aws-cdk-lib 2.181.1__py3-none-any.whl → 2.183.0__py3-none-any.whl

aws_cdk/aws_ec2/__init__.py

@@ -16953,7 +16953,7 @@ class CfnIPAM(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param default_resource_discovery_organizational_unit_exclusions: A set of organizational unit (OU) exclusions for the default resource discovery, created with this IPAM.
+        :param default_resource_discovery_organizational_unit_exclusions: If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .
         :param description: The description for the IPAM.
         :param enable_private_gua: Enable this option to use your own GUA ranges as private IPv6 addresses. This option is disabled by default.
         :param operating_regions: The operating Regions for an IPAM. Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the AWS Regions you select as operating Regions. For more information about operating Regions, see `Create an IPAM <https://docs.aws.amazon.com//vpc/latest/ipam/create-ipam.html>`_ in the *Amazon VPC IPAM User Guide* .
@@ -17093,7 +17093,7 @@ class CfnIPAM(
     def default_resource_discovery_organizational_unit_exclusions(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnIPAM.IpamOrganizationalUnitExclusionProperty"]]]]:
-        '''A set of organizational unit (OU) exclusions for the default resource discovery, created with this IPAM.'''
+        '''If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnIPAM.IpamOrganizationalUnitExclusionProperty"]]]], jsii.get(self, "defaultResourceDiscoveryOrganizationalUnitExclusions"))
 
     @default_resource_discovery_organizational_unit_exclusions.setter
@@ -17244,7 +17244,7 @@ class CfnIPAM(
     )
     class IpamOrganizationalUnitExclusionProperty:
         def __init__(self, *, organizations_entity_path: builtins.str) -> None:
-            '''If your IPAM is integrated with AWS Organizations and you add an organizational unit (OU) exclusion, IPAM will not manage the IP addresses in accounts in that OU exclusion.
+            '''If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .
 
             :param organizations_entity_path: An AWS Organizations entity path. For more information on the entity path, see `Understand the AWS Organizations entity path <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_last-accessed-view-data-orgs.html#access_policies_access-advisor-viewing-orgs-entity-path>`_ in the *AWS Identity and Access Management User Guide* .
 
@@ -18839,7 +18839,7 @@ class CfnIPAMProps:
     ) -> None:
         '''Properties for defining a ``CfnIPAM``.
 
-        :param default_resource_discovery_organizational_unit_exclusions: A set of organizational unit (OU) exclusions for the default resource discovery, created with this IPAM.
+        :param default_resource_discovery_organizational_unit_exclusions: If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .
         :param description: The description for the IPAM.
         :param enable_private_gua: Enable this option to use your own GUA ranges as private IPv6 addresses. This option is disabled by default.
         :param operating_regions: The operating Regions for an IPAM. Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the AWS Regions you select as operating Regions. For more information about operating Regions, see `Create an IPAM <https://docs.aws.amazon.com//vpc/latest/ipam/create-ipam.html>`_ in the *Amazon VPC IPAM User Guide* .
@@ -18897,7 +18897,7 @@ class CfnIPAMProps:
     def default_resource_discovery_organizational_unit_exclusions(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnIPAM.IpamOrganizationalUnitExclusionProperty]]]]:
-        '''A set of organizational unit (OU) exclusions for the default resource discovery, created with this IPAM.
+        '''If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipam.html#cfn-ec2-ipam-defaultresourcediscoveryorganizationalunitexclusions
         '''
@@ -19023,7 +19023,7 @@ class CfnIPAMResourceDiscovery(
         :param id: Construct identifier for this resource (unique in its scope).
         :param description: The resource discovery description.
         :param operating_regions: The operating Regions for the resource discovery. Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the AWS Regions you select as operating Regions.
-        :param organizational_unit_exclusions: A set of organizational unit (OU) exclusions for this resource.
+        :param organizational_unit_exclusions: If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .
         :param tags: A tag is a label that you assign to an AWS resource. Each tag consists of a key and an optional value. You can use tags to search and filter your resources or track your AWS costs.
         '''
         if __debug__:
@@ -19185,7 +19185,7 @@ class CfnIPAMResourceDiscovery(
     def organizational_unit_exclusions(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty"]]]]:
-        '''A set of organizational unit (OU) exclusions for this resource.'''
+        '''If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty"]]]], jsii.get(self, "organizationalUnitExclusions"))
 
     @organizational_unit_exclusions.setter
@@ -19274,9 +19274,9 @@ class CfnIPAMResourceDiscovery(
     )
     class IpamResourceDiscoveryOrganizationalUnitExclusionProperty:
         def __init__(self, *, organizations_entity_path: builtins.str) -> None:
-            '''If your IPAM is integrated with AWS Organizations and you add an organizational unit (OU) exclusion, IPAM will not manage the IP addresses in accounts in that OU exclusion.
+            '''If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .
 
-            :param organizations_entity_path: An AWS Organizations entity path. Build the path for the OU(s) using AWS Organizations IDs separated by a '/'. Include all child OUs by ending the path with '/*'.
+            :param organizations_entity_path: An AWS Organizations entity path. For more information on the entity path, see `Understand the AWS Organizations entity path <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_last-accessed-view-data-orgs.html#access_policies_access-advisor-viewing-orgs-entity-path>`_ in the *AWS Identity and Access Management User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ipamresourcediscovery-ipamresourcediscoveryorganizationalunitexclusion.html
             :exampleMetadata: fixture=_generated
@@ -19302,7 +19302,7 @@ class CfnIPAMResourceDiscovery(
         def organizations_entity_path(self) -> builtins.str:
             '''An AWS Organizations entity path.
 
-            Build the path for the OU(s) using AWS Organizations IDs separated by a '/'. Include all child OUs by ending the path with '/*'.
+            For more information on the entity path, see `Understand the AWS Organizations entity path <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_last-accessed-view-data-orgs.html#access_policies_access-advisor-viewing-orgs-entity-path>`_ in the *AWS Identity and Access Management User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ipamresourcediscovery-ipamresourcediscoveryorganizationalunitexclusion.html#cfn-ec2-ipamresourcediscovery-ipamresourcediscoveryorganizationalunitexclusion-organizationsentitypath
             '''
@@ -19671,7 +19671,7 @@ class CfnIPAMResourceDiscoveryProps:
 
         :param description: The resource discovery description.
         :param operating_regions: The operating Regions for the resource discovery. Operating Regions are AWS Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the AWS Regions you select as operating Regions.
-        :param organizational_unit_exclusions: A set of organizational unit (OU) exclusions for this resource.
+        :param organizational_unit_exclusions: If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .
         :param tags: A tag is a label that you assign to an AWS resource. Each tag consists of a key and an optional value. You can use tags to search and filter your resources or track your AWS costs.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipamresourcediscovery.html
@@ -19739,7 +19739,7 @@ class CfnIPAMResourceDiscoveryProps:
     def organizational_unit_exclusions(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnIPAMResourceDiscovery.IpamResourceDiscoveryOrganizationalUnitExclusionProperty]]]]:
-        '''A set of organizational unit (OU) exclusions for this resource.
+        '''If your IPAM is integrated with AWS Organizations, you can exclude an `organizational unit (OU) <https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#organizationalunit>`_ from being managed by IPAM. When you exclude an OU, IPAM will not manage the IP addresses in accounts in that OU. For more information, see `Exclude organizational units from IPAM <https://docs.aws.amazon.com/vpc/latest/ipam/exclude-ous.html>`_ in the *Amazon Virtual Private Cloud IP Address Manager User Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-ipamresourcediscovery.html#cfn-ec2-ipamresourcediscovery-organizationalunitexclusions
         '''
@@ -41885,7 +41885,7 @@ class CfnSecurityGroup(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param group_description: A description for the security group. Constraints: Up to 255 characters in length Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*
-        :param group_name: The name of the security group. Constraints: Up to 255 characters in length. Cannot start with ``sg-`` . Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*
+        :param group_name: The name of the security group. Names are case-insensitive and must be unique within the VPC. Constraints: Up to 255 characters in length. Can't start with ``sg-`` . Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*
         :param security_group_egress: The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
         :param security_group_ingress: The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
         :param tags: Any tags assigned to the security group.
@@ -41990,7 +41990,10 @@ class CfnSecurityGroup(
     @builtins.property
     @jsii.member(jsii_name="groupName")
     def group_name(self) -> typing.Optional[builtins.str]:
-        '''The name of the security group.'''
+        '''The name of the security group.
+
+        Names are case-insensitive and must be unique within the VPC.
+        '''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "groupName"))
 
     @group_name.setter
@@ -43567,7 +43570,7 @@ class CfnSecurityGroupProps:
         '''Properties for defining a ``CfnSecurityGroup``.
 
         :param group_description: A description for the security group. Constraints: Up to 255 characters in length Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*
-        :param group_name: The name of the security group. Constraints: Up to 255 characters in length. Cannot start with ``sg-`` . Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*
+        :param group_name: The name of the security group. Names are case-insensitive and must be unique within the VPC. Constraints: Up to 255 characters in length. Can't start with ``sg-`` . Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*
         :param security_group_egress: The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
         :param security_group_ingress: The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
         :param tags: Any tags assigned to the security group.
@@ -43658,9 +43661,9 @@ class CfnSecurityGroupProps:
 
     @builtins.property
     def group_name(self) -> typing.Optional[builtins.str]:
-        '''The name of the security group.
+        '''The name of the security group. Names are case-insensitive and must be unique within the VPC.
 
-        Constraints: Up to 255 characters in length. Cannot start with ``sg-`` .
+        Constraints: Up to 255 characters in length. Can't start with ``sg-`` .
 
         Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*
 
@@ -79118,6 +79121,26 @@ class InterfaceVpcEndpointAwsService(
     def BEDROCK_AGENT_RUNTIME(cls) -> "InterfaceVpcEndpointAwsService":
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "BEDROCK_AGENT_RUNTIME"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="BEDROCK_DATA_AUTOMATION")
+    def BEDROCK_DATA_AUTOMATION(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "BEDROCK_DATA_AUTOMATION"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="BEDROCK_DATA_AUTOMATION_FIPS")
+    def BEDROCK_DATA_AUTOMATION_FIPS(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "BEDROCK_DATA_AUTOMATION_FIPS"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="BEDROCK_DATA_AUTOMATION_RUNTIME")
+    def BEDROCK_DATA_AUTOMATION_RUNTIME(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "BEDROCK_DATA_AUTOMATION_RUNTIME"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="BEDROCK_DATA_AUTOMATION_RUNTIME_FIPS")
+    def BEDROCK_DATA_AUTOMATION_RUNTIME_FIPS(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "BEDROCK_DATA_AUTOMATION_RUNTIME_FIPS"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="BEDROCK_RUNTIME")
     def BEDROCK_RUNTIME(cls) -> "InterfaceVpcEndpointAwsService":
@@ -79633,6 +79656,11 @@ class InterfaceVpcEndpointAwsService(
     def EMR_SERVERLESS(cls) -> "InterfaceVpcEndpointAwsService":
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "EMR_SERVERLESS"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="EMR_SERVERLESS_DASHBOARD")
+    def EMR_SERVERLESS_DASHBOARD(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "EMR_SERVERLESS_DASHBOARD"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="EMR_SERVERLESS_LIVY")
     def EMR_SERVERLESS_LIVY(cls) -> "InterfaceVpcEndpointAwsService":
@@ -80010,6 +80038,36 @@ class InterfaceVpcEndpointAwsService(
     def LICENSE_MANAGER_USER_SUBSCRIPTIONS(cls) -> "InterfaceVpcEndpointAwsService":
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "LICENSE_MANAGER_USER_SUBSCRIPTIONS"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="LOCATION_SERVICE_GEOFENCING")
+    def LOCATION_SERVICE_GEOFENCING(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "LOCATION_SERVICE_GEOFENCING"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="LOCATION_SERVICE_MAPS")
+    def LOCATION_SERVICE_MAPS(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "LOCATION_SERVICE_MAPS"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="LOCATION_SERVICE_METADATA")
+    def LOCATION_SERVICE_METADATA(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "LOCATION_SERVICE_METADATA"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="LOCATION_SERVICE_PLACES")
+    def LOCATION_SERVICE_PLACES(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "LOCATION_SERVICE_PLACES"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="LOCATION_SERVICE_ROUTE")
+    def LOCATION_SERVICE_ROUTE(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "LOCATION_SERVICE_ROUTE"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="LOCATION_SERVICE_TRACKING")
+    def LOCATION_SERVICE_TRACKING(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "LOCATION_SERVICE_TRACKING"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="LOOKOUT_EQUIPMENT")
     def LOOKOUT_EQUIPMENT(cls) -> "InterfaceVpcEndpointAwsService":
@@ -80549,6 +80607,16 @@ class InterfaceVpcEndpointAwsService(
     def SECURITYHUB(cls) -> "InterfaceVpcEndpointAwsService":
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "SECURITYHUB"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="SECURITYLAKE")
+    def SECURITYLAKE(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "SECURITYLAKE"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="SECURITYLAKE_FIPS")
+    def SECURITYLAKE_FIPS(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "SECURITYLAKE_FIPS"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="SERVER_MIGRATION_SERVICE")
     def SERVER_MIGRATION_SERVICE(cls) -> "InterfaceVpcEndpointAwsService":
@@ -80744,6 +80812,16 @@ class InterfaceVpcEndpointAwsService(
     def VPC_LATTICE(cls) -> "InterfaceVpcEndpointAwsService":
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "VPC_LATTICE"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="WAFV2")
+    def WAFV2(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "WAFV2"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="WAFV2_FIPS")
+    def WAFV2_FIPS(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "WAFV2_FIPS"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="WELL_ARCHITECTED_TOOL")
     def WELL_ARCHITECTED_TOOL(cls) -> "InterfaceVpcEndpointAwsService":

aws_cdk/aws_ecr/__init__.py

@@ -2224,7 +2224,7 @@ class CfnRepositoryCreationTemplate(
         :param encryption_configuration: The encryption configuration associated with the repository creation template.
         :param image_tag_mutability: The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
         :param lifecycle_policy: The lifecycle policy to use for repositories created using the template.
-        :param repository_policy: he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
+        :param repository_policy: The repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
         :param resource_tags: The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
         '''
         if __debug__:
@@ -2397,7 +2397,7 @@ class CfnRepositoryCreationTemplate(
     @builtins.property
     @jsii.member(jsii_name="repositoryPolicy")
     def repository_policy(self) -> typing.Optional[builtins.str]:
-        '''he repository policy to apply to repositories created using the template.'''
+        '''The repository policy to apply to repositories created using the template.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "repositoryPolicy"))
 
     @repository_policy.setter
@@ -2551,7 +2551,7 @@ class CfnRepositoryCreationTemplateProps:
         :param encryption_configuration: The encryption configuration associated with the repository creation template.
         :param image_tag_mutability: The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. If IMMUTABLE is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.
         :param lifecycle_policy: The lifecycle policy to use for repositories created using the template.
-        :param repository_policy: he repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
+        :param repository_policy: The repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.
         :param resource_tags: The metadata to apply to the repository to help you categorize and organize. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repositorycreationtemplate.html
@@ -2690,7 +2690,7 @@ class CfnRepositoryCreationTemplateProps:
 
     @builtins.property
     def repository_policy(self) -> typing.Optional[builtins.str]:
-        '''he repository policy to apply to repositories created using the template.
+        '''The repository policy to apply to repositories created using the template.
 
         A repository policy is a permissions policy associated with a repository to control access permissions.
 
@@ -4513,6 +4513,12 @@ class RepositoryEncryption(
         ''''KMS'.'''
         return typing.cast("RepositoryEncryption", jsii.sget(cls, "KMS"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="KMS_DSSE")
+    def KMS_DSSE(cls) -> "RepositoryEncryption":
+        ''''KMS_DSSE'.'''
+        return typing.cast("RepositoryEncryption", jsii.sget(cls, "KMS_DSSE"))
+
     @builtins.property
     @jsii.member(jsii_name="value")
     def value(self) -> builtins.str:

aws_cdk/aws_ecs/__init__.py

@@ -88,7 +88,7 @@ cluster = ecs.Cluster(self, "Cluster",
 )
 ```
 
-To encrypt the fargate ephemeral storage configure a KMS key.
+By default, storage is encrypted with AWS-managed key. You can specify customer-managed key using:
 
 ```python
 # key: kms.Key
@@ -96,7 +96,8 @@ To encrypt the fargate ephemeral storage configure a KMS key.
 
 cluster = ecs.Cluster(self, "Cluster",
     managed_storage_configuration=ecs.ManagedStorageConfiguration(
-        fargate_ephemeral_storage_kms_key=key
+        fargate_ephemeral_storage_kms_key=key,
+        kms_key=key
     )
 )
 ```
@@ -2188,6 +2189,7 @@ from ..aws_autoscaling import (
     CommonAutoScalingGroupProps as _CommonAutoScalingGroupProps_808bbf2d,
     GroupMetrics as _GroupMetrics_7cdf729b,
     HealthCheck as _HealthCheck_03a4bd5a,
+    HealthChecks as _HealthChecks_b8757873,
     IAutoScalingGroup as _IAutoScalingGroup_360f1cde,
     Monitoring as _Monitoring_50020f91,
     NotificationConfiguration as _NotificationConfiguration_d5911670,
@@ -2411,6 +2413,7 @@ class AddAutoScalingGroupCapacityOptions:
         "desired_capacity": "desiredCapacity",
         "group_metrics": "groupMetrics",
         "health_check": "healthCheck",
+        "health_checks": "healthChecks",
         "ignore_unmodified_size_properties": "ignoreUnmodifiedSizeProperties",
         "instance_monitoring": "instanceMonitoring",
         "key_name": "keyName",
@@ -2453,6 +2456,7 @@ class AddCapacityOptions(
         desired_capacity: typing.Optional[jsii.Number] = None,
         group_metrics: typing.Optional[typing.Sequence[_GroupMetrics_7cdf729b]] = None,
         health_check: typing.Optional[_HealthCheck_03a4bd5a] = None,
+        health_checks: typing.Optional[_HealthChecks_b8757873] = None,
         ignore_unmodified_size_properties: typing.Optional[builtins.bool] = None,
         instance_monitoring: typing.Optional[_Monitoring_50020f91] = None,
         key_name: typing.Optional[builtins.str] = None,
@@ -2488,7 +2492,8 @@ class AddCapacityOptions(
         :param default_instance_warmup: The amount of time, in seconds, until a newly launched instance can contribute to the Amazon CloudWatch metrics. This delay lets an instance finish initializing before Amazon EC2 Auto Scaling aggregates instance metrics, resulting in more reliable usage data. Set this value equal to the amount of time that it takes for resource consumption to become stable after an instance reaches the InService state. To optimize the performance of scaling policies that scale continuously, such as target tracking and step scaling policies, we strongly recommend that you enable the default instance warmup, even if its value is set to 0 seconds Default instance warmup will not be added if no value is specified Default: None
         :param desired_capacity: Initial amount of instances in the fleet. If this is set to a number, every deployment will reset the amount of instances to this number. It is recommended to leave this value blank. Default: minCapacity, and leave unchanged during deployment
         :param group_metrics: Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. To report all group metrics use ``GroupMetrics.all()`` Group metrics are reported in a granularity of 1 minute at no additional charge. Default: - no group metrics will be reported
-        :param health_check: Configuration for health checks. Default: - HealthCheck.ec2 with no grace period
+        :param health_check: (deprecated) Configuration for health checks. Default: - HealthCheck.ec2 with no grace period
+        :param health_checks: Configuration for EC2 or additional health checks. Even when using ``HealthChecks.withAdditionalChecks()``, the EC2 type is implicitly included. Default: - EC2 type with no grace period
         :param ignore_unmodified_size_properties: If the ASG has scheduled actions, don't reset unchanged group sizes. Only used if the ASG has scheduled actions (which may scale your ASG up or down regardless of cdk deployments). If true, the size of the group will only be reset if it has been changed in the CDK app. If false, the sizes will always be changed back to what they were in the CDK app on deployment. Default: true
         :param instance_monitoring: Controls whether instances in this group are launched with detailed or basic monitoring. When detailed monitoring is enabled, Amazon CloudWatch generates metrics every minute and your account is charged a fee. When you disable detailed monitoring, CloudWatch generates metrics every 5 minutes. ``launchTemplate`` and ``mixedInstancesPolicy`` must not be specified when this property is specified Default: - Monitoring.DETAILED
         :param key_name: (deprecated) Name of SSH keypair to grant access to instances. ``launchTemplate`` and ``mixedInstancesPolicy`` must not be specified when this property is specified You can either specify ``keyPair`` or ``keyName``, not both. Default: - No SSH access will be possible.
@@ -2540,6 +2545,7 @@ class AddCapacityOptions(
             check_type(argname="argument desired_capacity", value=desired_capacity, expected_type=type_hints["desired_capacity"])
             check_type(argname="argument group_metrics", value=group_metrics, expected_type=type_hints["group_metrics"])
             check_type(argname="argument health_check", value=health_check, expected_type=type_hints["health_check"])
+            check_type(argname="argument health_checks", value=health_checks, expected_type=type_hints["health_checks"])
             check_type(argname="argument ignore_unmodified_size_properties", value=ignore_unmodified_size_properties, expected_type=type_hints["ignore_unmodified_size_properties"])
             check_type(argname="argument instance_monitoring", value=instance_monitoring, expected_type=type_hints["instance_monitoring"])
             check_type(argname="argument key_name", value=key_name, expected_type=type_hints["key_name"])
@@ -2591,6 +2597,8 @@ class AddCapacityOptions(
             self._values["group_metrics"] = group_metrics
         if health_check is not None:
             self._values["health_check"] = health_check
+        if health_checks is not None:
+            self._values["health_checks"] = health_checks
         if ignore_unmodified_size_properties is not None:
             self._values["ignore_unmodified_size_properties"] = ignore_unmodified_size_properties
         if instance_monitoring is not None:
@@ -2809,13 +2817,30 @@ class AddCapacityOptions(
 
     @builtins.property
     def health_check(self) -> typing.Optional[_HealthCheck_03a4bd5a]:
-        '''Configuration for health checks.
+        '''(deprecated) Configuration for health checks.
 
         :default: - HealthCheck.ec2 with no grace period
+
+        :deprecated: Use ``healthChecks`` instead
+
+        :stability: deprecated
         '''
         result = self._values.get("health_check")
         return typing.cast(typing.Optional[_HealthCheck_03a4bd5a], result)
 
+    @builtins.property
+    def health_checks(self) -> typing.Optional[_HealthChecks_b8757873]:
+        '''Configuration for EC2 or additional health checks.
+
+        Even when using ``HealthChecks.withAdditionalChecks()``, the EC2 type is implicitly included.
+
+        :default: - EC2 type with no grace period
+
+        :see: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html
+        '''
+        result = self._values.get("health_checks")
+        return typing.cast(typing.Optional[_HealthChecks_b8757873], result)
+
     @builtins.property
     def ignore_unmodified_size_properties(self) -> typing.Optional[builtins.bool]:
         '''If the ASG has scheduled actions, don't reset unchanged group sizes.
@@ -32822,6 +32847,7 @@ class MachineImageType(enum.Enum):
     jsii_struct_bases=[],
     name_mapping={
         "fargate_ephemeral_storage_kms_key": "fargateEphemeralStorageKmsKey",
+        "kms_key": "kmsKey",
     },
 )
 class ManagedStorageConfiguration:
@@ -32829,10 +32855,12 @@ class ManagedStorageConfiguration:
         self,
         *,
         fargate_ephemeral_storage_kms_key: typing.Optional[_IKey_5f11635f] = None,
+        kms_key: typing.Optional[_IKey_5f11635f] = None,
     ) -> None:
         '''Kms Keys for encryption ECS managed storage.
 
-        :param fargate_ephemeral_storage_kms_key: KMS Key used to encrypt ECS Fargate ephemeral Storage. The configured KMS Key's policy will be modified to allow ECS to use the Key to encrypt the ephemeral Storage for this cluster. Default: No encryption will be applied
+        :param fargate_ephemeral_storage_kms_key: Customer KMS Key used to encrypt ECS Fargate ephemeral Storage. The configured KMS Key's policy will be modified to allow ECS to use the Key to encrypt the ephemeral Storage for this cluster. Default: - Encrypted using AWS-managed key
+        :param kms_key: Customer KMS Key used to encrypt ECS managed Storage. Default: - Encrypted using AWS-managed key
 
         :exampleMetadata: infused
 
@@ -32843,30 +32871,45 @@ class ManagedStorageConfiguration:
             
             cluster = ecs.Cluster(self, "Cluster",
                 managed_storage_configuration=ecs.ManagedStorageConfiguration(
-                    fargate_ephemeral_storage_kms_key=key
+                    fargate_ephemeral_storage_kms_key=key,
+                    kms_key=key
                 )
             )
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__2f9a1356d6603371cc25e0653216ab0167448ba43002bef5b32c489376e7fbb9)
             check_type(argname="argument fargate_ephemeral_storage_kms_key", value=fargate_ephemeral_storage_kms_key, expected_type=type_hints["fargate_ephemeral_storage_kms_key"])
+            check_type(argname="argument kms_key", value=kms_key, expected_type=type_hints["kms_key"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
         if fargate_ephemeral_storage_kms_key is not None:
             self._values["fargate_ephemeral_storage_kms_key"] = fargate_ephemeral_storage_kms_key
+        if kms_key is not None:
+            self._values["kms_key"] = kms_key
 
     @builtins.property
     def fargate_ephemeral_storage_kms_key(self) -> typing.Optional[_IKey_5f11635f]:
-        '''KMS Key used to encrypt ECS Fargate ephemeral Storage.
+        '''Customer KMS Key used to encrypt ECS Fargate ephemeral Storage.
 
         The configured KMS Key's policy will be modified to allow ECS to use the Key to encrypt the ephemeral Storage for this cluster.
 
-        :default: No encryption will be applied
+        :default: - Encrypted using AWS-managed key
 
         :see: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/fargate-storage-encryption.html
         '''
         result = self._values.get("fargate_ephemeral_storage_kms_key")
         return typing.cast(typing.Optional[_IKey_5f11635f], result)
 
+    @builtins.property
+    def kms_key(self) -> typing.Optional[_IKey_5f11635f]:
+        '''Customer KMS Key used to encrypt ECS managed Storage.
+
+        :default: - Encrypted using AWS-managed key
+
+        :see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-managedstorageconfiguration.html#cfn-ecs-cluster-managedstorageconfiguration-kmskeyid
+        '''
+        result = self._values.get("kms_key")
+        return typing.cast(typing.Optional[_IKey_5f11635f], result)
+
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -39747,6 +39790,7 @@ class Cluster(
         desired_capacity: typing.Optional[jsii.Number] = None,
         group_metrics: typing.Optional[typing.Sequence[_GroupMetrics_7cdf729b]] = None,
         health_check: typing.Optional[_HealthCheck_03a4bd5a] = None,
+        health_checks: typing.Optional[_HealthChecks_b8757873] = None,
         ignore_unmodified_size_properties: typing.Optional[builtins.bool] = None,
         instance_monitoring: typing.Optional[_Monitoring_50020f91] = None,
         key_name: typing.Optional[builtins.str] = None,
@@ -39787,7 +39831,8 @@ class Cluster(
         :param default_instance_warmup: The amount of time, in seconds, until a newly launched instance can contribute to the Amazon CloudWatch metrics. This delay lets an instance finish initializing before Amazon EC2 Auto Scaling aggregates instance metrics, resulting in more reliable usage data. Set this value equal to the amount of time that it takes for resource consumption to become stable after an instance reaches the InService state. To optimize the performance of scaling policies that scale continuously, such as target tracking and step scaling policies, we strongly recommend that you enable the default instance warmup, even if its value is set to 0 seconds Default instance warmup will not be added if no value is specified Default: None
         :param desired_capacity: Initial amount of instances in the fleet. If this is set to a number, every deployment will reset the amount of instances to this number. It is recommended to leave this value blank. Default: minCapacity, and leave unchanged during deployment
         :param group_metrics: Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. To report all group metrics use ``GroupMetrics.all()`` Group metrics are reported in a granularity of 1 minute at no additional charge. Default: - no group metrics will be reported
-        :param health_check: Configuration for health checks. Default: - HealthCheck.ec2 with no grace period
+        :param health_check: (deprecated) Configuration for health checks. Default: - HealthCheck.ec2 with no grace period
+        :param health_checks: Configuration for EC2 or additional health checks. Even when using ``HealthChecks.withAdditionalChecks()``, the EC2 type is implicitly included. Default: - EC2 type with no grace period
         :param ignore_unmodified_size_properties: If the ASG has scheduled actions, don't reset unchanged group sizes. Only used if the ASG has scheduled actions (which may scale your ASG up or down regardless of cdk deployments). If true, the size of the group will only be reset if it has been changed in the CDK app. If false, the sizes will always be changed back to what they were in the CDK app on deployment. Default: true
         :param instance_monitoring: Controls whether instances in this group are launched with detailed or basic monitoring. When detailed monitoring is enabled, Amazon CloudWatch generates metrics every minute and your account is charged a fee. When you disable detailed monitoring, CloudWatch generates metrics every 5 minutes. ``launchTemplate`` and ``mixedInstancesPolicy`` must not be specified when this property is specified Default: - Monitoring.DETAILED
         :param key_name: (deprecated) Name of SSH keypair to grant access to instances. ``launchTemplate`` and ``mixedInstancesPolicy`` must not be specified when this property is specified You can either specify ``keyPair`` or ``keyName``, not both. Default: - No SSH access will be possible.
@@ -39826,6 +39871,7 @@ class Cluster(
             desired_capacity=desired_capacity,
             group_metrics=group_metrics,
             health_check=health_check,
+            health_checks=health_checks,
             ignore_unmodified_size_properties=ignore_unmodified_size_properties,
             instance_monitoring=instance_monitoring,
             key_name=key_name,
@@ -43065,6 +43111,7 @@ def _typecheckingstub__64f2d9b3495e3be78346f77d5ad90928968c8ce230e670b6279dc67ad
     desired_capacity: typing.Optional[jsii.Number] = None,
     group_metrics: typing.Optional[typing.Sequence[_GroupMetrics_7cdf729b]] = None,
     health_check: typing.Optional[_HealthCheck_03a4bd5a] = None,
+    health_checks: typing.Optional[_HealthChecks_b8757873] = None,
     ignore_unmodified_size_properties: typing.Optional[builtins.bool] = None,
     instance_monitoring: typing.Optional[_Monitoring_50020f91] = None,
     key_name: typing.Optional[builtins.str] = None,
@@ -45979,6 +46026,7 @@ def _typecheckingstub__4028d39adfbd4018be781b02eae5afae009ba3d6754c9cac3c26580b7
 def _typecheckingstub__2f9a1356d6603371cc25e0653216ab0167448ba43002bef5b32c489376e7fbb9(
     *,
     fargate_ephemeral_storage_kms_key: typing.Optional[_IKey_5f11635f] = None,
+    kms_key: typing.Optional[_IKey_5f11635f] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -46851,6 +46899,7 @@ def _typecheckingstub__63e98e008463515927d4aee3c938d64639e34ce8a2c09fa766883be6a
     desired_capacity: typing.Optional[jsii.Number] = None,
     group_metrics: typing.Optional[typing.Sequence[_GroupMetrics_7cdf729b]] = None,
     health_check: typing.Optional[_HealthCheck_03a4bd5a] = None,
+    health_checks: typing.Optional[_HealthChecks_b8757873] = None,
     ignore_unmodified_size_properties: typing.Optional[builtins.bool] = None,
     instance_monitoring: typing.Optional[_Monitoring_50020f91] = None,
     key_name: typing.Optional[builtins.str] = None,