An AWS Organizations entity path. For more information on the entity path, see `Understand the AWS Organizations entity path <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_last-accessed-view-data-orgs.html#access_policies_access-advisor-viewing-orgs-entity-path>`_ in the *AWS Identity and Access Management User Guide* .
 
@@ -18839,7 +18839,7 @@ class CfnIPAMProps:
     ) -> None:
         '''Properties for defining a ``CfnIPAM``.
 
-        :param default_resource_discovery_organizational_unit_exclusions: A set of organizational unit (OU) exclusions for the default resource discovery, created with this IPAM.
+        :param default_resource_discovery_organizational_unit_exclusions: If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .
         :param description: The description for the IPAM.
         :param enable_private_gua: Enable this option to use your own GUA ranges as private IPv6 addresses. This option is disabled by default.
         :param operating_regions: The operating Regions for an IPAM. Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the AWS Regions you select as operating Regions. For more information about operating Regions, see `Create an IPAM <https://docs.aws.amazon.com//vpc/latest/ipam/create-ipam.html>`_ in the *Amazon VPC IPAM User Guide* .
@@ -18897,7 +18897,7 @@ class CfnIPAMProps:
     def default_resource_discovery_organizational_unit_exclusions(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnIPAM.IpamOrganizationalUnitExclusionProperty]]]]:
-        '''A set of organizational unit (OU) exclusions for the default resource discovery, created with this IPAM.
+        '''If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipam.html#cfn-ec2-ipam-defaultresourcediscoveryorganizationalunitexclusions
         '''
@@ -19023,7 +19023,7 @@ class CfnIPAMResourceDiscovery(
         :param id: Construct identifier for this resource (unique in its scope).
         :param description: The resource discovery description.
         :param operating_regions: The operating Regions for the resource discovery. Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the AWS Regions you select as operating Regions.
-        :param organizational_unit_exclusions: A set of organizational unit (OU) exclusions for this resource.
+        :param organizational_unit_exclusions: If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .
         :param tags: A tag is a label that you assign to an AWS resource. Each tag consists of a key and an optional value. You can use tags to search and filter your resources or track your AWS costs.
         '''
         if __debug__:
@@ -19185,7 +19185,7 @@ class CfnIPAMResourceDiscovery(
     def organizational_unit_exclusions(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty"]]]]:
-        '''A set of organizational unit (OU) exclusions for this resource.'''
+        '''If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty"]]]], jsii.get(self, "organizationalUnitExclusions"))
 
     @organizational_unit_exclusions.setter
@@ -19274,9 +19274,9 @@ class CfnIPAMResourceDiscovery(
     )
     class IpamResourceDiscoveryOrganizationalUnitExclusionProperty:
         def __init__(self, *, organizations_entity_path: builtins.str) -> None:
-            '''If your IPAM is integrated with AWS Organizations and you add an organizational unit (OU) exclusion, IPAM will not manage the IP addresses in accounts in that OU exclusion.
+            '''If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .
 
-            :param organizations_entity_path: An AWS Organizations entity path. Build the path for the OU(s) using AWS Organizations IDs separated by a '/'. Include all child OUs by ending the path with '/*'.
+            :param organizations_entity_path: An AWS Organizations entity path. For more information on the entity path, see `Understand the AWS Organizations entity path <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_last-accessed-view-data-orgs.html#access_policies_access-advisor-viewing-orgs-entity-path>`_ in the *AWS Identity and Access Management User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ipamresourcediscovery-ipamresourcediscoveryorganizationalunitexclusion.html
             :exampleMetadata: fixture=_generated
@@ -19302,7 +19302,7 @@ class CfnIPAMResourceDiscovery(
         def organizations_entity_path(self) -> builtins.str:
             '''An AWS Organizations entity path.
 
-            Build the path for the OU(s) using AWS Organizations IDs separated by a '/'. Include all child OUs by ending the path with '/*'.
+            For more information on the entity path, see `Understand the AWS Organizations entity path <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_last-accessed-view-data-orgs.html#access_policies_access-advisor-viewing-orgs-entity-path>`_ in the *AWS Identity and Access Management User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ipamresourcediscovery-ipamresourcediscoveryorganizationalunitexclusion.html#cfn-ec2-ipamresourcediscovery-ipamresourcediscoveryorganizationalunitexclusion-organizationsentitypath
             '''
@@ -19671,7 +19671,7 @@ class CfnIPAMResourceDiscoveryProps:
 
         :param description: The resource discovery description.
         :param operating_regions: The operating Regions for the resource discovery. Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the AWS Regions you select as operating Regions.
-        :param organizational_unit_exclusions: A set of organizational unit (OU) exclusions for this resource.
+        :param organizational_unit_exclusions: If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .
         :param tags: A tag is a label that you assign to an AWS resource. Each tag consists of a key and an optional value. You can use tags to search and filter your resources or track your AWS costs.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipamresourcediscovery.html
@@ -19739,7 +19739,7 @@ class CfnIPAMResourceDiscoveryProps:
     def organizational_unit_exclusions(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty]]]]:
-        '''A set of organizational unit (OU) exclusions for this resource.
+        '''If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipamresourcediscovery.html#cfn-ec2-ipamresourcediscovery-organizationalunitexclusions
         '''
@@ -79118,6 +79118,26 @@ class InterfaceVpcEndpointAwsService(
     def BEDROCK_AGENT_RUNTIME(cls) -> "InterfaceVpcEndpointAwsService":
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "BEDROCK_AGENT_RUNTIME"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="BEDROCK_DATA_AUTOMATION")
+    def BEDROCK_DATA_AUTOMATION(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "BEDROCK_DATA_AUTOMATION"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="BEDROCK_DATA_AUTOMATION_FIPS")
+    def BEDROCK_DATA_AUTOMATION_FIPS(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "BEDROCK_DATA_AUTOMATION_FIPS"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="BEDROCK_DATA_AUTOMATION_RUNTIME")
+    def BEDROCK_DATA_AUTOMATION_RUNTIME(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "BEDROCK_DATA_AUTOMATION_RUNTIME"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="BEDROCK_DATA_AUTOMATION_RUNTIME_FIPS")
+    def BEDROCK_DATA_AUTOMATION_RUNTIME_FIPS(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "BEDROCK_DATA_AUTOMATION_RUNTIME_FIPS"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="BEDROCK_RUNTIME")
     def BEDROCK_RUNTIME(cls) -> "InterfaceVpcEndpointAwsService":

aws_cdk/aws_ecr/__init__.py

@@ -2224,7 +2224,7 @@ class CfnRepositoryCreationTemplate(
         :param encryption_configuration: The encryption configuration associated with the repository creation template.
         :param image_tag_mutability: The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
         :param lifecycle_policy: The lifecycle policy to use for repositories created using the template.
-        :param repository_policy: he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
+        :param repository_policy: The repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
         :param resource_tags: The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
         '''
         if __debug__:
@@ -2397,7 +2397,7 @@ class CfnRepositoryCreationTemplate(
     @builtins.property
     @jsii.member(jsii_name="repositoryPolicy")
     def repository_policy(self) -> typing.Optional[builtins.str]:
-        '''he repository policy to apply to repositories created using the template.'''
+        '''The repository policy to apply to repositories created using the template.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "repositoryPolicy"))
 
     @repository_policy.setter
@@ -2551,7 +2551,7 @@ class CfnRepositoryCreationTemplateProps:
         :param encryption_configuration: The encryption configuration associated with the repository creation template.
         :param image_tag_mutability: The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
         :param lifecycle_policy: The lifecycle policy to use for repositories created using the template.
-        :param repository_policy: he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
+        :param repository_policy: The repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
         :param resource_tags: The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repositorycreationtemplate.html
@@ -2690,7 +2690,7 @@ class CfnRepositoryCreationTemplateProps:
 
     @builtins.property
     def repository_policy(self) -> typing.Optional[builtins.str]:
-        '''he repository policy to apply to repositories created using the template.
+        '''The repository policy to apply to repositories created using the template.
 
         A repository policy is a permissions policy associated with a repository to control access permissions.
 
@@ -4513,6 +4513,12 @@ class RepositoryEncryption(
         ''''KMS'.'''
         return typing.cast("RepositoryEncryption", jsii.sget(cls, "KMS"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="KMS_DSSE")
+    def KMS_DSSE(cls) -> "RepositoryEncryption":
+        ''''KMS_DSSE'.'''
+        return typing.cast("RepositoryEncryption", jsii.sget(cls, "KMS_DSSE"))
+
     @builtins.property
     @jsii.member(jsii_name="value")
     def value(self) -> builtins.str:

aws_cdk/aws_ecs/__init__.py

@@ -88,7 +88,7 @@ cluster = ecs.Cluster(self, "Cluster",
 )
 ```
 
-To encrypt the fargate ephemeral storage configure a KMS key.
+By default, storage is encrypted with AWS-managed key. You can specify customer-managed key using:
 
 ```python
 # key: kms.Key
@@ -96,7 +96,8 @@ To encrypt the fargate ephemeral storage configure a KMS key.
 
 cluster = ecs.Cluster(self, "Cluster",
     managed_storage_configuration=ecs.ManagedStorageConfiguration(
-        fargate_ephemeral_storage_kms_key=key
+        fargate_ephemeral_storage_kms_key=key,
+        kms_key=key
     )
 )
 ```
@@ -2188,6 +2189,7 @@ from ..aws_autoscaling import (
     CommonAutoScalingGroupProps as _CommonAutoScalingGroupProps_808bbf2d,
     GroupMetrics as _GroupMetrics_7cdf729b,
     HealthCheck as _HealthCheck_03a4bd5a,
+    HealthChecks as _HealthChecks_b8757873,
     IAutoScalingGroup as _IAutoScalingGroup_360f1cde,
     Monitoring as _Monitoring_50020f91,
     NotificationConfiguration as _NotificationConfiguration_d5911670,
@@ -2411,6 +2413,7 @@ class AddAutoScalingGroupCapacityOptions:
         "desired_capacity": "desiredCapacity",
         "group_metrics": "groupMetrics",
         "health_check": "healthCheck",
+        "health_checks": "healthChecks",
         "ignore_unmodified_size_properties": "ignoreUnmodifiedSizeProperties",
         "instance_monitoring": "instanceMonitoring",
         "key_name": "keyName",
@@ -2453,6 +2456,7 @@ class AddCapacityOptions(
         desired_capacity: typing.Optional[jsii.Number] = None,
         group_metrics: typing.Optional[typing.Sequence[_GroupMetrics_7cdf729b]] = None,
         health_check: typing.Optional[_HealthCheck_03a4bd5a] = None,
+        health_checks: typing.Optional[_HealthChecks_b8757873] = None,
         ignore_unmodified_size_properties: typing.Optional[builtins.bool] = None,
         instance_monitoring: typing.Optional[_Monitoring_50020f91] = None,
         key_name: typing.Optional[builtins.str] = None,
@@ -2488,7 +2492,8 @@ class AddCapacityOptions(
         :param default_instance_warmup: The amount of time, in seconds, until a newly launched instance can contribute to the Amazon CloudWatch metrics. This delay lets an instance finish initializing before Amazon EC2 Auto Scaling aggregates instance metrics, resulting in more reliable usage data. Set this value equal to the amount of time that it takes for resource consumption to become stable after an instance reaches the InService state. To optimize the performance of scaling policies that scale continuously, such as target tracking and step scaling policies, we strongly recommend that you enable the default instance warmup, even if its value is set to 0 seconds Default instance warmup will not be added if no value is specified Default: None
         :param desired_capacity: Initial amount of instances in the fleet. If this is set to a number, every deployment will reset the amount of instances to this number. It is recommended to leave this value blank. Default: minCapacity, and leave unchanged during deployment
         :param group_metrics: Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. To report all group metrics use ``GroupMetrics.all()`` Group metrics are reported in a granularity of 1 minute at no additional charge. Default: - no group metrics will be reported
-        :param health_check: Configuration for health checks. Default: - HealthCheck.ec2 with no grace period
+        :param health_check: (deprecated) Configuration for health checks. Default: - HealthCheck.ec2 with no grace period
+        :param health_checks: Configuration for EC2 or additional health checks. Even when using ``HealthChecks.withAdditionalChecks()``, the EC2 type is implicitly included. Default: - EC2 type with no grace period
         :param ignore_unmodified_size_properties: If the ASG has scheduled actions, don't reset unchanged group sizes. Only used if the ASG has scheduled actions (which may scale your ASG up or down regardless of cdk deployments). If true, the size of the group will only be reset if it has been changed in the CDK app. If false, the sizes will always be changed back to what they were in the CDK app on deployment. Default: true
         :param instance_monitoring: Controls whether instances in this group are launched with detailed or basic monitoring. When detailed monitoring is enabled, Amazon CloudWatch generates metrics every minute and your account is charged a fee. When you disable detailed monitoring, CloudWatch generates metrics every 5 minutes. ``launchTemplate`` and ``mixedInstancesPolicy`` must not be specified when this property is specified Default: - Monitoring.DETAILED
         :param key_name: (deprecated) Name of SSH keypair to grant access to instances. ``launchTemplate`` and ``mixedInstancesPolicy`` must not be specified when this property is specified You can either specify ``keyPair`` or ``keyName``, not both. Default: - No SSH access will be possible.
@@ -2540,6 +2545,7 @@ class AddCapacityOptions(
             check_type(argname="argument desired_capacity", value=desired_capacity, expected_type=type_hints["desired_capacity"])
             check_type(argname="argument group_metrics", value=group_metrics, expected_type=type_hints["group_metrics"])
             check_type(argname="argument health_check", value=health_check, expected_type=type_hints["health_check"])
+            check_type(argname="argument health_checks", value=health_checks, expected_type=type_hints["health_checks"])
             check_type(argname="argument ignore_unmodified_size_properties", value=ignore_unmodified_size_properties, expected_type=type_hints["ignore_unmodified_size_properties"])
             check_type(argname="argument instance_monitoring", value=instance_monitoring, expected_type=type_hints["instance_monitoring"])
             check_type(argname="argument key_name", value=key_name, expected_type=type_hints["key_name"])
@@ -2591,6 +2597,8 @@ class AddCapacityOptions(
             self._values["group_metrics"] = group_metrics
         if health_check is not None:
             self._values["health_check"] = health_check
+        if health_checks is not None:
+            self._values["health_checks"] = health_checks
         if ignore_unmodified_size_properties is not None:
             self._values["ignore_unmodified_size_properties"] = ignore_unmodified_size_properties
         if instance_monitoring is not None:
@@ -2809,13 +2817,30 @@ class AddCapacityOptions(
 
     @builtins.property
     def health_check(self) -> typing.Optional[_HealthCheck_03a4bd5a]:
-        '''Configuration for health checks.
+        '''(deprecated) Configuration for health checks.
 
         :default: - HealthCheck.ec2 with no grace period
+
+        :deprecated: Use ``healthChecks`` instead
+
+        :stability: deprecated
         '''
         result = self._values.get("health_check")
         return typing.cast(typing.Optional[_HealthCheck_03a4bd5a], result)
 
+    @builtins.property
+    def health_checks(self) -> typing.Optional[_HealthChecks_b8757873]:
+        '''Configuration for EC2 or additional health checks.
+
+        Even when using ``HealthChecks.withAdditionalChecks()``, the EC2 type is implicitly included.
+
+        :default: - EC2 type with no grace period
+
+        :see: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html
+        '''
+        result = self._values.get("health_checks")
+        return typing.cast(typing.Optional[_HealthChecks_b8757873], result)
+
     @builtins.property
     def ignore_unmodified_size_properties(self) -> typing.Optional[builtins.bool]:
         '''If the ASG has scheduled actions, don't reset unchanged group sizes.
@@ -32822,6 +32847,7 @@ class MachineImageType(enum.Enum):
     jsii_struct_bases=[],
     name_mapping={
         "fargate_ephemeral_storage_kms_key": "fargateEphemeralStorageKmsKey",
+        "kms_key": "kmsKey",
     },
 )
 class ManagedStorageConfiguration:
@@ -32829,10 +32855,12 @@ class ManagedStorageConfiguration:
         self,
         *,
         fargate_ephemeral_storage_kms_key: typing.Optional[_IKey_5f11635f] = None,
+        kms_key: typing.Optional[_IKey_5f11635f] = None,
     ) -> None:
         '''Kms Keys for encryption ECS managed storage.
 
-        :param fargate_ephemeral_storage_kms_key: KMS Key used to encrypt ECS Fargate ephemeral Storage. The configured KMS Key's policy will be modified to allow ECS to use the Key to encrypt the ephemeral Storage for this cluster. Default: No encryption will be applied
+        :param fargate_ephemeral_storage_kms_key: Customer KMS Key used to encrypt ECS Fargate ephemeral Storage. The configured KMS Key's policy will be modified to allow ECS to use the Key to encrypt the ephemeral Storage for this cluster. Default: - Encrypted using AWS-managed key
+        :param kms_key: Customer KMS Key used to encrypt ECS managed Storage. Default: - Encrypted using AWS-managed key
 
         :exampleMetadata: infused
 
@@ -32843,30 +32871,45 @@ class ManagedStorageConfiguration:
             
             cluster = ecs.Cluster(self, "Cluster",
                 managed_storage_configuration=ecs.ManagedStorageConfiguration(
-                    fargate_ephemeral_storage_kms_key=key
+                    fargate_ephemeral_storage_kms_key=key,
+                    kms_key=key
                 )
             )
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__2f9a1356d6603371cc25e0653216ab0167448ba43002bef5b32c489376e7fbb9)
             check_type(argname="argument fargate_ephemeral_storage_kms_key", value=fargate_ephemeral_storage_kms_key, expected_type=type_hints["fargate_ephemeral_storage_kms_key"])
+            check_type(argname="argument kms_key", value=kms_key, expected_type=type_hints["kms_key"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
         if fargate_ephemeral_storage_kms_key is not None:
             self._values["fargate_ephemeral_storage_kms_key"] = fargate_ephemeral_storage_kms_key
+        if kms_key is not None:
+            self._values["kms_key"] = kms_key
 
     @builtins.property
     def fargate_ephemeral_storage_kms_key(self) -> typing.Optional[_IKey_5f11635f]:
-        '''KMS Key used to encrypt ECS Fargate ephemeral Storage.
+        '''Customer KMS Key used to encrypt ECS Fargate ephemeral Storage.
 
         The configured KMS Key's policy will be modified to allow ECS to use the Key to encrypt the ephemeral Storage for this cluster.
 
-        :default: No encryption will be applied
+        :default: - Encrypted using AWS-managed key
 
         :see: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/fargate-storage-encryption.html
         '''
         result = self._values.get("fargate_ephemeral_storage_kms_key")
         return typing.cast(typing.Optional[_IKey_5f11635f], result)
 
+    @builtins.property
+    def kms_key(self) -> typing.Optional[_IKey_5f11635f]:
+        '''Customer KMS Key used to encrypt ECS managed Storage.
+
+        :default: - Encrypted using AWS-managed key
+
+        :see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-managedstorageconfiguration.html#cfn-ecs-cluster-managedstorageconfiguration-kmskeyid
+        '''
+        result = self._values.get("kms_key")
+        return typing.cast(typing.Optional[_IKey_5f11635f], result)
+
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -39747,6 +39790,7 @@ class Cluster(
         desired_capacity: typing.Optional[jsii.Number] = None,
         group_metrics: typing.Optional[typing.Sequence[_GroupMetrics_7cdf729b]] = None,
         health_check: typing.Optional[_HealthCheck_03a4bd5a] = None,
+        health_checks: typing.Optional[_HealthChecks_b8757873] = None,
         ignore_unmodified_size_properties: typing.Optional[builtins.bool] = None,
         instance_monitoring: typing.Optional[_Monitoring_50020f91] = None,
         key_name: typing.Optional[builtins.str] = None,
@@ -39787,7 +39831,8 @@ class Cluster(
         :param default_instance_warmup: The amount of time, in seconds, until a newly launched instance can contribute to the Amazon CloudWatch metrics. This delay lets an instance finish initializing before Amazon EC2 Auto Scaling aggregates instance metrics, resulting in more reliable usage data. Set this value equal to the amount of time that it takes for resource consumption to become stable after an instance reaches the InService state. To optimize the performance of scaling policies that scale continuously, such as target tracking and step scaling policies, we strongly recommend that you enable the default instance warmup, even if its value is set to 0 seconds Default instance warmup will not be added if no value is specified Default: None
         :param desired_capacity: Initial amount of instances in the fleet. If this is set to a number, every deployment will reset the amount of instances to this number. It is recommended to leave this value blank. Default: minCapacity, and leave unchanged during deployment
         :param group_metrics: Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. To report all group metrics use ``GroupMetrics.all()`` Group metrics are reported in a granularity of 1 minute at no additional charge. Default: - no group metrics will be reported
-        :param health_check: Configuration for health checks. Default: - HealthCheck.ec2 with no grace period
+        :param health_check: (deprecated) Configuration for health checks. Default: - HealthCheck.ec2 with no grace period
+        :param health_checks: Configuration for EC2 or additional health checks. Even when using ``HealthChecks.withAdditionalChecks()``, the EC2 type is implicitly included. Default: - EC2 type with no grace period
         :param ignore_unmodified_size_properties: If the ASG has scheduled actions, don't reset unchanged group sizes. Only used if the ASG has scheduled actions (which may scale your ASG up or down regardless of cdk deployments). If true, the size of the group will only be reset if it has been changed in the CDK app. If false, the sizes will always be changed back to what they were in the CDK app on deployment. Default: true
         :param instance_monitoring: Controls whether instances in this group are launched with detailed or basic monitoring. When detailed monitoring is enabled, Amazon CloudWatch generates metrics every minute and your account is charged a fee. When you disable detailed monitoring, CloudWatch generates metrics every 5 minutes. ``launchTemplate`` and ``mixedInstancesPolicy`` must not be specified when this property is specified Default: - Monitoring.DETAILED
         :param key_name: (deprecated) Name of SSH keypair to grant access to instances. ``launchTemplate`` and ``mixedInstancesPolicy`` must not be specified when this property is specified You can either specify ``keyPair`` or ``keyName``, not both. Default: - No SSH access will be possible.
@@ -39826,6 +39871,7 @@ class Cluster(
             desired_capacity=desired_capacity,
             group_metrics=group_metrics,
             health_check=health_check,
+            health_checks=health_checks,
             ignore_unmodified_size_properties=ignore_unmodified_size_properties,
             instance_monitoring=instance_monitoring,
             key_name=key_name,
@@ -43065,6 +43111,7 @@ def _typecheckingstub__64f2d9b3495e3be78346f77d5ad90928968c8ce230e670b6279dc67ad
     desired_capacity: typing.Optional[jsii.Number] = None,
     group_metrics: typing.Optional[typing.Sequence[_GroupMetrics_7cdf729b]] = None,
     health_check: typing.Optional[_HealthCheck_03a4bd5a] = None,
+    health_checks: typing.Optional[_HealthChecks_b8757873] = None,
     ignore_unmodified_size_properties: typing.Optional[builtins.bool] = None,
     instance_monitoring: typing.Optional[_Monitoring_50020f91] = None,
     key_name: typing.Optional[builtins.str] = None,
@@ -45979,6 +46026,7 @@ def _typecheckingstub__4028d39adfbd4018be781b02eae5afae009ba3d6754c9cac3c26580b7
 def _typecheckingstub__2f9a1356d6603371cc25e0653216ab0167448ba43002bef5b32c489376e7fbb9(
     *,
     fargate_ephemeral_storage_kms_key: typing.Optional[_IKey_5f11635f] = None,
+    kms_key: typing.Optional[_IKey_5f11635f] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -46851,6 +46899,7 @@ def _typecheckingstub__63e98e008463515927d4aee3c938d64639e34ce8a2c09fa766883be6a
     desired_capacity: typing.Optional[jsii.Number] = None,
     group_metrics: typing.Optional[typing.Sequence[_GroupMetrics_7cdf729b]] = None,
     health_check: typing.Optional[_HealthCheck_03a4bd5a] = None,
+    health_checks: typing.Optional[_HealthChecks_b8757873] = None,
     ignore_unmodified_size_properties: typing.Optional[builtins.bool] = None,
     instance_monitoring: typing.Optional[_Monitoring_50020f91] = None,
     key_name: typing.Optional[builtins.str] = None,