aws-cdk-lib 2.187.0__py3-none-any.whl → 2.188.0__py3-none-any.whl

aws_cdk/aws_codepipeline_actions/__init__.py

@@ -608,6 +608,55 @@ build_action = codepipeline_actions.JenkinsAction(
 )
 ```
 
+## Build
+
+### ECR Build And Publish
+
+This build action `ECRBuildAndPublish` allows you to automate building and pushing a new image when a change occurs in your source.
+
+This action builds based on a specified Docker file location and pushes the image. This build action is not the
+same as the Amazon ECR source action in CodePipeline, which triggers pipeline when a change occurs in your
+Amazon ECR source repository.
+
+For information about the `ECRBuildAndPublish` build action,
+see [ECRBuildAndPublish build action reference](https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-ECRBuildAndPublish.html).
+
+```python
+import aws_cdk.aws_ecr as ecr
+
+# pipeline: codepipeline.Pipeline
+# repository: ecr.IRepository
+
+
+source_output = codepipeline.Artifact()
+# your source repository
+source_action = codepipeline_actions.CodeStarConnectionsSourceAction(
+    action_name="CodeStarConnectionsSourceAction",
+    output=source_output,
+    connection_arn="your-connection-arn",
+    owner="your-owner",
+    repo="your-repo"
+)
+
+build_action = codepipeline_actions.EcrBuildAndPublishAction(
+    action_name="EcrBuildAndPublishAction",
+    repository_name=repository.repository_name,
+    registry_type=codepipeline_actions.RegistryType.PRIVATE,
+    dockerfile_directory_path="./my-dir",  # The path indicates ./my-dir/Dockerfile in the source repository
+    image_tags=["my-tag-1", "my-tag-2"],
+    input=source_output
+)
+
+pipeline.add_stage(
+    stage_name="Source",
+    actions=[source_action]
+)
+pipeline.add_stage(
+    stage_name="Build",
+    actions=[build_action]
+)
+```
+
 ## Deploy
 
 ### AWS CloudFormation
@@ -1580,6 +1629,78 @@ pipeline.add_stage(
 See [the AWS documentation](https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-StepFunctions.html)
 for information on Action structure reference.
 
+## Invoke
+
+### Inspector
+
+Amazon Inspector is a vulnerability management service that automatically discovers workloads and continually scans them
+for software vulnerabilities and unintended network exposure.
+
+The actions `InspectorSourceCodeScanAction` and `InspectorEcrImageScanAction` automate detecting and fixing security
+vulnerabilities in your open source code. The actions are managed compute actions with security scanning capabilities.
+You can use the actions with application source code in your third-party repository, such as GitHub or Bitbucket Cloud,
+or with images for container applications.
+
+Your actions will scan and report on vulnerability levels and alerts that you configure.
+
+#### Inspector Source Code Scan
+
+The `InspectorSourceCodeScanAction` allows you to scan the application source code for vulnerabilities in your repository.
+
+```python
+# pipeline: codepipeline.Pipeline
+
+
+source_output = codepipeline.Artifact()
+source_action = codepipeline_actions.CodeStarConnectionsSourceAction(
+    action_name="CodeStarConnectionsSourceAction",
+    output=source_output,
+    connection_arn="your-connection-arn",
+    owner="your-owner",
+    repo="your-repo"
+)
+
+scan_output = codepipeline.Artifact()
+scan_action = codepipeline_actions.InspectorSourceCodeScanAction(
+    action_name="InspectorSourceCodeScanAction",
+    input=source_output,
+    output=scan_output
+)
+
+pipeline.add_stage(
+    stage_name="Source",
+    actions=[source_action]
+)
+pipeline.add_stage(
+    stage_name="Scan",
+    actions=[scan_action]
+)
+```
+
+#### Inspector ECR Image Scan
+
+The `InspectorEcrImageScanAction` allows you to scan the image for vulnerabilities in your container applications.
+
+```python
+import aws_cdk.aws_ecr as ecr
+
+# pipeline: codepipeline.Pipeline
+# repository: ecr.IRepository
+
+
+scan_output = codepipeline.Artifact()
+scan_action = codepipeline_actions.InspectorEcrImageScanAction(
+    action_name="InspectorEcrImageScanAction",
+    output=scan_output,
+    repository=repository
+)
+
+pipeline.add_stage(
+    stage_name="Scan",
+    actions=[scan_action]
+)
+```
+
 ## Compute
 
 ### Commands
@@ -6381,13 +6502,30 @@ class CodeStarConnectionsSourceAction(
 
     Example::
 
+        # project: codebuild.Project
+        
+        
         source_output = codepipeline.Artifact()
         source_action = codepipeline_actions.CodeStarConnectionsSourceAction(
             action_name="BitBucket_Source",
             owner="aws",
             repo="aws-cdk",
             output=source_output,
-            connection_arn="arn:aws:codestar-connections:us-east-1:123456789012:connection/12345678-abcd-12ab-34cdef5678gh"
+            connection_arn="arn:aws:codestar-connections:us-east-1:123456789012:connection/12345678-abcd-12ab-34cdef5678gh",
+            variables_namespace="SomeSpace"
+        )
+        
+        # later:
+        
+        codepipeline_actions.CodeBuildAction(
+            action_name="CodeBuild",
+            project=project,
+            input=source_output,
+            environment_variables={
+                "COMMIT_ID": codebuild.BuildEnvironmentVariable(
+                    value=source_action.variables.commit_id
+                )
+            }
         )
     '''
 
@@ -6517,13 +6655,30 @@ class CodeStarConnectionsSourceActionProps(_CommonAwsActionProps_8b809bb6):
 
         Example::
 
+            # project: codebuild.Project
+            
+            
             source_output = codepipeline.Artifact()
             source_action = codepipeline_actions.CodeStarConnectionsSourceAction(
                 action_name="BitBucket_Source",
                 owner="aws",
                 repo="aws-cdk",
                 output=source_output,
-                connection_arn="arn:aws:codestar-connections:us-east-1:123456789012:connection/12345678-abcd-12ab-34cdef5678gh"
+                connection_arn="arn:aws:codestar-connections:us-east-1:123456789012:connection/12345678-abcd-12ab-34cdef5678gh",
+                variables_namespace="SomeSpace"
+            )
+            
+            # later:
+            
+            codepipeline_actions.CodeBuildAction(
+                action_name="CodeBuild",
+                project=project,
+                input=source_output,
+                environment_variables={
+                    "COMMIT_ID": codebuild.BuildEnvironmentVariable(
+                        value=source_action.variables.commit_id
+                    )
+                }
             )
         '''
         if __debug__:
@@ -7256,16 +7411,12 @@ class CommonCloudFormationStackSetOptions:
         )
 
 
-class EcrSourceAction(
+class EcrBuildAndPublishAction(
     Action,
     metaclass=jsii.JSIIMeta,
-    jsii_type="aws-cdk-lib.aws_codepipeline_actions.EcrSourceAction",
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.EcrBuildAndPublishAction",
 ):
-    '''The ECR Repository source CodePipeline Action.
-
-    Will trigger the pipeline as soon as the target tag in the repository
-    changes, but only if there is a CloudTrail Trail in the account that
-    captures the ECR event.
+    '''CodePipeline build action that uses AWS EcrBuildAndPublish.
 
     :exampleMetadata: infused
 
@@ -7273,46 +7424,69 @@ class EcrSourceAction(
 
         import aws_cdk.aws_ecr as ecr
         
-        # ecr_repository: ecr.Repository
+        # pipeline: codepipeline.Pipeline
+        # repository: ecr.IRepository
+        
         
-        pipeline = codepipeline.Pipeline(self, "MyPipeline")
         source_output = codepipeline.Artifact()
-        source_action = codepipeline_actions.EcrSourceAction(
-            action_name="ECR",
-            repository=ecr_repository,
-            image_tag="some-tag",  # optional, default: 'latest'
-            output=source_output
+        # your source repository
+        source_action = codepipeline_actions.CodeStarConnectionsSourceAction(
+            action_name="CodeStarConnectionsSourceAction",
+            output=source_output,
+            connection_arn="your-connection-arn",
+            owner="your-owner",
+            repo="your-repo"
         )
+        
+        build_action = codepipeline_actions.EcrBuildAndPublishAction(
+            action_name="EcrBuildAndPublishAction",
+            repository_name=repository.repository_name,
+            registry_type=codepipeline_actions.RegistryType.PRIVATE,
+            dockerfile_directory_path="./my-dir",  # The path indicates ./my-dir/Dockerfile in the source repository
+            image_tags=["my-tag-1", "my-tag-2"],
+            input=source_output
+        )
+        
         pipeline.add_stage(
             stage_name="Source",
             actions=[source_action]
         )
+        pipeline.add_stage(
+            stage_name="Build",
+            actions=[build_action]
+        )
     '''
 
     def __init__(
         self,
         *,
-        output: _Artifact_0cb05964,
-        repository: _IRepository_e6004aa6,
-        image_tag: typing.Optional[builtins.str] = None,
+        input: _Artifact_0cb05964,
+        repository_name: builtins.str,
+        dockerfile_directory_path: typing.Optional[builtins.str] = None,
+        image_tags: typing.Optional[typing.Sequence[builtins.str]] = None,
+        registry_type: typing.Optional["RegistryType"] = None,
         role: typing.Optional[_IRole_235f5d8e] = None,
         action_name: builtins.str,
         run_order: typing.Optional[jsii.Number] = None,
         variables_namespace: typing.Optional[builtins.str] = None,
     ) -> None:
         '''
-        :param output: 
-        :param repository: The repository that will be watched for changes.
-        :param image_tag: The image tag that will be checked for changes. It is not possible to trigger on changes to more than one tag. Default: 'latest'
+        :param input: The artifact produced by the source action that contains the Dockerfile needed to build the image.
+        :param repository_name: The name of the ECR repository where the image is pushed.
+        :param dockerfile_directory_path: The directory path of Dockerfile used to build the image. Optionally, you can provide an alternate directory path if Dockerfile is not at the root level. Default: - the source repository root level
+        :param image_tags: The tags used for the image. Default: - latest
+        :param registry_type: Specifies whether the repository is public or private. Default: - RegistryType.PRIVATE
         :param role: The Role in which context's this Action will be executing in. The Pipeline's Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your ``IAction.bind`` method in the ``ActionBindOptions.role`` property. Default: a new Role will be generated
         :param action_name: The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.
         :param run_order: The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1
         :param variables_namespace: The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action's variables were referenced - otherwise, no namespace will be set
         '''
-        props = EcrSourceActionProps(
-            output=output,
-            repository=repository,
-            image_tag=image_tag,
+        props = EcrBuildAndPublishActionProps(
+            input=input,
+            repository_name=repository_name,
+            dockerfile_directory_path=dockerfile_directory_path,
+            image_tags=image_tags,
+            registry_type=registry_type,
             role=role,
             action_name=action_name,
             run_order=run_order,
@@ -7338,7 +7512,7 @@ class EcrSourceAction(
         :param role: 
         '''
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__d95f17ce1dc91ce862a33fcb114ba70ca493fdcf80aba4bd2b33da0283823b94)
+            type_hints = typing.get_type_hints(_typecheckingstub__29d16187e06f9d23101e6955f383d38368a5309fb4f73cf04c52e7a739830b33)
             check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
             check_type(argname="argument stage", value=stage, expected_type=type_hints["stage"])
         options = _ActionBindOptions_3a612254(bucket=bucket, role=role)
@@ -7347,25 +7521,27 @@ class EcrSourceAction(
 
     @builtins.property
     @jsii.member(jsii_name="variables")
-    def variables(self) -> "EcrSourceVariables":
+    def variables(self) -> "EcrBuildAndPublishVariables":
         '''The variables emitted by this action.'''
-        return typing.cast("EcrSourceVariables", jsii.get(self, "variables"))
+        return typing.cast("EcrBuildAndPublishVariables", jsii.get(self, "variables"))
 
 
 @jsii.data_type(
-    jsii_type="aws-cdk-lib.aws_codepipeline_actions.EcrSourceActionProps",
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.EcrBuildAndPublishActionProps",
     jsii_struct_bases=[_CommonAwsActionProps_8b809bb6],
     name_mapping={
         "action_name": "actionName",
         "run_order": "runOrder",
         "variables_namespace": "variablesNamespace",
         "role": "role",
-        "output": "output",
-        "repository": "repository",
-        "image_tag": "imageTag",
+        "input": "input",
+        "repository_name": "repositoryName",
+        "dockerfile_directory_path": "dockerfileDirectoryPath",
+        "image_tags": "imageTags",
+        "registry_type": "registryType",
     },
 )
-class EcrSourceActionProps(_CommonAwsActionProps_8b809bb6):
+class EcrBuildAndPublishActionProps(_CommonAwsActionProps_8b809bb6):
     def __init__(
         self,
         *,
@@ -7373,19 +7549,23 @@ class EcrSourceActionProps(_CommonAwsActionProps_8b809bb6):
         run_order: typing.Optional[jsii.Number] = None,
         variables_namespace: typing.Optional[builtins.str] = None,
         role: typing.Optional[_IRole_235f5d8e] = None,
-        output: _Artifact_0cb05964,
-        repository: _IRepository_e6004aa6,
-        image_tag: typing.Optional[builtins.str] = None,
+        input: _Artifact_0cb05964,
+        repository_name: builtins.str,
+        dockerfile_directory_path: typing.Optional[builtins.str] = None,
+        image_tags: typing.Optional[typing.Sequence[builtins.str]] = None,
+        registry_type: typing.Optional["RegistryType"] = None,
     ) -> None:
-        '''Construction properties of ``EcrSourceAction``.
+        '''Construction properties of the ``EcrBuildAndPublishAction``.
 
         :param action_name: The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.
         :param run_order: The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1
         :param variables_namespace: The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action's variables were referenced - otherwise, no namespace will be set
         :param role: The Role in which context's this Action will be executing in. The Pipeline's Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your ``IAction.bind`` method in the ``ActionBindOptions.role`` property. Default: a new Role will be generated
-        :param output: 
-        :param repository: The repository that will be watched for changes.
-        :param image_tag: The image tag that will be checked for changes. It is not possible to trigger on changes to more than one tag. Default: 'latest'
+        :param input: The artifact produced by the source action that contains the Dockerfile needed to build the image.
+        :param repository_name: The name of the ECR repository where the image is pushed.
+        :param dockerfile_directory_path: The directory path of Dockerfile used to build the image. Optionally, you can provide an alternate directory path if Dockerfile is not at the root level. Default: - the source repository root level
+        :param image_tags: The tags used for the image. Default: - latest
+        :param registry_type: Specifies whether the repository is public or private. Default: - RegistryType.PRIVATE
 
         :exampleMetadata: infused
 
@@ -7393,34 +7573,53 @@ class EcrSourceActionProps(_CommonAwsActionProps_8b809bb6):
 
             import aws_cdk.aws_ecr as ecr
             
-            # ecr_repository: ecr.Repository
+            # pipeline: codepipeline.Pipeline
+            # repository: ecr.IRepository
+            
             
-            pipeline = codepipeline.Pipeline(self, "MyPipeline")
             source_output = codepipeline.Artifact()
-            source_action = codepipeline_actions.EcrSourceAction(
-                action_name="ECR",
-                repository=ecr_repository,
-                image_tag="some-tag",  # optional, default: 'latest'
-                output=source_output
+            # your source repository
+            source_action = codepipeline_actions.CodeStarConnectionsSourceAction(
+                action_name="CodeStarConnectionsSourceAction",
+                output=source_output,
+                connection_arn="your-connection-arn",
+                owner="your-owner",
+                repo="your-repo"
             )
+            
+            build_action = codepipeline_actions.EcrBuildAndPublishAction(
+                action_name="EcrBuildAndPublishAction",
+                repository_name=repository.repository_name,
+                registry_type=codepipeline_actions.RegistryType.PRIVATE,
+                dockerfile_directory_path="./my-dir",  # The path indicates ./my-dir/Dockerfile in the source repository
+                image_tags=["my-tag-1", "my-tag-2"],
+                input=source_output
+            )
+            
             pipeline.add_stage(
                 stage_name="Source",
                 actions=[source_action]
             )
+            pipeline.add_stage(
+                stage_name="Build",
+                actions=[build_action]
+            )
         '''
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__8ba2cd26256aa79e321d4f53bd1f303945241d77de68904ac98b7a536a387ca2)
+            type_hints = typing.get_type_hints(_typecheckingstub__1b13d08d881a39c394898fc7c83d74e8f65d5c1bdabde058e6bb0d10e57ec00f)
             check_type(argname="argument action_name", value=action_name, expected_type=type_hints["action_name"])
             check_type(argname="argument run_order", value=run_order, expected_type=type_hints["run_order"])
             check_type(argname="argument variables_namespace", value=variables_namespace, expected_type=type_hints["variables_namespace"])
             check_type(argname="argument role", value=role, expected_type=type_hints["role"])
-            check_type(argname="argument output", value=output, expected_type=type_hints["output"])
-            check_type(argname="argument repository", value=repository, expected_type=type_hints["repository"])
-            check_type(argname="argument image_tag", value=image_tag, expected_type=type_hints["image_tag"])
+            check_type(argname="argument input", value=input, expected_type=type_hints["input"])
+            check_type(argname="argument repository_name", value=repository_name, expected_type=type_hints["repository_name"])
+            check_type(argname="argument dockerfile_directory_path", value=dockerfile_directory_path, expected_type=type_hints["dockerfile_directory_path"])
+            check_type(argname="argument image_tags", value=image_tags, expected_type=type_hints["image_tags"])
+            check_type(argname="argument registry_type", value=registry_type, expected_type=type_hints["registry_type"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "action_name": action_name,
-            "output": output,
-            "repository": repository,
+            "input": input,
+            "repository_name": repository_name,
         }
         if run_order is not None:
             self._values["run_order"] = run_order
@@ -7428,8 +7627,12 @@ class EcrSourceActionProps(_CommonAwsActionProps_8b809bb6):
             self._values["variables_namespace"] = variables_namespace
         if role is not None:
             self._values["role"] = role
-        if image_tag is not None:
-            self._values["image_tag"] = image_tag
+        if dockerfile_directory_path is not None:
+            self._values["dockerfile_directory_path"] = dockerfile_directory_path
+        if image_tags is not None:
+            self._values["image_tags"] = image_tags
+        if registry_type is not None:
+            self._values["registry_type"] = registry_type
 
     @builtins.property
     def action_name(self) -> builtins.str:
@@ -7483,29 +7686,48 @@ class EcrSourceActionProps(_CommonAwsActionProps_8b809bb6):
         return typing.cast(typing.Optional[_IRole_235f5d8e], result)
 
     @builtins.property
-    def output(self) -> _Artifact_0cb05964:
-        result = self._values.get("output")
-        assert result is not None, "Required property 'output' is missing"
+    def input(self) -> _Artifact_0cb05964:
+        '''The artifact produced by the source action that contains the Dockerfile needed to build the image.'''
+        result = self._values.get("input")
+        assert result is not None, "Required property 'input' is missing"
         return typing.cast(_Artifact_0cb05964, result)
 
     @builtins.property
-    def repository(self) -> _IRepository_e6004aa6:
-        '''The repository that will be watched for changes.'''
-        result = self._values.get("repository")
-        assert result is not None, "Required property 'repository' is missing"
-        return typing.cast(_IRepository_e6004aa6, result)
+    def repository_name(self) -> builtins.str:
+        '''The name of the ECR repository where the image is pushed.'''
+        result = self._values.get("repository_name")
+        assert result is not None, "Required property 'repository_name' is missing"
+        return typing.cast(builtins.str, result)
 
     @builtins.property
-    def image_tag(self) -> typing.Optional[builtins.str]:
-        '''The image tag that will be checked for changes.
+    def dockerfile_directory_path(self) -> typing.Optional[builtins.str]:
+        '''The directory path of Dockerfile used to build the image.
 
-        It is not possible to trigger on changes to more than one tag.
+        Optionally, you can provide an alternate directory path if Dockerfile is not at the root level.
 
-        :default: 'latest'
+        :default: - the source repository root level
         '''
-        result = self._values.get("image_tag")
+        result = self._values.get("dockerfile_directory_path")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def image_tags(self) -> typing.Optional[typing.List[builtins.str]]:
+        '''The tags used for the image.
+
+        :default: - latest
+        '''
+        result = self._values.get("image_tags")
+        return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
+    @builtins.property
+    def registry_type(self) -> typing.Optional["RegistryType"]:
+        '''Specifies whether the repository is public or private.
+
+        :default: - RegistryType.PRIVATE
+        '''
+        result = self._values.get("registry_type")
+        return typing.cast(typing.Optional["RegistryType"], result)
+
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -7513,39 +7735,30 @@ class EcrSourceActionProps(_CommonAwsActionProps_8b809bb6):
         return not (rhs == self)
 
     def __repr__(self) -> str:
-        return "EcrSourceActionProps(%s)" % ", ".join(
+        return "EcrBuildAndPublishActionProps(%s)" % ", ".join(
             k + "=" + repr(v) for k, v in self._values.items()
         )
 
 
 @jsii.data_type(
-    jsii_type="aws-cdk-lib.aws_codepipeline_actions.EcrSourceVariables",
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.EcrBuildAndPublishVariables",
     jsii_struct_bases=[],
     name_mapping={
-        "image_digest": "imageDigest",
-        "image_tag": "imageTag",
-        "image_uri": "imageUri",
-        "registry_id": "registryId",
-        "repository_name": "repositoryName",
+        "ecr_image_digest_id": "ecrImageDigestId",
+        "ecr_repository_name": "ecrRepositoryName",
     },
 )
-class EcrSourceVariables:
+class EcrBuildAndPublishVariables:
     def __init__(
         self,
         *,
-        image_digest: builtins.str,
-        image_tag: builtins.str,
-        image_uri: builtins.str,
-        registry_id: builtins.str,
-        repository_name: builtins.str,
+        ecr_image_digest_id: builtins.str,
+        ecr_repository_name: builtins.str,
     ) -> None:
-        '''The CodePipeline variables emitted by the ECR source Action.
+        '''The CodePipeline variables emitted by the ECR build and publish Action.
 
-        :param image_digest: The digest of the current image, in the form ':'.
-        :param image_tag: The Docker tag of the current image.
-        :param image_uri: The full ECR Docker URI of the current image.
-        :param registry_id: The identifier of the registry. In ECR, this is usually the ID of the AWS account owning it.
-        :param repository_name: The physical name of the repository that this action tracks.
+        :param ecr_image_digest_id: The sha256 digest of the image manifest.
+        :param ecr_repository_name: The name of the Amazon ECR repository where the image was pushed.
 
         :exampleMetadata: fixture=_generated
 
@@ -7555,65 +7768,32 @@ class EcrSourceVariables:
             # The values are placeholders you should change.
             from aws_cdk import aws_codepipeline_actions as codepipeline_actions
             
-            ecr_source_variables = codepipeline_actions.EcrSourceVariables(
-                image_digest="imageDigest",
-                image_tag="imageTag",
-                image_uri="imageUri",
-                registry_id="registryId",
-                repository_name="repositoryName"
+            ecr_build_and_publish_variables = codepipeline_actions.EcrBuildAndPublishVariables(
+                ecr_image_digest_id="ecrImageDigestId",
+                ecr_repository_name="ecrRepositoryName"
             )
         '''
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__2f3d2afe9ce2a85b2adf5373670c98f28d033d6c9016a1eb341ffa79450e6869)
-            check_type(argname="argument image_digest", value=image_digest, expected_type=type_hints["image_digest"])
-            check_type(argname="argument image_tag", value=image_tag, expected_type=type_hints["image_tag"])
-            check_type(argname="argument image_uri", value=image_uri, expected_type=type_hints["image_uri"])
-            check_type(argname="argument registry_id", value=registry_id, expected_type=type_hints["registry_id"])
-            check_type(argname="argument repository_name", value=repository_name, expected_type=type_hints["repository_name"])
+            type_hints = typing.get_type_hints(_typecheckingstub__91516fa8ca0077d312e46c891a6812f3570330144844a5f751633dbd6d3cdef7)
+            check_type(argname="argument ecr_image_digest_id", value=ecr_image_digest_id, expected_type=type_hints["ecr_image_digest_id"])
+            check_type(argname="argument ecr_repository_name", value=ecr_repository_name, expected_type=type_hints["ecr_repository_name"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
-            "image_digest": image_digest,
-            "image_tag": image_tag,
-            "image_uri": image_uri,
-            "registry_id": registry_id,
-            "repository_name": repository_name,
+            "ecr_image_digest_id": ecr_image_digest_id,
+            "ecr_repository_name": ecr_repository_name,
         }
 
     @builtins.property
-    def image_digest(self) -> builtins.str:
-        '''The digest of the current image, in the form ':'.'''
-        result = self._values.get("image_digest")
-        assert result is not None, "Required property 'image_digest' is missing"
+    def ecr_image_digest_id(self) -> builtins.str:
+        '''The sha256 digest of the image manifest.'''
+        result = self._values.get("ecr_image_digest_id")
+        assert result is not None, "Required property 'ecr_image_digest_id' is missing"
         return typing.cast(builtins.str, result)
 
     @builtins.property
-    def image_tag(self) -> builtins.str:
-        '''The Docker tag of the current image.'''
-        result = self._values.get("image_tag")
-        assert result is not None, "Required property 'image_tag' is missing"
-        return typing.cast(builtins.str, result)
-
-    @builtins.property
-    def image_uri(self) -> builtins.str:
-        '''The full ECR Docker URI of the current image.'''
-        result = self._values.get("image_uri")
-        assert result is not None, "Required property 'image_uri' is missing"
-        return typing.cast(builtins.str, result)
-
-    @builtins.property
-    def registry_id(self) -> builtins.str:
-        '''The identifier of the registry.
-
-        In ECR, this is usually the ID of the AWS account owning it.
-        '''
-        result = self._values.get("registry_id")
-        assert result is not None, "Required property 'registry_id' is missing"
-        return typing.cast(builtins.str, result)
-
-    @builtins.property
-    def repository_name(self) -> builtins.str:
-        '''The physical name of the repository that this action tracks.'''
-        result = self._values.get("repository_name")
-        assert result is not None, "Required property 'repository_name' is missing"
+    def ecr_repository_name(self) -> builtins.str:
+        '''The name of the Amazon ECR repository where the image was pushed.'''
+        result = self._values.get("ecr_repository_name")
+        assert result is not None, "Required property 'ecr_repository_name' is missing"
         return typing.cast(builtins.str, result)
 
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
@@ -7623,75 +7803,68 @@ class EcrSourceVariables:
         return not (rhs == self)
 
     def __repr__(self) -> str:
-        return "EcrSourceVariables(%s)" % ", ".join(
+        return "EcrBuildAndPublishVariables(%s)" % ", ".join(
             k + "=" + repr(v) for k, v in self._values.items()
         )
 
 
-class EcsDeployAction(
+class EcrSourceAction(
     Action,
     metaclass=jsii.JSIIMeta,
-    jsii_type="aws-cdk-lib.aws_codepipeline_actions.EcsDeployAction",
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.EcrSourceAction",
 ):
-    '''CodePipeline Action to deploy an ECS Service.
+    '''The ECR Repository source CodePipeline Action.
+
+    Will trigger the pipeline as soon as the target tag in the repository
+    changes, but only if there is a CloudTrail Trail in the account that
+    captures the ECR event.
 
     :exampleMetadata: infused
 
     Example::
 
-        import aws_cdk.aws_ecs as ecs
+        import aws_cdk.aws_ecr as ecr
         
-        # service: ecs.FargateService
+        # ecr_repository: ecr.Repository
         
         pipeline = codepipeline.Pipeline(self, "MyPipeline")
-        build_output = codepipeline.Artifact()
-        deploy_stage = pipeline.add_stage(
-            stage_name="Deploy",
-            actions=[
-                codepipeline_actions.EcsDeployAction(
-                    action_name="DeployAction",
-                    service=service,
-                    # if your file is called imagedefinitions.json,
-                    # use the `input` property,
-                    # and leave out the `imageFile` property
-                    input=build_output,
-                    # if your file name is _not_ imagedefinitions.json,
-                    # use the `imageFile` property,
-                    # and leave out the `input` property
-                    image_file=build_output.at_path("imageDef.json"),
-                    deployment_timeout=Duration.minutes(60)
-                )
-            ]
+        source_output = codepipeline.Artifact()
+        source_action = codepipeline_actions.EcrSourceAction(
+            action_name="ECR",
+            repository=ecr_repository,
+            image_tag="some-tag",  # optional, default: 'latest'
+            output=source_output
+        )
+        pipeline.add_stage(
+            stage_name="Source",
+            actions=[source_action]
         )
     '''
 
     def __init__(
         self,
         *,
-        service: _IBaseService_3fcdd913,
-        deployment_timeout: typing.Optional[_Duration_4839e8c3] = None,
-        image_file: typing.Optional[_ArtifactPath_bf444090] = None,
-        input: typing.Optional[_Artifact_0cb05964] = None,
+        output: _Artifact_0cb05964,
+        repository: _IRepository_e6004aa6,
+        image_tag: typing.Optional[builtins.str] = None,
         role: typing.Optional[_IRole_235f5d8e] = None,
         action_name: builtins.str,
         run_order: typing.Optional[jsii.Number] = None,
         variables_namespace: typing.Optional[builtins.str] = None,
     ) -> None:
         '''
-        :param service: The ECS Service to deploy.
-        :param deployment_timeout: Timeout for the ECS deployment in minutes. Value must be between 1-60. Default: - 60 minutes
-        :param image_file: The name of the JSON image definitions file to use for deployments. The JSON file is a list of objects, each with 2 keys: ``name`` is the name of the container in the Task Definition, and ``imageUri`` is the Docker image URI you want to update your service with. Use this property if you want to use a different name for this file than the default 'imagedefinitions.json'. If you use this property, you don't need to specify the ``input`` property. Default: - one of this property, or ``input``, is required
-        :param input: The input artifact that contains the JSON image definitions file to use for deployments. The JSON file is a list of objects, each with 2 keys: ``name`` is the name of the container in the Task Definition, and ``imageUri`` is the Docker image URI you want to update your service with. If you use this property, it's assumed the file is called 'imagedefinitions.json'. If your build uses a different file, leave this property empty, and use the ``imageFile`` property instead. Default: - one of this property, or ``imageFile``, is required
+        :param output: 
+        :param repository: The repository that will be watched for changes.
+        :param image_tag: The image tag that will be checked for changes. It is not possible to trigger on changes to more than one tag. Default: 'latest'
         :param role: The Role in which context's this Action will be executing in. The Pipeline's Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your ``IAction.bind`` method in the ``ActionBindOptions.role`` property. Default: a new Role will be generated
         :param action_name: The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.
         :param run_order: The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1
         :param variables_namespace: The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action's variables were referenced - otherwise, no namespace will be set
         '''
-        props = EcsDeployActionProps(
-            service=service,
-            deployment_timeout=deployment_timeout,
-            image_file=image_file,
-            input=input,
+        props = EcrSourceActionProps(
+            output=output,
+            repository=repository,
+            image_tag=image_tag,
             role=role,
             action_name=action_name,
             run_order=run_order,
@@ -7703,43 +7876,48 @@ class EcsDeployAction(
     @jsii.member(jsii_name="bound")
     def _bound(
         self,
-        _scope: _constructs_77d1e7e8.Construct,
-        _stage: _IStage_415fc571,
+        scope: _constructs_77d1e7e8.Construct,
+        stage: _IStage_415fc571,
         *,
         bucket: _IBucket_42e086fd,
         role: _IRole_235f5d8e,
     ) -> _ActionConfig_846fc217:
         '''This is a renamed version of the ``IAction.bind`` method.
 
-        :param _scope: -
-        :param _stage: -
+        :param scope: -
+        :param stage: -
         :param bucket: 
         :param role: 
         '''
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__be96a039b024c460a7c791a692e2aa8519216e3bb3e6afdbbddda461d96791e4)
-            check_type(argname="argument _scope", value=_scope, expected_type=type_hints["_scope"])
-            check_type(argname="argument _stage", value=_stage, expected_type=type_hints["_stage"])
+            type_hints = typing.get_type_hints(_typecheckingstub__d95f17ce1dc91ce862a33fcb114ba70ca493fdcf80aba4bd2b33da0283823b94)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument stage", value=stage, expected_type=type_hints["stage"])
         options = _ActionBindOptions_3a612254(bucket=bucket, role=role)
 
-        return typing.cast(_ActionConfig_846fc217, jsii.invoke(self, "bound", [_scope, _stage, options]))
+        return typing.cast(_ActionConfig_846fc217, jsii.invoke(self, "bound", [scope, stage, options]))
+
+    @builtins.property
+    @jsii.member(jsii_name="variables")
+    def variables(self) -> "EcrSourceVariables":
+        '''The variables emitted by this action.'''
+        return typing.cast("EcrSourceVariables", jsii.get(self, "variables"))
 
 
 @jsii.data_type(
-    jsii_type="aws-cdk-lib.aws_codepipeline_actions.EcsDeployActionProps",
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.EcrSourceActionProps",
     jsii_struct_bases=[_CommonAwsActionProps_8b809bb6],
     name_mapping={
         "action_name": "actionName",
         "run_order": "runOrder",
         "variables_namespace": "variablesNamespace",
         "role": "role",
-        "service": "service",
-        "deployment_timeout": "deploymentTimeout",
-        "image_file": "imageFile",
-        "input": "input",
+        "output": "output",
+        "repository": "repository",
+        "image_tag": "imageTag",
     },
 )
-class EcsDeployActionProps(_CommonAwsActionProps_8b809bb6):
+class EcrSourceActionProps(_CommonAwsActionProps_8b809bb6):
     def __init__(
         self,
         *,
@@ -7747,64 +7925,54 @@ class EcsDeployActionProps(_CommonAwsActionProps_8b809bb6):
         run_order: typing.Optional[jsii.Number] = None,
         variables_namespace: typing.Optional[builtins.str] = None,
         role: typing.Optional[_IRole_235f5d8e] = None,
-        service: _IBaseService_3fcdd913,
-        deployment_timeout: typing.Optional[_Duration_4839e8c3] = None,
-        image_file: typing.Optional[_ArtifactPath_bf444090] = None,
-        input: typing.Optional[_Artifact_0cb05964] = None,
+        output: _Artifact_0cb05964,
+        repository: _IRepository_e6004aa6,
+        image_tag: typing.Optional[builtins.str] = None,
     ) -> None:
-        '''Construction properties of ``EcsDeployAction``.
+        '''Construction properties of ``EcrSourceAction``.
 
         :param action_name: The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.
         :param run_order: The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1
         :param variables_namespace: The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action's variables were referenced - otherwise, no namespace will be set
         :param role: The Role in which context's this Action will be executing in. The Pipeline's Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your ``IAction.bind`` method in the ``ActionBindOptions.role`` property. Default: a new Role will be generated
-        :param service: The ECS Service to deploy.
-        :param deployment_timeout: Timeout for the ECS deployment in minutes. Value must be between 1-60. Default: - 60 minutes
-        :param image_file: The name of the JSON image definitions file to use for deployments. The JSON file is a list of objects, each with 2 keys: ``name`` is the name of the container in the Task Definition, and ``imageUri`` is the Docker image URI you want to update your service with. Use this property if you want to use a different name for this file than the default 'imagedefinitions.json'. If you use this property, you don't need to specify the ``input`` property. Default: - one of this property, or ``input``, is required
-        :param input: The input artifact that contains the JSON image definitions file to use for deployments. The JSON file is a list of objects, each with 2 keys: ``name`` is the name of the container in the Task Definition, and ``imageUri`` is the Docker image URI you want to update your service with. If you use this property, it's assumed the file is called 'imagedefinitions.json'. If your build uses a different file, leave this property empty, and use the ``imageFile`` property instead. Default: - one of this property, or ``imageFile``, is required
+        :param output: 
+        :param repository: The repository that will be watched for changes.
+        :param image_tag: The image tag that will be checked for changes. It is not possible to trigger on changes to more than one tag. Default: 'latest'
 
         :exampleMetadata: infused
 
         Example::
 
-            import aws_cdk.aws_ecs as ecs
+            import aws_cdk.aws_ecr as ecr
             
-            # service: ecs.FargateService
+            # ecr_repository: ecr.Repository
             
             pipeline = codepipeline.Pipeline(self, "MyPipeline")
-            build_output = codepipeline.Artifact()
-            deploy_stage = pipeline.add_stage(
-                stage_name="Deploy",
-                actions=[
-                    codepipeline_actions.EcsDeployAction(
-                        action_name="DeployAction",
-                        service=service,
-                        # if your file is called imagedefinitions.json,
-                        # use the `input` property,
-                        # and leave out the `imageFile` property
-                        input=build_output,
-                        # if your file name is _not_ imagedefinitions.json,
-                        # use the `imageFile` property,
-                        # and leave out the `input` property
-                        image_file=build_output.at_path("imageDef.json"),
-                        deployment_timeout=Duration.minutes(60)
-                    )
-                ]
+            source_output = codepipeline.Artifact()
+            source_action = codepipeline_actions.EcrSourceAction(
+                action_name="ECR",
+                repository=ecr_repository,
+                image_tag="some-tag",  # optional, default: 'latest'
+                output=source_output
+            )
+            pipeline.add_stage(
+                stage_name="Source",
+                actions=[source_action]
             )
         '''
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__052d1a96cb5e98030c631b73844681f696c3084f35bce11c7436ca1e994cb668)
+            type_hints = typing.get_type_hints(_typecheckingstub__8ba2cd26256aa79e321d4f53bd1f303945241d77de68904ac98b7a536a387ca2)
             check_type(argname="argument action_name", value=action_name, expected_type=type_hints["action_name"])
             check_type(argname="argument run_order", value=run_order, expected_type=type_hints["run_order"])
             check_type(argname="argument variables_namespace", value=variables_namespace, expected_type=type_hints["variables_namespace"])
             check_type(argname="argument role", value=role, expected_type=type_hints["role"])
-            check_type(argname="argument service", value=service, expected_type=type_hints["service"])
-            check_type(argname="argument deployment_timeout", value=deployment_timeout, expected_type=type_hints["deployment_timeout"])
-            check_type(argname="argument image_file", value=image_file, expected_type=type_hints["image_file"])
-            check_type(argname="argument input", value=input, expected_type=type_hints["input"])
+            check_type(argname="argument output", value=output, expected_type=type_hints["output"])
+            check_type(argname="argument repository", value=repository, expected_type=type_hints["repository"])
+            check_type(argname="argument image_tag", value=image_tag, expected_type=type_hints["image_tag"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "action_name": action_name,
-            "service": service,
+            "output": output,
+            "repository": repository,
         }
         if run_order is not None:
             self._values["run_order"] = run_order
@@ -7812,12 +7980,8 @@ class EcsDeployActionProps(_CommonAwsActionProps_8b809bb6):
             self._values["variables_namespace"] = variables_namespace
         if role is not None:
             self._values["role"] = role
-        if deployment_timeout is not None:
-            self._values["deployment_timeout"] = deployment_timeout
-        if image_file is not None:
-            self._values["image_file"] = image_file
-        if input is not None:
-            self._values["input"] = input
+        if image_tag is not None:
+            self._values["image_tag"] = image_tag
 
     @builtins.property
     def action_name(self) -> builtins.str:
@@ -7871,59 +8035,28 @@ class EcsDeployActionProps(_CommonAwsActionProps_8b809bb6):
         return typing.cast(typing.Optional[_IRole_235f5d8e], result)
 
     @builtins.property
-    def service(self) -> _IBaseService_3fcdd913:
-        '''The ECS Service to deploy.'''
-        result = self._values.get("service")
-        assert result is not None, "Required property 'service' is missing"
-        return typing.cast(_IBaseService_3fcdd913, result)
-
-    @builtins.property
-    def deployment_timeout(self) -> typing.Optional[_Duration_4839e8c3]:
-        '''Timeout for the ECS deployment in minutes.
-
-        Value must be between 1-60.
-
-        :default: - 60 minutes
-
-        :see: https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-ECS.html
-        '''
-        result = self._values.get("deployment_timeout")
-        return typing.cast(typing.Optional[_Duration_4839e8c3], result)
+    def output(self) -> _Artifact_0cb05964:
+        result = self._values.get("output")
+        assert result is not None, "Required property 'output' is missing"
+        return typing.cast(_Artifact_0cb05964, result)
 
     @builtins.property
-    def image_file(self) -> typing.Optional[_ArtifactPath_bf444090]:
-        '''The name of the JSON image definitions file to use for deployments.
-
-        The JSON file is a list of objects,
-        each with 2 keys: ``name`` is the name of the container in the Task Definition,
-        and ``imageUri`` is the Docker image URI you want to update your service with.
-        Use this property if you want to use a different name for this file than the default 'imagedefinitions.json'.
-        If you use this property, you don't need to specify the ``input`` property.
-
-        :default: - one of this property, or ``input``, is required
-
-        :see: https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-create.html#pipelines-create-image-definitions
-        '''
-        result = self._values.get("image_file")
-        return typing.cast(typing.Optional[_ArtifactPath_bf444090], result)
+    def repository(self) -> _IRepository_e6004aa6:
+        '''The repository that will be watched for changes.'''
+        result = self._values.get("repository")
+        assert result is not None, "Required property 'repository' is missing"
+        return typing.cast(_IRepository_e6004aa6, result)
 
     @builtins.property
-    def input(self) -> typing.Optional[_Artifact_0cb05964]:
-        '''The input artifact that contains the JSON image definitions file to use for deployments.
-
-        The JSON file is a list of objects,
-        each with 2 keys: ``name`` is the name of the container in the Task Definition,
-        and ``imageUri`` is the Docker image URI you want to update your service with.
-        If you use this property, it's assumed the file is called 'imagedefinitions.json'.
-        If your build uses a different file, leave this property empty,
-        and use the ``imageFile`` property instead.
+    def image_tag(self) -> typing.Optional[builtins.str]:
+        '''The image tag that will be checked for changes.
 
-        :default: - one of this property, or ``imageFile``, is required
+        It is not possible to trigger on changes to more than one tag.
 
-        :see: https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-create.html#pipelines-create-image-definitions
+        :default: 'latest'
         '''
-        result = self._values.get("input")
-        return typing.cast(typing.Optional[_Artifact_0cb05964], result)
+        result = self._values.get("image_tag")
+        return typing.cast(typing.Optional[builtins.str], result)
 
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
@@ -7932,62 +8065,184 @@ class EcsDeployActionProps(_CommonAwsActionProps_8b809bb6):
         return not (rhs == self)
 
     def __repr__(self) -> str:
-        return "EcsDeployActionProps(%s)" % ", ".join(
+        return "EcrSourceActionProps(%s)" % ", ".join(
             k + "=" + repr(v) for k, v in self._values.items()
         )
 
 
-class ElasticBeanstalkDeployAction(
-    Action,
-    metaclass=jsii.JSIIMeta,
-    jsii_type="aws-cdk-lib.aws_codepipeline_actions.ElasticBeanstalkDeployAction",
-):
-    '''CodePipeline action to deploy an AWS ElasticBeanstalk Application.
-
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.EcrSourceVariables",
+    jsii_struct_bases=[],
+    name_mapping={
+        "image_digest": "imageDigest",
+        "image_tag": "imageTag",
+        "image_uri": "imageUri",
+        "registry_id": "registryId",
+        "repository_name": "repositoryName",
+    },
+)
+class EcrSourceVariables:
+    def __init__(
+        self,
+        *,
+        image_digest: builtins.str,
+        image_tag: builtins.str,
+        image_uri: builtins.str,
+        registry_id: builtins.str,
+        repository_name: builtins.str,
+    ) -> None:
+        '''The CodePipeline variables emitted by the ECR source Action.
+
+        :param image_digest: The digest of the current image, in the form ':'.
+        :param image_tag: The Docker tag of the current image.
+        :param image_uri: The full ECR Docker URI of the current image.
+        :param registry_id: The identifier of the registry. In ECR, this is usually the ID of the AWS account owning it.
+        :param repository_name: The physical name of the repository that this action tracks.
+
+        :exampleMetadata: fixture=_generated
+
+        Example::
+
+            # The code below shows an example of how to instantiate this type.
+            # The values are placeholders you should change.
+            from aws_cdk import aws_codepipeline_actions as codepipeline_actions
+            
+            ecr_source_variables = codepipeline_actions.EcrSourceVariables(
+                image_digest="imageDigest",
+                image_tag="imageTag",
+                image_uri="imageUri",
+                registry_id="registryId",
+                repository_name="repositoryName"
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__2f3d2afe9ce2a85b2adf5373670c98f28d033d6c9016a1eb341ffa79450e6869)
+            check_type(argname="argument image_digest", value=image_digest, expected_type=type_hints["image_digest"])
+            check_type(argname="argument image_tag", value=image_tag, expected_type=type_hints["image_tag"])
+            check_type(argname="argument image_uri", value=image_uri, expected_type=type_hints["image_uri"])
+            check_type(argname="argument registry_id", value=registry_id, expected_type=type_hints["registry_id"])
+            check_type(argname="argument repository_name", value=repository_name, expected_type=type_hints["repository_name"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "image_digest": image_digest,
+            "image_tag": image_tag,
+            "image_uri": image_uri,
+            "registry_id": registry_id,
+            "repository_name": repository_name,
+        }
+
+    @builtins.property
+    def image_digest(self) -> builtins.str:
+        '''The digest of the current image, in the form ':'.'''
+        result = self._values.get("image_digest")
+        assert result is not None, "Required property 'image_digest' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def image_tag(self) -> builtins.str:
+        '''The Docker tag of the current image.'''
+        result = self._values.get("image_tag")
+        assert result is not None, "Required property 'image_tag' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def image_uri(self) -> builtins.str:
+        '''The full ECR Docker URI of the current image.'''
+        result = self._values.get("image_uri")
+        assert result is not None, "Required property 'image_uri' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def registry_id(self) -> builtins.str:
+        '''The identifier of the registry.
+
+        In ECR, this is usually the ID of the AWS account owning it.
+        '''
+        result = self._values.get("registry_id")
+        assert result is not None, "Required property 'registry_id' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def repository_name(self) -> builtins.str:
+        '''The physical name of the repository that this action tracks.'''
+        result = self._values.get("repository_name")
+        assert result is not None, "Required property 'repository_name' is missing"
+        return typing.cast(builtins.str, result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "EcrSourceVariables(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
+class EcsDeployAction(
+    Action,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.EcsDeployAction",
+):
+    '''CodePipeline Action to deploy an ECS Service.
+
     :exampleMetadata: infused
 
     Example::
 
-        source_output = codepipeline.Artifact()
-        target_bucket = s3.Bucket(self, "MyBucket")
+        import aws_cdk.aws_ecs as ecs
         
-        pipeline = codepipeline.Pipeline(self, "MyPipeline")
-        deploy_action = codepipeline_actions.ElasticBeanstalkDeployAction(
-            action_name="ElasticBeanstalkDeploy",
-            input=source_output,
-            environment_name="envName",
-            application_name="appName"
-        )
+        # service: ecs.FargateService
         
+        pipeline = codepipeline.Pipeline(self, "MyPipeline")
+        build_output = codepipeline.Artifact()
         deploy_stage = pipeline.add_stage(
             stage_name="Deploy",
-            actions=[deploy_action]
+            actions=[
+                codepipeline_actions.EcsDeployAction(
+                    action_name="DeployAction",
+                    service=service,
+                    # if your file is called imagedefinitions.json,
+                    # use the `input` property,
+                    # and leave out the `imageFile` property
+                    input=build_output,
+                    # if your file name is _not_ imagedefinitions.json,
+                    # use the `imageFile` property,
+                    # and leave out the `input` property
+                    image_file=build_output.at_path("imageDef.json"),
+                    deployment_timeout=Duration.minutes(60)
+                )
+            ]
         )
     '''
 
     def __init__(
         self,
         *,
-        application_name: builtins.str,
-        environment_name: builtins.str,
-        input: _Artifact_0cb05964,
+        service: _IBaseService_3fcdd913,
+        deployment_timeout: typing.Optional[_Duration_4839e8c3] = None,
+        image_file: typing.Optional[_ArtifactPath_bf444090] = None,
+        input: typing.Optional[_Artifact_0cb05964] = None,
         role: typing.Optional[_IRole_235f5d8e] = None,
         action_name: builtins.str,
         run_order: typing.Optional[jsii.Number] = None,
         variables_namespace: typing.Optional[builtins.str] = None,
     ) -> None:
         '''
-        :param application_name: The name of the AWS Elastic Beanstalk application to deploy.
-        :param environment_name: The name of the AWS Elastic Beanstalk environment to deploy to.
-        :param input: The source to use as input for deployment.
+        :param service: The ECS Service to deploy.
+        :param deployment_timeout: Timeout for the ECS deployment in minutes. Value must be between 1-60. Default: - 60 minutes
+        :param image_file: The name of the JSON image definitions file to use for deployments. The JSON file is a list of objects, each with 2 keys: ``name`` is the name of the container in the Task Definition, and ``imageUri`` is the Docker image URI you want to update your service with. Use this property if you want to use a different name for this file than the default 'imagedefinitions.json'. If you use this property, you don't need to specify the ``input`` property. Default: - one of this property, or ``input``, is required
+        :param input: The input artifact that contains the JSON image definitions file to use for deployments. The JSON file is a list of objects, each with 2 keys: ``name`` is the name of the container in the Task Definition, and ``imageUri`` is the Docker image URI you want to update your service with. If you use this property, it's assumed the file is called 'imagedefinitions.json'. If your build uses a different file, leave this property empty, and use the ``imageFile`` property instead. Default: - one of this property, or ``imageFile``, is required
         :param role: The Role in which context's this Action will be executing in. The Pipeline's Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your ``IAction.bind`` method in the ``ActionBindOptions.role`` property. Default: a new Role will be generated
         :param action_name: The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.
         :param run_order: The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1
         :param variables_namespace: The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action's variables were referenced - otherwise, no namespace will be set
         '''
-        props = ElasticBeanstalkDeployActionProps(
-            application_name=application_name,
-            environment_name=environment_name,
+        props = EcsDeployActionProps(
+            service=service,
+            deployment_timeout=deployment_timeout,
+            image_file=image_file,
             input=input,
             role=role,
             action_name=action_name,
@@ -8014,7 +8269,7 @@ class ElasticBeanstalkDeployAction(
         :param role: 
         '''
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__90d15e5a70442fef857b5816004694cfb626f4f582d5c9ed8e730f6c4815b190)
+            type_hints = typing.get_type_hints(_typecheckingstub__be96a039b024c460a7c791a692e2aa8519216e3bb3e6afdbbddda461d96791e4)
             check_type(argname="argument _scope", value=_scope, expected_type=type_hints["_scope"])
             check_type(argname="argument _stage", value=_stage, expected_type=type_hints["_stage"])
         options = _ActionBindOptions_3a612254(bucket=bucket, role=role)
@@ -8023,19 +8278,20 @@ class ElasticBeanstalkDeployAction(
 
 
 @jsii.data_type(
-    jsii_type="aws-cdk-lib.aws_codepipeline_actions.ElasticBeanstalkDeployActionProps",
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.EcsDeployActionProps",
     jsii_struct_bases=[_CommonAwsActionProps_8b809bb6],
     name_mapping={
         "action_name": "actionName",
         "run_order": "runOrder",
         "variables_namespace": "variablesNamespace",
         "role": "role",
-        "application_name": "applicationName",
-        "environment_name": "environmentName",
+        "service": "service",
+        "deployment_timeout": "deploymentTimeout",
+        "image_file": "imageFile",
         "input": "input",
     },
 )
-class ElasticBeanstalkDeployActionProps(_CommonAwsActionProps_8b809bb6):
+class EcsDeployActionProps(_CommonAwsActionProps_8b809bb6):
     def __init__(
         self,
         *,
@@ -8043,54 +8299,64 @@ class ElasticBeanstalkDeployActionProps(_CommonAwsActionProps_8b809bb6):
         run_order: typing.Optional[jsii.Number] = None,
         variables_namespace: typing.Optional[builtins.str] = None,
         role: typing.Optional[_IRole_235f5d8e] = None,
-        application_name: builtins.str,
-        environment_name: builtins.str,
-        input: _Artifact_0cb05964,
+        service: _IBaseService_3fcdd913,
+        deployment_timeout: typing.Optional[_Duration_4839e8c3] = None,
+        image_file: typing.Optional[_ArtifactPath_bf444090] = None,
+        input: typing.Optional[_Artifact_0cb05964] = None,
     ) -> None:
-        '''Construction properties of the ``ElasticBeanstalkDeployAction Elastic Beanstalk deploy CodePipeline Action``.
+        '''Construction properties of ``EcsDeployAction``.
 
         :param action_name: The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.
         :param run_order: The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1
         :param variables_namespace: The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action's variables were referenced - otherwise, no namespace will be set
         :param role: The Role in which context's this Action will be executing in. The Pipeline's Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your ``IAction.bind`` method in the ``ActionBindOptions.role`` property. Default: a new Role will be generated
-        :param application_name: The name of the AWS Elastic Beanstalk application to deploy.
-        :param environment_name: The name of the AWS Elastic Beanstalk environment to deploy to.
-        :param input: The source to use as input for deployment.
+        :param service: The ECS Service to deploy.
+        :param deployment_timeout: Timeout for the ECS deployment in minutes. Value must be between 1-60. Default: - 60 minutes
+        :param image_file: The name of the JSON image definitions file to use for deployments. The JSON file is a list of objects, each with 2 keys: ``name`` is the name of the container in the Task Definition, and ``imageUri`` is the Docker image URI you want to update your service with. Use this property if you want to use a different name for this file than the default 'imagedefinitions.json'. If you use this property, you don't need to specify the ``input`` property. Default: - one of this property, or ``input``, is required
+        :param input: The input artifact that contains the JSON image definitions file to use for deployments. The JSON file is a list of objects, each with 2 keys: ``name`` is the name of the container in the Task Definition, and ``imageUri`` is the Docker image URI you want to update your service with. If you use this property, it's assumed the file is called 'imagedefinitions.json'. If your build uses a different file, leave this property empty, and use the ``imageFile`` property instead. Default: - one of this property, or ``imageFile``, is required
 
         :exampleMetadata: infused
 
         Example::
 
-            source_output = codepipeline.Artifact()
-            target_bucket = s3.Bucket(self, "MyBucket")
+            import aws_cdk.aws_ecs as ecs
             
-            pipeline = codepipeline.Pipeline(self, "MyPipeline")
-            deploy_action = codepipeline_actions.ElasticBeanstalkDeployAction(
-                action_name="ElasticBeanstalkDeploy",
-                input=source_output,
-                environment_name="envName",
-                application_name="appName"
-            )
+            # service: ecs.FargateService
             
+            pipeline = codepipeline.Pipeline(self, "MyPipeline")
+            build_output = codepipeline.Artifact()
             deploy_stage = pipeline.add_stage(
                 stage_name="Deploy",
-                actions=[deploy_action]
+                actions=[
+                    codepipeline_actions.EcsDeployAction(
+                        action_name="DeployAction",
+                        service=service,
+                        # if your file is called imagedefinitions.json,
+                        # use the `input` property,
+                        # and leave out the `imageFile` property
+                        input=build_output,
+                        # if your file name is _not_ imagedefinitions.json,
+                        # use the `imageFile` property,
+                        # and leave out the `input` property
+                        image_file=build_output.at_path("imageDef.json"),
+                        deployment_timeout=Duration.minutes(60)
+                    )
+                ]
             )
         '''
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__7dfb6eab17a4b9c49e6f29e3d5131f77f2005e43cb0d72bd5908a97cc91ac140)
+            type_hints = typing.get_type_hints(_typecheckingstub__052d1a96cb5e98030c631b73844681f696c3084f35bce11c7436ca1e994cb668)
             check_type(argname="argument action_name", value=action_name, expected_type=type_hints["action_name"])
             check_type(argname="argument run_order", value=run_order, expected_type=type_hints["run_order"])
             check_type(argname="argument variables_namespace", value=variables_namespace, expected_type=type_hints["variables_namespace"])
             check_type(argname="argument role", value=role, expected_type=type_hints["role"])
-            check_type(argname="argument application_name", value=application_name, expected_type=type_hints["application_name"])
-            check_type(argname="argument environment_name", value=environment_name, expected_type=type_hints["environment_name"])
+            check_type(argname="argument service", value=service, expected_type=type_hints["service"])
+            check_type(argname="argument deployment_timeout", value=deployment_timeout, expected_type=type_hints["deployment_timeout"])
+            check_type(argname="argument image_file", value=image_file, expected_type=type_hints["image_file"])
             check_type(argname="argument input", value=input, expected_type=type_hints["input"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "action_name": action_name,
-            "application_name": application_name,
-            "environment_name": environment_name,
-            "input": input,
+            "service": service,
         }
         if run_order is not None:
             self._values["run_order"] = run_order
@@ -8098,6 +8364,12 @@ class ElasticBeanstalkDeployActionProps(_CommonAwsActionProps_8b809bb6):
             self._values["variables_namespace"] = variables_namespace
         if role is not None:
             self._values["role"] = role
+        if deployment_timeout is not None:
+            self._values["deployment_timeout"] = deployment_timeout
+        if image_file is not None:
+            self._values["image_file"] = image_file
+        if input is not None:
+            self._values["input"] = input
 
     @builtins.property
     def action_name(self) -> builtins.str:
@@ -8151,25 +8423,59 @@ class ElasticBeanstalkDeployActionProps(_CommonAwsActionProps_8b809bb6):
         return typing.cast(typing.Optional[_IRole_235f5d8e], result)
 
     @builtins.property
-    def application_name(self) -> builtins.str:
-        '''The name of the AWS Elastic Beanstalk application to deploy.'''
-        result = self._values.get("application_name")
-        assert result is not None, "Required property 'application_name' is missing"
-        return typing.cast(builtins.str, result)
+    def service(self) -> _IBaseService_3fcdd913:
+        '''The ECS Service to deploy.'''
+        result = self._values.get("service")
+        assert result is not None, "Required property 'service' is missing"
+        return typing.cast(_IBaseService_3fcdd913, result)
 
     @builtins.property
-    def environment_name(self) -> builtins.str:
-        '''The name of the AWS Elastic Beanstalk environment to deploy to.'''
-        result = self._values.get("environment_name")
-        assert result is not None, "Required property 'environment_name' is missing"
-        return typing.cast(builtins.str, result)
-
+    def deployment_timeout(self) -> typing.Optional[_Duration_4839e8c3]:
+        '''Timeout for the ECS deployment in minutes.
+
+        Value must be between 1-60.
+
+        :default: - 60 minutes
+
+        :see: https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-ECS.html
+        '''
+        result = self._values.get("deployment_timeout")
+        return typing.cast(typing.Optional[_Duration_4839e8c3], result)
+
     @builtins.property
-    def input(self) -> _Artifact_0cb05964:
-        '''The source to use as input for deployment.'''
+    def image_file(self) -> typing.Optional[_ArtifactPath_bf444090]:
+        '''The name of the JSON image definitions file to use for deployments.
+
+        The JSON file is a list of objects,
+        each with 2 keys: ``name`` is the name of the container in the Task Definition,
+        and ``imageUri`` is the Docker image URI you want to update your service with.
+        Use this property if you want to use a different name for this file than the default 'imagedefinitions.json'.
+        If you use this property, you don't need to specify the ``input`` property.
+
+        :default: - one of this property, or ``input``, is required
+
+        :see: https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-create.html#pipelines-create-image-definitions
+        '''
+        result = self._values.get("image_file")
+        return typing.cast(typing.Optional[_ArtifactPath_bf444090], result)
+
+    @builtins.property
+    def input(self) -> typing.Optional[_Artifact_0cb05964]:
+        '''The input artifact that contains the JSON image definitions file to use for deployments.
+
+        The JSON file is a list of objects,
+        each with 2 keys: ``name`` is the name of the container in the Task Definition,
+        and ``imageUri`` is the Docker image URI you want to update your service with.
+        If you use this property, it's assumed the file is called 'imagedefinitions.json'.
+        If your build uses a different file, leave this property empty,
+        and use the ``imageFile`` property instead.
+
+        :default: - one of this property, or ``imageFile``, is required
+
+        :see: https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-create.html#pipelines-create-image-definitions
+        '''
         result = self._values.get("input")
-        assert result is not None, "Required property 'input' is missing"
-        return typing.cast(_Artifact_0cb05964, result)
+        return typing.cast(typing.Optional[_Artifact_0cb05964], result)
 
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
@@ -8178,70 +8484,64 @@ class ElasticBeanstalkDeployActionProps(_CommonAwsActionProps_8b809bb6):
         return not (rhs == self)
 
     def __repr__(self) -> str:
-        return "ElasticBeanstalkDeployActionProps(%s)" % ", ".join(
+        return "EcsDeployActionProps(%s)" % ", ".join(
             k + "=" + repr(v) for k, v in self._values.items()
         )
 
 
-class GitHubSourceAction(
+class ElasticBeanstalkDeployAction(
     Action,
     metaclass=jsii.JSIIMeta,
-    jsii_type="aws-cdk-lib.aws_codepipeline_actions.GitHubSourceAction",
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.ElasticBeanstalkDeployAction",
 ):
-    '''Source that is provided by a GitHub repository.
+    '''CodePipeline action to deploy an AWS ElasticBeanstalk Application.
 
     :exampleMetadata: infused
 
     Example::
 
-        # Read the secret from Secrets Manager
-        pipeline = codepipeline.Pipeline(self, "MyPipeline")
         source_output = codepipeline.Artifact()
-        source_action = codepipeline_actions.GitHubSourceAction(
-            action_name="GitHub_Source",
-            owner="awslabs",
-            repo="aws-cdk",
-            oauth_token=SecretValue.secrets_manager("my-github-token"),
-            output=source_output,
-            branch="develop"
+        target_bucket = s3.Bucket(self, "MyBucket")
+        
+        pipeline = codepipeline.Pipeline(self, "MyPipeline")
+        deploy_action = codepipeline_actions.ElasticBeanstalkDeployAction(
+            action_name="ElasticBeanstalkDeploy",
+            input=source_output,
+            environment_name="envName",
+            application_name="appName"
         )
-        pipeline.add_stage(
-            stage_name="Source",
-            actions=[source_action]
+        
+        deploy_stage = pipeline.add_stage(
+            stage_name="Deploy",
+            actions=[deploy_action]
         )
     '''
 
     def __init__(
         self,
         *,
-        oauth_token: _SecretValue_3dd0ddae,
-        output: _Artifact_0cb05964,
-        owner: builtins.str,
-        repo: builtins.str,
-        branch: typing.Optional[builtins.str] = None,
-        trigger: typing.Optional["GitHubTrigger"] = None,
+        application_name: builtins.str,
+        environment_name: builtins.str,
+        input: _Artifact_0cb05964,
+        role: typing.Optional[_IRole_235f5d8e] = None,
         action_name: builtins.str,
         run_order: typing.Optional[jsii.Number] = None,
         variables_namespace: typing.Optional[builtins.str] = None,
     ) -> None:
         '''
-        :param oauth_token: A GitHub OAuth token to use for authentication. It is recommended to use a Secrets Manager ``Secret`` to obtain the token: const oauth = cdk.SecretValue.secretsManager('my-github-token'); new GitHubSourceAction(this, 'GitHubAction', { oauthToken: oauth, ... }); If you rotate the value in the Secret, you must also change at least one property of the CodePipeline to force CloudFormation to re-read the secret. The GitHub Personal Access Token should have these scopes: - **repo** - to read the repository - **admin:repo_hook** - if you plan to use webhooks (true by default)
-        :param output: 
-        :param owner: The GitHub account/user that owns the repo.
-        :param repo: The name of the repo, without the username.
-        :param branch: The branch to use. Default: "master"
-        :param trigger: How AWS CodePipeline should be triggered. With the default value "WEBHOOK", a webhook is created in GitHub that triggers the action With "POLL", CodePipeline periodically checks the source for changes With "None", the action is not triggered through changes in the source To use ``WEBHOOK``, your GitHub Personal Access Token should have **admin:repo_hook** scope (in addition to the regular **repo** scope). Default: GitHubTrigger.WEBHOOK
+        :param application_name: The name of the AWS Elastic Beanstalk application to deploy.
+        :param environment_name: The name of the AWS Elastic Beanstalk environment to deploy to.
+        :param input: The source to use as input for deployment.
+        :param role: The Role in which context's this Action will be executing in. The Pipeline's Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your ``IAction.bind`` method in the ``ActionBindOptions.role`` property. Default: a new Role will be generated
         :param action_name: The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.
         :param run_order: The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1
         :param variables_namespace: The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action's variables were referenced - otherwise, no namespace will be set
         '''
-        props = GitHubSourceActionProps(
-            oauth_token=oauth_token,
-            output=output,
-            owner=owner,
-            repo=repo,
-            branch=branch,
-            trigger=trigger,
+        props = ElasticBeanstalkDeployActionProps(
+            application_name=application_name,
+            environment_name=environment_name,
+            input=input,
+            role=role,
             action_name=action_name,
             run_order=run_order,
             variables_namespace=variables_namespace,
@@ -8252,121 +8552,104 @@ class GitHubSourceAction(
     @jsii.member(jsii_name="bound")
     def _bound(
         self,
-        scope: _constructs_77d1e7e8.Construct,
-        stage: _IStage_415fc571,
+        _scope: _constructs_77d1e7e8.Construct,
+        _stage: _IStage_415fc571,
         *,
         bucket: _IBucket_42e086fd,
         role: _IRole_235f5d8e,
     ) -> _ActionConfig_846fc217:
         '''This is a renamed version of the ``IAction.bind`` method.
 
-        :param scope: -
-        :param stage: -
+        :param _scope: -
+        :param _stage: -
         :param bucket: 
         :param role: 
         '''
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__0d8955359f0f5e27f55406175fafdd393ec53543baf2e52d8ee262c5b113fa80)
-            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
-            check_type(argname="argument stage", value=stage, expected_type=type_hints["stage"])
-        _options = _ActionBindOptions_3a612254(bucket=bucket, role=role)
-
-        return typing.cast(_ActionConfig_846fc217, jsii.invoke(self, "bound", [scope, stage, _options]))
+            type_hints = typing.get_type_hints(_typecheckingstub__90d15e5a70442fef857b5816004694cfb626f4f582d5c9ed8e730f6c4815b190)
+            check_type(argname="argument _scope", value=_scope, expected_type=type_hints["_scope"])
+            check_type(argname="argument _stage", value=_stage, expected_type=type_hints["_stage"])
+        options = _ActionBindOptions_3a612254(bucket=bucket, role=role)
 
-    @builtins.property
-    @jsii.member(jsii_name="variables")
-    def variables(self) -> "GitHubSourceVariables":
-        '''The variables emitted by this action.'''
-        return typing.cast("GitHubSourceVariables", jsii.get(self, "variables"))
+        return typing.cast(_ActionConfig_846fc217, jsii.invoke(self, "bound", [_scope, _stage, options]))
 
 
 @jsii.data_type(
-    jsii_type="aws-cdk-lib.aws_codepipeline_actions.GitHubSourceActionProps",
-    jsii_struct_bases=[_CommonActionProps_e3aaeecb],
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.ElasticBeanstalkDeployActionProps",
+    jsii_struct_bases=[_CommonAwsActionProps_8b809bb6],
     name_mapping={
         "action_name": "actionName",
         "run_order": "runOrder",
         "variables_namespace": "variablesNamespace",
-        "oauth_token": "oauthToken",
-        "output": "output",
-        "owner": "owner",
-        "repo": "repo",
-        "branch": "branch",
-        "trigger": "trigger",
+        "role": "role",
+        "application_name": "applicationName",
+        "environment_name": "environmentName",
+        "input": "input",
     },
 )
-class GitHubSourceActionProps(_CommonActionProps_e3aaeecb):
+class ElasticBeanstalkDeployActionProps(_CommonAwsActionProps_8b809bb6):
     def __init__(
         self,
         *,
         action_name: builtins.str,
         run_order: typing.Optional[jsii.Number] = None,
         variables_namespace: typing.Optional[builtins.str] = None,
-        oauth_token: _SecretValue_3dd0ddae,
-        output: _Artifact_0cb05964,
-        owner: builtins.str,
-        repo: builtins.str,
-        branch: typing.Optional[builtins.str] = None,
-        trigger: typing.Optional["GitHubTrigger"] = None,
+        role: typing.Optional[_IRole_235f5d8e] = None,
+        application_name: builtins.str,
+        environment_name: builtins.str,
+        input: _Artifact_0cb05964,
     ) -> None:
-        '''Construction properties of the ``GitHubSourceAction GitHub source action``.
+        '''Construction properties of the ``ElasticBeanstalkDeployAction Elastic Beanstalk deploy CodePipeline Action``.
 
         :param action_name: The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.
         :param run_order: The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1
         :param variables_namespace: The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action's variables were referenced - otherwise, no namespace will be set
-        :param oauth_token: A GitHub OAuth token to use for authentication. It is recommended to use a Secrets Manager ``Secret`` to obtain the token: const oauth = cdk.SecretValue.secretsManager('my-github-token'); new GitHubSourceAction(this, 'GitHubAction', { oauthToken: oauth, ... }); If you rotate the value in the Secret, you must also change at least one property of the CodePipeline to force CloudFormation to re-read the secret. The GitHub Personal Access Token should have these scopes: - **repo** - to read the repository - **admin:repo_hook** - if you plan to use webhooks (true by default)
-        :param output: 
-        :param owner: The GitHub account/user that owns the repo.
-        :param repo: The name of the repo, without the username.
-        :param branch: The branch to use. Default: "master"
-        :param trigger: How AWS CodePipeline should be triggered. With the default value "WEBHOOK", a webhook is created in GitHub that triggers the action With "POLL", CodePipeline periodically checks the source for changes With "None", the action is not triggered through changes in the source To use ``WEBHOOK``, your GitHub Personal Access Token should have **admin:repo_hook** scope (in addition to the regular **repo** scope). Default: GitHubTrigger.WEBHOOK
+        :param role: The Role in which context's this Action will be executing in. The Pipeline's Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your ``IAction.bind`` method in the ``ActionBindOptions.role`` property. Default: a new Role will be generated
+        :param application_name: The name of the AWS Elastic Beanstalk application to deploy.
+        :param environment_name: The name of the AWS Elastic Beanstalk environment to deploy to.
+        :param input: The source to use as input for deployment.
 
         :exampleMetadata: infused
 
         Example::
 
-            # Read the secret from Secrets Manager
-            pipeline = codepipeline.Pipeline(self, "MyPipeline")
             source_output = codepipeline.Artifact()
-            source_action = codepipeline_actions.GitHubSourceAction(
-                action_name="GitHub_Source",
-                owner="awslabs",
-                repo="aws-cdk",
-                oauth_token=SecretValue.secrets_manager("my-github-token"),
-                output=source_output,
-                branch="develop"
+            target_bucket = s3.Bucket(self, "MyBucket")
+            
+            pipeline = codepipeline.Pipeline(self, "MyPipeline")
+            deploy_action = codepipeline_actions.ElasticBeanstalkDeployAction(
+                action_name="ElasticBeanstalkDeploy",
+                input=source_output,
+                environment_name="envName",
+                application_name="appName"
             )
-            pipeline.add_stage(
-                stage_name="Source",
-                actions=[source_action]
+            
+            deploy_stage = pipeline.add_stage(
+                stage_name="Deploy",
+                actions=[deploy_action]
             )
         '''
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__5b86a9f2777055875dffe46f70e2990f3cbd3a06cc388b84510ff390d7dac9fd)
+            type_hints = typing.get_type_hints(_typecheckingstub__7dfb6eab17a4b9c49e6f29e3d5131f77f2005e43cb0d72bd5908a97cc91ac140)
             check_type(argname="argument action_name", value=action_name, expected_type=type_hints["action_name"])
             check_type(argname="argument run_order", value=run_order, expected_type=type_hints["run_order"])
             check_type(argname="argument variables_namespace", value=variables_namespace, expected_type=type_hints["variables_namespace"])
-            check_type(argname="argument oauth_token", value=oauth_token, expected_type=type_hints["oauth_token"])
-            check_type(argname="argument output", value=output, expected_type=type_hints["output"])
-            check_type(argname="argument owner", value=owner, expected_type=type_hints["owner"])
-            check_type(argname="argument repo", value=repo, expected_type=type_hints["repo"])
-            check_type(argname="argument branch", value=branch, expected_type=type_hints["branch"])
-            check_type(argname="argument trigger", value=trigger, expected_type=type_hints["trigger"])
+            check_type(argname="argument role", value=role, expected_type=type_hints["role"])
+            check_type(argname="argument application_name", value=application_name, expected_type=type_hints["application_name"])
+            check_type(argname="argument environment_name", value=environment_name, expected_type=type_hints["environment_name"])
+            check_type(argname="argument input", value=input, expected_type=type_hints["input"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "action_name": action_name,
-            "oauth_token": oauth_token,
-            "output": output,
-            "owner": owner,
-            "repo": repo,
+            "application_name": application_name,
+            "environment_name": environment_name,
+            "input": input,
         }
         if run_order is not None:
             self._values["run_order"] = run_order
         if variables_namespace is not None:
             self._values["variables_namespace"] = variables_namespace
-        if branch is not None:
-            self._values["branch"] = branch
-        if trigger is not None:
-            self._values["trigger"] = trigger
+        if role is not None:
+            self._values["role"] = role
 
     @builtins.property
     def action_name(self) -> builtins.str:
@@ -8405,72 +8688,921 @@ class GitHubSourceActionProps(_CommonActionProps_e3aaeecb):
         return typing.cast(typing.Optional[builtins.str], result)
 
     @builtins.property
-    def oauth_token(self) -> _SecretValue_3dd0ddae:
-        '''A GitHub OAuth token to use for authentication.
-
-        It is recommended to use a Secrets Manager ``Secret`` to obtain the token:
-
-        const oauth = cdk.SecretValue.secretsManager('my-github-token');
-        new GitHubSourceAction(this, 'GitHubAction', { oauthToken: oauth, ... });
-
-        If you rotate the value in the Secret, you must also change at least one property
-        of the CodePipeline to force CloudFormation to re-read the secret.
-
-        The GitHub Personal Access Token should have these scopes:
+    def role(self) -> typing.Optional[_IRole_235f5d8e]:
+        '''The Role in which context's this Action will be executing in.
 
-        - **repo** - to read the repository
-        - **admin:repo_hook** - if you plan to use webhooks (true by default)
+        The Pipeline's Role will assume this Role
+        (the required permissions for that will be granted automatically)
+        right before executing this Action.
+        This Action will be passed into your ``IAction.bind``
+        method in the ``ActionBindOptions.role`` property.
 
-        :see: https://docs.aws.amazon.com/codepipeline/latest/userguide/appendix-github-oauth.html#GitHub-create-personal-token-CLI
+        :default: a new Role will be generated
         '''
-        result = self._values.get("oauth_token")
-        assert result is not None, "Required property 'oauth_token' is missing"
-        return typing.cast(_SecretValue_3dd0ddae, result)
+        result = self._values.get("role")
+        return typing.cast(typing.Optional[_IRole_235f5d8e], result)
 
     @builtins.property
-    def output(self) -> _Artifact_0cb05964:
-        result = self._values.get("output")
-        assert result is not None, "Required property 'output' is missing"
-        return typing.cast(_Artifact_0cb05964, result)
-
+    def application_name(self) -> builtins.str:
+        '''The name of the AWS Elastic Beanstalk application to deploy.'''
+        result = self._values.get("application_name")
+        assert result is not None, "Required property 'application_name' is missing"
+        return typing.cast(builtins.str, result)
+
     @builtins.property
-    def owner(self) -> builtins.str:
-        '''The GitHub account/user that owns the repo.'''
-        result = self._values.get("owner")
-        assert result is not None, "Required property 'owner' is missing"
+    def environment_name(self) -> builtins.str:
+        '''The name of the AWS Elastic Beanstalk environment to deploy to.'''
+        result = self._values.get("environment_name")
+        assert result is not None, "Required property 'environment_name' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def input(self) -> _Artifact_0cb05964:
+        '''The source to use as input for deployment.'''
+        result = self._values.get("input")
+        assert result is not None, "Required property 'input' is missing"
+        return typing.cast(_Artifact_0cb05964, result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "ElasticBeanstalkDeployActionProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
+class GitHubSourceAction(
+    Action,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.GitHubSourceAction",
+):
+    '''Source that is provided by a GitHub repository.
+
+    :exampleMetadata: infused
+
+    Example::
+
+        # Read the secret from Secrets Manager
+        pipeline = codepipeline.Pipeline(self, "MyPipeline")
+        source_output = codepipeline.Artifact()
+        source_action = codepipeline_actions.GitHubSourceAction(
+            action_name="GitHub_Source",
+            owner="awslabs",
+            repo="aws-cdk",
+            oauth_token=SecretValue.secrets_manager("my-github-token"),
+            output=source_output,
+            branch="develop"
+        )
+        pipeline.add_stage(
+            stage_name="Source",
+            actions=[source_action]
+        )
+    '''
+
+    def __init__(
+        self,
+        *,
+        oauth_token: _SecretValue_3dd0ddae,
+        output: _Artifact_0cb05964,
+        owner: builtins.str,
+        repo: builtins.str,
+        branch: typing.Optional[builtins.str] = None,
+        trigger: typing.Optional["GitHubTrigger"] = None,
+        action_name: builtins.str,
+        run_order: typing.Optional[jsii.Number] = None,
+        variables_namespace: typing.Optional[builtins.str] = None,
+    ) -> None:
+        '''
+        :param oauth_token: A GitHub OAuth token to use for authentication. It is recommended to use a Secrets Manager ``Secret`` to obtain the token: const oauth = cdk.SecretValue.secretsManager('my-github-token'); new GitHubSourceAction(this, 'GitHubAction', { oauthToken: oauth, ... }); If you rotate the value in the Secret, you must also change at least one property of the CodePipeline to force CloudFormation to re-read the secret. The GitHub Personal Access Token should have these scopes: - **repo** - to read the repository - **admin:repo_hook** - if you plan to use webhooks (true by default)
+        :param output: 
+        :param owner: The GitHub account/user that owns the repo.
+        :param repo: The name of the repo, without the username.
+        :param branch: The branch to use. Default: "master"
+        :param trigger: How AWS CodePipeline should be triggered. With the default value "WEBHOOK", a webhook is created in GitHub that triggers the action With "POLL", CodePipeline periodically checks the source for changes With "None", the action is not triggered through changes in the source To use ``WEBHOOK``, your GitHub Personal Access Token should have **admin:repo_hook** scope (in addition to the regular **repo** scope). Default: GitHubTrigger.WEBHOOK
+        :param action_name: The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.
+        :param run_order: The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1
+        :param variables_namespace: The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action's variables were referenced - otherwise, no namespace will be set
+        '''
+        props = GitHubSourceActionProps(
+            oauth_token=oauth_token,
+            output=output,
+            owner=owner,
+            repo=repo,
+            branch=branch,
+            trigger=trigger,
+            action_name=action_name,
+            run_order=run_order,
+            variables_namespace=variables_namespace,
+        )
+
+        jsii.create(self.__class__, self, [props])
+
+    @jsii.member(jsii_name="bound")
+    def _bound(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        stage: _IStage_415fc571,
+        *,
+        bucket: _IBucket_42e086fd,
+        role: _IRole_235f5d8e,
+    ) -> _ActionConfig_846fc217:
+        '''This is a renamed version of the ``IAction.bind`` method.
+
+        :param scope: -
+        :param stage: -
+        :param bucket: 
+        :param role: 
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__0d8955359f0f5e27f55406175fafdd393ec53543baf2e52d8ee262c5b113fa80)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument stage", value=stage, expected_type=type_hints["stage"])
+        _options = _ActionBindOptions_3a612254(bucket=bucket, role=role)
+
+        return typing.cast(_ActionConfig_846fc217, jsii.invoke(self, "bound", [scope, stage, _options]))
+
+    @builtins.property
+    @jsii.member(jsii_name="variables")
+    def variables(self) -> "GitHubSourceVariables":
+        '''The variables emitted by this action.'''
+        return typing.cast("GitHubSourceVariables", jsii.get(self, "variables"))
+
+
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.GitHubSourceActionProps",
+    jsii_struct_bases=[_CommonActionProps_e3aaeecb],
+    name_mapping={
+        "action_name": "actionName",
+        "run_order": "runOrder",
+        "variables_namespace": "variablesNamespace",
+        "oauth_token": "oauthToken",
+        "output": "output",
+        "owner": "owner",
+        "repo": "repo",
+        "branch": "branch",
+        "trigger": "trigger",
+    },
+)
+class GitHubSourceActionProps(_CommonActionProps_e3aaeecb):
+    def __init__(
+        self,
+        *,
+        action_name: builtins.str,
+        run_order: typing.Optional[jsii.Number] = None,
+        variables_namespace: typing.Optional[builtins.str] = None,
+        oauth_token: _SecretValue_3dd0ddae,
+        output: _Artifact_0cb05964,
+        owner: builtins.str,
+        repo: builtins.str,
+        branch: typing.Optional[builtins.str] = None,
+        trigger: typing.Optional["GitHubTrigger"] = None,
+    ) -> None:
+        '''Construction properties of the ``GitHubSourceAction GitHub source action``.
+
+        :param action_name: The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.
+        :param run_order: The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1
+        :param variables_namespace: The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action's variables were referenced - otherwise, no namespace will be set
+        :param oauth_token: A GitHub OAuth token to use for authentication. It is recommended to use a Secrets Manager ``Secret`` to obtain the token: const oauth = cdk.SecretValue.secretsManager('my-github-token'); new GitHubSourceAction(this, 'GitHubAction', { oauthToken: oauth, ... }); If you rotate the value in the Secret, you must also change at least one property of the CodePipeline to force CloudFormation to re-read the secret. The GitHub Personal Access Token should have these scopes: - **repo** - to read the repository - **admin:repo_hook** - if you plan to use webhooks (true by default)
+        :param output: 
+        :param owner: The GitHub account/user that owns the repo.
+        :param repo: The name of the repo, without the username.
+        :param branch: The branch to use. Default: "master"
+        :param trigger: How AWS CodePipeline should be triggered. With the default value "WEBHOOK", a webhook is created in GitHub that triggers the action With "POLL", CodePipeline periodically checks the source for changes With "None", the action is not triggered through changes in the source To use ``WEBHOOK``, your GitHub Personal Access Token should have **admin:repo_hook** scope (in addition to the regular **repo** scope). Default: GitHubTrigger.WEBHOOK
+
+        :exampleMetadata: infused
+
+        Example::
+
+            # Read the secret from Secrets Manager
+            pipeline = codepipeline.Pipeline(self, "MyPipeline")
+            source_output = codepipeline.Artifact()
+            source_action = codepipeline_actions.GitHubSourceAction(
+                action_name="GitHub_Source",
+                owner="awslabs",
+                repo="aws-cdk",
+                oauth_token=SecretValue.secrets_manager("my-github-token"),
+                output=source_output,
+                branch="develop"
+            )
+            pipeline.add_stage(
+                stage_name="Source",
+                actions=[source_action]
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__5b86a9f2777055875dffe46f70e2990f3cbd3a06cc388b84510ff390d7dac9fd)
+            check_type(argname="argument action_name", value=action_name, expected_type=type_hints["action_name"])
+            check_type(argname="argument run_order", value=run_order, expected_type=type_hints["run_order"])
+            check_type(argname="argument variables_namespace", value=variables_namespace, expected_type=type_hints["variables_namespace"])
+            check_type(argname="argument oauth_token", value=oauth_token, expected_type=type_hints["oauth_token"])
+            check_type(argname="argument output", value=output, expected_type=type_hints["output"])
+            check_type(argname="argument owner", value=owner, expected_type=type_hints["owner"])
+            check_type(argname="argument repo", value=repo, expected_type=type_hints["repo"])
+            check_type(argname="argument branch", value=branch, expected_type=type_hints["branch"])
+            check_type(argname="argument trigger", value=trigger, expected_type=type_hints["trigger"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "action_name": action_name,
+            "oauth_token": oauth_token,
+            "output": output,
+            "owner": owner,
+            "repo": repo,
+        }
+        if run_order is not None:
+            self._values["run_order"] = run_order
+        if variables_namespace is not None:
+            self._values["variables_namespace"] = variables_namespace
+        if branch is not None:
+            self._values["branch"] = branch
+        if trigger is not None:
+            self._values["trigger"] = trigger
+
+    @builtins.property
+    def action_name(self) -> builtins.str:
+        '''The physical, human-readable name of the Action.
+
+        Note that Action names must be unique within a single Stage.
+        '''
+        result = self._values.get("action_name")
+        assert result is not None, "Required property 'action_name' is missing"
         return typing.cast(builtins.str, result)
 
     @builtins.property
-    def repo(self) -> builtins.str:
-        '''The name of the repo, without the username.'''
-        result = self._values.get("repo")
-        assert result is not None, "Required property 'repo' is missing"
+    def run_order(self) -> typing.Optional[jsii.Number]:
+        '''The runOrder property for this Action.
+
+        RunOrder determines the relative order in which multiple Actions in the same Stage execute.
+
+        :default: 1
+
+        :see: https://docs.aws.amazon.com/codepipeline/latest/userguide/reference-pipeline-structure.html
+        '''
+        result = self._values.get("run_order")
+        return typing.cast(typing.Optional[jsii.Number], result)
+
+    @builtins.property
+    def variables_namespace(self) -> typing.Optional[builtins.str]:
+        '''The name of the namespace to use for variables emitted by this action.
+
+        :default:
+
+        - a name will be generated, based on the stage and action names,
+        if any of the action's variables were referenced - otherwise,
+        no namespace will be set
+        '''
+        result = self._values.get("variables_namespace")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def oauth_token(self) -> _SecretValue_3dd0ddae:
+        '''A GitHub OAuth token to use for authentication.
+
+        It is recommended to use a Secrets Manager ``Secret`` to obtain the token:
+
+        const oauth = cdk.SecretValue.secretsManager('my-github-token');
+        new GitHubSourceAction(this, 'GitHubAction', { oauthToken: oauth, ... });
+
+        If you rotate the value in the Secret, you must also change at least one property
+        of the CodePipeline to force CloudFormation to re-read the secret.
+
+        The GitHub Personal Access Token should have these scopes:
+
+        - **repo** - to read the repository
+        - **admin:repo_hook** - if you plan to use webhooks (true by default)
+
+        :see: https://docs.aws.amazon.com/codepipeline/latest/userguide/appendix-github-oauth.html#GitHub-create-personal-token-CLI
+        '''
+        result = self._values.get("oauth_token")
+        assert result is not None, "Required property 'oauth_token' is missing"
+        return typing.cast(_SecretValue_3dd0ddae, result)
+
+    @builtins.property
+    def output(self) -> _Artifact_0cb05964:
+        result = self._values.get("output")
+        assert result is not None, "Required property 'output' is missing"
+        return typing.cast(_Artifact_0cb05964, result)
+
+    @builtins.property
+    def owner(self) -> builtins.str:
+        '''The GitHub account/user that owns the repo.'''
+        result = self._values.get("owner")
+        assert result is not None, "Required property 'owner' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def repo(self) -> builtins.str:
+        '''The name of the repo, without the username.'''
+        result = self._values.get("repo")
+        assert result is not None, "Required property 'repo' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def branch(self) -> typing.Optional[builtins.str]:
+        '''The branch to use.
+
+        :default: "master"
+        '''
+        result = self._values.get("branch")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def trigger(self) -> typing.Optional["GitHubTrigger"]:
+        '''How AWS CodePipeline should be triggered.
+
+        With the default value "WEBHOOK", a webhook is created in GitHub that triggers the action
+        With "POLL", CodePipeline periodically checks the source for changes
+        With "None", the action is not triggered through changes in the source
+
+        To use ``WEBHOOK``, your GitHub Personal Access Token should have
+        **admin:repo_hook** scope (in addition to the regular **repo** scope).
+
+        :default: GitHubTrigger.WEBHOOK
+        '''
+        result = self._values.get("trigger")
+        return typing.cast(typing.Optional["GitHubTrigger"], result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "GitHubSourceActionProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.GitHubSourceVariables",
+    jsii_struct_bases=[],
+    name_mapping={
+        "author_date": "authorDate",
+        "branch_name": "branchName",
+        "commit_id": "commitId",
+        "commit_message": "commitMessage",
+        "committer_date": "committerDate",
+        "commit_url": "commitUrl",
+        "repository_name": "repositoryName",
+    },
+)
+class GitHubSourceVariables:
+    def __init__(
+        self,
+        *,
+        author_date: builtins.str,
+        branch_name: builtins.str,
+        commit_id: builtins.str,
+        commit_message: builtins.str,
+        committer_date: builtins.str,
+        commit_url: builtins.str,
+        repository_name: builtins.str,
+    ) -> None:
+        '''The CodePipeline variables emitted by GitHub source Action.
+
+        :param author_date: The date the currently last commit on the tracked branch was authored, in ISO-8601 format.
+        :param branch_name: The name of the branch this action tracks.
+        :param commit_id: The SHA1 hash of the currently last commit on the tracked branch.
+        :param commit_message: The message of the currently last commit on the tracked branch.
+        :param committer_date: The date the currently last commit on the tracked branch was committed, in ISO-8601 format.
+        :param commit_url: The GitHub API URL of the currently last commit on the tracked branch.
+        :param repository_name: The name of the repository this action points to.
+
+        :exampleMetadata: fixture=_generated
+
+        Example::
+
+            # The code below shows an example of how to instantiate this type.
+            # The values are placeholders you should change.
+            from aws_cdk import aws_codepipeline_actions as codepipeline_actions
+            
+            git_hub_source_variables = codepipeline_actions.GitHubSourceVariables(
+                author_date="authorDate",
+                branch_name="branchName",
+                commit_id="commitId",
+                commit_message="commitMessage",
+                committer_date="committerDate",
+                commit_url="commitUrl",
+                repository_name="repositoryName"
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__d36a66e26e764b2c204da0bcf323302f95847c475cba80cedc642606a76204a8)
+            check_type(argname="argument author_date", value=author_date, expected_type=type_hints["author_date"])
+            check_type(argname="argument branch_name", value=branch_name, expected_type=type_hints["branch_name"])
+            check_type(argname="argument commit_id", value=commit_id, expected_type=type_hints["commit_id"])
+            check_type(argname="argument commit_message", value=commit_message, expected_type=type_hints["commit_message"])
+            check_type(argname="argument committer_date", value=committer_date, expected_type=type_hints["committer_date"])
+            check_type(argname="argument commit_url", value=commit_url, expected_type=type_hints["commit_url"])
+            check_type(argname="argument repository_name", value=repository_name, expected_type=type_hints["repository_name"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "author_date": author_date,
+            "branch_name": branch_name,
+            "commit_id": commit_id,
+            "commit_message": commit_message,
+            "committer_date": committer_date,
+            "commit_url": commit_url,
+            "repository_name": repository_name,
+        }
+
+    @builtins.property
+    def author_date(self) -> builtins.str:
+        '''The date the currently last commit on the tracked branch was authored, in ISO-8601 format.'''
+        result = self._values.get("author_date")
+        assert result is not None, "Required property 'author_date' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def branch_name(self) -> builtins.str:
+        '''The name of the branch this action tracks.'''
+        result = self._values.get("branch_name")
+        assert result is not None, "Required property 'branch_name' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def commit_id(self) -> builtins.str:
+        '''The SHA1 hash of the currently last commit on the tracked branch.'''
+        result = self._values.get("commit_id")
+        assert result is not None, "Required property 'commit_id' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def commit_message(self) -> builtins.str:
+        '''The message of the currently last commit on the tracked branch.'''
+        result = self._values.get("commit_message")
+        assert result is not None, "Required property 'commit_message' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def committer_date(self) -> builtins.str:
+        '''The date the currently last commit on the tracked branch was committed, in ISO-8601 format.'''
+        result = self._values.get("committer_date")
+        assert result is not None, "Required property 'committer_date' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def commit_url(self) -> builtins.str:
+        '''The GitHub API URL of the currently last commit on the tracked branch.'''
+        result = self._values.get("commit_url")
+        assert result is not None, "Required property 'commit_url' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def repository_name(self) -> builtins.str:
+        '''The name of the repository this action points to.'''
+        result = self._values.get("repository_name")
+        assert result is not None, "Required property 'repository_name' is missing"
+        return typing.cast(builtins.str, result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "GitHubSourceVariables(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
+@jsii.enum(jsii_type="aws-cdk-lib.aws_codepipeline_actions.GitHubTrigger")
+class GitHubTrigger(enum.Enum):
+    '''If and how the GitHub source action should be triggered.'''
+
+    NONE = "NONE"
+    POLL = "POLL"
+    WEBHOOK = "WEBHOOK"
+
+
+@jsii.interface(jsii_type="aws-cdk-lib.aws_codepipeline_actions.ICustomEventRule")
+class ICustomEventRule(typing_extensions.Protocol):
+    '''Represents a custom event rule in AWS CodePipeline Actions.
+
+    This interface defines the structure for specifying a custom event rule
+    in the AWS CodePipeline Actions module. The event rule is defined by an
+    event pattern and a target.
+
+    :see: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_events_targets-readme.html
+    '''
+
+    @builtins.property
+    @jsii.member(jsii_name="eventPattern")
+    def event_pattern(self) -> _EventPattern_fe557901:
+        '''event pattern when this rule should be triggered.'''
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="target")
+    def target(self) -> _IRuleTarget_7a91f454:
+        '''Target e.g. Lambda when event pattern is fulfilled.'''
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="description")
+    def description(self) -> typing.Optional[builtins.str]:
+        '''Description.'''
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="ruleName")
+    def rule_name(self) -> typing.Optional[builtins.str]:
+        '''Rulename.'''
+        ...
+
+
+class _ICustomEventRuleProxy:
+    '''Represents a custom event rule in AWS CodePipeline Actions.
+
+    This interface defines the structure for specifying a custom event rule
+    in the AWS CodePipeline Actions module. The event rule is defined by an
+    event pattern and a target.
+
+    :see: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_events_targets-readme.html
+    '''
+
+    __jsii_type__: typing.ClassVar[str] = "aws-cdk-lib.aws_codepipeline_actions.ICustomEventRule"
+
+    @builtins.property
+    @jsii.member(jsii_name="eventPattern")
+    def event_pattern(self) -> _EventPattern_fe557901:
+        '''event pattern when this rule should be triggered.'''
+        return typing.cast(_EventPattern_fe557901, jsii.get(self, "eventPattern"))
+
+    @builtins.property
+    @jsii.member(jsii_name="target")
+    def target(self) -> _IRuleTarget_7a91f454:
+        '''Target e.g. Lambda when event pattern is fulfilled.'''
+        return typing.cast(_IRuleTarget_7a91f454, jsii.get(self, "target"))
+
+    @builtins.property
+    @jsii.member(jsii_name="description")
+    def description(self) -> typing.Optional[builtins.str]:
+        '''Description.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "description"))
+
+    @builtins.property
+    @jsii.member(jsii_name="ruleName")
+    def rule_name(self) -> typing.Optional[builtins.str]:
+        '''Rulename.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "ruleName"))
+
+# Adding a "__jsii_proxy_class__(): typing.Type" function to the interface
+typing.cast(typing.Any, ICustomEventRule).__jsii_proxy_class__ = lambda : _ICustomEventRuleProxy
+
+
+@jsii.interface(jsii_type="aws-cdk-lib.aws_codepipeline_actions.IJenkinsProvider")
+class IJenkinsProvider(_constructs_77d1e7e8.IConstruct, typing_extensions.Protocol):
+    '''A Jenkins provider.
+
+    If you want to create a new Jenkins provider managed alongside your CDK code,
+    instantiate the ``JenkinsProvider`` class directly.
+
+    If you want to reference an already registered provider,
+    use the ``JenkinsProvider#fromJenkinsProviderAttributes`` method.
+    '''
+
+    @builtins.property
+    @jsii.member(jsii_name="providerName")
+    def provider_name(self) -> builtins.str:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="serverUrl")
+    def server_url(self) -> builtins.str:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="version")
+    def version(self) -> builtins.str:
+        ...
+
+
+class _IJenkinsProviderProxy(
+    jsii.proxy_for(_constructs_77d1e7e8.IConstruct), # type: ignore[misc]
+):
+    '''A Jenkins provider.
+
+    If you want to create a new Jenkins provider managed alongside your CDK code,
+    instantiate the ``JenkinsProvider`` class directly.
+
+    If you want to reference an already registered provider,
+    use the ``JenkinsProvider#fromJenkinsProviderAttributes`` method.
+    '''
+
+    __jsii_type__: typing.ClassVar[str] = "aws-cdk-lib.aws_codepipeline_actions.IJenkinsProvider"
+
+    @builtins.property
+    @jsii.member(jsii_name="providerName")
+    def provider_name(self) -> builtins.str:
+        return typing.cast(builtins.str, jsii.get(self, "providerName"))
+
+    @builtins.property
+    @jsii.member(jsii_name="serverUrl")
+    def server_url(self) -> builtins.str:
+        return typing.cast(builtins.str, jsii.get(self, "serverUrl"))
+
+    @builtins.property
+    @jsii.member(jsii_name="version")
+    def version(self) -> builtins.str:
+        return typing.cast(builtins.str, jsii.get(self, "version"))
+
+# Adding a "__jsii_proxy_class__(): typing.Type" function to the interface
+typing.cast(typing.Any, IJenkinsProvider).__jsii_proxy_class__ = lambda : _IJenkinsProviderProxy
+
+
+class InspectorScanActionBase(
+    Action,
+    metaclass=jsii.JSIIAbstractClass,
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.InspectorScanActionBase",
+):
+    '''CodePipeline invoke action that uses AWS InspectorScan.'''
+
+    def __init__(
+        self,
+        *,
+        output: _Artifact_0cb05964,
+        critical_threshold: typing.Optional[jsii.Number] = None,
+        high_threshold: typing.Optional[jsii.Number] = None,
+        low_threshold: typing.Optional[jsii.Number] = None,
+        medium_threshold: typing.Optional[jsii.Number] = None,
+        role: typing.Optional[_IRole_235f5d8e] = None,
+        action_name: builtins.str,
+        run_order: typing.Optional[jsii.Number] = None,
+        variables_namespace: typing.Optional[builtins.str] = None,
+    ) -> None:
+        '''
+        :param output: Vulnerability details of your source in the form of a Software Bill of Materials (SBOM) file.
+        :param critical_threshold: The number of critical severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param high_threshold: The number of high severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param low_threshold: The number of low severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param medium_threshold: The number of medium severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param role: The Role in which context's this Action will be executing in. The Pipeline's Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your ``IAction.bind`` method in the ``ActionBindOptions.role`` property. Default: a new Role will be generated
+        :param action_name: The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.
+        :param run_order: The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1
+        :param variables_namespace: The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action's variables were referenced - otherwise, no namespace will be set
+        '''
+        props = InspectorScanActionBaseProps(
+            output=output,
+            critical_threshold=critical_threshold,
+            high_threshold=high_threshold,
+            low_threshold=low_threshold,
+            medium_threshold=medium_threshold,
+            role=role,
+            action_name=action_name,
+            run_order=run_order,
+            variables_namespace=variables_namespace,
+        )
+
+        jsii.create(self.__class__, self, [props])
+
+    @jsii.member(jsii_name="bound")
+    def _bound(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        stage: _IStage_415fc571,
+        *,
+        bucket: _IBucket_42e086fd,
+        role: _IRole_235f5d8e,
+    ) -> _ActionConfig_846fc217:
+        '''This is a renamed version of the ``IAction.bind`` method.
+
+        :param scope: -
+        :param stage: -
+        :param bucket: 
+        :param role: 
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__e14024ba1588c13bad01352500e04cd20ed7cde863ea927e167b0fbe92c82ecd)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument stage", value=stage, expected_type=type_hints["stage"])
+        options = _ActionBindOptions_3a612254(bucket=bucket, role=role)
+
+        return typing.cast(_ActionConfig_846fc217, jsii.invoke(self, "bound", [scope, stage, options]))
+
+    @jsii.member(jsii_name="renderActionConfiguration")
+    @abc.abstractmethod
+    def _render_action_configuration(self) -> typing.Mapping[builtins.str, typing.Any]:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="props")
+    def _props(self) -> "InspectorScanActionBaseProps":
+        return typing.cast("InspectorScanActionBaseProps", jsii.get(self, "props"))
+
+    @builtins.property
+    @jsii.member(jsii_name="variables")
+    def variables(self) -> "InspectorScanVariables":
+        '''The variables emitted by this action.'''
+        return typing.cast("InspectorScanVariables", jsii.get(self, "variables"))
+
+
+class _InspectorScanActionBaseProxy(
+    InspectorScanActionBase,
+    jsii.proxy_for(Action), # type: ignore[misc]
+):
+    @jsii.member(jsii_name="renderActionConfiguration")
+    def _render_action_configuration(self) -> typing.Mapping[builtins.str, typing.Any]:
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.invoke(self, "renderActionConfiguration", []))
+
+# Adding a "__jsii_proxy_class__(): typing.Type" function to the abstract class
+typing.cast(typing.Any, InspectorScanActionBase).__jsii_proxy_class__ = lambda : _InspectorScanActionBaseProxy
+
+
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.InspectorScanActionBaseProps",
+    jsii_struct_bases=[_CommonAwsActionProps_8b809bb6],
+    name_mapping={
+        "action_name": "actionName",
+        "run_order": "runOrder",
+        "variables_namespace": "variablesNamespace",
+        "role": "role",
+        "output": "output",
+        "critical_threshold": "criticalThreshold",
+        "high_threshold": "highThreshold",
+        "low_threshold": "lowThreshold",
+        "medium_threshold": "mediumThreshold",
+    },
+)
+class InspectorScanActionBaseProps(_CommonAwsActionProps_8b809bb6):
+    def __init__(
+        self,
+        *,
+        action_name: builtins.str,
+        run_order: typing.Optional[jsii.Number] = None,
+        variables_namespace: typing.Optional[builtins.str] = None,
+        role: typing.Optional[_IRole_235f5d8e] = None,
+        output: _Artifact_0cb05964,
+        critical_threshold: typing.Optional[jsii.Number] = None,
+        high_threshold: typing.Optional[jsii.Number] = None,
+        low_threshold: typing.Optional[jsii.Number] = None,
+        medium_threshold: typing.Optional[jsii.Number] = None,
+    ) -> None:
+        '''Base construction properties of the ``InspectorScanActionBase``.
+
+        :param action_name: The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.
+        :param run_order: The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1
+        :param variables_namespace: The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action's variables were referenced - otherwise, no namespace will be set
+        :param role: The Role in which context's this Action will be executing in. The Pipeline's Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your ``IAction.bind`` method in the ``ActionBindOptions.role`` property. Default: a new Role will be generated
+        :param output: Vulnerability details of your source in the form of a Software Bill of Materials (SBOM) file.
+        :param critical_threshold: The number of critical severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param high_threshold: The number of high severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param low_threshold: The number of low severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param medium_threshold: The number of medium severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+
+        :exampleMetadata: fixture=_generated
+
+        Example::
+
+            # The code below shows an example of how to instantiate this type.
+            # The values are placeholders you should change.
+            from aws_cdk import aws_codepipeline as codepipeline
+            from aws_cdk import aws_codepipeline_actions as codepipeline_actions
+            from aws_cdk import aws_iam as iam
+            
+            # artifact: codepipeline.Artifact
+            # role: iam.Role
+            
+            inspector_scan_action_base_props = codepipeline_actions.InspectorScanActionBaseProps(
+                action_name="actionName",
+                output=artifact,
+            
+                # the properties below are optional
+                critical_threshold=123,
+                high_threshold=123,
+                low_threshold=123,
+                medium_threshold=123,
+                role=role,
+                run_order=123,
+                variables_namespace="variablesNamespace"
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__6da783895b7ba6899d69141e306683f07acbbde47f1425f850879dc762f2e644)
+            check_type(argname="argument action_name", value=action_name, expected_type=type_hints["action_name"])
+            check_type(argname="argument run_order", value=run_order, expected_type=type_hints["run_order"])
+            check_type(argname="argument variables_namespace", value=variables_namespace, expected_type=type_hints["variables_namespace"])
+            check_type(argname="argument role", value=role, expected_type=type_hints["role"])
+            check_type(argname="argument output", value=output, expected_type=type_hints["output"])
+            check_type(argname="argument critical_threshold", value=critical_threshold, expected_type=type_hints["critical_threshold"])
+            check_type(argname="argument high_threshold", value=high_threshold, expected_type=type_hints["high_threshold"])
+            check_type(argname="argument low_threshold", value=low_threshold, expected_type=type_hints["low_threshold"])
+            check_type(argname="argument medium_threshold", value=medium_threshold, expected_type=type_hints["medium_threshold"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "action_name": action_name,
+            "output": output,
+        }
+        if run_order is not None:
+            self._values["run_order"] = run_order
+        if variables_namespace is not None:
+            self._values["variables_namespace"] = variables_namespace
+        if role is not None:
+            self._values["role"] = role
+        if critical_threshold is not None:
+            self._values["critical_threshold"] = critical_threshold
+        if high_threshold is not None:
+            self._values["high_threshold"] = high_threshold
+        if low_threshold is not None:
+            self._values["low_threshold"] = low_threshold
+        if medium_threshold is not None:
+            self._values["medium_threshold"] = medium_threshold
+
+    @builtins.property
+    def action_name(self) -> builtins.str:
+        '''The physical, human-readable name of the Action.
+
+        Note that Action names must be unique within a single Stage.
+        '''
+        result = self._values.get("action_name")
+        assert result is not None, "Required property 'action_name' is missing"
         return typing.cast(builtins.str, result)
 
     @builtins.property
-    def branch(self) -> typing.Optional[builtins.str]:
-        '''The branch to use.
+    def run_order(self) -> typing.Optional[jsii.Number]:
+        '''The runOrder property for this Action.
 
-        :default: "master"
+        RunOrder determines the relative order in which multiple Actions in the same Stage execute.
+
+        :default: 1
+
+        :see: https://docs.aws.amazon.com/codepipeline/latest/userguide/reference-pipeline-structure.html
         '''
-        result = self._values.get("branch")
+        result = self._values.get("run_order")
+        return typing.cast(typing.Optional[jsii.Number], result)
+
+    @builtins.property
+    def variables_namespace(self) -> typing.Optional[builtins.str]:
+        '''The name of the namespace to use for variables emitted by this action.
+
+        :default:
+
+        - a name will be generated, based on the stage and action names,
+        if any of the action's variables were referenced - otherwise,
+        no namespace will be set
+        '''
+        result = self._values.get("variables_namespace")
         return typing.cast(typing.Optional[builtins.str], result)
 
     @builtins.property
-    def trigger(self) -> typing.Optional["GitHubTrigger"]:
-        '''How AWS CodePipeline should be triggered.
+    def role(self) -> typing.Optional[_IRole_235f5d8e]:
+        '''The Role in which context's this Action will be executing in.
 
-        With the default value "WEBHOOK", a webhook is created in GitHub that triggers the action
-        With "POLL", CodePipeline periodically checks the source for changes
-        With "None", the action is not triggered through changes in the source
+        The Pipeline's Role will assume this Role
+        (the required permissions for that will be granted automatically)
+        right before executing this Action.
+        This Action will be passed into your ``IAction.bind``
+        method in the ``ActionBindOptions.role`` property.
 
-        To use ``WEBHOOK``, your GitHub Personal Access Token should have
-        **admin:repo_hook** scope (in addition to the regular **repo** scope).
+        :default: a new Role will be generated
+        '''
+        result = self._values.get("role")
+        return typing.cast(typing.Optional[_IRole_235f5d8e], result)
 
-        :default: GitHubTrigger.WEBHOOK
+    @builtins.property
+    def output(self) -> _Artifact_0cb05964:
+        '''Vulnerability details of your source in the form of a Software Bill of Materials (SBOM) file.'''
+        result = self._values.get("output")
+        assert result is not None, "Required property 'output' is missing"
+        return typing.cast(_Artifact_0cb05964, result)
+
+    @builtins.property
+    def critical_threshold(self) -> typing.Optional[jsii.Number]:
+        '''The number of critical severity vulnerabilities found in your source beyond which CodePipeline should fail the action.
+
+        :default: - no threshold
         '''
-        result = self._values.get("trigger")
-        return typing.cast(typing.Optional["GitHubTrigger"], result)
+        result = self._values.get("critical_threshold")
+        return typing.cast(typing.Optional[jsii.Number], result)
+
+    @builtins.property
+    def high_threshold(self) -> typing.Optional[jsii.Number]:
+        '''The number of high severity vulnerabilities found in your source beyond which CodePipeline should fail the action.
+
+        :default: - no threshold
+        '''
+        result = self._values.get("high_threshold")
+        return typing.cast(typing.Optional[jsii.Number], result)
+
+    @builtins.property
+    def low_threshold(self) -> typing.Optional[jsii.Number]:
+        '''The number of low severity vulnerabilities found in your source beyond which CodePipeline should fail the action.
+
+        :default: - no threshold
+        '''
+        result = self._values.get("low_threshold")
+        return typing.cast(typing.Optional[jsii.Number], result)
+
+    @builtins.property
+    def medium_threshold(self) -> typing.Optional[jsii.Number]:
+        '''The number of medium severity vulnerabilities found in your source beyond which CodePipeline should fail the action.
+
+        :default: - no threshold
+        '''
+        result = self._values.get("medium_threshold")
+        return typing.cast(typing.Optional[jsii.Number], result)
 
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
@@ -8479,45 +9611,21 @@ class GitHubSourceActionProps(_CommonActionProps_e3aaeecb):
         return not (rhs == self)
 
     def __repr__(self) -> str:
-        return "GitHubSourceActionProps(%s)" % ", ".join(
+        return "InspectorScanActionBaseProps(%s)" % ", ".join(
             k + "=" + repr(v) for k, v in self._values.items()
         )
 
 
 @jsii.data_type(
-    jsii_type="aws-cdk-lib.aws_codepipeline_actions.GitHubSourceVariables",
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.InspectorScanVariables",
     jsii_struct_bases=[],
-    name_mapping={
-        "author_date": "authorDate",
-        "branch_name": "branchName",
-        "commit_id": "commitId",
-        "commit_message": "commitMessage",
-        "committer_date": "committerDate",
-        "commit_url": "commitUrl",
-        "repository_name": "repositoryName",
-    },
+    name_mapping={"highest_scanned_severity": "highestScannedSeverity"},
 )
-class GitHubSourceVariables:
-    def __init__(
-        self,
-        *,
-        author_date: builtins.str,
-        branch_name: builtins.str,
-        commit_id: builtins.str,
-        commit_message: builtins.str,
-        committer_date: builtins.str,
-        commit_url: builtins.str,
-        repository_name: builtins.str,
-    ) -> None:
-        '''The CodePipeline variables emitted by GitHub source Action.
+class InspectorScanVariables:
+    def __init__(self, *, highest_scanned_severity: builtins.str) -> None:
+        '''The CodePipeline variables emitted by the InspectorScan Action.
 
-        :param author_date: The date the currently last commit on the tracked branch was authored, in ISO-8601 format.
-        :param branch_name: The name of the branch this action tracks.
-        :param commit_id: The SHA1 hash of the currently last commit on the tracked branch.
-        :param commit_message: The message of the currently last commit on the tracked branch.
-        :param committer_date: The date the currently last commit on the tracked branch was committed, in ISO-8601 format.
-        :param commit_url: The GitHub API URL of the currently last commit on the tracked branch.
-        :param repository_name: The name of the repository this action points to.
+        :param highest_scanned_severity: The highest severity output from the scan. Valid values are medium | high | critical.
 
         :exampleMetadata: fixture=_generated
 
@@ -8527,82 +9635,25 @@ class GitHubSourceVariables:
             # The values are placeholders you should change.
             from aws_cdk import aws_codepipeline_actions as codepipeline_actions
             
-            git_hub_source_variables = codepipeline_actions.GitHubSourceVariables(
-                author_date="authorDate",
-                branch_name="branchName",
-                commit_id="commitId",
-                commit_message="commitMessage",
-                committer_date="committerDate",
-                commit_url="commitUrl",
-                repository_name="repositoryName"
+            inspector_scan_variables = codepipeline_actions.InspectorScanVariables(
+                highest_scanned_severity="highestScannedSeverity"
             )
         '''
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__d36a66e26e764b2c204da0bcf323302f95847c475cba80cedc642606a76204a8)
-            check_type(argname="argument author_date", value=author_date, expected_type=type_hints["author_date"])
-            check_type(argname="argument branch_name", value=branch_name, expected_type=type_hints["branch_name"])
-            check_type(argname="argument commit_id", value=commit_id, expected_type=type_hints["commit_id"])
-            check_type(argname="argument commit_message", value=commit_message, expected_type=type_hints["commit_message"])
-            check_type(argname="argument committer_date", value=committer_date, expected_type=type_hints["committer_date"])
-            check_type(argname="argument commit_url", value=commit_url, expected_type=type_hints["commit_url"])
-            check_type(argname="argument repository_name", value=repository_name, expected_type=type_hints["repository_name"])
+            type_hints = typing.get_type_hints(_typecheckingstub__8a48c3b3b3e2cfc1dcf7a2e04c2e32728ebe17a3f38a9cad1bada36d22fe6a24)
+            check_type(argname="argument highest_scanned_severity", value=highest_scanned_severity, expected_type=type_hints["highest_scanned_severity"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
-            "author_date": author_date,
-            "branch_name": branch_name,
-            "commit_id": commit_id,
-            "commit_message": commit_message,
-            "committer_date": committer_date,
-            "commit_url": commit_url,
-            "repository_name": repository_name,
+            "highest_scanned_severity": highest_scanned_severity,
         }
 
     @builtins.property
-    def author_date(self) -> builtins.str:
-        '''The date the currently last commit on the tracked branch was authored, in ISO-8601 format.'''
-        result = self._values.get("author_date")
-        assert result is not None, "Required property 'author_date' is missing"
-        return typing.cast(builtins.str, result)
-
-    @builtins.property
-    def branch_name(self) -> builtins.str:
-        '''The name of the branch this action tracks.'''
-        result = self._values.get("branch_name")
-        assert result is not None, "Required property 'branch_name' is missing"
-        return typing.cast(builtins.str, result)
-
-    @builtins.property
-    def commit_id(self) -> builtins.str:
-        '''The SHA1 hash of the currently last commit on the tracked branch.'''
-        result = self._values.get("commit_id")
-        assert result is not None, "Required property 'commit_id' is missing"
-        return typing.cast(builtins.str, result)
-
-    @builtins.property
-    def commit_message(self) -> builtins.str:
-        '''The message of the currently last commit on the tracked branch.'''
-        result = self._values.get("commit_message")
-        assert result is not None, "Required property 'commit_message' is missing"
-        return typing.cast(builtins.str, result)
-
-    @builtins.property
-    def committer_date(self) -> builtins.str:
-        '''The date the currently last commit on the tracked branch was committed, in ISO-8601 format.'''
-        result = self._values.get("committer_date")
-        assert result is not None, "Required property 'committer_date' is missing"
-        return typing.cast(builtins.str, result)
-
-    @builtins.property
-    def commit_url(self) -> builtins.str:
-        '''The GitHub API URL of the currently last commit on the tracked branch.'''
-        result = self._values.get("commit_url")
-        assert result is not None, "Required property 'commit_url' is missing"
-        return typing.cast(builtins.str, result)
+    def highest_scanned_severity(self) -> builtins.str:
+        '''The highest severity output from the scan.
 
-    @builtins.property
-    def repository_name(self) -> builtins.str:
-        '''The name of the repository this action points to.'''
-        result = self._values.get("repository_name")
-        assert result is not None, "Required property 'repository_name' is missing"
+        Valid values are medium | high | critical.
+        '''
+        result = self._values.get("highest_scanned_severity")
+        assert result is not None, "Required property 'highest_scanned_severity' is missing"
         return typing.cast(builtins.str, result)
 
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
@@ -8612,154 +9663,340 @@ class GitHubSourceVariables:
         return not (rhs == self)
 
     def __repr__(self) -> str:
-        return "GitHubSourceVariables(%s)" % ", ".join(
+        return "InspectorScanVariables(%s)" % ", ".join(
             k + "=" + repr(v) for k, v in self._values.items()
         )
 
 
-@jsii.enum(jsii_type="aws-cdk-lib.aws_codepipeline_actions.GitHubTrigger")
-class GitHubTrigger(enum.Enum):
-    '''If and how the GitHub source action should be triggered.'''
+class InspectorSourceCodeScanAction(
+    InspectorScanActionBase,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.InspectorSourceCodeScanAction",
+):
+    '''CodePipeline invoke action that uses AWS InspectorScan for source code.
+
+    :exampleMetadata: infused
+
+    Example::
+
+        # pipeline: codepipeline.Pipeline
+        
+        
+        source_output = codepipeline.Artifact()
+        source_action = codepipeline_actions.CodeStarConnectionsSourceAction(
+            action_name="CodeStarConnectionsSourceAction",
+            output=source_output,
+            connection_arn="your-connection-arn",
+            owner="your-owner",
+            repo="your-repo"
+        )
+        
+        scan_output = codepipeline.Artifact()
+        scan_action = codepipeline_actions.InspectorSourceCodeScanAction(
+            action_name="InspectorSourceCodeScanAction",
+            input=source_output,
+            output=scan_output
+        )
+        
+        pipeline.add_stage(
+            stage_name="Source",
+            actions=[source_action]
+        )
+        pipeline.add_stage(
+            stage_name="Scan",
+            actions=[scan_action]
+        )
+    '''
+
+    def __init__(
+        self,
+        *,
+        input: _Artifact_0cb05964,
+        output: _Artifact_0cb05964,
+        critical_threshold: typing.Optional[jsii.Number] = None,
+        high_threshold: typing.Optional[jsii.Number] = None,
+        low_threshold: typing.Optional[jsii.Number] = None,
+        medium_threshold: typing.Optional[jsii.Number] = None,
+        role: typing.Optional[_IRole_235f5d8e] = None,
+        action_name: builtins.str,
+        run_order: typing.Optional[jsii.Number] = None,
+        variables_namespace: typing.Optional[builtins.str] = None,
+    ) -> None:
+        '''
+        :param input: The source code to scan for vulnerabilities.
+        :param output: Vulnerability details of your source in the form of a Software Bill of Materials (SBOM) file.
+        :param critical_threshold: The number of critical severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param high_threshold: The number of high severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param low_threshold: The number of low severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param medium_threshold: The number of medium severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param role: The Role in which context's this Action will be executing in. The Pipeline's Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your ``IAction.bind`` method in the ``ActionBindOptions.role`` property. Default: a new Role will be generated
+        :param action_name: The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.
+        :param run_order: The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1
+        :param variables_namespace: The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action's variables were referenced - otherwise, no namespace will be set
+        '''
+        props = InspectorSourceCodeScanActionProps(
+            input=input,
+            output=output,
+            critical_threshold=critical_threshold,
+            high_threshold=high_threshold,
+            low_threshold=low_threshold,
+            medium_threshold=medium_threshold,
+            role=role,
+            action_name=action_name,
+            run_order=run_order,
+            variables_namespace=variables_namespace,
+        )
+
+        jsii.create(self.__class__, self, [props])
+
+    @jsii.member(jsii_name="bound")
+    def _bound(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        stage: _IStage_415fc571,
+        *,
+        bucket: _IBucket_42e086fd,
+        role: _IRole_235f5d8e,
+    ) -> _ActionConfig_846fc217:
+        '''This is a renamed version of the ``IAction.bind`` method.
+
+        :param scope: -
+        :param stage: -
+        :param bucket: 
+        :param role: 
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__45cb7f03b6f947f8e3545d0c1c5e5d7b428fd0bbe2dec88db250699b2fba4ec2)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument stage", value=stage, expected_type=type_hints["stage"])
+        options = _ActionBindOptions_3a612254(bucket=bucket, role=role)
+
+        return typing.cast(_ActionConfig_846fc217, jsii.invoke(self, "bound", [scope, stage, options]))
+
+    @jsii.member(jsii_name="renderActionConfiguration")
+    def _render_action_configuration(self) -> typing.Mapping[builtins.str, typing.Any]:
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.invoke(self, "renderActionConfiguration", []))
 
-    NONE = "NONE"
-    POLL = "POLL"
-    WEBHOOK = "WEBHOOK"
 
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.InspectorSourceCodeScanActionProps",
+    jsii_struct_bases=[InspectorScanActionBaseProps],
+    name_mapping={
+        "action_name": "actionName",
+        "run_order": "runOrder",
+        "variables_namespace": "variablesNamespace",
+        "role": "role",
+        "output": "output",
+        "critical_threshold": "criticalThreshold",
+        "high_threshold": "highThreshold",
+        "low_threshold": "lowThreshold",
+        "medium_threshold": "mediumThreshold",
+        "input": "input",
+    },
+)
+class InspectorSourceCodeScanActionProps(InspectorScanActionBaseProps):
+    def __init__(
+        self,
+        *,
+        action_name: builtins.str,
+        run_order: typing.Optional[jsii.Number] = None,
+        variables_namespace: typing.Optional[builtins.str] = None,
+        role: typing.Optional[_IRole_235f5d8e] = None,
+        output: _Artifact_0cb05964,
+        critical_threshold: typing.Optional[jsii.Number] = None,
+        high_threshold: typing.Optional[jsii.Number] = None,
+        low_threshold: typing.Optional[jsii.Number] = None,
+        medium_threshold: typing.Optional[jsii.Number] = None,
+        input: _Artifact_0cb05964,
+    ) -> None:
+        '''Construction properties of the ``InspectorSourceCodeScanAction``.
 
-@jsii.interface(jsii_type="aws-cdk-lib.aws_codepipeline_actions.ICustomEventRule")
-class ICustomEventRule(typing_extensions.Protocol):
-    '''Represents a custom event rule in AWS CodePipeline Actions.
+        :param action_name: The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.
+        :param run_order: The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1
+        :param variables_namespace: The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action's variables were referenced - otherwise, no namespace will be set
+        :param role: The Role in which context's this Action will be executing in. The Pipeline's Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your ``IAction.bind`` method in the ``ActionBindOptions.role`` property. Default: a new Role will be generated
+        :param output: Vulnerability details of your source in the form of a Software Bill of Materials (SBOM) file.
+        :param critical_threshold: The number of critical severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param high_threshold: The number of high severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param low_threshold: The number of low severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param medium_threshold: The number of medium severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param input: The source code to scan for vulnerabilities.
 
-    This interface defines the structure for specifying a custom event rule
-    in the AWS CodePipeline Actions module. The event rule is defined by an
-    event pattern and a target.
+        :exampleMetadata: infused
 
-    :see: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_events_targets-readme.html
-    '''
+        Example::
 
-    @builtins.property
-    @jsii.member(jsii_name="eventPattern")
-    def event_pattern(self) -> _EventPattern_fe557901:
-        '''event pattern when this rule should be triggered.'''
-        ...
+            # pipeline: codepipeline.Pipeline
+            
+            
+            source_output = codepipeline.Artifact()
+            source_action = codepipeline_actions.CodeStarConnectionsSourceAction(
+                action_name="CodeStarConnectionsSourceAction",
+                output=source_output,
+                connection_arn="your-connection-arn",
+                owner="your-owner",
+                repo="your-repo"
+            )
+            
+            scan_output = codepipeline.Artifact()
+            scan_action = codepipeline_actions.InspectorSourceCodeScanAction(
+                action_name="InspectorSourceCodeScanAction",
+                input=source_output,
+                output=scan_output
+            )
+            
+            pipeline.add_stage(
+                stage_name="Source",
+                actions=[source_action]
+            )
+            pipeline.add_stage(
+                stage_name="Scan",
+                actions=[scan_action]
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__b15e4f7143687072e838007e65ae09dfa2481ef37d0679cc1fe389ce6997a557)
+            check_type(argname="argument action_name", value=action_name, expected_type=type_hints["action_name"])
+            check_type(argname="argument run_order", value=run_order, expected_type=type_hints["run_order"])
+            check_type(argname="argument variables_namespace", value=variables_namespace, expected_type=type_hints["variables_namespace"])
+            check_type(argname="argument role", value=role, expected_type=type_hints["role"])
+            check_type(argname="argument output", value=output, expected_type=type_hints["output"])
+            check_type(argname="argument critical_threshold", value=critical_threshold, expected_type=type_hints["critical_threshold"])
+            check_type(argname="argument high_threshold", value=high_threshold, expected_type=type_hints["high_threshold"])
+            check_type(argname="argument low_threshold", value=low_threshold, expected_type=type_hints["low_threshold"])
+            check_type(argname="argument medium_threshold", value=medium_threshold, expected_type=type_hints["medium_threshold"])
+            check_type(argname="argument input", value=input, expected_type=type_hints["input"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "action_name": action_name,
+            "output": output,
+            "input": input,
+        }
+        if run_order is not None:
+            self._values["run_order"] = run_order
+        if variables_namespace is not None:
+            self._values["variables_namespace"] = variables_namespace
+        if role is not None:
+            self._values["role"] = role
+        if critical_threshold is not None:
+            self._values["critical_threshold"] = critical_threshold
+        if high_threshold is not None:
+            self._values["high_threshold"] = high_threshold
+        if low_threshold is not None:
+            self._values["low_threshold"] = low_threshold
+        if medium_threshold is not None:
+            self._values["medium_threshold"] = medium_threshold
 
     @builtins.property
-    @jsii.member(jsii_name="target")
-    def target(self) -> _IRuleTarget_7a91f454:
-        '''Target e.g. Lambda when event pattern is fulfilled.'''
-        ...
+    def action_name(self) -> builtins.str:
+        '''The physical, human-readable name of the Action.
 
-    @builtins.property
-    @jsii.member(jsii_name="description")
-    def description(self) -> typing.Optional[builtins.str]:
-        '''Description.'''
-        ...
+        Note that Action names must be unique within a single Stage.
+        '''
+        result = self._values.get("action_name")
+        assert result is not None, "Required property 'action_name' is missing"
+        return typing.cast(builtins.str, result)
 
     @builtins.property
-    @jsii.member(jsii_name="ruleName")
-    def rule_name(self) -> typing.Optional[builtins.str]:
-        '''Rulename.'''
-        ...
-
-
-class _ICustomEventRuleProxy:
-    '''Represents a custom event rule in AWS CodePipeline Actions.
+    def run_order(self) -> typing.Optional[jsii.Number]:
+        '''The runOrder property for this Action.
 
-    This interface defines the structure for specifying a custom event rule
-    in the AWS CodePipeline Actions module. The event rule is defined by an
-    event pattern and a target.
+        RunOrder determines the relative order in which multiple Actions in the same Stage execute.
 
-    :see: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_events_targets-readme.html
-    '''
+        :default: 1
 
-    __jsii_type__: typing.ClassVar[str] = "aws-cdk-lib.aws_codepipeline_actions.ICustomEventRule"
+        :see: https://docs.aws.amazon.com/codepipeline/latest/userguide/reference-pipeline-structure.html
+        '''
+        result = self._values.get("run_order")
+        return typing.cast(typing.Optional[jsii.Number], result)
 
     @builtins.property
-    @jsii.member(jsii_name="eventPattern")
-    def event_pattern(self) -> _EventPattern_fe557901:
-        '''event pattern when this rule should be triggered.'''
-        return typing.cast(_EventPattern_fe557901, jsii.get(self, "eventPattern"))
+    def variables_namespace(self) -> typing.Optional[builtins.str]:
+        '''The name of the namespace to use for variables emitted by this action.
 
-    @builtins.property
-    @jsii.member(jsii_name="target")
-    def target(self) -> _IRuleTarget_7a91f454:
-        '''Target e.g. Lambda when event pattern is fulfilled.'''
-        return typing.cast(_IRuleTarget_7a91f454, jsii.get(self, "target"))
+        :default:
 
-    @builtins.property
-    @jsii.member(jsii_name="description")
-    def description(self) -> typing.Optional[builtins.str]:
-        '''Description.'''
-        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "description"))
+        - a name will be generated, based on the stage and action names,
+        if any of the action's variables were referenced - otherwise,
+        no namespace will be set
+        '''
+        result = self._values.get("variables_namespace")
+        return typing.cast(typing.Optional[builtins.str], result)
 
     @builtins.property
-    @jsii.member(jsii_name="ruleName")
-    def rule_name(self) -> typing.Optional[builtins.str]:
-        '''Rulename.'''
-        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "ruleName"))
-
-# Adding a "__jsii_proxy_class__(): typing.Type" function to the interface
-typing.cast(typing.Any, ICustomEventRule).__jsii_proxy_class__ = lambda : _ICustomEventRuleProxy
-
-
-@jsii.interface(jsii_type="aws-cdk-lib.aws_codepipeline_actions.IJenkinsProvider")
-class IJenkinsProvider(_constructs_77d1e7e8.IConstruct, typing_extensions.Protocol):
-    '''A Jenkins provider.
+    def role(self) -> typing.Optional[_IRole_235f5d8e]:
+        '''The Role in which context's this Action will be executing in.
 
-    If you want to create a new Jenkins provider managed alongside your CDK code,
-    instantiate the ``JenkinsProvider`` class directly.
+        The Pipeline's Role will assume this Role
+        (the required permissions for that will be granted automatically)
+        right before executing this Action.
+        This Action will be passed into your ``IAction.bind``
+        method in the ``ActionBindOptions.role`` property.
 
-    If you want to reference an already registered provider,
-    use the ``JenkinsProvider#fromJenkinsProviderAttributes`` method.
-    '''
+        :default: a new Role will be generated
+        '''
+        result = self._values.get("role")
+        return typing.cast(typing.Optional[_IRole_235f5d8e], result)
 
     @builtins.property
-    @jsii.member(jsii_name="providerName")
-    def provider_name(self) -> builtins.str:
-        ...
+    def output(self) -> _Artifact_0cb05964:
+        '''Vulnerability details of your source in the form of a Software Bill of Materials (SBOM) file.'''
+        result = self._values.get("output")
+        assert result is not None, "Required property 'output' is missing"
+        return typing.cast(_Artifact_0cb05964, result)
 
     @builtins.property
-    @jsii.member(jsii_name="serverUrl")
-    def server_url(self) -> builtins.str:
-        ...
+    def critical_threshold(self) -> typing.Optional[jsii.Number]:
+        '''The number of critical severity vulnerabilities found in your source beyond which CodePipeline should fail the action.
+
+        :default: - no threshold
+        '''
+        result = self._values.get("critical_threshold")
+        return typing.cast(typing.Optional[jsii.Number], result)
 
     @builtins.property
-    @jsii.member(jsii_name="version")
-    def version(self) -> builtins.str:
-        ...
+    def high_threshold(self) -> typing.Optional[jsii.Number]:
+        '''The number of high severity vulnerabilities found in your source beyond which CodePipeline should fail the action.
 
+        :default: - no threshold
+        '''
+        result = self._values.get("high_threshold")
+        return typing.cast(typing.Optional[jsii.Number], result)
 
-class _IJenkinsProviderProxy(
-    jsii.proxy_for(_constructs_77d1e7e8.IConstruct), # type: ignore[misc]
-):
-    '''A Jenkins provider.
+    @builtins.property
+    def low_threshold(self) -> typing.Optional[jsii.Number]:
+        '''The number of low severity vulnerabilities found in your source beyond which CodePipeline should fail the action.
 
-    If you want to create a new Jenkins provider managed alongside your CDK code,
-    instantiate the ``JenkinsProvider`` class directly.
+        :default: - no threshold
+        '''
+        result = self._values.get("low_threshold")
+        return typing.cast(typing.Optional[jsii.Number], result)
 
-    If you want to reference an already registered provider,
-    use the ``JenkinsProvider#fromJenkinsProviderAttributes`` method.
-    '''
+    @builtins.property
+    def medium_threshold(self) -> typing.Optional[jsii.Number]:
+        '''The number of medium severity vulnerabilities found in your source beyond which CodePipeline should fail the action.
 
-    __jsii_type__: typing.ClassVar[str] = "aws-cdk-lib.aws_codepipeline_actions.IJenkinsProvider"
+        :default: - no threshold
+        '''
+        result = self._values.get("medium_threshold")
+        return typing.cast(typing.Optional[jsii.Number], result)
 
     @builtins.property
-    @jsii.member(jsii_name="providerName")
-    def provider_name(self) -> builtins.str:
-        return typing.cast(builtins.str, jsii.get(self, "providerName"))
+    def input(self) -> _Artifact_0cb05964:
+        '''The source code to scan for vulnerabilities.'''
+        result = self._values.get("input")
+        assert result is not None, "Required property 'input' is missing"
+        return typing.cast(_Artifact_0cb05964, result)
 
-    @builtins.property
-    @jsii.member(jsii_name="serverUrl")
-    def server_url(self) -> builtins.str:
-        return typing.cast(builtins.str, jsii.get(self, "serverUrl"))
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
 
-    @builtins.property
-    @jsii.member(jsii_name="version")
-    def version(self) -> builtins.str:
-        return typing.cast(builtins.str, jsii.get(self, "version"))
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
 
-# Adding a "__jsii_proxy_class__(): typing.Type" function to the interface
-typing.cast(typing.Any, IJenkinsProvider).__jsii_proxy_class__ = lambda : _IJenkinsProviderProxy
+    def __repr__(self) -> str:
+        return "InspectorSourceCodeScanActionProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
 
 
 class JenkinsAction(
@@ -9917,6 +11154,55 @@ class OrganizationsDeploymentProps:
         )
 
 
+@jsii.enum(jsii_type="aws-cdk-lib.aws_codepipeline_actions.RegistryType")
+class RegistryType(enum.Enum):
+    '''The type of registry to use for the EcrBuildAndPublish action.
+
+    :exampleMetadata: infused
+
+    Example::
+
+        import aws_cdk.aws_ecr as ecr
+        
+        # pipeline: codepipeline.Pipeline
+        # repository: ecr.IRepository
+        
+        
+        source_output = codepipeline.Artifact()
+        # your source repository
+        source_action = codepipeline_actions.CodeStarConnectionsSourceAction(
+            action_name="CodeStarConnectionsSourceAction",
+            output=source_output,
+            connection_arn="your-connection-arn",
+            owner="your-owner",
+            repo="your-repo"
+        )
+        
+        build_action = codepipeline_actions.EcrBuildAndPublishAction(
+            action_name="EcrBuildAndPublishAction",
+            repository_name=repository.repository_name,
+            registry_type=codepipeline_actions.RegistryType.PRIVATE,
+            dockerfile_directory_path="./my-dir",  # The path indicates ./my-dir/Dockerfile in the source repository
+            image_tags=["my-tag-1", "my-tag-2"],
+            input=source_output
+        )
+        
+        pipeline.add_stage(
+            stage_name="Source",
+            actions=[source_action]
+        )
+        pipeline.add_stage(
+            stage_name="Build",
+            actions=[build_action]
+        )
+    '''
+
+    PRIVATE = "PRIVATE"
+    '''Private registry.'''
+    PUBLIC = "PUBLIC"
+    '''Public registry.'''
+
+
 class S3DeployAction(
     Action,
     metaclass=jsii.JSIIMeta,
@@ -11671,51 +12957,324 @@ class StepFunctionsInvokeActionProps(_CommonAwsActionProps_8b809bb6):
         output: typing.Optional[_Artifact_0cb05964] = None,
         state_machine_input: typing.Optional[StateMachineInput] = None,
     ) -> None:
-        '''Construction properties of the ``StepFunctionsInvokeAction StepFunction Invoke Action``.
+        '''Construction properties of the ``StepFunctionsInvokeAction StepFunction Invoke Action``.
+
+        :param action_name: The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.
+        :param run_order: The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1
+        :param variables_namespace: The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action's variables were referenced - otherwise, no namespace will be set
+        :param role: The Role in which context's this Action will be executing in. The Pipeline's Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your ``IAction.bind`` method in the ``ActionBindOptions.role`` property. Default: a new Role will be generated
+        :param state_machine: The state machine to invoke.
+        :param execution_name_prefix: Prefix (optional). By default, the action execution ID is used as the state machine execution name. If a prefix is provided, it is prepended to the action execution ID with a hyphen and together used as the state machine execution name. Default: - action execution ID
+        :param output: The optional output Artifact of the Action. Default: the Action will not have any outputs
+        :param state_machine_input: Represents the input to the StateMachine. This includes input artifact, input type and the statemachine input. Default: - none
+
+        :exampleMetadata: infused
+
+        Example::
+
+            import aws_cdk.aws_stepfunctions as stepfunctions
+            
+            pipeline = codepipeline.Pipeline(self, "MyPipeline")
+            start_state = stepfunctions.Pass(self, "StartState")
+            simple_state_machine = stepfunctions.StateMachine(self, "SimpleStateMachine",
+                definition=start_state
+            )
+            step_function_action = codepipeline_actions.StepFunctionInvokeAction(
+                action_name="Invoke",
+                state_machine=simple_state_machine,
+                state_machine_input=codepipeline_actions.StateMachineInput.literal({"IsHelloWorldExample": True})
+            )
+            pipeline.add_stage(
+                stage_name="StepFunctions",
+                actions=[step_function_action]
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__64ac90d220b5e655386915e2881b269f896519c023a90afd1756161c9305f606)
+            check_type(argname="argument action_name", value=action_name, expected_type=type_hints["action_name"])
+            check_type(argname="argument run_order", value=run_order, expected_type=type_hints["run_order"])
+            check_type(argname="argument variables_namespace", value=variables_namespace, expected_type=type_hints["variables_namespace"])
+            check_type(argname="argument role", value=role, expected_type=type_hints["role"])
+            check_type(argname="argument state_machine", value=state_machine, expected_type=type_hints["state_machine"])
+            check_type(argname="argument execution_name_prefix", value=execution_name_prefix, expected_type=type_hints["execution_name_prefix"])
+            check_type(argname="argument output", value=output, expected_type=type_hints["output"])
+            check_type(argname="argument state_machine_input", value=state_machine_input, expected_type=type_hints["state_machine_input"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "action_name": action_name,
+            "state_machine": state_machine,
+        }
+        if run_order is not None:
+            self._values["run_order"] = run_order
+        if variables_namespace is not None:
+            self._values["variables_namespace"] = variables_namespace
+        if role is not None:
+            self._values["role"] = role
+        if execution_name_prefix is not None:
+            self._values["execution_name_prefix"] = execution_name_prefix
+        if output is not None:
+            self._values["output"] = output
+        if state_machine_input is not None:
+            self._values["state_machine_input"] = state_machine_input
+
+    @builtins.property
+    def action_name(self) -> builtins.str:
+        '''The physical, human-readable name of the Action.
+
+        Note that Action names must be unique within a single Stage.
+        '''
+        result = self._values.get("action_name")
+        assert result is not None, "Required property 'action_name' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def run_order(self) -> typing.Optional[jsii.Number]:
+        '''The runOrder property for this Action.
+
+        RunOrder determines the relative order in which multiple Actions in the same Stage execute.
+
+        :default: 1
+
+        :see: https://docs.aws.amazon.com/codepipeline/latest/userguide/reference-pipeline-structure.html
+        '''
+        result = self._values.get("run_order")
+        return typing.cast(typing.Optional[jsii.Number], result)
+
+    @builtins.property
+    def variables_namespace(self) -> typing.Optional[builtins.str]:
+        '''The name of the namespace to use for variables emitted by this action.
+
+        :default:
+
+        - a name will be generated, based on the stage and action names,
+        if any of the action's variables were referenced - otherwise,
+        no namespace will be set
+        '''
+        result = self._values.get("variables_namespace")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def role(self) -> typing.Optional[_IRole_235f5d8e]:
+        '''The Role in which context's this Action will be executing in.
+
+        The Pipeline's Role will assume this Role
+        (the required permissions for that will be granted automatically)
+        right before executing this Action.
+        This Action will be passed into your ``IAction.bind``
+        method in the ``ActionBindOptions.role`` property.
+
+        :default: a new Role will be generated
+        '''
+        result = self._values.get("role")
+        return typing.cast(typing.Optional[_IRole_235f5d8e], result)
+
+    @builtins.property
+    def state_machine(self) -> _IStateMachine_73e8d2b0:
+        '''The state machine to invoke.'''
+        result = self._values.get("state_machine")
+        assert result is not None, "Required property 'state_machine' is missing"
+        return typing.cast(_IStateMachine_73e8d2b0, result)
+
+    @builtins.property
+    def execution_name_prefix(self) -> typing.Optional[builtins.str]:
+        '''Prefix (optional).
+
+        By default, the action execution ID is used as the state machine execution name.
+        If a prefix is provided, it is prepended to the action execution ID with a hyphen and
+        together used as the state machine execution name.
+
+        :default: - action execution ID
+        '''
+        result = self._values.get("execution_name_prefix")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def output(self) -> typing.Optional[_Artifact_0cb05964]:
+        '''The optional output Artifact of the Action.
+
+        :default: the Action will not have any outputs
+        '''
+        result = self._values.get("output")
+        return typing.cast(typing.Optional[_Artifact_0cb05964], result)
+
+    @builtins.property
+    def state_machine_input(self) -> typing.Optional[StateMachineInput]:
+        '''Represents the input to the StateMachine.
+
+        This includes input artifact, input type and the statemachine input.
+
+        :default: - none
+        '''
+        result = self._values.get("state_machine_input")
+        return typing.cast(typing.Optional[StateMachineInput], result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "StepFunctionsInvokeActionProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
+@jsii.implements(IJenkinsProvider)
+class BaseJenkinsProvider(
+    _constructs_77d1e7e8.Construct,
+    metaclass=jsii.JSIIAbstractClass,
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.BaseJenkinsProvider",
+):
+    def __init__(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        version: typing.Optional[builtins.str] = None,
+    ) -> None:
+        '''
+        :param scope: -
+        :param id: -
+        :param version: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__8038675dee538d81000d6714c6f38401c5d7a19b8e5d7a412a3e91fd12717854)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+            check_type(argname="argument version", value=version, expected_type=type_hints["version"])
+        jsii.create(self.__class__, self, [scope, id, version])
+
+    @builtins.property
+    @jsii.member(jsii_name="providerName")
+    @abc.abstractmethod
+    def provider_name(self) -> builtins.str:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="serverUrl")
+    @abc.abstractmethod
+    def server_url(self) -> builtins.str:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="version")
+    def version(self) -> builtins.str:
+        return typing.cast(builtins.str, jsii.get(self, "version"))
+
+
+class _BaseJenkinsProviderProxy(BaseJenkinsProvider):
+    @builtins.property
+    @jsii.member(jsii_name="providerName")
+    def provider_name(self) -> builtins.str:
+        return typing.cast(builtins.str, jsii.get(self, "providerName"))
+
+    @builtins.property
+    @jsii.member(jsii_name="serverUrl")
+    def server_url(self) -> builtins.str:
+        return typing.cast(builtins.str, jsii.get(self, "serverUrl"))
+
+# Adding a "__jsii_proxy_class__(): typing.Type" function to the abstract class
+typing.cast(typing.Any, BaseJenkinsProvider).__jsii_proxy_class__ = lambda : _BaseJenkinsProviderProxy
+
+
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.CloudFormationDeployStackInstancesActionProps",
+    jsii_struct_bases=[
+        _CommonAwsActionProps_8b809bb6, CommonCloudFormationStackSetOptions
+    ],
+    name_mapping={
+        "action_name": "actionName",
+        "run_order": "runOrder",
+        "variables_namespace": "variablesNamespace",
+        "role": "role",
+        "failure_tolerance_percentage": "failureTolerancePercentage",
+        "max_account_concurrency_percentage": "maxAccountConcurrencyPercentage",
+        "stack_set_region": "stackSetRegion",
+        "stack_instances": "stackInstances",
+        "stack_set_name": "stackSetName",
+        "parameter_overrides": "parameterOverrides",
+    },
+)
+class CloudFormationDeployStackInstancesActionProps(
+    _CommonAwsActionProps_8b809bb6,
+    CommonCloudFormationStackSetOptions,
+):
+    def __init__(
+        self,
+        *,
+        action_name: builtins.str,
+        run_order: typing.Optional[jsii.Number] = None,
+        variables_namespace: typing.Optional[builtins.str] = None,
+        role: typing.Optional[_IRole_235f5d8e] = None,
+        failure_tolerance_percentage: typing.Optional[jsii.Number] = None,
+        max_account_concurrency_percentage: typing.Optional[jsii.Number] = None,
+        stack_set_region: typing.Optional[builtins.str] = None,
+        stack_instances: StackInstances,
+        stack_set_name: builtins.str,
+        parameter_overrides: typing.Optional[StackSetParameters] = None,
+    ) -> None:
+        '''Properties for the CloudFormationDeployStackInstancesAction.
 
         :param action_name: The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.
         :param run_order: The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1
         :param variables_namespace: The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action's variables were referenced - otherwise, no namespace will be set
         :param role: The Role in which context's this Action will be executing in. The Pipeline's Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your ``IAction.bind`` method in the ``ActionBindOptions.role`` property. Default: a new Role will be generated
-        :param state_machine: The state machine to invoke.
-        :param execution_name_prefix: Prefix (optional). By default, the action execution ID is used as the state machine execution name. If a prefix is provided, it is prepended to the action execution ID with a hyphen and together used as the state machine execution name. Default: - action execution ID
-        :param output: The optional output Artifact of the Action. Default: the Action will not have any outputs
-        :param state_machine_input: Represents the input to the StateMachine. This includes input artifact, input type and the statemachine input. Default: - none
+        :param failure_tolerance_percentage: The percentage of accounts per Region for which this stack operation can fail before AWS CloudFormation stops the operation in that Region. If the operation is stopped in a Region, AWS CloudFormation doesn't attempt the operation in subsequent Regions. When calculating the number of accounts based on the specified percentage, AWS CloudFormation rounds down to the next whole number. Default: 0%
+        :param max_account_concurrency_percentage: The maximum percentage of accounts in which to perform this operation at one time. When calculating the number of accounts based on the specified percentage, AWS CloudFormation rounds down to the next whole number. If rounding down would result in zero, AWS CloudFormation sets the number as one instead. Although you use this setting to specify the maximum, for large deployments the actual number of accounts acted upon concurrently may be lower due to service throttling. Default: 1%
+        :param stack_set_region: The AWS Region the StackSet is in. Note that a cross-region Pipeline requires replication buckets to function correctly. You can provide their names with the ``PipelineProps.crossRegionReplicationBuckets`` property. If you don't, the CodePipeline Construct will create new Stacks in your CDK app containing those buckets, that you will need to ``cdk deploy`` before deploying the main, Pipeline-containing Stack. Default: - same region as the Pipeline
+        :param stack_instances: Specify where to create or update Stack Instances. You can specify either AWS Accounts Ids or AWS Organizations Organizational Units.
+        :param stack_set_name: The name of the StackSet we are adding instances to.
+        :param parameter_overrides: Parameter values that only apply to the current Stack Instances. These parameters are shared between all instances added by this action. Default: - no parameters will be overridden
 
         :exampleMetadata: infused
 
         Example::
 
-            import aws_cdk.aws_stepfunctions as stepfunctions
+            # pipeline: codepipeline.Pipeline
+            # source_output: codepipeline.Artifact
+            
             
-            pipeline = codepipeline.Pipeline(self, "MyPipeline")
-            start_state = stepfunctions.Pass(self, "StartState")
-            simple_state_machine = stepfunctions.StateMachine(self, "SimpleStateMachine",
-                definition=start_state
-            )
-            step_function_action = codepipeline_actions.StepFunctionInvokeAction(
-                action_name="Invoke",
-                state_machine=simple_state_machine,
-                state_machine_input=codepipeline_actions.StateMachineInput.literal({"IsHelloWorldExample": True})
-            )
             pipeline.add_stage(
-                stage_name="StepFunctions",
-                actions=[step_function_action]
+                stage_name="DeployStackSets",
+                actions=[
+                    # First, update the StackSet itself with the newest template
+                    codepipeline_actions.CloudFormationDeployStackSetAction(
+                        action_name="UpdateStackSet",
+                        run_order=1,
+                        stack_set_name="MyStackSet",
+                        template=codepipeline_actions.StackSetTemplate.from_artifact_path(source_output.at_path("template.yaml")),
+            
+                        # Change this to 'StackSetDeploymentModel.organizations()' if you want to deploy to OUs
+                        deployment_model=codepipeline_actions.StackSetDeploymentModel.self_managed(),
+                        # This deploys to a set of accounts
+                        stack_instances=codepipeline_actions.StackInstances.in_accounts(["111111111111"], ["us-east-1", "eu-west-1"])
+                    ),
+            
+                    # Afterwards, update/create additional instances in other accounts
+                    codepipeline_actions.CloudFormationDeployStackInstancesAction(
+                        action_name="AddMoreInstances",
+                        run_order=2,
+                        stack_set_name="MyStackSet",
+                        stack_instances=codepipeline_actions.StackInstances.in_accounts(["222222222222", "333333333333"], ["us-east-1", "eu-west-1"])
+                    )
+                ]
             )
         '''
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__64ac90d220b5e655386915e2881b269f896519c023a90afd1756161c9305f606)
+            type_hints = typing.get_type_hints(_typecheckingstub__74ad2f406f6e2b75484390d66800bc9f6856c72cd6da5761e1f0bc953e50c5f5)
             check_type(argname="argument action_name", value=action_name, expected_type=type_hints["action_name"])
             check_type(argname="argument run_order", value=run_order, expected_type=type_hints["run_order"])
             check_type(argname="argument variables_namespace", value=variables_namespace, expected_type=type_hints["variables_namespace"])
             check_type(argname="argument role", value=role, expected_type=type_hints["role"])
-            check_type(argname="argument state_machine", value=state_machine, expected_type=type_hints["state_machine"])
-            check_type(argname="argument execution_name_prefix", value=execution_name_prefix, expected_type=type_hints["execution_name_prefix"])
-            check_type(argname="argument output", value=output, expected_type=type_hints["output"])
-            check_type(argname="argument state_machine_input", value=state_machine_input, expected_type=type_hints["state_machine_input"])
+            check_type(argname="argument failure_tolerance_percentage", value=failure_tolerance_percentage, expected_type=type_hints["failure_tolerance_percentage"])
+            check_type(argname="argument max_account_concurrency_percentage", value=max_account_concurrency_percentage, expected_type=type_hints["max_account_concurrency_percentage"])
+            check_type(argname="argument stack_set_region", value=stack_set_region, expected_type=type_hints["stack_set_region"])
+            check_type(argname="argument stack_instances", value=stack_instances, expected_type=type_hints["stack_instances"])
+            check_type(argname="argument stack_set_name", value=stack_set_name, expected_type=type_hints["stack_set_name"])
+            check_type(argname="argument parameter_overrides", value=parameter_overrides, expected_type=type_hints["parameter_overrides"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "action_name": action_name,
-            "state_machine": state_machine,
+            "stack_instances": stack_instances,
+            "stack_set_name": stack_set_name,
         }
         if run_order is not None:
             self._values["run_order"] = run_order
@@ -11723,12 +13282,14 @@ class StepFunctionsInvokeActionProps(_CommonAwsActionProps_8b809bb6):
             self._values["variables_namespace"] = variables_namespace
         if role is not None:
             self._values["role"] = role
-        if execution_name_prefix is not None:
-            self._values["execution_name_prefix"] = execution_name_prefix
-        if output is not None:
-            self._values["output"] = output
-        if state_machine_input is not None:
-            self._values["state_machine_input"] = state_machine_input
+        if failure_tolerance_percentage is not None:
+            self._values["failure_tolerance_percentage"] = failure_tolerance_percentage
+        if max_account_concurrency_percentage is not None:
+            self._values["max_account_concurrency_percentage"] = max_account_concurrency_percentage
+        if stack_set_region is not None:
+            self._values["stack_set_region"] = stack_set_region
+        if parameter_overrides is not None:
+            self._values["parameter_overrides"] = parameter_overrides
 
     @builtins.property
     def action_name(self) -> builtins.str:
@@ -11782,44 +13343,73 @@ class StepFunctionsInvokeActionProps(_CommonAwsActionProps_8b809bb6):
         return typing.cast(typing.Optional[_IRole_235f5d8e], result)
 
     @builtins.property
-    def state_machine(self) -> _IStateMachine_73e8d2b0:
-        '''The state machine to invoke.'''
-        result = self._values.get("state_machine")
-        assert result is not None, "Required property 'state_machine' is missing"
-        return typing.cast(_IStateMachine_73e8d2b0, result)
+    def failure_tolerance_percentage(self) -> typing.Optional[jsii.Number]:
+        '''The percentage of accounts per Region for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
+
+        If
+        the operation is stopped in a Region, AWS CloudFormation doesn't attempt the operation in subsequent Regions. When calculating the number
+        of accounts based on the specified percentage, AWS CloudFormation rounds down to the next whole number.
+
+        :default: 0%
+        '''
+        result = self._values.get("failure_tolerance_percentage")
+        return typing.cast(typing.Optional[jsii.Number], result)
 
     @builtins.property
-    def execution_name_prefix(self) -> typing.Optional[builtins.str]:
-        '''Prefix (optional).
+    def max_account_concurrency_percentage(self) -> typing.Optional[jsii.Number]:
+        '''The maximum percentage of accounts in which to perform this operation at one time.
 
-        By default, the action execution ID is used as the state machine execution name.
-        If a prefix is provided, it is prepended to the action execution ID with a hyphen and
-        together used as the state machine execution name.
+        When calculating the number of accounts based on the specified
+        percentage, AWS CloudFormation rounds down to the next whole number. If rounding down would result in zero, AWS CloudFormation sets the number as
+        one instead. Although you use this setting to specify the maximum, for large deployments the actual number of accounts acted upon concurrently
+        may be lower due to service throttling.
 
-        :default: - action execution ID
+        :default: 1%
         '''
-        result = self._values.get("execution_name_prefix")
+        result = self._values.get("max_account_concurrency_percentage")
+        return typing.cast(typing.Optional[jsii.Number], result)
+
+    @builtins.property
+    def stack_set_region(self) -> typing.Optional[builtins.str]:
+        '''The AWS Region the StackSet is in.
+
+        Note that a cross-region Pipeline requires replication buckets to function correctly.
+        You can provide their names with the ``PipelineProps.crossRegionReplicationBuckets`` property.
+        If you don't, the CodePipeline Construct will create new Stacks in your CDK app containing those buckets,
+        that you will need to ``cdk deploy`` before deploying the main, Pipeline-containing Stack.
+
+        :default: - same region as the Pipeline
+        '''
+        result = self._values.get("stack_set_region")
         return typing.cast(typing.Optional[builtins.str], result)
 
     @builtins.property
-    def output(self) -> typing.Optional[_Artifact_0cb05964]:
-        '''The optional output Artifact of the Action.
+    def stack_instances(self) -> StackInstances:
+        '''Specify where to create or update Stack Instances.
 
-        :default: the Action will not have any outputs
+        You can specify either AWS Accounts Ids or AWS Organizations Organizational Units.
         '''
-        result = self._values.get("output")
-        return typing.cast(typing.Optional[_Artifact_0cb05964], result)
+        result = self._values.get("stack_instances")
+        assert result is not None, "Required property 'stack_instances' is missing"
+        return typing.cast(StackInstances, result)
 
     @builtins.property
-    def state_machine_input(self) -> typing.Optional[StateMachineInput]:
-        '''Represents the input to the StateMachine.
+    def stack_set_name(self) -> builtins.str:
+        '''The name of the StackSet we are adding instances to.'''
+        result = self._values.get("stack_set_name")
+        assert result is not None, "Required property 'stack_set_name' is missing"
+        return typing.cast(builtins.str, result)
 
-        This includes input artifact, input type and the statemachine input.
+    @builtins.property
+    def parameter_overrides(self) -> typing.Optional[StackSetParameters]:
+        '''Parameter values that only apply to the current Stack Instances.
 
-        :default: - none
+        These parameters are shared between all instances added by this action.
+
+        :default: - no parameters will be overridden
         '''
-        result = self._values.get("state_machine_input")
-        return typing.cast(typing.Optional[StateMachineInput], result)
+        result = self._values.get("parameter_overrides")
+        return typing.cast(typing.Optional[StackSetParameters], result)
 
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
@@ -11828,70 +13418,13 @@ class StepFunctionsInvokeActionProps(_CommonAwsActionProps_8b809bb6):
         return not (rhs == self)
 
     def __repr__(self) -> str:
-        return "StepFunctionsInvokeActionProps(%s)" % ", ".join(
+        return "CloudFormationDeployStackInstancesActionProps(%s)" % ", ".join(
             k + "=" + repr(v) for k, v in self._values.items()
         )
 
 
-@jsii.implements(IJenkinsProvider)
-class BaseJenkinsProvider(
-    _constructs_77d1e7e8.Construct,
-    metaclass=jsii.JSIIAbstractClass,
-    jsii_type="aws-cdk-lib.aws_codepipeline_actions.BaseJenkinsProvider",
-):
-    def __init__(
-        self,
-        scope: _constructs_77d1e7e8.Construct,
-        id: builtins.str,
-        version: typing.Optional[builtins.str] = None,
-    ) -> None:
-        '''
-        :param scope: -
-        :param id: -
-        :param version: -
-        '''
-        if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__8038675dee538d81000d6714c6f38401c5d7a19b8e5d7a412a3e91fd12717854)
-            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
-            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
-            check_type(argname="argument version", value=version, expected_type=type_hints["version"])
-        jsii.create(self.__class__, self, [scope, id, version])
-
-    @builtins.property
-    @jsii.member(jsii_name="providerName")
-    @abc.abstractmethod
-    def provider_name(self) -> builtins.str:
-        ...
-
-    @builtins.property
-    @jsii.member(jsii_name="serverUrl")
-    @abc.abstractmethod
-    def server_url(self) -> builtins.str:
-        ...
-
-    @builtins.property
-    @jsii.member(jsii_name="version")
-    def version(self) -> builtins.str:
-        return typing.cast(builtins.str, jsii.get(self, "version"))
-
-
-class _BaseJenkinsProviderProxy(BaseJenkinsProvider):
-    @builtins.property
-    @jsii.member(jsii_name="providerName")
-    def provider_name(self) -> builtins.str:
-        return typing.cast(builtins.str, jsii.get(self, "providerName"))
-
-    @builtins.property
-    @jsii.member(jsii_name="serverUrl")
-    def server_url(self) -> builtins.str:
-        return typing.cast(builtins.str, jsii.get(self, "serverUrl"))
-
-# Adding a "__jsii_proxy_class__(): typing.Type" function to the abstract class
-typing.cast(typing.Any, BaseJenkinsProvider).__jsii_proxy_class__ = lambda : _BaseJenkinsProviderProxy
-
-
 @jsii.data_type(
-    jsii_type="aws-cdk-lib.aws_codepipeline_actions.CloudFormationDeployStackInstancesActionProps",
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.CloudFormationDeployStackSetActionProps",
     jsii_struct_bases=[
         _CommonAwsActionProps_8b809bb6, CommonCloudFormationStackSetOptions
     ],
@@ -11903,12 +13436,16 @@ typing.cast(typing.Any, BaseJenkinsProvider).__jsii_proxy_class__ = lambda : _Ba
         "failure_tolerance_percentage": "failureTolerancePercentage",
         "max_account_concurrency_percentage": "maxAccountConcurrencyPercentage",
         "stack_set_region": "stackSetRegion",
-        "stack_instances": "stackInstances",
         "stack_set_name": "stackSetName",
-        "parameter_overrides": "parameterOverrides",
+        "template": "template",
+        "cfn_capabilities": "cfnCapabilities",
+        "deployment_model": "deploymentModel",
+        "description": "description",
+        "parameters": "parameters",
+        "stack_instances": "stackInstances",
     },
 )
-class CloudFormationDeployStackInstancesActionProps(
+class CloudFormationDeployStackSetActionProps(
     _CommonAwsActionProps_8b809bb6,
     CommonCloudFormationStackSetOptions,
 ):
@@ -11922,11 +13459,15 @@ class CloudFormationDeployStackInstancesActionProps(
         failure_tolerance_percentage: typing.Optional[jsii.Number] = None,
         max_account_concurrency_percentage: typing.Optional[jsii.Number] = None,
         stack_set_region: typing.Optional[builtins.str] = None,
-        stack_instances: StackInstances,
         stack_set_name: builtins.str,
-        parameter_overrides: typing.Optional[StackSetParameters] = None,
+        template: StackSetTemplate,
+        cfn_capabilities: typing.Optional[typing.Sequence[_CfnCapabilities_f5c35b06]] = None,
+        deployment_model: typing.Optional[StackSetDeploymentModel] = None,
+        description: typing.Optional[builtins.str] = None,
+        parameters: typing.Optional[StackSetParameters] = None,
+        stack_instances: typing.Optional[StackInstances] = None,
     ) -> None:
-        '''Properties for the CloudFormationDeployStackInstancesAction.
+        '''Properties for the CloudFormationDeployStackSetAction.
 
         :param action_name: The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.
         :param run_order: The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1
@@ -11935,9 +13476,13 @@ class CloudFormationDeployStackInstancesActionProps(
         :param failure_tolerance_percentage: The percentage of accounts per Region for which this stack operation can fail before AWS CloudFormation stops the operation in that Region. If the operation is stopped in a Region, AWS CloudFormation doesn't attempt the operation in subsequent Regions. When calculating the number of accounts based on the specified percentage, AWS CloudFormation rounds down to the next whole number. Default: 0%
         :param max_account_concurrency_percentage: The maximum percentage of accounts in which to perform this operation at one time. When calculating the number of accounts based on the specified percentage, AWS CloudFormation rounds down to the next whole number. If rounding down would result in zero, AWS CloudFormation sets the number as one instead. Although you use this setting to specify the maximum, for large deployments the actual number of accounts acted upon concurrently may be lower due to service throttling. Default: 1%
         :param stack_set_region: The AWS Region the StackSet is in. Note that a cross-region Pipeline requires replication buckets to function correctly. You can provide their names with the ``PipelineProps.crossRegionReplicationBuckets`` property. If you don't, the CodePipeline Construct will create new Stacks in your CDK app containing those buckets, that you will need to ``cdk deploy`` before deploying the main, Pipeline-containing Stack. Default: - same region as the Pipeline
-        :param stack_instances: Specify where to create or update Stack Instances. You can specify either AWS Accounts Ids or AWS Organizations Organizational Units.
-        :param stack_set_name: The name of the StackSet we are adding instances to.
-        :param parameter_overrides: Parameter values that only apply to the current Stack Instances. These parameters are shared between all instances added by this action. Default: - no parameters will be overridden
+        :param stack_set_name: The name to associate with the stack set. This name must be unique in the Region where it is created. The name may only contain alphanumeric and hyphen characters. It must begin with an alphabetic character and be 128 characters or fewer.
+        :param template: The location of the template that defines the resources in the stack set. This must point to a template with a maximum size of 460,800 bytes. Enter the path to the source artifact name and template file.
+        :param cfn_capabilities: Indicates that the template can create and update resources, depending on the types of resources in the template. You must use this property if you have IAM resources in your stack template or you create a stack directly from a template containing macros. Default: - the StackSet will have no IAM capabilities
+        :param deployment_model: Determines how IAM roles are created and managed. The choices are: - Self Managed: you create IAM roles with the required permissions in the administration account and all target accounts. - Service Managed: only available if the account and target accounts are part of an AWS Organization. The necessary roles will be created for you. If you want to deploy to all accounts that are a member of AWS Organizations Organizational Units (OUs), you must select Service Managed permissions. Note: This parameter can only be changed when no stack instances exist in the stack set. Default: StackSetDeploymentModel.selfManaged()
+        :param description: A description of the stack set. You can use this to describe the stack set’s purpose or other relevant information. Default: - no description
+        :param parameters: The template parameters for your stack set. These parameters are shared between all instances of the stack set. Default: - no parameters will be used
+        :param stack_instances: Specify where to create or update Stack Instances. You can specify either AWS Accounts Ids or AWS Organizations Organizational Units. Default: - don't create or update any Stack Instances
 
         :exampleMetadata: infused
 
@@ -11974,7 +13519,7 @@ class CloudFormationDeployStackInstancesActionProps(
             )
         '''
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__74ad2f406f6e2b75484390d66800bc9f6856c72cd6da5761e1f0bc953e50c5f5)
+            type_hints = typing.get_type_hints(_typecheckingstub__ee2cef6462ecd2f50e6747ca0f4c5443f4167fadcb9b523b71950626de829059)
             check_type(argname="argument action_name", value=action_name, expected_type=type_hints["action_name"])
             check_type(argname="argument run_order", value=run_order, expected_type=type_hints["run_order"])
             check_type(argname="argument variables_namespace", value=variables_namespace, expected_type=type_hints["variables_namespace"])
@@ -11982,13 +13527,17 @@ class CloudFormationDeployStackInstancesActionProps(
             check_type(argname="argument failure_tolerance_percentage", value=failure_tolerance_percentage, expected_type=type_hints["failure_tolerance_percentage"])
             check_type(argname="argument max_account_concurrency_percentage", value=max_account_concurrency_percentage, expected_type=type_hints["max_account_concurrency_percentage"])
             check_type(argname="argument stack_set_region", value=stack_set_region, expected_type=type_hints["stack_set_region"])
-            check_type(argname="argument stack_instances", value=stack_instances, expected_type=type_hints["stack_instances"])
             check_type(argname="argument stack_set_name", value=stack_set_name, expected_type=type_hints["stack_set_name"])
-            check_type(argname="argument parameter_overrides", value=parameter_overrides, expected_type=type_hints["parameter_overrides"])
+            check_type(argname="argument template", value=template, expected_type=type_hints["template"])
+            check_type(argname="argument cfn_capabilities", value=cfn_capabilities, expected_type=type_hints["cfn_capabilities"])
+            check_type(argname="argument deployment_model", value=deployment_model, expected_type=type_hints["deployment_model"])
+            check_type(argname="argument description", value=description, expected_type=type_hints["description"])
+            check_type(argname="argument parameters", value=parameters, expected_type=type_hints["parameters"])
+            check_type(argname="argument stack_instances", value=stack_instances, expected_type=type_hints["stack_instances"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "action_name": action_name,
-            "stack_instances": stack_instances,
             "stack_set_name": stack_set_name,
+            "template": template,
         }
         if run_order is not None:
             self._values["run_order"] = run_order
@@ -12002,8 +13551,16 @@ class CloudFormationDeployStackInstancesActionProps(
             self._values["max_account_concurrency_percentage"] = max_account_concurrency_percentage
         if stack_set_region is not None:
             self._values["stack_set_region"] = stack_set_region
-        if parameter_overrides is not None:
-            self._values["parameter_overrides"] = parameter_overrides
+        if cfn_capabilities is not None:
+            self._values["cfn_capabilities"] = cfn_capabilities
+        if deployment_model is not None:
+            self._values["deployment_model"] = deployment_model
+        if description is not None:
+            self._values["description"] = description
+        if parameters is not None:
+            self._values["parameters"] = parameters
+        if stack_instances is not None:
+            self._values["stack_instances"] = stack_instances
 
     @builtins.property
     def action_name(self) -> builtins.str:
@@ -12098,33 +13655,99 @@ class CloudFormationDeployStackInstancesActionProps(
         return typing.cast(typing.Optional[builtins.str], result)
 
     @builtins.property
-    def stack_instances(self) -> StackInstances:
-        '''Specify where to create or update Stack Instances.
+    def stack_set_name(self) -> builtins.str:
+        '''The name to associate with the stack set.
 
-        You can specify either AWS Accounts Ids or AWS Organizations Organizational Units.
-        '''
-        result = self._values.get("stack_instances")
-        assert result is not None, "Required property 'stack_instances' is missing"
-        return typing.cast(StackInstances, result)
+        This name must be unique in the Region where it is created.
 
-    @builtins.property
-    def stack_set_name(self) -> builtins.str:
-        '''The name of the StackSet we are adding instances to.'''
+        The name may only contain alphanumeric and hyphen characters. It must begin with an alphabetic character and be 128 characters or fewer.
+        '''
         result = self._values.get("stack_set_name")
         assert result is not None, "Required property 'stack_set_name' is missing"
         return typing.cast(builtins.str, result)
 
     @builtins.property
-    def parameter_overrides(self) -> typing.Optional[StackSetParameters]:
-        '''Parameter values that only apply to the current Stack Instances.
+    def template(self) -> StackSetTemplate:
+        '''The location of the template that defines the resources in the stack set.
 
-        These parameters are shared between all instances added by this action.
+        This must point to a template with a maximum size of 460,800 bytes.
 
-        :default: - no parameters will be overridden
+        Enter the path to the source artifact name and template file.
         '''
-        result = self._values.get("parameter_overrides")
+        result = self._values.get("template")
+        assert result is not None, "Required property 'template' is missing"
+        return typing.cast(StackSetTemplate, result)
+
+    @builtins.property
+    def cfn_capabilities(
+        self,
+    ) -> typing.Optional[typing.List[_CfnCapabilities_f5c35b06]]:
+        '''Indicates that the template can create and update resources, depending on the types of resources in the template.
+
+        You must use this property if you have IAM resources in your stack template or you create a stack directly from a template containing macros.
+
+        :default: - the StackSet will have no IAM capabilities
+        '''
+        result = self._values.get("cfn_capabilities")
+        return typing.cast(typing.Optional[typing.List[_CfnCapabilities_f5c35b06]], result)
+
+    @builtins.property
+    def deployment_model(self) -> typing.Optional[StackSetDeploymentModel]:
+        '''Determines how IAM roles are created and managed.
+
+        The choices are:
+
+        - Self Managed: you create IAM roles with the required permissions
+          in the administration account and all target accounts.
+        - Service Managed: only available if the account and target accounts
+          are part of an AWS Organization. The necessary roles will be created
+          for you.
+
+        If you want to deploy to all accounts that are a member of AWS
+        Organizations Organizational Units (OUs), you must select Service Managed
+        permissions.
+
+        Note: This parameter can only be changed when no stack instances exist in
+        the stack set.
+
+        :default: StackSetDeploymentModel.selfManaged()
+        '''
+        result = self._values.get("deployment_model")
+        return typing.cast(typing.Optional[StackSetDeploymentModel], result)
+
+    @builtins.property
+    def description(self) -> typing.Optional[builtins.str]:
+        '''A description of the stack set.
+
+        You can use this to describe the stack set’s purpose or other relevant information.
+
+        :default: - no description
+        '''
+        result = self._values.get("description")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def parameters(self) -> typing.Optional[StackSetParameters]:
+        '''The template parameters for your stack set.
+
+        These parameters are shared between all instances of the stack set.
+
+        :default: - no parameters will be used
+        '''
+        result = self._values.get("parameters")
         return typing.cast(typing.Optional[StackSetParameters], result)
 
+    @builtins.property
+    def stack_instances(self) -> typing.Optional[StackInstances]:
+        '''Specify where to create or update Stack Instances.
+
+        You can specify either AWS Accounts Ids or AWS Organizations Organizational Units.
+
+        :default: - don't create or update any Stack Instances
+        '''
+        result = self._values.get("stack_instances")
+        return typing.cast(typing.Optional[StackInstances], result)
+
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -12132,37 +13755,132 @@ class CloudFormationDeployStackInstancesActionProps(
         return not (rhs == self)
 
     def __repr__(self) -> str:
-        return "CloudFormationDeployStackInstancesActionProps(%s)" % ", ".join(
+        return "CloudFormationDeployStackSetActionProps(%s)" % ", ".join(
             k + "=" + repr(v) for k, v in self._values.items()
         )
 
 
+class InspectorEcrImageScanAction(
+    InspectorScanActionBase,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.InspectorEcrImageScanAction",
+):
+    '''CodePipeline invoke action that uses AWS InspectorScan for ECR images.
+
+    :exampleMetadata: infused
+
+    Example::
+
+        import aws_cdk.aws_ecr as ecr
+        
+        # pipeline: codepipeline.Pipeline
+        # repository: ecr.IRepository
+        
+        
+        scan_output = codepipeline.Artifact()
+        scan_action = codepipeline_actions.InspectorEcrImageScanAction(
+            action_name="InspectorEcrImageScanAction",
+            output=scan_output,
+            repository=repository
+        )
+        
+        pipeline.add_stage(
+            stage_name="Scan",
+            actions=[scan_action]
+        )
+    '''
+
+    def __init__(
+        self,
+        *,
+        repository: _IRepository_e6004aa6,
+        image_tag: typing.Optional[builtins.str] = None,
+        output: _Artifact_0cb05964,
+        critical_threshold: typing.Optional[jsii.Number] = None,
+        high_threshold: typing.Optional[jsii.Number] = None,
+        low_threshold: typing.Optional[jsii.Number] = None,
+        medium_threshold: typing.Optional[jsii.Number] = None,
+        role: typing.Optional[_IRole_235f5d8e] = None,
+        action_name: builtins.str,
+        run_order: typing.Optional[jsii.Number] = None,
+        variables_namespace: typing.Optional[builtins.str] = None,
+    ) -> None:
+        '''
+        :param repository: The Amazon ECR repository where the image is pushed.
+        :param image_tag: The tag used for the image. Default: 'latest'
+        :param output: Vulnerability details of your source in the form of a Software Bill of Materials (SBOM) file.
+        :param critical_threshold: The number of critical severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param high_threshold: The number of high severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param low_threshold: The number of low severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param medium_threshold: The number of medium severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param role: The Role in which context's this Action will be executing in. The Pipeline's Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your ``IAction.bind`` method in the ``ActionBindOptions.role`` property. Default: a new Role will be generated
+        :param action_name: The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.
+        :param run_order: The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1
+        :param variables_namespace: The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action's variables were referenced - otherwise, no namespace will be set
+        '''
+        props = InspectorEcrImageScanActionProps(
+            repository=repository,
+            image_tag=image_tag,
+            output=output,
+            critical_threshold=critical_threshold,
+            high_threshold=high_threshold,
+            low_threshold=low_threshold,
+            medium_threshold=medium_threshold,
+            role=role,
+            action_name=action_name,
+            run_order=run_order,
+            variables_namespace=variables_namespace,
+        )
+
+        jsii.create(self.__class__, self, [props])
+
+    @jsii.member(jsii_name="bound")
+    def _bound(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        stage: _IStage_415fc571,
+        *,
+        bucket: _IBucket_42e086fd,
+        role: _IRole_235f5d8e,
+    ) -> _ActionConfig_846fc217:
+        '''This is a renamed version of the ``IAction.bind`` method.
+
+        :param scope: -
+        :param stage: -
+        :param bucket: 
+        :param role: 
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__b9417731b05c3a732c5ac482215baf762edbfe9d6dfefcdf5bb578bb5c2ca37f)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument stage", value=stage, expected_type=type_hints["stage"])
+        options = _ActionBindOptions_3a612254(bucket=bucket, role=role)
+
+        return typing.cast(_ActionConfig_846fc217, jsii.invoke(self, "bound", [scope, stage, options]))
+
+    @jsii.member(jsii_name="renderActionConfiguration")
+    def _render_action_configuration(self) -> typing.Mapping[builtins.str, typing.Any]:
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.invoke(self, "renderActionConfiguration", []))
+
+
 @jsii.data_type(
-    jsii_type="aws-cdk-lib.aws_codepipeline_actions.CloudFormationDeployStackSetActionProps",
-    jsii_struct_bases=[
-        _CommonAwsActionProps_8b809bb6, CommonCloudFormationStackSetOptions
-    ],
+    jsii_type="aws-cdk-lib.aws_codepipeline_actions.InspectorEcrImageScanActionProps",
+    jsii_struct_bases=[InspectorScanActionBaseProps],
     name_mapping={
         "action_name": "actionName",
         "run_order": "runOrder",
         "variables_namespace": "variablesNamespace",
         "role": "role",
-        "failure_tolerance_percentage": "failureTolerancePercentage",
-        "max_account_concurrency_percentage": "maxAccountConcurrencyPercentage",
-        "stack_set_region": "stackSetRegion",
-        "stack_set_name": "stackSetName",
-        "template": "template",
-        "cfn_capabilities": "cfnCapabilities",
-        "deployment_model": "deploymentModel",
-        "description": "description",
-        "parameters": "parameters",
-        "stack_instances": "stackInstances",
+        "output": "output",
+        "critical_threshold": "criticalThreshold",
+        "high_threshold": "highThreshold",
+        "low_threshold": "lowThreshold",
+        "medium_threshold": "mediumThreshold",
+        "repository": "repository",
+        "image_tag": "imageTag",
     },
 )
-class CloudFormationDeployStackSetActionProps(
-    _CommonAwsActionProps_8b809bb6,
-    CommonCloudFormationStackSetOptions,
-):
+class InspectorEcrImageScanActionProps(InspectorScanActionBaseProps):
     def __init__(
         self,
         *,
@@ -12170,88 +13888,67 @@ class CloudFormationDeployStackSetActionProps(
         run_order: typing.Optional[jsii.Number] = None,
         variables_namespace: typing.Optional[builtins.str] = None,
         role: typing.Optional[_IRole_235f5d8e] = None,
-        failure_tolerance_percentage: typing.Optional[jsii.Number] = None,
-        max_account_concurrency_percentage: typing.Optional[jsii.Number] = None,
-        stack_set_region: typing.Optional[builtins.str] = None,
-        stack_set_name: builtins.str,
-        template: StackSetTemplate,
-        cfn_capabilities: typing.Optional[typing.Sequence[_CfnCapabilities_f5c35b06]] = None,
-        deployment_model: typing.Optional[StackSetDeploymentModel] = None,
-        description: typing.Optional[builtins.str] = None,
-        parameters: typing.Optional[StackSetParameters] = None,
-        stack_instances: typing.Optional[StackInstances] = None,
+        output: _Artifact_0cb05964,
+        critical_threshold: typing.Optional[jsii.Number] = None,
+        high_threshold: typing.Optional[jsii.Number] = None,
+        low_threshold: typing.Optional[jsii.Number] = None,
+        medium_threshold: typing.Optional[jsii.Number] = None,
+        repository: _IRepository_e6004aa6,
+        image_tag: typing.Optional[builtins.str] = None,
     ) -> None:
-        '''Properties for the CloudFormationDeployStackSetAction.
+        '''Construction properties of the ``InspectorEcrImageScanAction``.
 
         :param action_name: The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.
         :param run_order: The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1
         :param variables_namespace: The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action's variables were referenced - otherwise, no namespace will be set
         :param role: The Role in which context's this Action will be executing in. The Pipeline's Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your ``IAction.bind`` method in the ``ActionBindOptions.role`` property. Default: a new Role will be generated
-        :param failure_tolerance_percentage: The percentage of accounts per Region for which this stack operation can fail before AWS CloudFormation stops the operation in that Region. If the operation is stopped in a Region, AWS CloudFormation doesn't attempt the operation in subsequent Regions. When calculating the number of accounts based on the specified percentage, AWS CloudFormation rounds down to the next whole number. Default: 0%
-        :param max_account_concurrency_percentage: The maximum percentage of accounts in which to perform this operation at one time. When calculating the number of accounts based on the specified percentage, AWS CloudFormation rounds down to the next whole number. If rounding down would result in zero, AWS CloudFormation sets the number as one instead. Although you use this setting to specify the maximum, for large deployments the actual number of accounts acted upon concurrently may be lower due to service throttling. Default: 1%
-        :param stack_set_region: The AWS Region the StackSet is in. Note that a cross-region Pipeline requires replication buckets to function correctly. You can provide their names with the ``PipelineProps.crossRegionReplicationBuckets`` property. If you don't, the CodePipeline Construct will create new Stacks in your CDK app containing those buckets, that you will need to ``cdk deploy`` before deploying the main, Pipeline-containing Stack. Default: - same region as the Pipeline
-        :param stack_set_name: The name to associate with the stack set. This name must be unique in the Region where it is created. The name may only contain alphanumeric and hyphen characters. It must begin with an alphabetic character and be 128 characters or fewer.
-        :param template: The location of the template that defines the resources in the stack set. This must point to a template with a maximum size of 460,800 bytes. Enter the path to the source artifact name and template file.
-        :param cfn_capabilities: Indicates that the template can create and update resources, depending on the types of resources in the template. You must use this property if you have IAM resources in your stack template or you create a stack directly from a template containing macros. Default: - the StackSet will have no IAM capabilities
-        :param deployment_model: Determines how IAM roles are created and managed. The choices are: - Self Managed: you create IAM roles with the required permissions in the administration account and all target accounts. - Service Managed: only available if the account and target accounts are part of an AWS Organization. The necessary roles will be created for you. If you want to deploy to all accounts that are a member of AWS Organizations Organizational Units (OUs), you must select Service Managed permissions. Note: This parameter can only be changed when no stack instances exist in the stack set. Default: StackSetDeploymentModel.selfManaged()
-        :param description: A description of the stack set. You can use this to describe the stack set’s purpose or other relevant information. Default: - no description
-        :param parameters: The template parameters for your stack set. These parameters are shared between all instances of the stack set. Default: - no parameters will be used
-        :param stack_instances: Specify where to create or update Stack Instances. You can specify either AWS Accounts Ids or AWS Organizations Organizational Units. Default: - don't create or update any Stack Instances
+        :param output: Vulnerability details of your source in the form of a Software Bill of Materials (SBOM) file.
+        :param critical_threshold: The number of critical severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param high_threshold: The number of high severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param low_threshold: The number of low severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param medium_threshold: The number of medium severity vulnerabilities found in your source beyond which CodePipeline should fail the action. Default: - no threshold
+        :param repository: The Amazon ECR repository where the image is pushed.
+        :param image_tag: The tag used for the image. Default: 'latest'
 
         :exampleMetadata: infused
 
         Example::
 
-            # pipeline: codepipeline.Pipeline
-            # source_output: codepipeline.Artifact
-            
-            
-            pipeline.add_stage(
-                stage_name="DeployStackSets",
-                actions=[
-                    # First, update the StackSet itself with the newest template
-                    codepipeline_actions.CloudFormationDeployStackSetAction(
-                        action_name="UpdateStackSet",
-                        run_order=1,
-                        stack_set_name="MyStackSet",
-                        template=codepipeline_actions.StackSetTemplate.from_artifact_path(source_output.at_path("template.yaml")),
-            
-                        # Change this to 'StackSetDeploymentModel.organizations()' if you want to deploy to OUs
-                        deployment_model=codepipeline_actions.StackSetDeploymentModel.self_managed(),
-                        # This deploys to a set of accounts
-                        stack_instances=codepipeline_actions.StackInstances.in_accounts(["111111111111"], ["us-east-1", "eu-west-1"])
-                    ),
+            import aws_cdk.aws_ecr as ecr
             
-                    # Afterwards, update/create additional instances in other accounts
-                    codepipeline_actions.CloudFormationDeployStackInstancesAction(
-                        action_name="AddMoreInstances",
-                        run_order=2,
-                        stack_set_name="MyStackSet",
-                        stack_instances=codepipeline_actions.StackInstances.in_accounts(["222222222222", "333333333333"], ["us-east-1", "eu-west-1"])
-                    )
-                ]
+            # pipeline: codepipeline.Pipeline
+            # repository: ecr.IRepository
+            
+            
+            scan_output = codepipeline.Artifact()
+            scan_action = codepipeline_actions.InspectorEcrImageScanAction(
+                action_name="InspectorEcrImageScanAction",
+                output=scan_output,
+                repository=repository
+            )
+            
+            pipeline.add_stage(
+                stage_name="Scan",
+                actions=[scan_action]
             )
         '''
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__ee2cef6462ecd2f50e6747ca0f4c5443f4167fadcb9b523b71950626de829059)
+            type_hints = typing.get_type_hints(_typecheckingstub__6a7982da431d6fa0bd0f4dcdb140e96377e641305c9d377e566f656cfce34443)
             check_type(argname="argument action_name", value=action_name, expected_type=type_hints["action_name"])
             check_type(argname="argument run_order", value=run_order, expected_type=type_hints["run_order"])
             check_type(argname="argument variables_namespace", value=variables_namespace, expected_type=type_hints["variables_namespace"])
             check_type(argname="argument role", value=role, expected_type=type_hints["role"])
-            check_type(argname="argument failure_tolerance_percentage", value=failure_tolerance_percentage, expected_type=type_hints["failure_tolerance_percentage"])
-            check_type(argname="argument max_account_concurrency_percentage", value=max_account_concurrency_percentage, expected_type=type_hints["max_account_concurrency_percentage"])
-            check_type(argname="argument stack_set_region", value=stack_set_region, expected_type=type_hints["stack_set_region"])
-            check_type(argname="argument stack_set_name", value=stack_set_name, expected_type=type_hints["stack_set_name"])
-            check_type(argname="argument template", value=template, expected_type=type_hints["template"])
-            check_type(argname="argument cfn_capabilities", value=cfn_capabilities, expected_type=type_hints["cfn_capabilities"])
-            check_type(argname="argument deployment_model", value=deployment_model, expected_type=type_hints["deployment_model"])
-            check_type(argname="argument description", value=description, expected_type=type_hints["description"])
-            check_type(argname="argument parameters", value=parameters, expected_type=type_hints["parameters"])
-            check_type(argname="argument stack_instances", value=stack_instances, expected_type=type_hints["stack_instances"])
+            check_type(argname="argument output", value=output, expected_type=type_hints["output"])
+            check_type(argname="argument critical_threshold", value=critical_threshold, expected_type=type_hints["critical_threshold"])
+            check_type(argname="argument high_threshold", value=high_threshold, expected_type=type_hints["high_threshold"])
+            check_type(argname="argument low_threshold", value=low_threshold, expected_type=type_hints["low_threshold"])
+            check_type(argname="argument medium_threshold", value=medium_threshold, expected_type=type_hints["medium_threshold"])
+            check_type(argname="argument repository", value=repository, expected_type=type_hints["repository"])
+            check_type(argname="argument image_tag", value=image_tag, expected_type=type_hints["image_tag"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "action_name": action_name,
-            "stack_set_name": stack_set_name,
-            "template": template,
+            "output": output,
+            "repository": repository,
         }
         if run_order is not None:
             self._values["run_order"] = run_order
@@ -12259,22 +13956,16 @@ class CloudFormationDeployStackSetActionProps(
             self._values["variables_namespace"] = variables_namespace
         if role is not None:
             self._values["role"] = role
-        if failure_tolerance_percentage is not None:
-            self._values["failure_tolerance_percentage"] = failure_tolerance_percentage
-        if max_account_concurrency_percentage is not None:
-            self._values["max_account_concurrency_percentage"] = max_account_concurrency_percentage
-        if stack_set_region is not None:
-            self._values["stack_set_region"] = stack_set_region
-        if cfn_capabilities is not None:
-            self._values["cfn_capabilities"] = cfn_capabilities
-        if deployment_model is not None:
-            self._values["deployment_model"] = deployment_model
-        if description is not None:
-            self._values["description"] = description
-        if parameters is not None:
-            self._values["parameters"] = parameters
-        if stack_instances is not None:
-            self._values["stack_instances"] = stack_instances
+        if critical_threshold is not None:
+            self._values["critical_threshold"] = critical_threshold
+        if high_threshold is not None:
+            self._values["high_threshold"] = high_threshold
+        if low_threshold is not None:
+            self._values["low_threshold"] = low_threshold
+        if medium_threshold is not None:
+            self._values["medium_threshold"] = medium_threshold
+        if image_tag is not None:
+            self._values["image_tag"] = image_tag
 
     @builtins.property
     def action_name(self) -> builtins.str:
@@ -12328,140 +14019,64 @@ class CloudFormationDeployStackSetActionProps(
         return typing.cast(typing.Optional[_IRole_235f5d8e], result)
 
     @builtins.property
-    def failure_tolerance_percentage(self) -> typing.Optional[jsii.Number]:
-        '''The percentage of accounts per Region for which this stack operation can fail before AWS CloudFormation stops the operation in that Region.
-
-        If
-        the operation is stopped in a Region, AWS CloudFormation doesn't attempt the operation in subsequent Regions. When calculating the number
-        of accounts based on the specified percentage, AWS CloudFormation rounds down to the next whole number.
-
-        :default: 0%
-        '''
-        result = self._values.get("failure_tolerance_percentage")
-        return typing.cast(typing.Optional[jsii.Number], result)
+    def output(self) -> _Artifact_0cb05964:
+        '''Vulnerability details of your source in the form of a Software Bill of Materials (SBOM) file.'''
+        result = self._values.get("output")
+        assert result is not None, "Required property 'output' is missing"
+        return typing.cast(_Artifact_0cb05964, result)
 
     @builtins.property
-    def max_account_concurrency_percentage(self) -> typing.Optional[jsii.Number]:
-        '''The maximum percentage of accounts in which to perform this operation at one time.
-
-        When calculating the number of accounts based on the specified
-        percentage, AWS CloudFormation rounds down to the next whole number. If rounding down would result in zero, AWS CloudFormation sets the number as
-        one instead. Although you use this setting to specify the maximum, for large deployments the actual number of accounts acted upon concurrently
-        may be lower due to service throttling.
+    def critical_threshold(self) -> typing.Optional[jsii.Number]:
+        '''The number of critical severity vulnerabilities found in your source beyond which CodePipeline should fail the action.
 
-        :default: 1%
+        :default: - no threshold
         '''
-        result = self._values.get("max_account_concurrency_percentage")
+        result = self._values.get("critical_threshold")
         return typing.cast(typing.Optional[jsii.Number], result)
 
     @builtins.property
-    def stack_set_region(self) -> typing.Optional[builtins.str]:
-        '''The AWS Region the StackSet is in.
-
-        Note that a cross-region Pipeline requires replication buckets to function correctly.
-        You can provide their names with the ``PipelineProps.crossRegionReplicationBuckets`` property.
-        If you don't, the CodePipeline Construct will create new Stacks in your CDK app containing those buckets,
-        that you will need to ``cdk deploy`` before deploying the main, Pipeline-containing Stack.
-
-        :default: - same region as the Pipeline
-        '''
-        result = self._values.get("stack_set_region")
-        return typing.cast(typing.Optional[builtins.str], result)
-
-    @builtins.property
-    def stack_set_name(self) -> builtins.str:
-        '''The name to associate with the stack set.
-
-        This name must be unique in the Region where it is created.
+    def high_threshold(self) -> typing.Optional[jsii.Number]:
+        '''The number of high severity vulnerabilities found in your source beyond which CodePipeline should fail the action.
 
-        The name may only contain alphanumeric and hyphen characters. It must begin with an alphabetic character and be 128 characters or fewer.
+        :default: - no threshold
         '''
-        result = self._values.get("stack_set_name")
-        assert result is not None, "Required property 'stack_set_name' is missing"
-        return typing.cast(builtins.str, result)
+        result = self._values.get("high_threshold")
+        return typing.cast(typing.Optional[jsii.Number], result)
 
     @builtins.property
-    def template(self) -> StackSetTemplate:
-        '''The location of the template that defines the resources in the stack set.
-
-        This must point to a template with a maximum size of 460,800 bytes.
+    def low_threshold(self) -> typing.Optional[jsii.Number]:
+        '''The number of low severity vulnerabilities found in your source beyond which CodePipeline should fail the action.
 
-        Enter the path to the source artifact name and template file.
+        :default: - no threshold
         '''
-        result = self._values.get("template")
-        assert result is not None, "Required property 'template' is missing"
-        return typing.cast(StackSetTemplate, result)
+        result = self._values.get("low_threshold")
+        return typing.cast(typing.Optional[jsii.Number], result)
 
     @builtins.property
-    def cfn_capabilities(
-        self,
-    ) -> typing.Optional[typing.List[_CfnCapabilities_f5c35b06]]:
-        '''Indicates that the template can create and update resources, depending on the types of resources in the template.
-
-        You must use this property if you have IAM resources in your stack template or you create a stack directly from a template containing macros.
+    def medium_threshold(self) -> typing.Optional[jsii.Number]:
+        '''The number of medium severity vulnerabilities found in your source beyond which CodePipeline should fail the action.
 
-        :default: - the StackSet will have no IAM capabilities
+        :default: - no threshold
         '''
-        result = self._values.get("cfn_capabilities")
-        return typing.cast(typing.Optional[typing.List[_CfnCapabilities_f5c35b06]], result)
+        result = self._values.get("medium_threshold")
+        return typing.cast(typing.Optional[jsii.Number], result)
 
     @builtins.property
-    def deployment_model(self) -> typing.Optional[StackSetDeploymentModel]:
-        '''Determines how IAM roles are created and managed.
-
-        The choices are:
-
-        - Self Managed: you create IAM roles with the required permissions
-          in the administration account and all target accounts.
-        - Service Managed: only available if the account and target accounts
-          are part of an AWS Organization. The necessary roles will be created
-          for you.
-
-        If you want to deploy to all accounts that are a member of AWS
-        Organizations Organizational Units (OUs), you must select Service Managed
-        permissions.
-
-        Note: This parameter can only be changed when no stack instances exist in
-        the stack set.
-
-        :default: StackSetDeploymentModel.selfManaged()
-        '''
-        result = self._values.get("deployment_model")
-        return typing.cast(typing.Optional[StackSetDeploymentModel], result)
+    def repository(self) -> _IRepository_e6004aa6:
+        '''The Amazon ECR repository where the image is pushed.'''
+        result = self._values.get("repository")
+        assert result is not None, "Required property 'repository' is missing"
+        return typing.cast(_IRepository_e6004aa6, result)
 
     @builtins.property
-    def description(self) -> typing.Optional[builtins.str]:
-        '''A description of the stack set.
-
-        You can use this to describe the stack set’s purpose or other relevant information.
+    def image_tag(self) -> typing.Optional[builtins.str]:
+        '''The tag used for the image.
 
-        :default: - no description
+        :default: 'latest'
         '''
-        result = self._values.get("description")
+        result = self._values.get("image_tag")
         return typing.cast(typing.Optional[builtins.str], result)
 
-    @builtins.property
-    def parameters(self) -> typing.Optional[StackSetParameters]:
-        '''The template parameters for your stack set.
-
-        These parameters are shared between all instances of the stack set.
-
-        :default: - no parameters will be used
-        '''
-        result = self._values.get("parameters")
-        return typing.cast(typing.Optional[StackSetParameters], result)
-
-    @builtins.property
-    def stack_instances(self) -> typing.Optional[StackInstances]:
-        '''Specify where to create or update Stack Instances.
-
-        You can specify either AWS Accounts Ids or AWS Organizations Organizational Units.
-
-        :default: - don't create or update any Stack Instances
-        '''
-        result = self._values.get("stack_instances")
-        return typing.cast(typing.Optional[StackInstances], result)
-
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -12469,7 +14084,7 @@ class CloudFormationDeployStackSetActionProps(
         return not (rhs == self)
 
     def __repr__(self) -> str:
-        return "CloudFormationDeployStackSetActionProps(%s)" % ", ".join(
+        return "InspectorEcrImageScanActionProps(%s)" % ", ".join(
             k + "=" + repr(v) for k, v in self._values.items()
         )
 
@@ -12605,6 +14220,9 @@ __all__ = [
     "CommandsAction",
     "CommandsActionProps",
     "CommonCloudFormationStackSetOptions",
+    "EcrBuildAndPublishAction",
+    "EcrBuildAndPublishActionProps",
+    "EcrBuildAndPublishVariables",
     "EcrSourceAction",
     "EcrSourceActionProps",
     "EcrSourceVariables",
@@ -12618,6 +14236,13 @@ __all__ = [
     "GitHubTrigger",
     "ICustomEventRule",
     "IJenkinsProvider",
+    "InspectorEcrImageScanAction",
+    "InspectorEcrImageScanActionProps",
+    "InspectorScanActionBase",
+    "InspectorScanActionBaseProps",
+    "InspectorScanVariables",
+    "InspectorSourceCodeScanAction",
+    "InspectorSourceCodeScanActionProps",
     "JenkinsAction",
     "JenkinsActionProps",
     "JenkinsActionType",
@@ -12629,6 +14254,7 @@ __all__ = [
     "ManualApprovalAction",
     "ManualApprovalActionProps",
     "OrganizationsDeploymentProps",
+    "RegistryType",
     "S3DeployAction",
     "S3DeployActionProps",
     "S3SourceAction",
@@ -13081,6 +14707,39 @@ def _typecheckingstub__2410584584bdbc5570942e28fb48b74fa12d17853f6fde7bdcddfd923
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__29d16187e06f9d23101e6955f383d38368a5309fb4f73cf04c52e7a739830b33(
+    scope: _constructs_77d1e7e8.Construct,
+    stage: _IStage_415fc571,
+    *,
+    bucket: _IBucket_42e086fd,
+    role: _IRole_235f5d8e,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__1b13d08d881a39c394898fc7c83d74e8f65d5c1bdabde058e6bb0d10e57ec00f(
+    *,
+    action_name: builtins.str,
+    run_order: typing.Optional[jsii.Number] = None,
+    variables_namespace: typing.Optional[builtins.str] = None,
+    role: typing.Optional[_IRole_235f5d8e] = None,
+    input: _Artifact_0cb05964,
+    repository_name: builtins.str,
+    dockerfile_directory_path: typing.Optional[builtins.str] = None,
+    image_tags: typing.Optional[typing.Sequence[builtins.str]] = None,
+    registry_type: typing.Optional[RegistryType] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__91516fa8ca0077d312e46c891a6812f3570330144844a5f751633dbd6d3cdef7(
+    *,
+    ecr_image_digest_id: builtins.str,
+    ecr_repository_name: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__d95f17ce1dc91ce862a33fcb114ba70ca493fdcf80aba4bd2b33da0283823b94(
     scope: _constructs_77d1e7e8.Construct,
     stage: _IStage_415fc571,
@@ -13200,6 +14859,64 @@ def _typecheckingstub__d36a66e26e764b2c204da0bcf323302f95847c475cba80cedc642606a
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__e14024ba1588c13bad01352500e04cd20ed7cde863ea927e167b0fbe92c82ecd(
+    scope: _constructs_77d1e7e8.Construct,
+    stage: _IStage_415fc571,
+    *,
+    bucket: _IBucket_42e086fd,
+    role: _IRole_235f5d8e,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__6da783895b7ba6899d69141e306683f07acbbde47f1425f850879dc762f2e644(
+    *,
+    action_name: builtins.str,
+    run_order: typing.Optional[jsii.Number] = None,
+    variables_namespace: typing.Optional[builtins.str] = None,
+    role: typing.Optional[_IRole_235f5d8e] = None,
+    output: _Artifact_0cb05964,
+    critical_threshold: typing.Optional[jsii.Number] = None,
+    high_threshold: typing.Optional[jsii.Number] = None,
+    low_threshold: typing.Optional[jsii.Number] = None,
+    medium_threshold: typing.Optional[jsii.Number] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__8a48c3b3b3e2cfc1dcf7a2e04c2e32728ebe17a3f38a9cad1bada36d22fe6a24(
+    *,
+    highest_scanned_severity: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__45cb7f03b6f947f8e3545d0c1c5e5d7b428fd0bbe2dec88db250699b2fba4ec2(
+    scope: _constructs_77d1e7e8.Construct,
+    stage: _IStage_415fc571,
+    *,
+    bucket: _IBucket_42e086fd,
+    role: _IRole_235f5d8e,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__b15e4f7143687072e838007e65ae09dfa2481ef37d0679cc1fe389ce6997a557(
+    *,
+    action_name: builtins.str,
+    run_order: typing.Optional[jsii.Number] = None,
+    variables_namespace: typing.Optional[builtins.str] = None,
+    role: typing.Optional[_IRole_235f5d8e] = None,
+    output: _Artifact_0cb05964,
+    critical_threshold: typing.Optional[jsii.Number] = None,
+    high_threshold: typing.Optional[jsii.Number] = None,
+    low_threshold: typing.Optional[jsii.Number] = None,
+    medium_threshold: typing.Optional[jsii.Number] = None,
+    input: _Artifact_0cb05964,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__f08ae51a4cf2b1bfb9e531ba516d1aea22c51dd0dac157890193226f4ae1269b(
     _scope: _constructs_77d1e7e8.Construct,
     _stage: _IStage_415fc571,
@@ -13524,6 +15241,33 @@ def _typecheckingstub__ee2cef6462ecd2f50e6747ca0f4c5443f4167fadcb9b523b71950626d
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__b9417731b05c3a732c5ac482215baf762edbfe9d6dfefcdf5bb578bb5c2ca37f(
+    scope: _constructs_77d1e7e8.Construct,
+    stage: _IStage_415fc571,
+    *,
+    bucket: _IBucket_42e086fd,
+    role: _IRole_235f5d8e,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__6a7982da431d6fa0bd0f4dcdb140e96377e641305c9d377e566f656cfce34443(
+    *,
+    action_name: builtins.str,
+    run_order: typing.Optional[jsii.Number] = None,
+    variables_namespace: typing.Optional[builtins.str] = None,
+    role: typing.Optional[_IRole_235f5d8e] = None,
+    output: _Artifact_0cb05964,
+    critical_threshold: typing.Optional[jsii.Number] = None,
+    high_threshold: typing.Optional[jsii.Number] = None,
+    low_threshold: typing.Optional[jsii.Number] = None,
+    medium_threshold: typing.Optional[jsii.Number] = None,
+    repository: _IRepository_e6004aa6,
+    image_tag: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__74d249a9cbff04d8fc99bef3b5dbad3dd843fa3f7fa6ed1b04089cc0913ba631(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,