aws-cdk-lib 2.185.0__py3-none-any.whl → 2.186.0__py3-none-any.whl

aws_cdk/aws_ecs/__init__.py

@@ -37170,33 +37170,28 @@ class TaskDefinition(
 
     Example::
 
-        # task_definition: ecs.TaskDefinition
+        import aws_cdk.aws_cloudwatch as cw
+        
         # cluster: ecs.Cluster
+        # task_definition: ecs.TaskDefinition
         
         
-        # Add a container to the task definition
-        specific_container = task_definition.add_container("Container",
-            image=ecs.ContainerImage.from_registry("/aws/aws-example-app"),
-            memory_limit_mi_b=2048
+        service = ecs.FargateService(self, "Service",
+            cluster=cluster,
+            task_definition=task_definition
         )
         
-        # Add a port mapping
-        specific_container.add_port_mappings(
-            container_port=7600,
-            protocol=ecs.Protocol.TCP
+        cpu_alarm_name = "MyCpuMetricAlarm"
+        my_alarm = cw.Alarm(self, "CPUAlarm",
+            alarm_name=cpu_alarm_name,
+            metric=service.metric_cpu_utilization(),
+            evaluation_periods=2,
+            threshold=80
         )
         
-        ecs.Ec2Service(self, "Service",
-            cluster=cluster,
-            task_definition=task_definition,
-            min_healthy_percent=100,
-            cloud_map_options=ecs.CloudMapOptions(
-                # Create SRV records - useful for bridge networking
-                dns_record_type=cloudmap.DnsRecordType.SRV,
-                # Targets port TCP port 7600 `specificContainer`
-                container=specific_container,
-                container_port=7600
-            )
+        # Using `myAlarm.alarmName` here will cause a circular dependency
+        service.enable_deployment_alarms([cpu_alarm_name],
+            behavior=ecs.AlarmBehavior.FAIL_ON_ALARM
         )
     '''
 

aws_cdk/aws_events/__init__.py

@@ -374,6 +374,7 @@ from ..aws_iam import (
     AddToResourcePolicyResult as _AddToResourcePolicyResult_1d0a53ad,
     Grant as _Grant_a7ae64f8,
     IGrantable as _IGrantable_71c4f5de,
+    IResourceWithPolicy as _IResourceWithPolicy_720d64fc,
     IRole as _IRole_235f5d8e,
     PolicyStatement as _PolicyStatement_0fe33853,
 )
@@ -9505,10 +9506,15 @@ class IEventBus(_IResource_c80c4260, typing_extensions.Protocol):
         ...
 
     @jsii.member(jsii_name="grantPutEventsTo")
-    def grant_put_events_to(self, grantee: _IGrantable_71c4f5de) -> _Grant_a7ae64f8:
+    def grant_put_events_to(
+        self,
+        grantee: _IGrantable_71c4f5de,
+        sid: typing.Optional[builtins.str] = None,
+    ) -> _Grant_a7ae64f8:
         '''Grants an IAM Principal to send custom events to the eventBus so that they can be matched to rules.
 
         :param grantee: The principal (no-op if undefined).
+        :param sid: The Statement ID used if we need to add a trust policy on the event bus.
         '''
         ...
 
@@ -9593,15 +9599,21 @@ class _IEventBusProxy(
         return typing.cast(Archive, jsii.invoke(self, "archive", [id, props]))
 
     @jsii.member(jsii_name="grantPutEventsTo")
-    def grant_put_events_to(self, grantee: _IGrantable_71c4f5de) -> _Grant_a7ae64f8:
+    def grant_put_events_to(
+        self,
+        grantee: _IGrantable_71c4f5de,
+        sid: typing.Optional[builtins.str] = None,
+    ) -> _Grant_a7ae64f8:
         '''Grants an IAM Principal to send custom events to the eventBus so that they can be matched to rules.
 
         :param grantee: The principal (no-op if undefined).
+        :param sid: The Statement ID used if we need to add a trust policy on the event bus.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__d2c68164c7bcf711cce4fa768eb0c26c773cd00ae54af79587f28c0ff626481f)
             check_type(argname="argument grantee", value=grantee, expected_type=type_hints["grantee"])
-        return typing.cast(_Grant_a7ae64f8, jsii.invoke(self, "grantPutEventsTo", [grantee]))
+            check_type(argname="argument sid", value=sid, expected_type=type_hints["sid"])
+        return typing.cast(_Grant_a7ae64f8, jsii.invoke(self, "grantPutEventsTo", [grantee, sid]))
 
 # Adding a "__jsii_proxy_class__(): typing.Type" function to the interface
 typing.cast(typing.Any, IEventBus).__jsii_proxy_class__ = lambda : _IEventBusProxy
@@ -11913,7 +11925,7 @@ class Connection(
         return typing.cast(builtins.str, jsii.get(self, "connectionSecretArn"))
 
 
-@jsii.implements(IEventBus)
+@jsii.implements(IEventBus, _IResourceWithPolicy_720d64fc)
 class EventBus(
     _Resource_45bc6135,
     metaclass=jsii.JSIIMeta,
@@ -11926,15 +11938,18 @@ class EventBus(
 
     Example::
 
-        import aws_cdk.aws_events as events
-        
-        # my_configuration_set: ses.ConfigurationSet
-        
-        
-        bus = events.EventBus.from_event_bus_name(self, "EventBus", "default")
+        bus = events.EventBus(self, "bus",
+            event_bus_name="MyCustomEventBus",
+            description="MyCustomEventBus"
+        )
         
-        my_configuration_set.add_event_destination("ToEventBus",
-            destination=ses.EventDestination.event_bus(bus)
+        bus.archive("MyArchive",
+            archive_name="MyCustomEventBusArchive",
+            description="MyCustomerEventBus Archive",
+            event_pattern=events.EventPattern(
+                account=[Stack.of(self).account]
+            ),
+            retention=Duration.days(365)
         )
     '''
 
@@ -12108,15 +12123,21 @@ class EventBus(
         return typing.cast(Archive, jsii.invoke(self, "archive", [id, props]))
 
     @jsii.member(jsii_name="grantPutEventsTo")
-    def grant_put_events_to(self, grantee: _IGrantable_71c4f5de) -> _Grant_a7ae64f8:
+    def grant_put_events_to(
+        self,
+        grantee: _IGrantable_71c4f5de,
+        sid: typing.Optional[builtins.str] = None,
+    ) -> _Grant_a7ae64f8:
         '''Grants an IAM Principal to send custom events to the eventBus so that they can be matched to rules.
 
         :param grantee: -
+        :param sid: -
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__f55b55b311ab4cc3f0aabb9339086b97d1f1340dcc28209fe5e78777c8287a4f)
             check_type(argname="argument grantee", value=grantee, expected_type=type_hints["grantee"])
-        return typing.cast(_Grant_a7ae64f8, jsii.invoke(self, "grantPutEventsTo", [grantee]))
+            check_type(argname="argument sid", value=sid, expected_type=type_hints["sid"])
+        return typing.cast(_Grant_a7ae64f8, jsii.invoke(self, "grantPutEventsTo", [grantee, sid]))
 
     @builtins.property
     @jsii.member(jsii_name="eventBusArn")
@@ -13272,6 +13293,7 @@ def _typecheckingstub__1ed58495b96f0f8ed0dfb0c65e8400413d45c5c1f372215e535272012
 
 def _typecheckingstub__d2c68164c7bcf711cce4fa768eb0c26c773cd00ae54af79587f28c0ff626481f(
     grantee: _IGrantable_71c4f5de,
+    sid: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -13697,6 +13719,7 @@ def _typecheckingstub__7330918630167c372966fe4a86452f34a261c80460ae944bcce168d6b
 
 def _typecheckingstub__f55b55b311ab4cc3f0aabb9339086b97d1f1340dcc28209fe5e78777c8287a4f(
     grantee: _IGrantable_71c4f5de,
+    sid: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
     pass

aws_cdk/aws_gamelift/__init__.py

@@ -7897,7 +7897,7 @@ class CfnGameSessionQueue(
         :param player_latency_policies: A set of policies that enforce a sliding cap on player latency when processing game sessions placement requests. Use multiple policies to gradually relax the cap over time if Amazon GameLift Servers can't make a placement. Policies are evaluated in order starting with the lowest maximum latency value.
         :param priority_configuration: Custom settings to use when prioritizing destinations and locations for game session placements. This configuration replaces the FleetIQ default prioritization process. Priority types that are not explicitly named will be automatically applied at the end of the prioritization process.
         :param tags: A list of labels to assign to the new game session queue resource. Tags are developer-defined key-value pairs. Tagging AWS resources are useful for resource management, access management and cost allocation. For more information, see `Tagging AWS Resources <https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html>`_ in the *AWS General Reference* . Once the resource is created, you can use TagResource, UntagResource, and ListTagsForResource to add, remove, and view tags. The maximum tag limit may be lower than stated. See the AWS General Reference for actual tagging limits.
-        :param timeout_in_seconds: The maximum time, in seconds, that a new game session placement request remains in the queue. When a request exceeds this time, the game session placement changes to a ``TIMED_OUT`` status.
+        :param timeout_in_seconds: The maximum time, in seconds, that a new game session placement request remains in the queue. When a request exceeds this time, the game session placement changes to a ``TIMED_OUT`` status. If you don't specify a request timeout, the queue uses a default value.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__2435e37790a5987d49478948c0c1ac36c9e463fa29441c46ba0aa4d567f2c585)
@@ -8390,7 +8390,7 @@ class CfnGameSessionQueue(
             Changing the priority order will affect how game sessions are placed.
 
             :param location_order: The prioritization order to use for fleet locations, when the ``PriorityOrder`` property includes ``LOCATION`` . Locations can include AWS Region codes (such as ``us-west-2`` ), local zones, and custom locations (for Anywhere fleets). Each location must be listed only once. For details, see `Amazon GameLift Servers service locations. <https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift-regions.html>`_
-            :param priority_order: A custom sequence to use when prioritizing where to place new game sessions. Each priority type is listed once. - ``LATENCY`` -- Amazon GameLift Servers prioritizes locations where the average player latency is lowest. Player latency data is provided in each game session placement request. - ``COST`` -- Amazon GameLift Servers prioritizes destinations with the lowest current hosting costs. Cost is evaluated based on the location, instance type, and fleet type (Spot or On-Demand) of each destination in the queue. - ``DESTINATION`` -- Amazon GameLift Servers prioritizes based on the list order of destinations in the queue configuration. - ``LOCATION`` -- Amazon GameLift Servers prioritizes based on the provided order of locations, as defined in ``LocationOrder`` .
+            :param priority_order: A custom sequence to use when prioritizing where to place new game sessions. Each priority type is listed once. - ``LATENCY`` -- Amazon GameLift Servers prioritizes locations where the average player latency is lowest. Player latency data is provided in each game session placement request. - ``COST`` -- Amazon GameLift Servers prioritizes queue destinations with the lowest current hosting costs. Cost is evaluated based on the destination's location, instance type, and fleet type (Spot or On-Demand). - ``DESTINATION`` -- Amazon GameLift Servers prioritizes based on the list order of destinations in the queue configuration. - ``LOCATION`` -- Amazon GameLift Servers prioritizes based on the provided order of locations, as defined in ``LocationOrder`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-gamelift-gamesessionqueue-priorityconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -8432,7 +8432,7 @@ class CfnGameSessionQueue(
             '''A custom sequence to use when prioritizing where to place new game sessions. Each priority type is listed once.
 
             - ``LATENCY`` -- Amazon GameLift Servers prioritizes locations where the average player latency is lowest. Player latency data is provided in each game session placement request.
-            - ``COST`` -- Amazon GameLift Servers prioritizes destinations with the lowest current hosting costs. Cost is evaluated based on the location, instance type, and fleet type (Spot or On-Demand) of each destination in the queue.
+            - ``COST`` -- Amazon GameLift Servers prioritizes queue destinations with the lowest current hosting costs. Cost is evaluated based on the destination's location, instance type, and fleet type (Spot or On-Demand).
             - ``DESTINATION`` -- Amazon GameLift Servers prioritizes based on the list order of destinations in the queue configuration.
             - ``LOCATION`` -- Amazon GameLift Servers prioritizes based on the provided order of locations, as defined in ``LocationOrder`` .
 
@@ -8492,7 +8492,7 @@ class CfnGameSessionQueueProps:
         :param player_latency_policies: A set of policies that enforce a sliding cap on player latency when processing game sessions placement requests. Use multiple policies to gradually relax the cap over time if Amazon GameLift Servers can't make a placement. Policies are evaluated in order starting with the lowest maximum latency value.
         :param priority_configuration: Custom settings to use when prioritizing destinations and locations for game session placements. This configuration replaces the FleetIQ default prioritization process. Priority types that are not explicitly named will be automatically applied at the end of the prioritization process.
         :param tags: A list of labels to assign to the new game session queue resource. Tags are developer-defined key-value pairs. Tagging AWS resources are useful for resource management, access management and cost allocation. For more information, see `Tagging AWS Resources <https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html>`_ in the *AWS General Reference* . Once the resource is created, you can use TagResource, UntagResource, and ListTagsForResource to add, remove, and view tags. The maximum tag limit may be lower than stated. See the AWS General Reference for actual tagging limits.
-        :param timeout_in_seconds: The maximum time, in seconds, that a new game session placement request remains in the queue. When a request exceeds this time, the game session placement changes to a ``TIMED_OUT`` status.
+        :param timeout_in_seconds: The maximum time, in seconds, that a new game session placement request remains in the queue. When a request exceeds this time, the game session placement changes to a ``TIMED_OUT`` status. If you don't specify a request timeout, the queue uses a default value.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-gamelift-gamesessionqueue.html
         :exampleMetadata: fixture=_generated
@@ -8660,7 +8660,7 @@ class CfnGameSessionQueueProps:
     def timeout_in_seconds(self) -> typing.Optional[jsii.Number]:
         '''The maximum time, in seconds, that a new game session placement request remains in the queue.
 
-        When a request exceeds this time, the game session placement changes to a ``TIMED_OUT`` status.
+        When a request exceeds this time, the game session placement changes to a ``TIMED_OUT`` status. If you don't specify a request timeout, the queue uses a default value.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-gamelift-gamesessionqueue.html#cfn-gamelift-gamesessionqueue-timeoutinseconds
         '''

aws_cdk/aws_iam/__init__.py

@@ -7378,6 +7378,87 @@ class Grant(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_iam.Grant"):
         detach_grant = volume.grant_detach_volume_by_resource_tag(instance.grant_principal, [instance])
     '''
 
+    @jsii.member(jsii_name="addStatementToResourcePolicy")
+    @builtins.classmethod
+    def add_statement_to_resource_policy(
+        cls,
+        *,
+        statement: "PolicyStatement",
+        resource: "IResourceWithPolicy",
+        resource_self_arns: typing.Optional[typing.Sequence[builtins.str]] = None,
+        actions: typing.Sequence[builtins.str],
+        grantee: "IGrantable",
+        resource_arns: typing.Sequence[builtins.str],
+        conditions: typing.Optional[typing.Mapping[builtins.str, typing.Mapping[builtins.str, typing.Any]]] = None,
+    ) -> "Grant":
+        '''Add a pre-constructed policy statement to the resource's policy.
+
+        This method provides direct, low-level control over the initial policy statement being added.
+        It is useful when you need to:
+
+        - Add complex policy statements that can't be expressed through other grant methods
+        - Specify the initial structure of the policy statement
+        - Add statements with custom conditions or other advanced IAM features
+
+        Important differences from other grant methods:
+
+        - Only modifies the resource policy, never modifies any principal's policy
+        - Takes a complete PolicyStatement rather than constructing one from parameters
+        - Always attempts to add the statement, regardless of principal type or account
+        - Does not attempt any automatic principal/resource policy selection logic
+
+        Note: The final form of the policy statement in the resource's policy may differ
+        from the provided statement, depending on the resource's implementation of
+        addToResourcePolicy.
+
+        :param statement: The policy statement to add to the resource's policy. This statement will be passed to the resource's addToResourcePolicy method. The actual handling of the statement depends on the specific IResourceWithPolicy implementation.
+        :param resource: The resource with a resource policy. The statement will be added to the resource policy if it couldn't be added to the principal policy.
+        :param resource_self_arns: When referring to the resource in a resource policy, use this as ARN. (Depending on the resource type, this needs to be '*' in a resource policy). Default: Same as regular resource ARNs
+        :param actions: The actions to grant.
+        :param grantee: The principal to grant to. Default: if principal is undefined, no work is done.
+        :param resource_arns: The resource ARNs to grant to.
+        :param conditions: Any conditions to attach to the grant. Default: - No conditions
+
+        :return: A Grant object representing the result of the operation
+
+        Example::
+
+            # grantee: iam.IGrantable
+            # actions: List[str]
+            # resource_arns: List[str]
+            # bucket: s3.Bucket
+            
+            
+            statement = iam.PolicyStatement(
+                effect=iam.Effect.ALLOW,
+                actions=actions,
+                principals=[iam.ServicePrincipal("lambda.amazonaws.com")],
+                conditions={
+                    "StringEquals": {
+                        "aws:SourceAccount": Stack.of(self).account
+                    }
+                }
+            )
+            iam.Grant.add_statement_to_resource_policy(
+                grantee=grantee,
+                actions=actions,
+                resource_arns=resource_arns,
+                resource=bucket,
+                statement=statement
+            )
+        '''
+        options = GrantPolicyWithResourceOptions(
+            statement=statement,
+            resource=resource,
+            resource_self_arns=resource_self_arns,
+            actions=actions,
+            grantee=grantee,
+            resource_arns=resource_arns,
+            conditions=conditions,
+        )
+
+        return typing.cast("Grant", jsii.sinvoke(cls, "addStatementToResourcePolicy", [options]))
+
     @jsii.member(jsii_name="addToPrincipal")
     @builtins.classmethod
     def add_to_principal(
@@ -12043,6 +12124,175 @@ class AccessKey(
         return typing.cast(_SecretValue_3dd0ddae, jsii.get(self, "secretAccessKey"))
 
 
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_iam.GrantPolicyWithResourceOptions",
+    jsii_struct_bases=[GrantWithResourceOptions],
+    name_mapping={
+        "actions": "actions",
+        "grantee": "grantee",
+        "resource_arns": "resourceArns",
+        "conditions": "conditions",
+        "resource": "resource",
+        "resource_self_arns": "resourceSelfArns",
+        "statement": "statement",
+    },
+)
+class GrantPolicyWithResourceOptions(GrantWithResourceOptions):
+    def __init__(
+        self,
+        *,
+        actions: typing.Sequence[builtins.str],
+        grantee: IGrantable,
+        resource_arns: typing.Sequence[builtins.str],
+        conditions: typing.Optional[typing.Mapping[builtins.str, typing.Mapping[builtins.str, typing.Any]]] = None,
+        resource: IResourceWithPolicy,
+        resource_self_arns: typing.Optional[typing.Sequence[builtins.str]] = None,
+        statement: PolicyStatement,
+    ) -> None:
+        '''Options for a grant operation that directly adds a policy statement to a resource.
+
+        This differs from GrantWithResourceOptions in that it requires a pre-constructed
+        PolicyStatement rather than constructing one from individual permissions.
+        Use this when you need fine-grained control over the initial policy statement's contents.
+
+        :param actions: The actions to grant.
+        :param grantee: The principal to grant to. Default: if principal is undefined, no work is done.
+        :param resource_arns: The resource ARNs to grant to.
+        :param conditions: Any conditions to attach to the grant. Default: - No conditions
+        :param resource: The resource with a resource policy. The statement will be added to the resource policy if it couldn't be added to the principal policy.
+        :param resource_self_arns: When referring to the resource in a resource policy, use this as ARN. (Depending on the resource type, this needs to be '*' in a resource policy). Default: Same as regular resource ARNs
+        :param statement: The policy statement to add to the resource's policy. This statement will be passed to the resource's addToResourcePolicy method. The actual handling of the statement depends on the specific IResourceWithPolicy implementation.
+
+        :exampleMetadata: infused
+
+        Example::
+
+            # grantee: iam.IGrantable
+            # actions: List[str]
+            # resource_arns: List[str]
+            # bucket: s3.Bucket
+            
+            
+            statement = iam.PolicyStatement(
+                effect=iam.Effect.ALLOW,
+                actions=actions,
+                principals=[iam.ServicePrincipal("lambda.amazonaws.com")],
+                conditions={
+                    "StringEquals": {
+                        "aws:SourceAccount": Stack.of(self).account
+                    }
+                }
+            )
+            iam.Grant.add_statement_to_resource_policy(
+                grantee=grantee,
+                actions=actions,
+                resource_arns=resource_arns,
+                resource=bucket,
+                statement=statement
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__0475ec23892b6dacf8e0426b204cca68a4091056bb08c20a72dbc06d2aedcf5e)
+            check_type(argname="argument actions", value=actions, expected_type=type_hints["actions"])
+            check_type(argname="argument grantee", value=grantee, expected_type=type_hints["grantee"])
+            check_type(argname="argument resource_arns", value=resource_arns, expected_type=type_hints["resource_arns"])
+            check_type(argname="argument conditions", value=conditions, expected_type=type_hints["conditions"])
+            check_type(argname="argument resource", value=resource, expected_type=type_hints["resource"])
+            check_type(argname="argument resource_self_arns", value=resource_self_arns, expected_type=type_hints["resource_self_arns"])
+            check_type(argname="argument statement", value=statement, expected_type=type_hints["statement"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "actions": actions,
+            "grantee": grantee,
+            "resource_arns": resource_arns,
+            "resource": resource,
+            "statement": statement,
+        }
+        if conditions is not None:
+            self._values["conditions"] = conditions
+        if resource_self_arns is not None:
+            self._values["resource_self_arns"] = resource_self_arns
+
+    @builtins.property
+    def actions(self) -> typing.List[builtins.str]:
+        '''The actions to grant.'''
+        result = self._values.get("actions")
+        assert result is not None, "Required property 'actions' is missing"
+        return typing.cast(typing.List[builtins.str], result)
+
+    @builtins.property
+    def grantee(self) -> IGrantable:
+        '''The principal to grant to.
+
+        :default: if principal is undefined, no work is done.
+        '''
+        result = self._values.get("grantee")
+        assert result is not None, "Required property 'grantee' is missing"
+        return typing.cast(IGrantable, result)
+
+    @builtins.property
+    def resource_arns(self) -> typing.List[builtins.str]:
+        '''The resource ARNs to grant to.'''
+        result = self._values.get("resource_arns")
+        assert result is not None, "Required property 'resource_arns' is missing"
+        return typing.cast(typing.List[builtins.str], result)
+
+    @builtins.property
+    def conditions(
+        self,
+    ) -> typing.Optional[typing.Mapping[builtins.str, typing.Mapping[builtins.str, typing.Any]]]:
+        '''Any conditions to attach to the grant.
+
+        :default: - No conditions
+        '''
+        result = self._values.get("conditions")
+        return typing.cast(typing.Optional[typing.Mapping[builtins.str, typing.Mapping[builtins.str, typing.Any]]], result)
+
+    @builtins.property
+    def resource(self) -> IResourceWithPolicy:
+        '''The resource with a resource policy.
+
+        The statement will be added to the resource policy if it couldn't be
+        added to the principal policy.
+        '''
+        result = self._values.get("resource")
+        assert result is not None, "Required property 'resource' is missing"
+        return typing.cast(IResourceWithPolicy, result)
+
+    @builtins.property
+    def resource_self_arns(self) -> typing.Optional[typing.List[builtins.str]]:
+        '''When referring to the resource in a resource policy, use this as ARN.
+
+        (Depending on the resource type, this needs to be '*' in a resource policy).
+
+        :default: Same as regular resource ARNs
+        '''
+        result = self._values.get("resource_self_arns")
+        return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
+    @builtins.property
+    def statement(self) -> PolicyStatement:
+        '''The policy statement to add to the resource's policy.
+
+        This statement will be passed to the resource's addToResourcePolicy method.
+        The actual handling of the statement depends on the specific IResourceWithPolicy
+        implementation.
+        '''
+        result = self._values.get("statement")
+        assert result is not None, "Required property 'statement' is missing"
+        return typing.cast(PolicyStatement, result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "GrantPolicyWithResourceOptions(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
 @jsii.interface(jsii_type="aws-cdk-lib.aws_iam.IAssumeRolePrincipal")
 class IAssumeRolePrincipal(IPrincipal, typing_extensions.Protocol):
     '''A type of principal that has more control over its own representation in AssumeRolePolicyDocuments.
@@ -15106,6 +15356,7 @@ __all__ = [
     "Grant",
     "GrantOnPrincipalAndResourceOptions",
     "GrantOnPrincipalOptions",
+    "GrantPolicyWithResourceOptions",
     "GrantWithResourceOptions",
     "Group",
     "GroupProps",
@@ -16886,6 +17137,19 @@ def _typecheckingstub__604f514db426465dbc092293e7b2e46f5358ddb17770a96f51ef7e6a5
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__0475ec23892b6dacf8e0426b204cca68a4091056bb08c20a72dbc06d2aedcf5e(
+    *,
+    actions: typing.Sequence[builtins.str],
+    grantee: IGrantable,
+    resource_arns: typing.Sequence[builtins.str],
+    conditions: typing.Optional[typing.Mapping[builtins.str, typing.Mapping[builtins.str, typing.Any]]] = None,
+    resource: IResourceWithPolicy,
+    resource_self_arns: typing.Optional[typing.Sequence[builtins.str]] = None,
+    statement: PolicyStatement,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__2773dd1c98b9bb45b356173892f3248a430e55c5ab0a22cb6e5df0bcdaa898a5(
     document: PolicyDocument,
 ) -> None:

aws_cdk/aws_imagebuilder/__init__.py

@@ -1959,7 +1959,6 @@ class CfnDistributionConfiguration(
         
         # ami_distribution_configuration: Any
         # container_distribution_configuration: Any
-        # ssm_parameter_configurations: Any
         
         cfn_distribution_configuration = imagebuilder.CfnDistributionConfiguration(self, "MyCfnDistributionConfiguration",
             distributions=[imagebuilder.CfnDistributionConfiguration.DistributionProperty(
@@ -1986,8 +1985,7 @@ class CfnDistributionConfiguration(
                     launch_template_id="launchTemplateId",
                     set_default_version=False
                 )],
-                license_configuration_arns=["licenseConfigurationArns"],
-                ssm_parameter_configurations=[ssm_parameter_configurations]
+                license_configuration_arns=["licenseConfigurationArns"]
             )],
             name="name",
         
@@ -2402,7 +2400,6 @@ class CfnDistributionConfiguration(
             "fast_launch_configurations": "fastLaunchConfigurations",
             "launch_template_configurations": "launchTemplateConfigurations",
             "license_configuration_arns": "licenseConfigurationArns",
-            "ssm_parameter_configurations": "ssmParameterConfigurations",
         },
     )
     class DistributionProperty:
@@ -2415,7 +2412,6 @@ class CfnDistributionConfiguration(
             fast_launch_configurations: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnDistributionConfiguration.FastLaunchConfigurationProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
             launch_template_configurations: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnDistributionConfiguration.LaunchTemplateConfigurationProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
             license_configuration_arns: typing.Optional[typing.Sequence[builtins.str]] = None,
-            ssm_parameter_configurations: typing.Optional[typing.Union[typing.Sequence[typing.Any], _IResolvable_da3f097b]] = None,
         ) -> None:
             '''The distribution configuration distribution defines the settings for a specific Region in the Distribution Configuration.
 
@@ -2430,7 +2426,6 @@ class CfnDistributionConfiguration(
             :param fast_launch_configurations: The Windows faster-launching configurations to use for AMI distribution.
             :param launch_template_configurations: A group of launchTemplateConfiguration settings that apply to image distribution for specified accounts.
             :param license_configuration_arns: The License Manager Configuration to associate with the AMI in the specified Region. For more information, see the `LicenseConfiguration API <https://docs.aws.amazon.com/license-manager/latest/APIReference/API_LicenseConfiguration.html>`_ .
-            :param ssm_parameter_configurations: The SSM parameter configurations to use for AMI distribution.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-imagebuilder-distributionconfiguration-distribution.html
             :exampleMetadata: fixture=_generated
@@ -2443,7 +2438,6 @@ class CfnDistributionConfiguration(
                 
                 # ami_distribution_configuration: Any
                 # container_distribution_configuration: Any
-                # ssm_parameter_configurations: Any
                 
                 distribution_property = imagebuilder.CfnDistributionConfiguration.DistributionProperty(
                     region="region",
@@ -2469,8 +2463,7 @@ class CfnDistributionConfiguration(
                         launch_template_id="launchTemplateId",
                         set_default_version=False
                     )],
-                    license_configuration_arns=["licenseConfigurationArns"],
-                    ssm_parameter_configurations=[ssm_parameter_configurations]
+                    license_configuration_arns=["licenseConfigurationArns"]
                 )
             '''
             if __debug__:
@@ -2481,7 +2474,6 @@ class CfnDistributionConfiguration(
                 check_type(argname="argument fast_launch_configurations", value=fast_launch_configurations, expected_type=type_hints["fast_launch_configurations"])
                 check_type(argname="argument launch_template_configurations", value=launch_template_configurations, expected_type=type_hints["launch_template_configurations"])
                 check_type(argname="argument license_configuration_arns", value=license_configuration_arns, expected_type=type_hints["license_configuration_arns"])
-                check_type(argname="argument ssm_parameter_configurations", value=ssm_parameter_configurations, expected_type=type_hints["ssm_parameter_configurations"])
             self._values: typing.Dict[builtins.str, typing.Any] = {
                 "region": region,
             }
@@ -2495,8 +2487,6 @@ class CfnDistributionConfiguration(
                 self._values["launch_template_configurations"] = launch_template_configurations
             if license_configuration_arns is not None:
                 self._values["license_configuration_arns"] = license_configuration_arns
-            if ssm_parameter_configurations is not None:
-                self._values["ssm_parameter_configurations"] = ssm_parameter_configurations
 
         @builtins.property
         def region(self) -> builtins.str:
@@ -2567,17 +2557,6 @@ class CfnDistributionConfiguration(
             result = self._values.get("license_configuration_arns")
             return typing.cast(typing.Optional[typing.List[builtins.str]], result)
 
-        @builtins.property
-        def ssm_parameter_configurations(
-            self,
-        ) -> typing.Optional[typing.Union[typing.List[typing.Any], _IResolvable_da3f097b]]:
-            '''The SSM parameter configurations to use for AMI distribution.
-
-            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-imagebuilder-distributionconfiguration-distribution.html#cfn-imagebuilder-distributionconfiguration-distribution-ssmparameterconfigurations
-            '''
-            result = self._values.get("ssm_parameter_configurations")
-            return typing.cast(typing.Optional[typing.Union[typing.List[typing.Any], _IResolvable_da3f097b]], result)
-
         def __eq__(self, rhs: typing.Any) -> builtins.bool:
             return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -3186,7 +3165,6 @@ class CfnDistributionConfigurationProps:
             
             # ami_distribution_configuration: Any
             # container_distribution_configuration: Any
-            # ssm_parameter_configurations: Any
             
             cfn_distribution_configuration_props = imagebuilder.CfnDistributionConfigurationProps(
                 distributions=[imagebuilder.CfnDistributionConfiguration.DistributionProperty(
@@ -3213,8 +3191,7 @@ class CfnDistributionConfigurationProps:
                         launch_template_id="launchTemplateId",
                         set_default_version=False
                     )],
-                    license_configuration_arns=["licenseConfigurationArns"],
-                    ssm_parameter_configurations=[ssm_parameter_configurations]
+                    license_configuration_arns=["licenseConfigurationArns"]
                 )],
                 name="name",
             
@@ -9894,7 +9871,6 @@ def _typecheckingstub__29d1f34d5faec16ba828ad2333ee9218a18df31808a5a350be9b29d04
     fast_launch_configurations: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDistributionConfiguration.FastLaunchConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     launch_template_configurations: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDistributionConfiguration.LaunchTemplateConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     license_configuration_arns: typing.Optional[typing.Sequence[builtins.str]] = None,
-    ssm_parameter_configurations: typing.Optional[typing.Union[typing.Sequence[typing.Any], _IResolvable_da3f097b]] = None,
 ) -> None:
     """Type checking stubs"""
     pass

aws_cdk/aws_kinesisfirehose/__init__.py

@@ -7879,7 +7879,7 @@ class CfnDeliveryStream(
             :param key_passphrase: Passphrase to decrypt the private key when the key is encrypted. For information, see `Using Key Pair Authentication & Key Rotation <https://docs.aws.amazon.com/https://docs.snowflake.com/en/user-guide/data-load-snowpipe-streaming-configuration#using-key-pair-authentication-key-rotation>`_ .
             :param meta_data_column_name: Specify a column name in the table, where the metadata information has to be loaded. When you enable this field, you will see the following column in the snowflake table, which differs based on the source type. For Direct PUT as source ``{ "firehoseDeliveryStreamName" : "streamname", "IngestionTime" : "timestamp" }`` For Kinesis Data Stream as source ``"kinesisStreamName" : "streamname", "kinesisShardId" : "Id", "kinesisPartitionKey" : "key", "kinesisSequenceNumber" : "1234", "subsequenceNumber" : "2334", "IngestionTime" : "timestamp" }``
             :param private_key: The private key used to encrypt your Snowflake client. For information, see `Using Key Pair Authentication & Key Rotation <https://docs.aws.amazon.com/https://docs.snowflake.com/en/user-guide/data-load-snowpipe-streaming-configuration#using-key-pair-authentication-key-rotation>`_ .
-            :param processing_configuration: Specifies configuration for Snowflake.
+            :param processing_configuration: 
             :param retry_options: The time period where Firehose will retry sending data to the chosen HTTP endpoint.
             :param s3_backup_mode: Choose an S3 backup mode.
             :param secrets_manager_configuration: The configuration that defines how you access secrets for Snowflake.
@@ -8183,8 +8183,7 @@ class CfnDeliveryStream(
         def processing_configuration(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDeliveryStream.ProcessingConfigurationProperty"]]:
-            '''Specifies configuration for Snowflake.
-
+            '''
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesisfirehose-deliverystream-snowflakedestinationconfiguration.html#cfn-kinesisfirehose-deliverystream-snowflakedestinationconfiguration-processingconfiguration
             '''
             result = self._values.get("processing_configuration")