aws-cdk-lib 2.184.1__py3-none-any.whl → 2.186.0__py3-none-any.whl

aws_cdk/aws_wafv2/__init__.py

@@ -11934,6 +11934,7 @@ class CfnWebACL(
         captcha_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.CaptchaConfigProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         challenge_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.ChallengeConfigProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         custom_response_bodies: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.CustomResponseBodyProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
+        data_protection_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.DataProtectionConfigProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         description: typing.Optional[builtins.str] = None,
         name: typing.Optional[builtins.str] = None,
         rules: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.RuleProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
@@ -11950,6 +11951,7 @@ class CfnWebACL(
         :param captcha_config: Specifies how AWS WAF should handle ``CAPTCHA`` evaluations for rules that don't have their own ``CaptchaConfig`` settings. If you don't specify this, AWS WAF uses its default settings for ``CaptchaConfig`` .
         :param challenge_config: Specifies how AWS WAF should handle challenge evaluations for rules that don't have their own ``ChallengeConfig`` settings. If you don't specify this, AWS WAF uses its default settings for ``ChallengeConfig`` .
         :param custom_response_bodies: A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL. For information about customizing web requests and responses, see `Customizing web requests and responses in AWS WAF <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html>`_ in the *AWS WAF Developer Guide* . For information about the limits on count and size for custom request and response settings, see `AWS WAF quotas <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html>`_ in the *AWS WAF Developer Guide* .
+        :param data_protection_config: Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option. The data protection that you configure for the web ACL alters the data that's available for any other data collection activity, including your AWS WAF logging destinations, web ACL request sampling, and Amazon Security Lake data collection and management. Your other option for data protection is in the logging configuration, which only affects logging.
         :param description: A description of the web ACL that helps with identification.
         :param name: The name of the web ACL. You cannot change the name of a web ACL after you create it.
         :param rules: The rule statements used to identify the web requests that you want to manage. Each rule includes one top-level statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.
@@ -11968,6 +11970,7 @@ class CfnWebACL(
             captcha_config=captcha_config,
             challenge_config=challenge_config,
             custom_response_bodies=custom_response_bodies,
+            data_protection_config=data_protection_config,
             description=description,
             name=name,
             rules=rules,
@@ -12183,6 +12186,24 @@ class CfnWebACL(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "customResponseBodies", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="dataProtectionConfig")
+    def data_protection_config(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.DataProtectionConfigProperty"]]:
+        '''Specifies data protection to apply to the web request data for the web ACL.'''
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.DataProtectionConfigProperty"]], jsii.get(self, "dataProtectionConfig"))
+
+    @data_protection_config.setter
+    def data_protection_config(
+        self,
+        value: typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.DataProtectionConfigProperty"]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__c8fdb8c606175920c3facb5c8db0632e7cdc7bedffcd3c6c787bab31ba6f6474)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "dataProtectionConfig", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="description")
     def description(self) -> typing.Optional[builtins.str]:
@@ -14133,6 +14154,199 @@ class CfnWebACL(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.DataProtectProperty",
+        jsii_struct_bases=[],
+        name_mapping={
+            "action": "action",
+            "field": "field",
+            "exclude_rate_based_details": "excludeRateBasedDetails",
+            "exclude_rule_match_details": "excludeRuleMatchDetails",
+        },
+    )
+    class DataProtectProperty:
+        def __init__(
+            self,
+            *,
+            action: builtins.str,
+            field: typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.FieldToProtectProperty", typing.Dict[builtins.str, typing.Any]]],
+            exclude_rate_based_details: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+            exclude_rule_match_details: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+        ) -> None:
+            '''
+            :param action: 
+            :param field: Field in log to protect.
+            :param exclude_rate_based_details: 
+            :param exclude_rule_match_details: 
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotect.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_wafv2 as wafv2
+                
+                data_protect_property = wafv2.CfnWebACL.DataProtectProperty(
+                    action="action",
+                    field=wafv2.CfnWebACL.FieldToProtectProperty(
+                        field_type="fieldType",
+                
+                        # the properties below are optional
+                        field_keys=["fieldKeys"]
+                    ),
+                
+                    # the properties below are optional
+                    exclude_rate_based_details=False,
+                    exclude_rule_match_details=False
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__426b9eaa484bd1569796d5a87210701ae64a082cfa2a2f0342a5b25283344e18)
+                check_type(argname="argument action", value=action, expected_type=type_hints["action"])
+                check_type(argname="argument field", value=field, expected_type=type_hints["field"])
+                check_type(argname="argument exclude_rate_based_details", value=exclude_rate_based_details, expected_type=type_hints["exclude_rate_based_details"])
+                check_type(argname="argument exclude_rule_match_details", value=exclude_rule_match_details, expected_type=type_hints["exclude_rule_match_details"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "action": action,
+                "field": field,
+            }
+            if exclude_rate_based_details is not None:
+                self._values["exclude_rate_based_details"] = exclude_rate_based_details
+            if exclude_rule_match_details is not None:
+                self._values["exclude_rule_match_details"] = exclude_rule_match_details
+
+        @builtins.property
+        def action(self) -> builtins.str:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotect.html#cfn-wafv2-webacl-dataprotect-action
+            '''
+            result = self._values.get("action")
+            assert result is not None, "Required property 'action' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def field(
+            self,
+        ) -> typing.Union[_IResolvable_da3f097b, "CfnWebACL.FieldToProtectProperty"]:
+            '''Field in log to protect.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotect.html#cfn-wafv2-webacl-dataprotect-field
+            '''
+            result = self._values.get("field")
+            assert result is not None, "Required property 'field' is missing"
+            return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnWebACL.FieldToProtectProperty"], result)
+
+        @builtins.property
+        def exclude_rate_based_details(
+            self,
+        ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotect.html#cfn-wafv2-webacl-dataprotect-excluderatebaseddetails
+            '''
+            result = self._values.get("exclude_rate_based_details")
+            return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
+
+        @builtins.property
+        def exclude_rule_match_details(
+            self,
+        ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotect.html#cfn-wafv2-webacl-dataprotect-excluderulematchdetails
+            '''
+            result = self._values.get("exclude_rule_match_details")
+            return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "DataProtectProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.DataProtectionConfigProperty",
+        jsii_struct_bases=[],
+        name_mapping={"data_protections": "dataProtections"},
+    )
+    class DataProtectionConfigProperty:
+        def __init__(
+            self,
+            *,
+            data_protections: typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.DataProtectProperty", typing.Dict[builtins.str, typing.Any]]]]],
+        ) -> None:
+            '''Specifies data protection to apply to the web request data for the web ACL.
+
+            This is a web ACL level data protection option.
+
+            The data protection that you configure for the web ACL alters the data that's available for any other data collection activity, including your AWS WAF logging destinations, web ACL request sampling, and Amazon Security Lake data collection and management. Your other option for data protection is in the logging configuration, which only affects logging.
+
+            This is part of the data protection configuration for a web ACL.
+
+            :param data_protections: An array of data protection configurations for specific web request field types. This is defined for each web ACL. AWS WAF applies the specified protection to all web requests that the web ACL inspects.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotectionconfig.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_wafv2 as wafv2
+                
+                data_protection_config_property = wafv2.CfnWebACL.DataProtectionConfigProperty(
+                    data_protections=[wafv2.CfnWebACL.DataProtectProperty(
+                        action="action",
+                        field=wafv2.CfnWebACL.FieldToProtectProperty(
+                            field_type="fieldType",
+                
+                            # the properties below are optional
+                            field_keys=["fieldKeys"]
+                        ),
+                
+                        # the properties below are optional
+                        exclude_rate_based_details=False,
+                        exclude_rule_match_details=False
+                    )]
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__00facdbed1fde99291b1bde086b472ce66ee6dd143e53d5639cc3ea8b02e5eac)
+                check_type(argname="argument data_protections", value=data_protections, expected_type=type_hints["data_protections"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "data_protections": data_protections,
+            }
+
+        @builtins.property
+        def data_protections(
+            self,
+        ) -> typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnWebACL.DataProtectProperty"]]]:
+            '''An array of data protection configurations for specific web request field types.
+
+            This is defined for each web ACL. AWS WAF applies the specified protection to all web requests that the web ACL inspects.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotectionconfig.html#cfn-wafv2-webacl-dataprotectionconfig-dataprotections
+            '''
+            result = self._values.get("data_protections")
+            assert result is not None, "Required property 'data_protections' is missing"
+            return typing.cast(typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnWebACL.DataProtectProperty"]]], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "DataProtectionConfigProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.DefaultActionProperty",
         jsii_struct_bases=[],
@@ -14703,6 +14917,83 @@ class CfnWebACL(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.FieldToProtectProperty",
+        jsii_struct_bases=[],
+        name_mapping={"field_type": "fieldType", "field_keys": "fieldKeys"},
+    )
+    class FieldToProtectProperty:
+        def __init__(
+            self,
+            *,
+            field_type: builtins.str,
+            field_keys: typing.Optional[typing.Sequence[builtins.str]] = None,
+        ) -> None:
+            '''Specifies a field type and keys to protect in stored web request data.
+
+            This is part of the data protection configuration for a web ACL.
+
+            :param field_type: Specifies the web request component type to protect.
+            :param field_keys: Specifies the keys to protect for the specified field type. If you don't specify any key, then all keys for the field type are protected.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtoprotect.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_wafv2 as wafv2
+                
+                field_to_protect_property = wafv2.CfnWebACL.FieldToProtectProperty(
+                    field_type="fieldType",
+                
+                    # the properties below are optional
+                    field_keys=["fieldKeys"]
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__b289950ea26daa0c8967a6c0a3a4de1a0fa062f7bc5f28fcf70ab8e7fa4989f0)
+                check_type(argname="argument field_type", value=field_type, expected_type=type_hints["field_type"])
+                check_type(argname="argument field_keys", value=field_keys, expected_type=type_hints["field_keys"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "field_type": field_type,
+            }
+            if field_keys is not None:
+                self._values["field_keys"] = field_keys
+
+        @builtins.property
+        def field_type(self) -> builtins.str:
+            '''Specifies the web request component type to protect.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtoprotect.html#cfn-wafv2-webacl-fieldtoprotect-fieldtype
+            '''
+            result = self._values.get("field_type")
+            assert result is not None, "Required property 'field_type' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def field_keys(self) -> typing.Optional[typing.List[builtins.str]]:
+            '''Specifies the keys to protect for the specified field type.
+
+            If you don't specify any key, then all keys for the field type are protected.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtoprotect.html#cfn-wafv2-webacl-fieldtoprotect-fieldkeys
+            '''
+            result = self._values.get("field_keys")
+            return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "FieldToProtectProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.ForwardedIPConfigurationProperty",
         jsii_struct_bases=[],
@@ -20931,6 +21222,7 @@ class CfnWebACLAssociationProps:
         "captcha_config": "captchaConfig",
         "challenge_config": "challengeConfig",
         "custom_response_bodies": "customResponseBodies",
+        "data_protection_config": "dataProtectionConfig",
         "description": "description",
         "name": "name",
         "rules": "rules",
@@ -20949,6 +21241,7 @@ class CfnWebACLProps:
         captcha_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.CaptchaConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         challenge_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.ChallengeConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         custom_response_bodies: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.CustomResponseBodyProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+        data_protection_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.DataProtectionConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         description: typing.Optional[builtins.str] = None,
         name: typing.Optional[builtins.str] = None,
         rules: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.RuleProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
@@ -20964,6 +21257,7 @@ class CfnWebACLProps:
         :param captcha_config: Specifies how AWS WAF should handle ``CAPTCHA`` evaluations for rules that don't have their own ``CaptchaConfig`` settings. If you don't specify this, AWS WAF uses its default settings for ``CaptchaConfig`` .
         :param challenge_config: Specifies how AWS WAF should handle challenge evaluations for rules that don't have their own ``ChallengeConfig`` settings. If you don't specify this, AWS WAF uses its default settings for ``ChallengeConfig`` .
         :param custom_response_bodies: A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL. For information about customizing web requests and responses, see `Customizing web requests and responses in AWS WAF <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html>`_ in the *AWS WAF Developer Guide* . For information about the limits on count and size for custom request and response settings, see `AWS WAF quotas <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html>`_ in the *AWS WAF Developer Guide* .
+        :param data_protection_config: Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option. The data protection that you configure for the web ACL alters the data that's available for any other data collection activity, including your AWS WAF logging destinations, web ACL request sampling, and Amazon Security Lake data collection and management. Your other option for data protection is in the logging configuration, which only affects logging.
         :param description: A description of the web ACL that helps with identification.
         :param name: The name of the web ACL. You cannot change the name of a web ACL after you create it.
         :param rules: The rule statements used to identify the web requests that you want to manage. Each rule includes one top-level statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.
@@ -20986,6 +21280,7 @@ class CfnWebACLProps:
             check_type(argname="argument captcha_config", value=captcha_config, expected_type=type_hints["captcha_config"])
             check_type(argname="argument challenge_config", value=challenge_config, expected_type=type_hints["challenge_config"])
             check_type(argname="argument custom_response_bodies", value=custom_response_bodies, expected_type=type_hints["custom_response_bodies"])
+            check_type(argname="argument data_protection_config", value=data_protection_config, expected_type=type_hints["data_protection_config"])
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
             check_type(argname="argument name", value=name, expected_type=type_hints["name"])
             check_type(argname="argument rules", value=rules, expected_type=type_hints["rules"])
@@ -21004,6 +21299,8 @@ class CfnWebACLProps:
             self._values["challenge_config"] = challenge_config
         if custom_response_bodies is not None:
             self._values["custom_response_bodies"] = custom_response_bodies
+        if data_protection_config is not None:
+            self._values["data_protection_config"] = data_protection_config
         if description is not None:
             self._values["description"] = description
         if name is not None:
@@ -21117,6 +21414,21 @@ class CfnWebACLProps:
         result = self._values.get("custom_response_bodies")
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, typing.Union[_IResolvable_da3f097b, CfnWebACL.CustomResponseBodyProperty]]]], result)
 
+    @builtins.property
+    def data_protection_config(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnWebACL.DataProtectionConfigProperty]]:
+        '''Specifies data protection to apply to the web request data for the web ACL.
+
+        This is a web ACL level data protection option.
+
+        The data protection that you configure for the web ACL alters the data that's available for any other data collection activity, including your AWS WAF logging destinations, web ACL request sampling, and Amazon Security Lake data collection and management. Your other option for data protection is in the logging configuration, which only affects logging.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-dataprotectionconfig
+        '''
+        result = self._values.get("data_protection_config")
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, CfnWebACL.DataProtectionConfigProperty]], result)
+
     @builtins.property
     def description(self) -> typing.Optional[builtins.str]:
         '''A description of the web ACL that helps with identification.
@@ -22069,6 +22381,7 @@ def _typecheckingstub__03030a65c492e95a1d1ae5ddafd6acbb9efdfa7e18b6367ac7e03eb8f
     captcha_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.CaptchaConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     challenge_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.ChallengeConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     custom_response_bodies: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.CustomResponseBodyProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+    data_protection_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.DataProtectionConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     description: typing.Optional[builtins.str] = None,
     name: typing.Optional[builtins.str] = None,
     rules: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.RuleProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
@@ -22132,6 +22445,12 @@ def _typecheckingstub__5782b9cc65df721fabb81b38101a49b0dce480579e9b262edcfe915ec
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__c8fdb8c606175920c3facb5c8db0632e7cdc7bedffcd3c6c787bab31ba6f6474(
+    value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnWebACL.DataProtectionConfigProperty]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__b7cfda3db6502d36377ec778a8c90e7487c0f54a00cb343261a4d256ace27df9(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -22322,6 +22641,23 @@ def _typecheckingstub__6dbc9439dfbaeae9e0932894939e1048a58a2d028d4ee3fbdcead25e1
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__426b9eaa484bd1569796d5a87210701ae64a082cfa2a2f0342a5b25283344e18(
+    *,
+    action: builtins.str,
+    field: typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.FieldToProtectProperty, typing.Dict[builtins.str, typing.Any]]],
+    exclude_rate_based_details: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+    exclude_rule_match_details: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__00facdbed1fde99291b1bde086b472ce66ee6dd143e53d5639cc3ea8b02e5eac(
+    *,
+    data_protections: typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.DataProtectProperty, typing.Dict[builtins.str, typing.Any]]]]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__4f9b2681c5a7f99be956a44a9c1d132bd2244e6fdc65ac82690f66a9402698b5(
     *,
     allow: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.AllowActionProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -22362,6 +22698,14 @@ def _typecheckingstub__25d147c856e9a8fd64f4cc05856e4813e584f37ef787792ad3c4e0790
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__b289950ea26daa0c8967a6c0a3a4de1a0fa062f7bc5f28fcf70ab8e7fa4989f0(
+    *,
+    field_type: builtins.str,
+    field_keys: typing.Optional[typing.Sequence[builtins.str]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__db1f5e352c4a5fdd9a13196892955f19f25065d63109402ea882298152866a75(
     *,
     fallback_behavior: builtins.str,
@@ -22866,6 +23210,7 @@ def _typecheckingstub__6e738df983d65d43590c0a02c03e6e0daa3a2097ae335371d22711838
     captcha_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.CaptchaConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     challenge_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.ChallengeConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     custom_response_bodies: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.CustomResponseBodyProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+    data_protection_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.DataProtectionConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     description: typing.Optional[builtins.str] = None,
     name: typing.Optional[builtins.str] = None,
     rules: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.RuleProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,

aws_cdk/aws_workspacesthinclient/__init__.py

@@ -151,7 +151,7 @@ class CfnEnvironment(
         :param desktop_arn: The Amazon Resource Name (ARN) of the desktop to stream from Amazon WorkSpaces, WorkSpaces Secure Browser, or AppStream 2.0.
         :param desired_software_set_id: The ID of the software set to apply.
         :param desktop_endpoint: The URL for the identity provider login (only for environments that use AppStream 2.0).
-        :param device_creation_tags: The tag keys and optional values for the newly created devices for this environment.
+        :param device_creation_tags: An array of key-value pairs to apply to the newly created devices for this environment.
         :param kms_key_arn: The Amazon Resource Name (ARN) of the AWS Key Management Service key used to encrypt the environment.
         :param maintenance_window: A specification for a time window to apply software updates.
         :param name: The name of the environment.
@@ -353,7 +353,7 @@ class CfnEnvironment(
     def device_creation_tags(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, _CfnTag_f6864754]]]]:
-        '''The tag keys and optional values for the newly created devices for this environment.'''
+        '''An array of key-value pairs to apply to the newly created devices for this environment.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, _CfnTag_f6864754]]]], jsii.get(self, "deviceCreationTags"))
 
     @device_creation_tags.setter
@@ -645,7 +645,7 @@ class CfnEnvironmentProps:
         :param desktop_arn: The Amazon Resource Name (ARN) of the desktop to stream from Amazon WorkSpaces, WorkSpaces Secure Browser, or AppStream 2.0.
         :param desired_software_set_id: The ID of the software set to apply.
         :param desktop_endpoint: The URL for the identity provider login (only for environments that use AppStream 2.0).
-        :param device_creation_tags: The tag keys and optional values for the newly created devices for this environment.
+        :param device_creation_tags: An array of key-value pairs to apply to the newly created devices for this environment.
         :param kms_key_arn: The Amazon Resource Name (ARN) of the AWS Key Management Service key used to encrypt the environment.
         :param maintenance_window: A specification for a time window to apply software updates.
         :param name: The name of the environment.
@@ -759,7 +759,7 @@ class CfnEnvironmentProps:
     def device_creation_tags(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, _CfnTag_f6864754]]]]:
-        '''The tag keys and optional values for the newly created devices for this environment.
+        '''An array of key-value pairs to apply to the newly created devices for this environment.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-workspacesthinclient-environment.html#cfn-workspacesthinclient-environment-devicecreationtags
         '''

aws_cdk/cx_api/__init__.py

@@ -629,6 +629,59 @@ This solves an issue where a circular dependency could occur if adding lambda to
   }
 }
 ```
+
+* `@aws-cdk/aws-s3:setUniqueReplicationRoleName`
+
+When this feature flag is enabled, a unique role name is specified only when performing cross-account replication.
+When disabled, 'CDKReplicationRole' is always specified.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-s3:setUniqueReplicationRoleName": true
+  }
+}
+```
+
+* `@aws-cdk/pipelines:reduceStageRoleTrustScope`
+
+When this feature flag is enabled, the root account principal will not be added to the trust policy of stage role.
+When this feature flag is disabled, it will keep the root account principal in the trust policy.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/pipelines:reduceStageRoleTrustScope": true
+  }
+}
+```
+
+* `@aws-cdk/aws-events:requireEventBusPolicySid`
+
+When this flag is enabled:
+
+* Resource policies will be created with Statement IDs for service principals
+* The operation will succeed as expected
+
+When this flag is disabled:
+
+* A warning will be emitted
+* The grant operation will be dropped
+* No permissions will be added
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-events:requireEventBusPolicySid": true
+  }
+}
+```
 '''
 from pkgutil import extend_path
 __path__ = extend_path(__path__, __name__)

aws_cdk/region_info/__init__.py

@@ -423,7 +423,7 @@ class FactName(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.region_info.FactN
     @jsii.python.classproperty
     @jsii.member(jsii_name="FIREHOSE_CIDR_BLOCK")
     def FIREHOSE_CIDR_BLOCK(cls) -> builtins.str:
-        '''The CIDR block used by Kinesis Data Firehose servers.'''
+        '''The CIDR block used by Amazon Data Firehose servers.'''
         return typing.cast(builtins.str, jsii.sget(cls, "FIREHOSE_CIDR_BLOCK"))
 
     @jsii.python.classproperty
@@ -748,7 +748,7 @@ class RegionInfo(
     @builtins.property
     @jsii.member(jsii_name="firehoseCidrBlock")
     def firehose_cidr_block(self) -> typing.Optional[builtins.str]:
-        '''The CIDR block used by Kinesis Data Firehose servers.'''
+        '''The CIDR block used by Amazon Data Firehose servers.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "firehoseCidrBlock"))
 
     @builtins.property

{aws_cdk_lib-2.184.1.dist-info → aws_cdk_lib-2.186.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aws-cdk-lib
-Version: 2.184.1
+Version: 2.186.0
 Summary: Version 2 of the AWS Cloud Development Kit library
 Home-page: https://github.com/aws/aws-cdk
 Author: Amazon Web Services