aws-cdk-lib 2.182.0__py3-none-any.whl → 2.184.0__py3-none-any.whl

aws_cdk/aws_redshift/__init__.py

@@ -5122,7 +5122,7 @@ class CfnIntegration(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_redshift.CfnIntegration",
 ):
-    '''Describes a zero-ETL integration.
+    '''Describes a zero-ETL or S3 integration.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-integration.html
     :cloudformationResource: AWS::Redshift::Integration
@@ -5168,9 +5168,9 @@ class CfnIntegration(
         :param id: Construct identifier for this resource (unique in its scope).
         :param source_arn: The Amazon Resource Name (ARN) of the database used as the source for replication.
         :param target_arn: The Amazon Resource Name (ARN) of the Amazon Redshift data warehouse to use as the target for replication.
-        :param additional_encryption_context: The encryption context for the integration. For more information, see `Encryption context <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context>`_ in the *AWS Key Management Service Developer Guide* .
+        :param additional_encryption_context: The encryption context for the integration. For more information, see `Encryption context <https://docs.aws.amazon.com/>`_ in the *AWS Key Management Service Developer Guide* .
         :param integration_name: The name of the integration.
-        :param kms_key_id: The AWS Key Management Service ( AWS KMS ) key identifier for the key used to encrypt the integration.
+        :param kms_key_id: The AWS Key Management Service ( AWS KMS) key identifier for the key used to encrypt the integration.
         :param tags: The list of tags associated with the integration.
         '''
         if __debug__:
@@ -5307,7 +5307,7 @@ class CfnIntegration(
     @builtins.property
     @jsii.member(jsii_name="kmsKeyId")
     def kms_key_id(self) -> typing.Optional[builtins.str]:
-        '''The AWS Key Management Service ( AWS KMS ) key identifier for the key used to encrypt the integration.'''
+        '''The AWS Key Management Service ( AWS KMS) key identifier for the key used to encrypt the integration.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "kmsKeyId"))
 
     @kms_key_id.setter
@@ -5358,9 +5358,9 @@ class CfnIntegrationProps:
 
         :param source_arn: The Amazon Resource Name (ARN) of the database used as the source for replication.
         :param target_arn: The Amazon Resource Name (ARN) of the Amazon Redshift data warehouse to use as the target for replication.
-        :param additional_encryption_context: The encryption context for the integration. For more information, see `Encryption context <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context>`_ in the *AWS Key Management Service Developer Guide* .
+        :param additional_encryption_context: The encryption context for the integration. For more information, see `Encryption context <https://docs.aws.amazon.com/>`_ in the *AWS Key Management Service Developer Guide* .
         :param integration_name: The name of the integration.
-        :param kms_key_id: The AWS Key Management Service ( AWS KMS ) key identifier for the key used to encrypt the integration.
+        :param kms_key_id: The AWS Key Management Service ( AWS KMS) key identifier for the key used to encrypt the integration.
         :param tags: The list of tags associated with the integration.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-integration.html
@@ -5435,7 +5435,7 @@ class CfnIntegrationProps:
     ) -> typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]]:
         '''The encryption context for the integration.
 
-        For more information, see `Encryption context <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context>`_ in the *AWS Key Management Service Developer Guide* .
+        For more information, see `Encryption context <https://docs.aws.amazon.com/>`_ in the *AWS Key Management Service Developer Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-integration.html#cfn-redshift-integration-additionalencryptioncontext
         '''
@@ -5453,7 +5453,7 @@ class CfnIntegrationProps:
 
     @builtins.property
     def kms_key_id(self) -> typing.Optional[builtins.str]:
-        '''The AWS Key Management Service ( AWS KMS ) key identifier for the key used to encrypt the integration.
+        '''The AWS Key Management Service ( AWS KMS) key identifier for the key used to encrypt the integration.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-integration.html#cfn-redshift-integration-kmskeyid
         '''

aws_cdk/aws_sagemaker/__init__.py

@@ -19913,8 +19913,11 @@ class CfnModel(
     )
     class HubAccessConfigProperty:
         def __init__(self, *, hub_content_arn: builtins.str) -> None:
-            '''
-            :param hub_content_arn: 
+            '''The configuration for a private hub model reference that points to a public SageMaker JumpStart model.
+
+            For more information about private hubs, see `Private curated hubs for foundation model access control in JumpStart <https://docs.aws.amazon.com/sagemaker/latest/dg/jumpstart-curated-hubs.html>`_ .
+
+            :param hub_content_arn: The ARN of your private model hub content. This should be a ``ModelReference`` resource type that points to a SageMaker JumpStart public hub model.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-model-hubaccessconfig.html
             :exampleMetadata: fixture=_generated
@@ -19938,7 +19941,10 @@ class CfnModel(
 
         @builtins.property
         def hub_content_arn(self) -> builtins.str:
-            '''
+            '''The ARN of your private model hub content.
+
+            This should be a ``ModelReference`` resource type that points to a SageMaker JumpStart public hub model.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-model-hubaccessconfig.html#cfn-sagemaker-model-hubaccessconfig-hubcontentarn
             '''
             result = self._values.get("hub_content_arn")
@@ -20378,7 +20384,7 @@ class CfnModel(
             :param compression_type: 
             :param s3_data_type: If you choose ``S3Prefix`` , ``S3Uri`` identifies a key name prefix. SageMaker uses all objects that match the specified key name prefix for model training. If you choose ``ManifestFile`` , ``S3Uri`` identifies an object that is a manifest file containing a list of object keys that you want SageMaker to use for model training. If you choose ``AugmentedManifestFile`` , ``S3Uri`` identifies an object that is an augmented manifest file in JSON lines format. This file contains the data you want to use for model training. ``AugmentedManifestFile`` can only be used if the Channel's input mode is ``Pipe`` .
             :param s3_uri: Depending on the value specified for the ``S3DataType`` , identifies either a key name prefix or a manifest. For example: - A key name prefix might look like this: ``s3://bucketname/exampleprefix/`` - A manifest might look like this: ``s3://bucketname/example.manifest`` A manifest is an S3 object which is a JSON file consisting of an array of elements. The first element is a prefix which is followed by one or more suffixes. SageMaker appends the suffix elements to the prefix to get a full set of ``S3Uri`` . Note that the prefix must be a valid non-empty ``S3Uri`` that precludes users from specifying a manifest whose individual ``S3Uri`` is sourced from different S3 buckets. The following code example shows a valid manifest format: ``[ {"prefix": "s3://customer_bucket/some/prefix/"},`` ``"relative/path/to/custdata-1",`` ``"relative/path/custdata-2",`` ``...`` ``"relative/path/custdata-N"`` ``]`` This JSON is equivalent to the following ``S3Uri`` list: ``s3://customer_bucket/some/prefix/relative/path/to/custdata-1`` ``s3://customer_bucket/some/prefix/relative/path/custdata-2`` ``...`` ``s3://customer_bucket/some/prefix/relative/path/custdata-N`` The complete set of ``S3Uri`` in this manifest is the input data for the channel for this data source. The object that each ``S3Uri`` points to must be readable by the IAM role that SageMaker uses to perform tasks on your behalf. Your input bucket must be located in same AWS region as your training job.
-            :param hub_access_config: 
+            :param hub_access_config: The configuration for a private hub model reference that points to a SageMaker JumpStart public hub model.
             :param model_access_config: 
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-model-s3datasource.html
@@ -20495,7 +20501,8 @@ class CfnModel(
         def hub_access_config(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnModel.HubAccessConfigProperty"]]:
-            '''
+            '''The configuration for a private hub model reference that points to a SageMaker JumpStart public hub model.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-model-s3datasource.html#cfn-sagemaker-model-s3datasource-hubaccessconfig
             '''
             result = self._values.get("hub_access_config")

aws_cdk/aws_securitylake/__init__.py

@@ -355,6 +355,9 @@ class CfnDataLake(
     You can enable Security Lake in AWS Regions with customized settings before enabling log collection in Regions. To specify particular Regions, configure these Regions using the ``configurations`` parameter. If you have already enabled Security Lake in a Region when you call this command, the command will update the Region if you provide new configuration parameters. If you have not already enabled Security Lake in the Region when you call this API, it will set up the data lake in the Region with the specified configurations.
 
     When you enable Security Lake , it starts ingesting security data after the ``CreateAwsLogSource`` call. This includes ingesting security data from sources, storing data, and making data accessible to subscribers. Security Lake also enables all the existing settings and resources that it stores or maintains for your AWS account in the current Region, including security log and event data. For more information, see the `Amazon Security Lake User Guide <https://docs.aws.amazon.com//security-lake/latest/userguide/what-is-security-lake.html>`_ .
+    .. epigraph::
+
+       If you use this template to create multiple data lakes in different AWS Regions , and more than one of your data lakes include an `AWS::SecurityLake::AwsLogSource <https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-awslogsource.html>`_ resource, then you must deploy these data lakes sequentially. This is required because data lakes operate globally, and ``AwsLogSource`` resources must be deployed one at a time.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-datalake.html
     :cloudformationResource: AWS::SecurityLake::DataLake

aws_cdk/aws_synthetics/__init__.py

@@ -1296,6 +1296,8 @@ class CfnCanary(
 
     Canaries are scripts that monitor your endpoints and APIs from the outside-in. Canaries help you check the availability and latency of your web services and troubleshoot anomalies by investigating load time data, screenshots of the UI, logs, and metrics. You can set up a canary to run continuously or just once.
 
+    Canaries are automated scripts that run at specified intervals against an endpoint. They include Python or Node.js code to create a Lambda function. This code needs to be packaged in a certain way, depending on the language. For more information, see `Writing a canary script <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_WritingCanary.html>`_ .
+
     To create canaries, you must have the ``CloudWatchSyntheticsFullAccess`` policy. If you are creating a new IAM role for the canary, you also need the the ``iam:CreateRole`` , ``iam:CreatePolicy`` and ``iam:AttachRolePolicy`` permissions. For more information, see `Necessary Roles and Permissions <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Roles>`_ .
 
     Do not include secrets or proprietary information in your canary names. The canary name makes up part of the Amazon Resource Name (ARN) for the canary, and the ARN is included in outbound calls over the internet. For more information, see `Security Considerations for Synthetics Canaries <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/servicelens_canaries_security.html>`_ .

aws_cdk/aws_transfer/__init__.py

@@ -97,12 +97,19 @@ class CfnAgreement(
         
         cfn_agreement = transfer.CfnAgreement(self, "MyCfnAgreement",
             access_role="accessRole",
-            base_directory="baseDirectory",
             local_profile_id="localProfileId",
             partner_profile_id="partnerProfileId",
             server_id="serverId",
         
             # the properties below are optional
+            base_directory="baseDirectory",
+            custom_directories=transfer.CfnAgreement.CustomDirectoriesProperty(
+                failed_files_directory="failedFilesDirectory",
+                mdn_files_directory="mdnFilesDirectory",
+                payload_files_directory="payloadFilesDirectory",
+                status_files_directory="statusFilesDirectory",
+                temporary_files_directory="temporaryFilesDirectory"
+            ),
             description="description",
             enforce_message_signing="enforceMessageSigning",
             preserve_filename="preserveFilename",
@@ -120,10 +127,11 @@ class CfnAgreement(
         id: builtins.str,
         *,
         access_role: builtins.str,
-        base_directory: builtins.str,
         local_profile_id: builtins.str,
         partner_profile_id: builtins.str,
         server_id: builtins.str,
+        base_directory: typing.Optional[builtins.str] = None,
+        custom_directories: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnAgreement.CustomDirectoriesProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         description: typing.Optional[builtins.str] = None,
         enforce_message_signing: typing.Optional[builtins.str] = None,
         preserve_filename: typing.Optional[builtins.str] = None,
@@ -134,10 +142,11 @@ class CfnAgreement(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param access_role: Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the AWS Identity and Access Management role to use. *For AS2 connectors* With AS2, you can send files by calling ``StartFileTransfer`` and specifying the file paths in the request parameter, ``SendFilePaths`` . We use the file’s parent directory (for example, for ``--send-file-paths /bucket/dir/file.txt`` , parent directory is ``/bucket/dir/`` ) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the ``AccessRole`` needs to provide read and write access to the parent directory of the file location used in the ``StartFileTransfer`` request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with ``StartFileTransfer`` . If you are using Basic authentication for your AS2 connector, the access role requires the ``secretsmanager:GetSecretValue`` permission for the secret. If the secret is encrypted using a customer-managed key instead of the AWS managed key in Secrets Manager, then the role also needs the ``kms:Decrypt`` permission for that key. *For SFTP connectors* Make sure that the access role provides read and write access to the parent directory of the file location that's used in the ``StartFileTransfer`` request. Additionally, make sure that the role provides ``secretsmanager:GetSecretValue`` permission to AWS Secrets Manager .
-        :param base_directory: The landing directory (folder) for files that are transferred by using the AS2 protocol.
         :param local_profile_id: A unique identifier for the AS2 local profile.
         :param partner_profile_id: A unique identifier for the partner profile used in the agreement.
         :param server_id: A system-assigned unique identifier for a server instance. This identifier indicates the specific server that the agreement uses.
+        :param base_directory: The landing directory (folder) for files that are transferred by using the AS2 protocol.
+        :param custom_directories: A ``CustomDirectoriesType`` structure. This structure specifies custom directories for storing various AS2 message files. You can specify directories for the following types of files. - Failed files - MDN files - Payload files - Status files - Temporary files
         :param description: The name or short description that's used to identify the agreement.
         :param enforce_message_signing: Determines whether or not unsigned messages from your trading partners will be accepted. - ``ENABLED`` : Transfer Family rejects unsigned messages from your trading partner. - ``DISABLED`` (default value): Transfer Family accepts unsigned messages from your trading partner.
         :param preserve_filename: Determines whether or not Transfer Family appends a unique string of characters to the end of the AS2 message payload filename when saving it. - ``ENABLED`` : the filename provided by your trading parter is preserved when the file is saved. - ``DISABLED`` (default value): when Transfer Family saves the file, the filename is adjusted, as described in `File names and locations <https://docs.aws.amazon.com/transfer/latest/userguide/send-as2-messages.html#file-names-as2>`_ .
@@ -150,10 +159,11 @@ class CfnAgreement(
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         props = CfnAgreementProps(
             access_role=access_role,
-            base_directory=base_directory,
             local_profile_id=local_profile_id,
             partner_profile_id=partner_profile_id,
             server_id=server_id,
+            base_directory=base_directory,
+            custom_directories=custom_directories,
             description=description,
             enforce_message_signing=enforce_message_signing,
             preserve_filename=preserve_filename,
@@ -235,19 +245,6 @@ class CfnAgreement(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "accessRole", value) # pyright: ignore[reportArgumentType]
 
-    @builtins.property
-    @jsii.member(jsii_name="baseDirectory")
-    def base_directory(self) -> builtins.str:
-        '''The landing directory (folder) for files that are transferred by using the AS2 protocol.'''
-        return typing.cast(builtins.str, jsii.get(self, "baseDirectory"))
-
-    @base_directory.setter
-    def base_directory(self, value: builtins.str) -> None:
-        if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__e95a046a6530138645bcc3d9ea79bf173c25ac44d2324af6ecc4137b705bfc28)
-            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "baseDirectory", value) # pyright: ignore[reportArgumentType]
-
     @builtins.property
     @jsii.member(jsii_name="localProfileId")
     def local_profile_id(self) -> builtins.str:
@@ -287,6 +284,37 @@ class CfnAgreement(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "serverId", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="baseDirectory")
+    def base_directory(self) -> typing.Optional[builtins.str]:
+        '''The landing directory (folder) for files that are transferred by using the AS2 protocol.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "baseDirectory"))
+
+    @base_directory.setter
+    def base_directory(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__e95a046a6530138645bcc3d9ea79bf173c25ac44d2324af6ecc4137b705bfc28)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "baseDirectory", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="customDirectories")
+    def custom_directories(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnAgreement.CustomDirectoriesProperty"]]:
+        '''A ``CustomDirectoriesType`` structure.'''
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnAgreement.CustomDirectoriesProperty"]], jsii.get(self, "customDirectories"))
+
+    @custom_directories.setter
+    def custom_directories(
+        self,
+        value: typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnAgreement.CustomDirectoriesProperty"]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__0dfcc069ad404f24e1d3d66293208f393508273f19347e58f547f45ba5f8a952)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "customDirectories", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="description")
     def description(self) -> typing.Optional[builtins.str]:
@@ -352,16 +380,139 @@ class CfnAgreement(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "tagsRaw", value) # pyright: ignore[reportArgumentType]
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_transfer.CfnAgreement.CustomDirectoriesProperty",
+        jsii_struct_bases=[],
+        name_mapping={
+            "failed_files_directory": "failedFilesDirectory",
+            "mdn_files_directory": "mdnFilesDirectory",
+            "payload_files_directory": "payloadFilesDirectory",
+            "status_files_directory": "statusFilesDirectory",
+            "temporary_files_directory": "temporaryFilesDirectory",
+        },
+    )
+    class CustomDirectoriesProperty:
+        def __init__(
+            self,
+            *,
+            failed_files_directory: builtins.str,
+            mdn_files_directory: builtins.str,
+            payload_files_directory: builtins.str,
+            status_files_directory: builtins.str,
+            temporary_files_directory: builtins.str,
+        ) -> None:
+            '''Specifies a separate directory for each type of file to store for an AS2 message.
+
+            :param failed_files_directory: Specifies a location to store the failed files for an AS2 message.
+            :param mdn_files_directory: Specifies a location to store the MDN file for an AS2 message.
+            :param payload_files_directory: Specifies a location to store the payload file for an AS2 message.
+            :param status_files_directory: Specifies a location to store the status file for an AS2 message.
+            :param temporary_files_directory: Specifies a location to store the temporary processing file for an AS2 message.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-agreement-customdirectories.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_transfer as transfer
+                
+                custom_directories_property = transfer.CfnAgreement.CustomDirectoriesProperty(
+                    failed_files_directory="failedFilesDirectory",
+                    mdn_files_directory="mdnFilesDirectory",
+                    payload_files_directory="payloadFilesDirectory",
+                    status_files_directory="statusFilesDirectory",
+                    temporary_files_directory="temporaryFilesDirectory"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__98a40a95fd9ad9ea9bb69f5fdf7379c4b40ddd5a529d08076025691033961aa4)
+                check_type(argname="argument failed_files_directory", value=failed_files_directory, expected_type=type_hints["failed_files_directory"])
+                check_type(argname="argument mdn_files_directory", value=mdn_files_directory, expected_type=type_hints["mdn_files_directory"])
+                check_type(argname="argument payload_files_directory", value=payload_files_directory, expected_type=type_hints["payload_files_directory"])
+                check_type(argname="argument status_files_directory", value=status_files_directory, expected_type=type_hints["status_files_directory"])
+                check_type(argname="argument temporary_files_directory", value=temporary_files_directory, expected_type=type_hints["temporary_files_directory"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "failed_files_directory": failed_files_directory,
+                "mdn_files_directory": mdn_files_directory,
+                "payload_files_directory": payload_files_directory,
+                "status_files_directory": status_files_directory,
+                "temporary_files_directory": temporary_files_directory,
+            }
+
+        @builtins.property
+        def failed_files_directory(self) -> builtins.str:
+            '''Specifies a location to store the failed files for an AS2 message.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-agreement-customdirectories.html#cfn-transfer-agreement-customdirectories-failedfilesdirectory
+            '''
+            result = self._values.get("failed_files_directory")
+            assert result is not None, "Required property 'failed_files_directory' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def mdn_files_directory(self) -> builtins.str:
+            '''Specifies a location to store the MDN file for an AS2 message.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-agreement-customdirectories.html#cfn-transfer-agreement-customdirectories-mdnfilesdirectory
+            '''
+            result = self._values.get("mdn_files_directory")
+            assert result is not None, "Required property 'mdn_files_directory' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def payload_files_directory(self) -> builtins.str:
+            '''Specifies a location to store the payload file for an AS2 message.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-agreement-customdirectories.html#cfn-transfer-agreement-customdirectories-payloadfilesdirectory
+            '''
+            result = self._values.get("payload_files_directory")
+            assert result is not None, "Required property 'payload_files_directory' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def status_files_directory(self) -> builtins.str:
+            '''Specifies a location to store the status file for an AS2 message.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-agreement-customdirectories.html#cfn-transfer-agreement-customdirectories-statusfilesdirectory
+            '''
+            result = self._values.get("status_files_directory")
+            assert result is not None, "Required property 'status_files_directory' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def temporary_files_directory(self) -> builtins.str:
+            '''Specifies a location to store the temporary processing file for an AS2 message.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-transfer-agreement-customdirectories.html#cfn-transfer-agreement-customdirectories-temporaryfilesdirectory
+            '''
+            result = self._values.get("temporary_files_directory")
+            assert result is not None, "Required property 'temporary_files_directory' is missing"
+            return typing.cast(builtins.str, result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "CustomDirectoriesProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
 
 @jsii.data_type(
     jsii_type="aws-cdk-lib.aws_transfer.CfnAgreementProps",
     jsii_struct_bases=[],
     name_mapping={
         "access_role": "accessRole",
-        "base_directory": "baseDirectory",
         "local_profile_id": "localProfileId",
         "partner_profile_id": "partnerProfileId",
         "server_id": "serverId",
+        "base_directory": "baseDirectory",
+        "custom_directories": "customDirectories",
         "description": "description",
         "enforce_message_signing": "enforceMessageSigning",
         "preserve_filename": "preserveFilename",
@@ -374,10 +525,11 @@ class CfnAgreementProps:
         self,
         *,
         access_role: builtins.str,
-        base_directory: builtins.str,
         local_profile_id: builtins.str,
         partner_profile_id: builtins.str,
         server_id: builtins.str,
+        base_directory: typing.Optional[builtins.str] = None,
+        custom_directories: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAgreement.CustomDirectoriesProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         description: typing.Optional[builtins.str] = None,
         enforce_message_signing: typing.Optional[builtins.str] = None,
         preserve_filename: typing.Optional[builtins.str] = None,
@@ -387,10 +539,11 @@ class CfnAgreementProps:
         '''Properties for defining a ``CfnAgreement``.
 
         :param access_role: Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the AWS Identity and Access Management role to use. *For AS2 connectors* With AS2, you can send files by calling ``StartFileTransfer`` and specifying the file paths in the request parameter, ``SendFilePaths`` . We use the file’s parent directory (for example, for ``--send-file-paths /bucket/dir/file.txt`` , parent directory is ``/bucket/dir/`` ) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the ``AccessRole`` needs to provide read and write access to the parent directory of the file location used in the ``StartFileTransfer`` request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with ``StartFileTransfer`` . If you are using Basic authentication for your AS2 connector, the access role requires the ``secretsmanager:GetSecretValue`` permission for the secret. If the secret is encrypted using a customer-managed key instead of the AWS managed key in Secrets Manager, then the role also needs the ``kms:Decrypt`` permission for that key. *For SFTP connectors* Make sure that the access role provides read and write access to the parent directory of the file location that's used in the ``StartFileTransfer`` request. Additionally, make sure that the role provides ``secretsmanager:GetSecretValue`` permission to AWS Secrets Manager .
-        :param base_directory: The landing directory (folder) for files that are transferred by using the AS2 protocol.
         :param local_profile_id: A unique identifier for the AS2 local profile.
         :param partner_profile_id: A unique identifier for the partner profile used in the agreement.
         :param server_id: A system-assigned unique identifier for a server instance. This identifier indicates the specific server that the agreement uses.
+        :param base_directory: The landing directory (folder) for files that are transferred by using the AS2 protocol.
+        :param custom_directories: A ``CustomDirectoriesType`` structure. This structure specifies custom directories for storing various AS2 message files. You can specify directories for the following types of files. - Failed files - MDN files - Payload files - Status files - Temporary files
         :param description: The name or short description that's used to identify the agreement.
         :param enforce_message_signing: Determines whether or not unsigned messages from your trading partners will be accepted. - ``ENABLED`` : Transfer Family rejects unsigned messages from your trading partner. - ``DISABLED`` (default value): Transfer Family accepts unsigned messages from your trading partner.
         :param preserve_filename: Determines whether or not Transfer Family appends a unique string of characters to the end of the AS2 message payload filename when saving it. - ``ENABLED`` : the filename provided by your trading parter is preserved when the file is saved. - ``DISABLED`` (default value): when Transfer Family saves the file, the filename is adjusted, as described in `File names and locations <https://docs.aws.amazon.com/transfer/latest/userguide/send-as2-messages.html#file-names-as2>`_ .
@@ -408,12 +561,19 @@ class CfnAgreementProps:
             
             cfn_agreement_props = transfer.CfnAgreementProps(
                 access_role="accessRole",
-                base_directory="baseDirectory",
                 local_profile_id="localProfileId",
                 partner_profile_id="partnerProfileId",
                 server_id="serverId",
             
                 # the properties below are optional
+                base_directory="baseDirectory",
+                custom_directories=transfer.CfnAgreement.CustomDirectoriesProperty(
+                    failed_files_directory="failedFilesDirectory",
+                    mdn_files_directory="mdnFilesDirectory",
+                    payload_files_directory="payloadFilesDirectory",
+                    status_files_directory="statusFilesDirectory",
+                    temporary_files_directory="temporaryFilesDirectory"
+                ),
                 description="description",
                 enforce_message_signing="enforceMessageSigning",
                 preserve_filename="preserveFilename",
@@ -427,10 +587,11 @@ class CfnAgreementProps:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__c92e8cdff7d6f57ae5fd00ef4190544d79a76c01e88d32b21b88588eeb47ba2e)
             check_type(argname="argument access_role", value=access_role, expected_type=type_hints["access_role"])
-            check_type(argname="argument base_directory", value=base_directory, expected_type=type_hints["base_directory"])
             check_type(argname="argument local_profile_id", value=local_profile_id, expected_type=type_hints["local_profile_id"])
             check_type(argname="argument partner_profile_id", value=partner_profile_id, expected_type=type_hints["partner_profile_id"])
             check_type(argname="argument server_id", value=server_id, expected_type=type_hints["server_id"])
+            check_type(argname="argument base_directory", value=base_directory, expected_type=type_hints["base_directory"])
+            check_type(argname="argument custom_directories", value=custom_directories, expected_type=type_hints["custom_directories"])
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
             check_type(argname="argument enforce_message_signing", value=enforce_message_signing, expected_type=type_hints["enforce_message_signing"])
             check_type(argname="argument preserve_filename", value=preserve_filename, expected_type=type_hints["preserve_filename"])
@@ -438,11 +599,14 @@ class CfnAgreementProps:
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "access_role": access_role,
-            "base_directory": base_directory,
             "local_profile_id": local_profile_id,
             "partner_profile_id": partner_profile_id,
             "server_id": server_id,
         }
+        if base_directory is not None:
+            self._values["base_directory"] = base_directory
+        if custom_directories is not None:
+            self._values["custom_directories"] = custom_directories
         if description is not None:
             self._values["description"] = description
         if enforce_message_signing is not None:
@@ -476,16 +640,6 @@ class CfnAgreementProps:
         assert result is not None, "Required property 'access_role' is missing"
         return typing.cast(builtins.str, result)
 
-    @builtins.property
-    def base_directory(self) -> builtins.str:
-        '''The landing directory (folder) for files that are transferred by using the AS2 protocol.
-
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-basedirectory
-        '''
-        result = self._values.get("base_directory")
-        assert result is not None, "Required property 'base_directory' is missing"
-        return typing.cast(builtins.str, result)
-
     @builtins.property
     def local_profile_id(self) -> builtins.str:
         '''A unique identifier for the AS2 local profile.
@@ -518,6 +672,34 @@ class CfnAgreementProps:
         assert result is not None, "Required property 'server_id' is missing"
         return typing.cast(builtins.str, result)
 
+    @builtins.property
+    def base_directory(self) -> typing.Optional[builtins.str]:
+        '''The landing directory (folder) for files that are transferred by using the AS2 protocol.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-basedirectory
+        '''
+        result = self._values.get("base_directory")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def custom_directories(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnAgreement.CustomDirectoriesProperty]]:
+        '''A ``CustomDirectoriesType`` structure.
+
+        This structure specifies custom directories for storing various AS2 message files. You can specify directories for the following types of files.
+
+        - Failed files
+        - MDN files
+        - Payload files
+        - Status files
+        - Temporary files
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-agreement.html#cfn-transfer-agreement-customdirectories
+        '''
+        result = self._values.get("custom_directories")
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, CfnAgreement.CustomDirectoriesProperty]], result)
+
     @builtins.property
     def description(self) -> typing.Optional[builtins.str]:
         '''The name or short description that's used to identify the agreement.
@@ -6607,10 +6789,11 @@ def _typecheckingstub__f95ec07e6c4ee624e4f9374f7db0e66b46af64fa8c86e2e41aa290c72
     id: builtins.str,
     *,
     access_role: builtins.str,
-    base_directory: builtins.str,
     local_profile_id: builtins.str,
     partner_profile_id: builtins.str,
     server_id: builtins.str,
+    base_directory: typing.Optional[builtins.str] = None,
+    custom_directories: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAgreement.CustomDirectoriesProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     description: typing.Optional[builtins.str] = None,
     enforce_message_signing: typing.Optional[builtins.str] = None,
     preserve_filename: typing.Optional[builtins.str] = None,
@@ -6638,26 +6821,32 @@ def _typecheckingstub__6846ae06100d907ce47940f1c737179b266cb64b8ba5e2c4167475979
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__e95a046a6530138645bcc3d9ea79bf173c25ac44d2324af6ecc4137b705bfc28(
+def _typecheckingstub__fb3167bad2c7efdb7b3e0dd7d0402156f8d6e14fae7c15dd40a5fccd0b81e057(
     value: builtins.str,
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__fb3167bad2c7efdb7b3e0dd7d0402156f8d6e14fae7c15dd40a5fccd0b81e057(
+def _typecheckingstub__bd438983791db4dad3b3d480a6bf25cacd9537198e1ed06c6a676fa3b408f77a(
     value: builtins.str,
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__bd438983791db4dad3b3d480a6bf25cacd9537198e1ed06c6a676fa3b408f77a(
+def _typecheckingstub__14dc2bb42fd7d8e680f89ab4bbef23a05ad685bb8ba0ece9fc2d04ff9c7d508a(
     value: builtins.str,
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__14dc2bb42fd7d8e680f89ab4bbef23a05ad685bb8ba0ece9fc2d04ff9c7d508a(
-    value: builtins.str,
+def _typecheckingstub__e95a046a6530138645bcc3d9ea79bf173c25ac44d2324af6ecc4137b705bfc28(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__0dfcc069ad404f24e1d3d66293208f393508273f19347e58f547f45ba5f8a952(
+    value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnAgreement.CustomDirectoriesProperty]],
 ) -> None:
     """Type checking stubs"""
     pass
@@ -6692,13 +6881,25 @@ def _typecheckingstub__dbeccb7f697f73180ad5ee02e1bc0a8b54212c0eb54c653977d2989de
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__98a40a95fd9ad9ea9bb69f5fdf7379c4b40ddd5a529d08076025691033961aa4(
+    *,
+    failed_files_directory: builtins.str,
+    mdn_files_directory: builtins.str,
+    payload_files_directory: builtins.str,
+    status_files_directory: builtins.str,
+    temporary_files_directory: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__c92e8cdff7d6f57ae5fd00ef4190544d79a76c01e88d32b21b88588eeb47ba2e(
     *,
     access_role: builtins.str,
-    base_directory: builtins.str,
     local_profile_id: builtins.str,
     partner_profile_id: builtins.str,
     server_id: builtins.str,
+    base_directory: typing.Optional[builtins.str] = None,
+    custom_directories: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnAgreement.CustomDirectoriesProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     description: typing.Optional[builtins.str] = None,
     enforce_message_signing: typing.Optional[builtins.str] = None,
     preserve_filename: typing.Optional[builtins.str] = None,