aws-cdk-lib 2.186.0__py3-none-any.whl → 2.187.0__py3-none-any.whl

aws_cdk/aws_ec2/__init__.py

@@ -1244,6 +1244,19 @@ ec2.VpcEndpointService(self, "EndpointService",
 )
 ```
 
+You can restrict access to your endpoint service to specific AWS regions:
+
+```python
+# network_load_balancer: elbv2.NetworkLoadBalancer
+
+
+ec2.VpcEndpointService(self, "EndpointService",
+    vpc_endpoint_service_load_balancers=[network_load_balancer],
+    # Allow service consumers from these regions only
+    allowed_regions=["us-east-1", "eu-west-1"]
+)
+```
+
 Endpoint services support private DNS, which makes it easier for clients to connect to your service by automatically setting up DNS in their VPC.
 You can enable private DNS on an endpoint service like so:
 
@@ -2556,6 +2569,25 @@ launch_template = ec2.LaunchTemplate(self, "LaunchTemplate",
 )
 ```
 
+### Placement Group
+
+Specify `placementGroup` to enable the placement group support:
+
+```python
+# instance_type: ec2.InstanceType
+
+
+pg = ec2.PlacementGroup(self, "test-pg",
+    strategy=ec2.PlacementGroupStrategy.SPREAD
+)
+
+ec2.LaunchTemplate(self, "LaunchTemplate",
+    instance_type=instance_type,
+    machine_image=ec2.MachineImage.latest_amazon_linux2023(),
+    placement_group=pg
+)
+```
+
 Please note this feature does not support Launch Configurations.
 
 ## Detailed Monitoring
@@ -75648,6 +75680,7 @@ class InitFile(
         owner: typing.Optional[builtins.str] = None,
         service_restart_handles: typing.Optional[typing.Sequence["InitServiceRestartHandle"]] = None,
         deploy_time: typing.Optional[builtins.bool] = None,
+        display_name: typing.Optional[builtins.str] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
         source_kms_key: typing.Optional[_IKey_5f11635f] = None,
         asset_hash: typing.Optional[builtins.str] = None,
@@ -75669,6 +75702,7 @@ class InitFile(
         :param owner: The name of the owning user for this file. Not supported for Windows systems. Default: 'root'
         :param service_restart_handles: Restart the given service after this file has been written. Default: - Do not restart any service
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
+        :param display_name: A display name for this asset. If supplied, the display name will be used in locations where the asset identifier is printed, like in the CLI progress information. If the same asset is added multiple times, the display name of the first occurrence is used. The default is the construct path of the Asset construct, with respect to the enclosing stack. If the asset is produced by a construct helper function (such as ``lambda.Code.fromAsset()``), this will look like ``MyFunction/Code``. We use the stack-relative construct path so that in the common case where you have multiple stacks with the same asset, we won't show something like ``/MyBetaStack/MyFunction/Code`` when you are actually deploying to production. Default: - Stack-relative construct path
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
         :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
         :param asset_hash: Specify a custom hash for this asset. If ``assetHashType`` is set it must be set to ``AssetHashType.CUSTOM``. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based on ``assetHashType``
@@ -75689,6 +75723,7 @@ class InitFile(
             owner=owner,
             service_restart_handles=service_restart_handles,
             deploy_time=deploy_time,
+            display_name=display_name,
             readers=readers,
             source_kms_key=source_kms_key,
             asset_hash=asset_hash,
@@ -76812,6 +76847,7 @@ class InitSource(
         *,
         service_restart_handles: typing.Optional[typing.Sequence[InitServiceRestartHandle]] = None,
         deploy_time: typing.Optional[builtins.bool] = None,
+        display_name: typing.Optional[builtins.str] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
         source_kms_key: typing.Optional[_IKey_5f11635f] = None,
         asset_hash: typing.Optional[builtins.str] = None,
@@ -76827,6 +76863,7 @@ class InitSource(
         :param path: -
         :param service_restart_handles: Restart the given services after this archive has been extracted. Default: - Do not restart any service
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
+        :param display_name: A display name for this asset. If supplied, the display name will be used in locations where the asset identifier is printed, like in the CLI progress information. If the same asset is added multiple times, the display name of the first occurrence is used. The default is the construct path of the Asset construct, with respect to the enclosing stack. If the asset is produced by a construct helper function (such as ``lambda.Code.fromAsset()``), this will look like ``MyFunction/Code``. We use the stack-relative construct path so that in the common case where you have multiple stacks with the same asset, we won't show something like ``/MyBetaStack/MyFunction/Code`` when you are actually deploying to production. Default: - Stack-relative construct path
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
         :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
         :param asset_hash: Specify a custom hash for this asset. If ``assetHashType`` is set it must be set to ``AssetHashType.CUSTOM``. For consistency, this custom hash will be SHA256 hashed and encoded as hex. The resulting hash will be the asset hash. NOTE: the hash is used in order to identify a specific revision of the asset, and used for optimizing and caching deployment activities related to this asset such as packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will need to make sure it is updated every time the asset changes, or otherwise it is possible that some deployments will not be invalidated. Default: - based on ``assetHashType``
@@ -76843,6 +76880,7 @@ class InitSource(
         options = InitSourceAssetOptions(
             service_restart_handles=service_restart_handles,
             deploy_time=deploy_time,
+            display_name=display_name,
             readers=readers,
             source_kms_key=source_kms_key,
             asset_hash=asset_hash,
@@ -82490,6 +82528,7 @@ class LaunchTemplate(
         launch_template_name: typing.Optional[builtins.str] = None,
         machine_image: typing.Optional[IMachineImage] = None,
         nitro_enclave_enabled: typing.Optional[builtins.bool] = None,
+        placement_group: typing.Optional[IPlacementGroup] = None,
         require_imdsv2: typing.Optional[builtins.bool] = None,
         role: typing.Optional[_IRole_235f5d8e] = None,
         security_group: typing.Optional[ISecurityGroup] = None,
@@ -82520,6 +82559,7 @@ class LaunchTemplate(
         :param launch_template_name: Name for this launch template. Default: Automatically generated name
         :param machine_image: The AMI that will be used by instances. Default: - This Launch Template does not specify a default AMI.
         :param nitro_enclave_enabled: If this parameter is set to true, the instance is enabled for AWS Nitro Enclaves; otherwise, it is not enabled for AWS Nitro Enclaves. Default: - Enablement of Nitro enclaves is not specified in the launch template; defaulting to false.
+        :param placement_group: The placement group that you want to launch the instance into. Default: - no placement group will be used for this launch template.
         :param require_imdsv2: Whether IMDSv2 should be required on launched instances. Default: - false
         :param role: An IAM role to associate with the instance profile that is used by instances. The role must be assumable by the service principal ``ec2.amazonaws.com``. Note: You can provide an instanceProfile or a role, but not both. Default: - No new role is created.
         :param security_group: Security group to assign to instances created with the launch template. Default: No security group is assigned.
@@ -82552,6 +82592,7 @@ class LaunchTemplate(
             launch_template_name=launch_template_name,
             machine_image=machine_image,
             nitro_enclave_enabled=nitro_enclave_enabled,
+            placement_group=placement_group,
             require_imdsv2=require_imdsv2,
             role=role,
             security_group=security_group,
@@ -82861,6 +82902,7 @@ class LaunchTemplateHttpTokens(enum.Enum):
         "launch_template_name": "launchTemplateName",
         "machine_image": "machineImage",
         "nitro_enclave_enabled": "nitroEnclaveEnabled",
+        "placement_group": "placementGroup",
         "require_imdsv2": "requireImdsv2",
         "role": "role",
         "security_group": "securityGroup",
@@ -82893,6 +82935,7 @@ class LaunchTemplateProps:
         launch_template_name: typing.Optional[builtins.str] = None,
         machine_image: typing.Optional[IMachineImage] = None,
         nitro_enclave_enabled: typing.Optional[builtins.bool] = None,
+        placement_group: typing.Optional[IPlacementGroup] = None,
         require_imdsv2: typing.Optional[builtins.bool] = None,
         role: typing.Optional[_IRole_235f5d8e] = None,
         security_group: typing.Optional[ISecurityGroup] = None,
@@ -82922,6 +82965,7 @@ class LaunchTemplateProps:
         :param launch_template_name: Name for this launch template. Default: Automatically generated name
         :param machine_image: The AMI that will be used by instances. Default: - This Launch Template does not specify a default AMI.
         :param nitro_enclave_enabled: If this parameter is set to true, the instance is enabled for AWS Nitro Enclaves; otherwise, it is not enabled for AWS Nitro Enclaves. Default: - Enablement of Nitro enclaves is not specified in the launch template; defaulting to false.
+        :param placement_group: The placement group that you want to launch the instance into. Default: - no placement group will be used for this launch template.
         :param require_imdsv2: Whether IMDSv2 should be required on launched instances. Default: - false
         :param role: An IAM role to associate with the instance profile that is used by instances. The role must be assumable by the service principal ``ec2.amazonaws.com``. Note: You can provide an instanceProfile or a role, but not both. Default: - No new role is created.
         :param security_group: Security group to assign to instances created with the launch template. Default: No security group is assigned.
@@ -82974,6 +83018,7 @@ class LaunchTemplateProps:
             check_type(argname="argument launch_template_name", value=launch_template_name, expected_type=type_hints["launch_template_name"])
             check_type(argname="argument machine_image", value=machine_image, expected_type=type_hints["machine_image"])
             check_type(argname="argument nitro_enclave_enabled", value=nitro_enclave_enabled, expected_type=type_hints["nitro_enclave_enabled"])
+            check_type(argname="argument placement_group", value=placement_group, expected_type=type_hints["placement_group"])
             check_type(argname="argument require_imdsv2", value=require_imdsv2, expected_type=type_hints["require_imdsv2"])
             check_type(argname="argument role", value=role, expected_type=type_hints["role"])
             check_type(argname="argument security_group", value=security_group, expected_type=type_hints["security_group"])
@@ -83021,6 +83066,8 @@ class LaunchTemplateProps:
             self._values["machine_image"] = machine_image
         if nitro_enclave_enabled is not None:
             self._values["nitro_enclave_enabled"] = nitro_enclave_enabled
+        if placement_group is not None:
+            self._values["placement_group"] = placement_group
         if require_imdsv2 is not None:
             self._values["require_imdsv2"] = require_imdsv2
         if role is not None:
@@ -83260,6 +83307,15 @@ class LaunchTemplateProps:
         result = self._values.get("nitro_enclave_enabled")
         return typing.cast(typing.Optional[builtins.bool], result)
 
+    @builtins.property
+    def placement_group(self) -> typing.Optional[IPlacementGroup]:
+        '''The placement group that you want to launch the instance into.
+
+        :default: - no placement group will be used for this launch template.
+        '''
+        result = self._values.get("placement_group")
+        return typing.cast(typing.Optional[IPlacementGroup], result)
+
     @builtins.property
     def require_imdsv2(self) -> typing.Optional[builtins.bool]:
         '''Whether IMDSv2 should be required on launched instances.
@@ -92702,15 +92758,14 @@ class VpcEndpointService(
 
     Example::
 
-        # network_load_balancer1: elbv2.NetworkLoadBalancer
-        # network_load_balancer2: elbv2.NetworkLoadBalancer
+        # network_load_balancer: elbv2.NetworkLoadBalancer
         
         
         ec2.VpcEndpointService(self, "EndpointService",
-            vpc_endpoint_service_load_balancers=[network_load_balancer1, network_load_balancer2],
-            acceptance_required=True,
-            allowed_principals=[iam.ArnPrincipal("arn:aws:iam::123456789012:root")],
-            contributor_insights=True
+            vpc_endpoint_service_load_balancers=[network_load_balancer],
+            # Support both IPv4 and IPv6 connections to the endpoint service
+            supported_ip_address_types=[ec2.IpAddressType.IPV4, ec2.IpAddressType.IPV6
+            ]
         )
     '''
 
@@ -92722,6 +92777,7 @@ class VpcEndpointService(
         vpc_endpoint_service_load_balancers: typing.Sequence[IVpcEndpointServiceLoadBalancer],
         acceptance_required: typing.Optional[builtins.bool] = None,
         allowed_principals: typing.Optional[typing.Sequence[_ArnPrincipal_d31ca6bc]] = None,
+        allowed_regions: typing.Optional[typing.Sequence[builtins.str]] = None,
         contributor_insights: typing.Optional[builtins.bool] = None,
         supported_ip_address_types: typing.Optional[typing.Sequence[IpAddressType]] = None,
     ) -> None:
@@ -92731,6 +92787,7 @@ class VpcEndpointService(
         :param vpc_endpoint_service_load_balancers: One or more load balancers to host the VPC Endpoint Service.
         :param acceptance_required: Whether requests from service consumers to connect to the service through an endpoint must be accepted. Default: true
         :param allowed_principals: IAM users, IAM roles, or AWS accounts to allow inbound connections from. These principals can connect to your service using VPC endpoints. Takes a list of one or more ArnPrincipal. Default: - no principals
+        :param allowed_regions: The Regions from which service consumers can access the service. Default: - No Region restrictions
         :param contributor_insights: Indicates whether to enable the built-in Contributor Insights rules provided by AWS PrivateLink. Default: false
         :param supported_ip_address_types: Specify which IP address types are supported for VPC endpoint service. Default: - No specific IP address types configured
         '''
@@ -92742,6 +92799,7 @@ class VpcEndpointService(
             vpc_endpoint_service_load_balancers=vpc_endpoint_service_load_balancers,
             acceptance_required=acceptance_required,
             allowed_principals=allowed_principals,
+            allowed_regions=allowed_regions,
             contributor_insights=contributor_insights,
             supported_ip_address_types=supported_ip_address_types,
         )
@@ -92809,6 +92867,7 @@ class VpcEndpointService(
         "vpc_endpoint_service_load_balancers": "vpcEndpointServiceLoadBalancers",
         "acceptance_required": "acceptanceRequired",
         "allowed_principals": "allowedPrincipals",
+        "allowed_regions": "allowedRegions",
         "contributor_insights": "contributorInsights",
         "supported_ip_address_types": "supportedIpAddressTypes",
     },
@@ -92820,6 +92879,7 @@ class VpcEndpointServiceProps:
         vpc_endpoint_service_load_balancers: typing.Sequence[IVpcEndpointServiceLoadBalancer],
         acceptance_required: typing.Optional[builtins.bool] = None,
         allowed_principals: typing.Optional[typing.Sequence[_ArnPrincipal_d31ca6bc]] = None,
+        allowed_regions: typing.Optional[typing.Sequence[builtins.str]] = None,
         contributor_insights: typing.Optional[builtins.bool] = None,
         supported_ip_address_types: typing.Optional[typing.Sequence[IpAddressType]] = None,
     ) -> None:
@@ -92828,6 +92888,7 @@ class VpcEndpointServiceProps:
         :param vpc_endpoint_service_load_balancers: One or more load balancers to host the VPC Endpoint Service.
         :param acceptance_required: Whether requests from service consumers to connect to the service through an endpoint must be accepted. Default: true
         :param allowed_principals: IAM users, IAM roles, or AWS accounts to allow inbound connections from. These principals can connect to your service using VPC endpoints. Takes a list of one or more ArnPrincipal. Default: - no principals
+        :param allowed_regions: The Regions from which service consumers can access the service. Default: - No Region restrictions
         :param contributor_insights: Indicates whether to enable the built-in Contributor Insights rules provided by AWS PrivateLink. Default: false
         :param supported_ip_address_types: Specify which IP address types are supported for VPC endpoint service. Default: - No specific IP address types configured
 
@@ -92835,15 +92896,14 @@ class VpcEndpointServiceProps:
 
         Example::
 
-            # network_load_balancer1: elbv2.NetworkLoadBalancer
-            # network_load_balancer2: elbv2.NetworkLoadBalancer
+            # network_load_balancer: elbv2.NetworkLoadBalancer
             
             
             ec2.VpcEndpointService(self, "EndpointService",
-                vpc_endpoint_service_load_balancers=[network_load_balancer1, network_load_balancer2],
-                acceptance_required=True,
-                allowed_principals=[iam.ArnPrincipal("arn:aws:iam::123456789012:root")],
-                contributor_insights=True
+                vpc_endpoint_service_load_balancers=[network_load_balancer],
+                # Support both IPv4 and IPv6 connections to the endpoint service
+                supported_ip_address_types=[ec2.IpAddressType.IPV4, ec2.IpAddressType.IPV6
+                ]
             )
         '''
         if __debug__:
@@ -92851,6 +92911,7 @@ class VpcEndpointServiceProps:
             check_type(argname="argument vpc_endpoint_service_load_balancers", value=vpc_endpoint_service_load_balancers, expected_type=type_hints["vpc_endpoint_service_load_balancers"])
             check_type(argname="argument acceptance_required", value=acceptance_required, expected_type=type_hints["acceptance_required"])
             check_type(argname="argument allowed_principals", value=allowed_principals, expected_type=type_hints["allowed_principals"])
+            check_type(argname="argument allowed_regions", value=allowed_regions, expected_type=type_hints["allowed_regions"])
             check_type(argname="argument contributor_insights", value=contributor_insights, expected_type=type_hints["contributor_insights"])
             check_type(argname="argument supported_ip_address_types", value=supported_ip_address_types, expected_type=type_hints["supported_ip_address_types"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
@@ -92860,6 +92921,8 @@ class VpcEndpointServiceProps:
             self._values["acceptance_required"] = acceptance_required
         if allowed_principals is not None:
             self._values["allowed_principals"] = allowed_principals
+        if allowed_regions is not None:
+            self._values["allowed_regions"] = allowed_regions
         if contributor_insights is not None:
             self._values["contributor_insights"] = contributor_insights
         if supported_ip_address_types is not None:
@@ -92897,6 +92960,15 @@ class VpcEndpointServiceProps:
         result = self._values.get("allowed_principals")
         return typing.cast(typing.Optional[typing.List[_ArnPrincipal_d31ca6bc]], result)
 
+    @builtins.property
+    def allowed_regions(self) -> typing.Optional[typing.List[builtins.str]]:
+        '''The Regions from which service consumers can access the service.
+
+        :default: - No Region restrictions
+        '''
+        result = self._values.get("allowed_regions")
+        return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
     @builtins.property
     def contributor_insights(self) -> typing.Optional[builtins.bool]:
         '''Indicates whether to enable the built-in Contributor Insights rules provided by AWS PrivateLink.
@@ -97277,6 +97349,7 @@ class InitCommand(
         "follow_symlinks": "followSymlinks",
         "ignore_mode": "ignoreMode",
         "deploy_time": "deployTime",
+        "display_name": "displayName",
         "readers": "readers",
         "source_kms_key": "sourceKMSKey",
     },
@@ -97297,6 +97370,7 @@ class InitFileAssetOptions(InitFileOptions, _AssetOptions_2aa69621):
         follow_symlinks: typing.Optional[_SymlinkFollowMode_047ec1f6] = None,
         ignore_mode: typing.Optional[_IgnoreMode_655a98e8] = None,
         deploy_time: typing.Optional[builtins.bool] = None,
+        display_name: typing.Optional[builtins.str] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
         source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     ) -> None:
@@ -97314,6 +97388,7 @@ class InitFileAssetOptions(InitFileOptions, _AssetOptions_2aa69621):
         :param follow_symlinks: A strategy for how to handle symlinks. Default: SymlinkFollowMode.NEVER
         :param ignore_mode: The ignore behavior to use for ``exclude`` patterns. Default: IgnoreMode.GLOB
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
+        :param display_name: A display name for this asset. If supplied, the display name will be used in locations where the asset identifier is printed, like in the CLI progress information. If the same asset is added multiple times, the display name of the first occurrence is used. The default is the construct path of the Asset construct, with respect to the enclosing stack. If the asset is produced by a construct helper function (such as ``lambda.Code.fromAsset()``), this will look like ``MyFunction/Code``. We use the stack-relative construct path so that in the common case where you have multiple stacks with the same asset, we won't show something like ``/MyBetaStack/MyFunction/Code`` when you are actually deploying to production. Default: - Stack-relative construct path
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
         :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
 
@@ -97365,6 +97440,7 @@ class InitFileAssetOptions(InitFileOptions, _AssetOptions_2aa69621):
                     working_directory="workingDirectory"
                 ),
                 deploy_time=False,
+                display_name="displayName",
                 exclude=["exclude"],
                 follow_symlinks=cdk.SymlinkFollowMode.NEVER,
                 group="group",
@@ -97392,6 +97468,7 @@ class InitFileAssetOptions(InitFileOptions, _AssetOptions_2aa69621):
             check_type(argname="argument follow_symlinks", value=follow_symlinks, expected_type=type_hints["follow_symlinks"])
             check_type(argname="argument ignore_mode", value=ignore_mode, expected_type=type_hints["ignore_mode"])
             check_type(argname="argument deploy_time", value=deploy_time, expected_type=type_hints["deploy_time"])
+            check_type(argname="argument display_name", value=display_name, expected_type=type_hints["display_name"])
             check_type(argname="argument readers", value=readers, expected_type=type_hints["readers"])
             check_type(argname="argument source_kms_key", value=source_kms_key, expected_type=type_hints["source_kms_key"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
@@ -97419,6 +97496,8 @@ class InitFileAssetOptions(InitFileOptions, _AssetOptions_2aa69621):
             self._values["ignore_mode"] = ignore_mode
         if deploy_time is not None:
             self._values["deploy_time"] = deploy_time
+        if display_name is not None:
+            self._values["display_name"] = display_name
         if readers is not None:
             self._values["readers"] = readers
         if source_kms_key is not None:
@@ -97585,6 +97664,30 @@ class InitFileAssetOptions(InitFileOptions, _AssetOptions_2aa69621):
         result = self._values.get("deploy_time")
         return typing.cast(typing.Optional[builtins.bool], result)
 
+    @builtins.property
+    def display_name(self) -> typing.Optional[builtins.str]:
+        '''A display name for this asset.
+
+        If supplied, the display name will be used in locations where the asset
+        identifier is printed, like in the CLI progress information. If the same
+        asset is added multiple times, the display name of the first occurrence is
+        used.
+
+        The default is the construct path of the Asset construct, with respect to
+        the enclosing stack. If the asset is produced by a construct helper
+        function (such as ``lambda.Code.fromAsset()``), this will look like
+        ``MyFunction/Code``.
+
+        We use the stack-relative construct path so that in the common case where
+        you have multiple stacks with the same asset, we won't show something like
+        ``/MyBetaStack/MyFunction/Code`` when you are actually deploying to
+        production.
+
+        :default: - Stack-relative construct path
+        '''
+        result = self._values.get("display_name")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def readers(self) -> typing.Optional[typing.List[_IGrantable_71c4f5de]]:
         '''A list of principals that should be able to read this asset from S3.
@@ -97629,6 +97732,7 @@ class InitFileAssetOptions(InitFileOptions, _AssetOptions_2aa69621):
         "follow_symlinks": "followSymlinks",
         "ignore_mode": "ignoreMode",
         "deploy_time": "deployTime",
+        "display_name": "displayName",
         "readers": "readers",
         "source_kms_key": "sourceKMSKey",
     },
@@ -97645,6 +97749,7 @@ class InitSourceAssetOptions(InitSourceOptions, _AssetOptions_2aa69621):
         follow_symlinks: typing.Optional[_SymlinkFollowMode_047ec1f6] = None,
         ignore_mode: typing.Optional[_IgnoreMode_655a98e8] = None,
         deploy_time: typing.Optional[builtins.bool] = None,
+        display_name: typing.Optional[builtins.str] = None,
         readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
         source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     ) -> None:
@@ -97658,6 +97763,7 @@ class InitSourceAssetOptions(InitSourceOptions, _AssetOptions_2aa69621):
         :param follow_symlinks: A strategy for how to handle symlinks. Default: SymlinkFollowMode.NEVER
         :param ignore_mode: The ignore behavior to use for ``exclude`` patterns. Default: IgnoreMode.GLOB
         :param deploy_time: Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
+        :param display_name: A display name for this asset. If supplied, the display name will be used in locations where the asset identifier is printed, like in the CLI progress information. If the same asset is added multiple times, the display name of the first occurrence is used. The default is the construct path of the Asset construct, with respect to the enclosing stack. If the asset is produced by a construct helper function (such as ``lambda.Code.fromAsset()``), this will look like ``MyFunction/Code``. We use the stack-relative construct path so that in the common case where you have multiple stacks with the same asset, we won't show something like ``/MyBetaStack/MyFunction/Code`` when you are actually deploying to production. Default: - Stack-relative construct path
         :param readers: A list of principals that should be able to read this asset from S3. You can use ``asset.grantRead(principal)`` to grant read permissions later. Default: - No principals that can read file asset.
         :param source_kms_key: The ARN of the KMS key used to encrypt the handler code. Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
 
@@ -97708,6 +97814,7 @@ class InitSourceAssetOptions(InitSourceOptions, _AssetOptions_2aa69621):
                     working_directory="workingDirectory"
                 ),
                 deploy_time=False,
+                display_name="displayName",
                 exclude=["exclude"],
                 follow_symlinks=cdk.SymlinkFollowMode.NEVER,
                 ignore_mode=cdk.IgnoreMode.GLOB,
@@ -97728,6 +97835,7 @@ class InitSourceAssetOptions(InitSourceOptions, _AssetOptions_2aa69621):
             check_type(argname="argument follow_symlinks", value=follow_symlinks, expected_type=type_hints["follow_symlinks"])
             check_type(argname="argument ignore_mode", value=ignore_mode, expected_type=type_hints["ignore_mode"])
             check_type(argname="argument deploy_time", value=deploy_time, expected_type=type_hints["deploy_time"])
+            check_type(argname="argument display_name", value=display_name, expected_type=type_hints["display_name"])
             check_type(argname="argument readers", value=readers, expected_type=type_hints["readers"])
             check_type(argname="argument source_kms_key", value=source_kms_key, expected_type=type_hints["source_kms_key"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
@@ -97747,6 +97855,8 @@ class InitSourceAssetOptions(InitSourceOptions, _AssetOptions_2aa69621):
             self._values["ignore_mode"] = ignore_mode
         if deploy_time is not None:
             self._values["deploy_time"] = deploy_time
+        if display_name is not None:
+            self._values["display_name"] = display_name
         if readers is not None:
             self._values["readers"] = readers
         if source_kms_key is not None:
@@ -97864,6 +97974,30 @@ class InitSourceAssetOptions(InitSourceOptions, _AssetOptions_2aa69621):
         result = self._values.get("deploy_time")
         return typing.cast(typing.Optional[builtins.bool], result)
 
+    @builtins.property
+    def display_name(self) -> typing.Optional[builtins.str]:
+        '''A display name for this asset.
+
+        If supplied, the display name will be used in locations where the asset
+        identifier is printed, like in the CLI progress information. If the same
+        asset is added multiple times, the display name of the first occurrence is
+        used.
+
+        The default is the construct path of the Asset construct, with respect to
+        the enclosing stack. If the asset is produced by a construct helper
+        function (such as ``lambda.Code.fromAsset()``), this will look like
+        ``MyFunction/Code``.
+
+        We use the stack-relative construct path so that in the common case where
+        you have multiple stacks with the same asset, we won't show something like
+        ``/MyBetaStack/MyFunction/Code`` when you are actually deploying to
+        production.
+
+        :default: - Stack-relative construct path
+        '''
+        result = self._values.get("display_name")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def readers(self) -> typing.Optional[typing.List[_IGrantable_71c4f5de]]:
         '''A list of principals that should be able to read this asset from S3.
@@ -110988,6 +111122,7 @@ def _typecheckingstub__164f7ae4723652c2e5c3189a870d0dbd16f8bec14d0e807d648248a60
     owner: typing.Optional[builtins.str] = None,
     service_restart_handles: typing.Optional[typing.Sequence[InitServiceRestartHandle]] = None,
     deploy_time: typing.Optional[builtins.bool] = None,
+    display_name: typing.Optional[builtins.str] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
     source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     asset_hash: typing.Optional[builtins.str] = None,
@@ -111236,6 +111371,7 @@ def _typecheckingstub__28af50587b7c2068b2cb49dbac75ce38a6ffdaf070d2c430abde336ae
     *,
     service_restart_handles: typing.Optional[typing.Sequence[InitServiceRestartHandle]] = None,
     deploy_time: typing.Optional[builtins.bool] = None,
+    display_name: typing.Optional[builtins.str] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
     source_kms_key: typing.Optional[_IKey_5f11635f] = None,
     asset_hash: typing.Optional[builtins.str] = None,
@@ -111621,6 +111757,7 @@ def _typecheckingstub__544aef11081ec87047935491f75a3d5bc9d5075de77f96969bd2ffd1a
     launch_template_name: typing.Optional[builtins.str] = None,
     machine_image: typing.Optional[IMachineImage] = None,
     nitro_enclave_enabled: typing.Optional[builtins.bool] = None,
+    placement_group: typing.Optional[IPlacementGroup] = None,
     require_imdsv2: typing.Optional[builtins.bool] = None,
     role: typing.Optional[_IRole_235f5d8e] = None,
     security_group: typing.Optional[ISecurityGroup] = None,
@@ -111679,6 +111816,7 @@ def _typecheckingstub__e2ebb1bf0fbb2f9e894169a610cd9fb7cc3f827d34d3a10351bd2f517
     launch_template_name: typing.Optional[builtins.str] = None,
     machine_image: typing.Optional[IMachineImage] = None,
     nitro_enclave_enabled: typing.Optional[builtins.bool] = None,
+    placement_group: typing.Optional[IPlacementGroup] = None,
     require_imdsv2: typing.Optional[builtins.bool] = None,
     role: typing.Optional[_IRole_235f5d8e] = None,
     security_group: typing.Optional[ISecurityGroup] = None,
@@ -112841,6 +112979,7 @@ def _typecheckingstub__e9a177a308c941d9422cff7194d8a56d967004d3230efd826dc934ef5
     vpc_endpoint_service_load_balancers: typing.Sequence[IVpcEndpointServiceLoadBalancer],
     acceptance_required: typing.Optional[builtins.bool] = None,
     allowed_principals: typing.Optional[typing.Sequence[_ArnPrincipal_d31ca6bc]] = None,
+    allowed_regions: typing.Optional[typing.Sequence[builtins.str]] = None,
     contributor_insights: typing.Optional[builtins.bool] = None,
     supported_ip_address_types: typing.Optional[typing.Sequence[IpAddressType]] = None,
 ) -> None:
@@ -112852,6 +112991,7 @@ def _typecheckingstub__c8d3e17059165270b27192911c5b63d78564836ce9d6a1d2e41f5d272
     vpc_endpoint_service_load_balancers: typing.Sequence[IVpcEndpointServiceLoadBalancer],
     acceptance_required: typing.Optional[builtins.bool] = None,
     allowed_principals: typing.Optional[typing.Sequence[_ArnPrincipal_d31ca6bc]] = None,
+    allowed_regions: typing.Optional[typing.Sequence[builtins.str]] = None,
     contributor_insights: typing.Optional[builtins.bool] = None,
     supported_ip_address_types: typing.Optional[typing.Sequence[IpAddressType]] = None,
 ) -> None:
@@ -113311,6 +113451,7 @@ def _typecheckingstub__6ce391dd6a64744f1d308a93bd2b78efee46c104a775f9153a5171d8a
     follow_symlinks: typing.Optional[_SymlinkFollowMode_047ec1f6] = None,
     ignore_mode: typing.Optional[_IgnoreMode_655a98e8] = None,
     deploy_time: typing.Optional[builtins.bool] = None,
+    display_name: typing.Optional[builtins.str] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
     source_kms_key: typing.Optional[_IKey_5f11635f] = None,
 ) -> None:
@@ -113327,6 +113468,7 @@ def _typecheckingstub__f3d9778b6f3d55d750d385b361f8381c51ee484d3c8920175605233fb
     follow_symlinks: typing.Optional[_SymlinkFollowMode_047ec1f6] = None,
     ignore_mode: typing.Optional[_IgnoreMode_655a98e8] = None,
     deploy_time: typing.Optional[builtins.bool] = None,
+    display_name: typing.Optional[builtins.str] = None,
     readers: typing.Optional[typing.Sequence[_IGrantable_71c4f5de]] = None,
     source_kms_key: typing.Optional[_IKey_5f11635f] = None,
 ) -> None: