aws-cdk-lib 2.189.0__py3-none-any.whl → 2.190.0__py3-none-any.whl

aws_cdk/aws_cloudfront/__init__.py

@@ -23894,6 +23894,7 @@ class SSLMethod(enum.Enum):
 
     SNI = "SNI"
     VIP = "VIP"
+    STATIC_IP = "STATIC_IP"
 
 
 @jsii.enum(jsii_type="aws-cdk-lib.aws_cloudfront.SecurityPolicyProtocol")

aws_cdk/aws_cloudtrail/__init__.py

@@ -1858,15 +1858,12 @@ class CfnEventDataStore(
             *Supported CloudTrail event record fields for data events*
 
             - ``eventCategory`` (required)
-            - ``resources.type`` (required)
-            - ``readOnly``
             - ``eventName``
-            - ``resources.ARN``
-
-            The following additional fields are available for event data stores:
-
             - ``eventSource``
             - ``eventType``
+            - ``resources.ARN``
+            - ``resources.type`` (required)
+            - ``readOnly``
             - ``sessionCredentialFromConsole``
             - ``userIdentity.arn``
 
@@ -1980,7 +1977,7 @@ class CfnEventDataStore(
         ) -> None:
             '''A single selector statement in an advanced event selector.
 
-            :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported. For CloudTrail management events, supported fields include ``eventCategory`` (required), ``eventSource`` , and ``readOnly`` . The following additional fields are available for event data stores: ``eventName`` , ``eventType`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` . For CloudTrail data events, supported fields include ``eventCategory`` (required), ``resources.type`` (required), ``eventName`` , ``readOnly`` , and ``resources.ARN`` . The following additional fields are available for event data stores: ``eventSource`` , ``eventType`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` . For CloudTrail network activity events, supported fields include ``eventCategory`` (required), ``eventSource`` (required), ``eventName`` , ``errorCode`` , and ``vpcEndpointId`` . For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is ``eventCategory`` . .. epigraph:: Selectors don't support the use of wildcards like ``*`` . To match multiple values with a single condition, you may use ``StartsWith`` , ``EndsWith`` , ``NotStartsWith`` , or ``NotEndsWith`` to explicitly match the beginning or end of the event field. - *``readOnly``* - This is an optional field that is only used for management events and data events. This field can be set to ``Equals`` with a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - This field is only used for management events, data events (for event data stores only), and network activity events. For management events for trails, this is an optional field that can be set to ``NotEquals`` ``kms.amazonaws.com`` to exclude KMS management events, or ``NotEquals`` ``rdsdata.amazonaws.com`` to exclude RDS management events. For management and data events for event data stores, you can use it to include or exclude any event source and can use any operator. For network activity events, this is a required field that only uses the ``Equals`` operator. Set this field to the event source for which you want to log network activity events. If you want to log network activity events for multiple event sources, you must create a separate field selector for each event source. For a list of services supporting network activity events, see `Logging network activity events <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html>`_ in the *AWS CloudTrail User Guide* . - *``eventName``* - This is an optional field that is only used for data events, management events (for event data stores only), and network activity events. You can use any operator with ``eventName`` . You can use it to filter in or filter out specific events. You can have multiple values for this field, separated by commas. - *``eventCategory``* - This field is required and must be set to ``Equals`` . - For CloudTrail management events, the value must be ``Management`` . - For CloudTrail data events, the value must be ``Data`` . - For CloudTrail network activity events, the value must be ``NetworkActivity`` . The following are used only for event data stores: - For CloudTrail Insights events, the value must be ``Insight`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For events outside of AWS , the value must be ``ActivityAuditLog`` . - *``eventType``* - This is an optional field available only for event data stores, which is used to filter management and data events on the event type. For information about available event types, see `CloudTrail record contents <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html#ct-event-type>`_ in the *AWS CloudTrail user guide* . - *``errorCode``* - This field is only used to filter CloudTrail network activity events and is optional. This is the error code to filter on. Currently, the only valid ``errorCode`` is ``VpceAccessDenied`` . ``errorCode`` can only use the ``Equals`` operator. - *``sessionCredentialFromConsole``* - This is an optional field available only for event data stores, which is used to filter management and data events based on whether the events originated from an AWS Management Console session. ``sessionCredentialFromConsole`` can only use the ``Equals`` and ``NotEquals`` operators. - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator. For a list of available resource types for data events, see `Data events <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events>`_ in the *AWS CloudTrail User Guide* . You can have only one ``resources.type`` field per selector. To log events on more than one resource type, add another selector. - *``resources.ARN``* - The ``resources.ARN`` is an optional field for data events. You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. For more information about the ARN formats of data event resources, see `Actions, resources, and condition keys for AWS services <https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html>`_ in the *Service Authorization Reference* . .. epigraph:: You can't use the ``resources.ARN`` field to filter resource types that do not have ARNs. - *``userIdentity.arn``* - This is an optional field available only for event data stores, which is used to filter management and data events on the userIdentity ARN. You can use any operator with ``userIdentity.arn`` . For more information on the userIdentity element, see `CloudTrail userIdentity element <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html>`_ in the *AWS CloudTrail User Guide* . - *``vpcEndpointId``* - This field is only used to filter CloudTrail network activity events and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with ``vpcEndpointId`` .
+            :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported. For CloudTrail management events, supported fields include ``eventCategory`` (required), ``eventSource`` , and ``readOnly`` . The following additional fields are available for event data stores: ``eventName`` , ``eventType`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` . For CloudTrail data events, supported fields include ``eventCategory`` (required), ``eventName`` , ``eventSource`` , ``eventType`` , ``resources.type`` (required), ``readOnly`` , ``resources.ARN`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` . For CloudTrail network activity events, supported fields include ``eventCategory`` (required), ``eventSource`` (required), ``eventName`` , ``errorCode`` , and ``vpcEndpointId`` . For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is ``eventCategory`` . .. epigraph:: Selectors don't support the use of wildcards like ``*`` . To match multiple values with a single condition, you may use ``StartsWith`` , ``EndsWith`` , ``NotStartsWith`` , or ``NotEndsWith`` to explicitly match the beginning or end of the event field. - *``readOnly``* - This is an optional field that is only used for management events and data events. This field can be set to ``Equals`` with a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - This field is only used for management events, data events, and network activity events. For management events for trails, this is an optional field that can be set to ``NotEquals`` ``kms.amazonaws.com`` to exclude KMS management events, or ``NotEquals`` ``rdsdata.amazonaws.com`` to exclude RDS management events. For data events for trails, this is an optional field that you can use to include or exclude any event source and can use any operator. For management and data events for event data stores, this is an optional field that you can use to include or exclude any event source and can use any operator. For network activity events, this is a required field that only uses the ``Equals`` operator. Set this field to the event source for which you want to log network activity events. If you want to log network activity events for multiple event sources, you must create a separate field selector for each event source. For a list of services supporting network activity events, see `Logging network activity events <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html>`_ in the *AWS CloudTrail User Guide* . - *``eventName``* - This is an optional field that is only used for data events, management events (for event data stores only), and network activity events. You can use any operator with ``eventName`` . You can use it to filter in or filter out specific events. You can have multiple values for this field, separated by commas. - *``eventCategory``* - This field is required and must be set to ``Equals`` . - For CloudTrail management events, the value must be ``Management`` . - For CloudTrail data events, the value must be ``Data`` . - For CloudTrail network activity events, the value must be ``NetworkActivity`` . The following are used only for event data stores: - For CloudTrail Insights events, the value must be ``Insight`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For events outside of AWS , the value must be ``ActivityAuditLog`` . - *``eventType``* - For event data stores, this is an optional field available for event data stores to filter management and data events on the event type. For trails, this is an optional field to filter data events on the event type. For information about available event types, see `CloudTrail record contents <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html#ct-event-type>`_ in the *AWS CloudTrail user guide* . - *``errorCode``* - This field is only used to filter CloudTrail network activity events and is optional. This is the error code to filter on. Currently, the only valid ``errorCode`` is ``VpceAccessDenied`` . ``errorCode`` can only use the ``Equals`` operator. - *``sessionCredentialFromConsole``* - For event data stores, this is an optional field used to filter management and data events based on whether the events originated from an AWS Management Console session. For trails, this is an optional field used to filter data events. ``sessionCredentialFromConsole`` can only use the ``Equals`` and ``NotEquals`` operators. - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator. For a list of available resource types for data events, see `Data events <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events>`_ in the *AWS CloudTrail User Guide* . You can have only one ``resources.type`` field per selector. To log events on more than one resource type, add another selector. - *``resources.ARN``* - The ``resources.ARN`` is an optional field for data events. You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. For more information about the ARN formats of data event resources, see `Actions, resources, and condition keys for AWS services <https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html>`_ in the *Service Authorization Reference* . .. epigraph:: You can't use the ``resources.ARN`` field to filter resource types that do not have ARNs. - *``userIdentity.arn``* - For event data stores, this is an optional field used to filter management and data events for actions taken by specific IAM identities. For trails, this is an optional field used to filter data events. You can use any operator with ``userIdentity.arn`` . For more information on the userIdentity element, see `CloudTrail userIdentity element <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html>`_ in the *AWS CloudTrail User Guide* . - *``vpcEndpointId``* - This field is only used to filter CloudTrail network activity events and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with ``vpcEndpointId`` .
             :param ends_with: An operator that includes events that match the last few characters of the event record field specified as the value of ``Field`` .
             :param equal_to: An operator that includes events that match the exact value of the event record field specified as the value of ``Field`` . This is the only valid operator that you can use with the ``readOnly`` , ``eventCategory`` , and ``resources.type`` fields.
             :param not_ends_with: An operator that excludes events that match the last few characters of the event record field specified as the value of ``Field`` .
@@ -2042,7 +2039,7 @@ class CfnEventDataStore(
 
             For CloudTrail management events, supported fields include ``eventCategory`` (required), ``eventSource`` , and ``readOnly`` . The following additional fields are available for event data stores: ``eventName`` , ``eventType`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` .
 
-            For CloudTrail data events, supported fields include ``eventCategory`` (required), ``resources.type`` (required), ``eventName`` , ``readOnly`` , and ``resources.ARN`` . The following additional fields are available for event data stores: ``eventSource`` , ``eventType`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` .
+            For CloudTrail data events, supported fields include ``eventCategory`` (required), ``eventName`` , ``eventSource`` , ``eventType`` , ``resources.type`` (required), ``readOnly`` , ``resources.ARN`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` .
 
             For CloudTrail network activity events, supported fields include ``eventCategory`` (required), ``eventSource`` (required), ``eventName`` , ``errorCode`` , and ``vpcEndpointId`` .
 
@@ -2052,11 +2049,13 @@ class CfnEventDataStore(
                Selectors don't support the use of wildcards like ``*`` . To match multiple values with a single condition, you may use ``StartsWith`` , ``EndsWith`` , ``NotStartsWith`` , or ``NotEndsWith`` to explicitly match the beginning or end of the event field.
 
             - *``readOnly``* - This is an optional field that is only used for management events and data events. This field can be set to ``Equals`` with a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events.
-            - *``eventSource``* - This field is only used for management events, data events (for event data stores only), and network activity events.
+            - *``eventSource``* - This field is only used for management events, data events, and network activity events.
 
             For management events for trails, this is an optional field that can be set to ``NotEquals`` ``kms.amazonaws.com`` to exclude KMS management events, or ``NotEquals`` ``rdsdata.amazonaws.com`` to exclude RDS management events.
 
-            For management and data events for event data stores, you can use it to include or exclude any event source and can use any operator.
+            For data events for trails, this is an optional field that you can use to include or exclude any event source and can use any operator.
+
+            For management and data events for event data stores, this is an optional field that you can use to include or exclude any event source and can use any operator.
 
             For network activity events, this is a required field that only uses the ``Equals`` operator. Set this field to the event source for which you want to log network activity events. If you want to log network activity events for multiple event sources, you must create a separate field selector for each event source. For a list of services supporting network activity events, see `Logging network activity events <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html>`_ in the *AWS CloudTrail User Guide* .
 
@@ -2072,9 +2071,9 @@ class CfnEventDataStore(
             - For AWS Config configuration items, the value must be ``ConfigurationItem`` .
             - For Audit Manager evidence, the value must be ``Evidence`` .
             - For events outside of AWS , the value must be ``ActivityAuditLog`` .
-            - *``eventType``* - This is an optional field available only for event data stores, which is used to filter management and data events on the event type. For information about available event types, see `CloudTrail record contents <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html#ct-event-type>`_ in the *AWS CloudTrail user guide* .
+            - *``eventType``* - For event data stores, this is an optional field available for event data stores to filter management and data events on the event type. For trails, this is an optional field to filter data events on the event type. For information about available event types, see `CloudTrail record contents <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html#ct-event-type>`_ in the *AWS CloudTrail user guide* .
             - *``errorCode``* - This field is only used to filter CloudTrail network activity events and is optional. This is the error code to filter on. Currently, the only valid ``errorCode`` is ``VpceAccessDenied`` . ``errorCode`` can only use the ``Equals`` operator.
-            - *``sessionCredentialFromConsole``* - This is an optional field available only for event data stores, which is used to filter management and data events based on whether the events originated from an AWS Management Console session. ``sessionCredentialFromConsole`` can only use the ``Equals`` and ``NotEquals`` operators.
+            - *``sessionCredentialFromConsole``* - For event data stores, this is an optional field used to filter management and data events based on whether the events originated from an AWS Management Console session. For trails, this is an optional field used to filter data events. ``sessionCredentialFromConsole`` can only use the ``Equals`` and ``NotEquals`` operators.
             - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator.
 
             For a list of available resource types for data events, see `Data events <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events>`_ in the *AWS CloudTrail User Guide* .
@@ -2088,7 +2087,7 @@ class CfnEventDataStore(
 
                You can't use the ``resources.ARN`` field to filter resource types that do not have ARNs.
 
-            - *``userIdentity.arn``* - This is an optional field available only for event data stores, which is used to filter management and data events on the userIdentity ARN. You can use any operator with ``userIdentity.arn`` . For more information on the userIdentity element, see `CloudTrail userIdentity element <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html>`_ in the *AWS CloudTrail User Guide* .
+            - *``userIdentity.arn``* - For event data stores, this is an optional field used to filter management and data events for actions taken by specific IAM identities. For trails, this is an optional field used to filter data events. You can use any operator with ``userIdentity.arn`` . For more information on the userIdentity element, see `CloudTrail userIdentity element <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html>`_ in the *AWS CloudTrail User Guide* .
             - *``vpcEndpointId``* - This field is only used to filter CloudTrail network activity events and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with ``vpcEndpointId`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudtrail-eventdatastore-advancedfieldselector.html#cfn-cloudtrail-eventdatastore-advancedfieldselector-field
@@ -3257,15 +3256,12 @@ class CfnTrail(
             *Supported CloudTrail event record fields for data events*
 
             - ``eventCategory`` (required)
-            - ``resources.type`` (required)
-            - ``readOnly``
             - ``eventName``
-            - ``resources.ARN``
-
-            The following additional fields are available for event data stores:
-
             - ``eventSource``
             - ``eventType``
+            - ``resources.ARN``
+            - ``resources.type`` (required)
+            - ``readOnly``
             - ``sessionCredentialFromConsole``
             - ``userIdentity.arn``
 
@@ -3379,7 +3375,7 @@ class CfnTrail(
         ) -> None:
             '''A single selector statement in an advanced event selector.
 
-            :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported. For CloudTrail management events, supported fields include ``eventCategory`` (required), ``eventSource`` , and ``readOnly`` . The following additional fields are available for event data stores: ``eventName`` , ``eventType`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` . For CloudTrail data events, supported fields include ``eventCategory`` (required), ``resources.type`` (required), ``eventName`` , ``readOnly`` , and ``resources.ARN`` . The following additional fields are available for event data stores: ``eventSource`` , ``eventType`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` . For CloudTrail network activity events, supported fields include ``eventCategory`` (required), ``eventSource`` (required), ``eventName`` , ``errorCode`` , and ``vpcEndpointId`` . For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is ``eventCategory`` . .. epigraph:: Selectors don't support the use of wildcards like ``*`` . To match multiple values with a single condition, you may use ``StartsWith`` , ``EndsWith`` , ``NotStartsWith`` , or ``NotEndsWith`` to explicitly match the beginning or end of the event field. - *``readOnly``* - This is an optional field that is only used for management events and data events. This field can be set to ``Equals`` with a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - This field is only used for management events, data events (for event data stores only), and network activity events. For management events for trails, this is an optional field that can be set to ``NotEquals`` ``kms.amazonaws.com`` to exclude KMS management events, or ``NotEquals`` ``rdsdata.amazonaws.com`` to exclude RDS management events. For management and data events for event data stores, you can use it to include or exclude any event source and can use any operator. For network activity events, this is a required field that only uses the ``Equals`` operator. Set this field to the event source for which you want to log network activity events. If you want to log network activity events for multiple event sources, you must create a separate field selector for each event source. For a list of services supporting network activity events, see `Logging network activity events <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html>`_ in the *AWS CloudTrail User Guide* . - *``eventName``* - This is an optional field that is only used for data events, management events (for event data stores only), and network activity events. You can use any operator with ``eventName`` . You can use it to filter in or filter out specific events. You can have multiple values for this field, separated by commas. - *``eventCategory``* - This field is required and must be set to ``Equals`` . - For CloudTrail management events, the value must be ``Management`` . - For CloudTrail data events, the value must be ``Data`` . - For CloudTrail network activity events, the value must be ``NetworkActivity`` . The following are used only for event data stores: - For CloudTrail Insights events, the value must be ``Insight`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For events outside of AWS , the value must be ``ActivityAuditLog`` . - *``eventType``* - This is an optional field available only for event data stores, which is used to filter management and data events on the event type. For information about available event types, see `CloudTrail record contents <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html#ct-event-type>`_ in the *AWS CloudTrail user guide* . - *``errorCode``* - This field is only used to filter CloudTrail network activity events and is optional. This is the error code to filter on. Currently, the only valid ``errorCode`` is ``VpceAccessDenied`` . ``errorCode`` can only use the ``Equals`` operator. - *``sessionCredentialFromConsole``* - This is an optional field available only for event data stores, which is used to filter management and data events based on whether the events originated from an AWS Management Console session. ``sessionCredentialFromConsole`` can only use the ``Equals`` and ``NotEquals`` operators. - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator. For a list of available resource types for data events, see `Data events <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events>`_ in the *AWS CloudTrail User Guide* . You can have only one ``resources.type`` field per selector. To log events on more than one resource type, add another selector. - *``resources.ARN``* - The ``resources.ARN`` is an optional field for data events. You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. For more information about the ARN formats of data event resources, see `Actions, resources, and condition keys for AWS services <https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html>`_ in the *Service Authorization Reference* . .. epigraph:: You can't use the ``resources.ARN`` field to filter resource types that do not have ARNs. - *``userIdentity.arn``* - This is an optional field available only for event data stores, which is used to filter management and data events on the userIdentity ARN. You can use any operator with ``userIdentity.arn`` . For more information on the userIdentity element, see `CloudTrail userIdentity element <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html>`_ in the *AWS CloudTrail User Guide* . - *``vpcEndpointId``* - This field is only used to filter CloudTrail network activity events and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with ``vpcEndpointId`` .
+            :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported. For CloudTrail management events, supported fields include ``eventCategory`` (required), ``eventSource`` , and ``readOnly`` . The following additional fields are available for event data stores: ``eventName`` , ``eventType`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` . For CloudTrail data events, supported fields include ``eventCategory`` (required), ``eventName`` , ``eventSource`` , ``eventType`` , ``resources.type`` (required), ``readOnly`` , ``resources.ARN`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` . For CloudTrail network activity events, supported fields include ``eventCategory`` (required), ``eventSource`` (required), ``eventName`` , ``errorCode`` , and ``vpcEndpointId`` . For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is ``eventCategory`` . .. epigraph:: Selectors don't support the use of wildcards like ``*`` . To match multiple values with a single condition, you may use ``StartsWith`` , ``EndsWith`` , ``NotStartsWith`` , or ``NotEndsWith`` to explicitly match the beginning or end of the event field. - *``readOnly``* - This is an optional field that is only used for management events and data events. This field can be set to ``Equals`` with a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - This field is only used for management events, data events, and network activity events. For management events for trails, this is an optional field that can be set to ``NotEquals`` ``kms.amazonaws.com`` to exclude KMS management events, or ``NotEquals`` ``rdsdata.amazonaws.com`` to exclude RDS management events. For data events for trails, this is an optional field that you can use to include or exclude any event source and can use any operator. For management and data events for event data stores, this is an optional field that you can use to include or exclude any event source and can use any operator. For network activity events, this is a required field that only uses the ``Equals`` operator. Set this field to the event source for which you want to log network activity events. If you want to log network activity events for multiple event sources, you must create a separate field selector for each event source. For a list of services supporting network activity events, see `Logging network activity events <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html>`_ in the *AWS CloudTrail User Guide* . - *``eventName``* - This is an optional field that is only used for data events, management events (for event data stores only), and network activity events. You can use any operator with ``eventName`` . You can use it to filter in or filter out specific events. You can have multiple values for this field, separated by commas. - *``eventCategory``* - This field is required and must be set to ``Equals`` . - For CloudTrail management events, the value must be ``Management`` . - For CloudTrail data events, the value must be ``Data`` . - For CloudTrail network activity events, the value must be ``NetworkActivity`` . The following are used only for event data stores: - For CloudTrail Insights events, the value must be ``Insight`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For events outside of AWS , the value must be ``ActivityAuditLog`` . - *``eventType``* - For event data stores, this is an optional field available for event data stores to filter management and data events on the event type. For trails, this is an optional field to filter data events on the event type. For information about available event types, see `CloudTrail record contents <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html#ct-event-type>`_ in the *AWS CloudTrail user guide* . - *``errorCode``* - This field is only used to filter CloudTrail network activity events and is optional. This is the error code to filter on. Currently, the only valid ``errorCode`` is ``VpceAccessDenied`` . ``errorCode`` can only use the ``Equals`` operator. - *``sessionCredentialFromConsole``* - For event data stores, this is an optional field used to filter management and data events based on whether the events originated from an AWS Management Console session. For trails, this is an optional field used to filter data events. ``sessionCredentialFromConsole`` can only use the ``Equals`` and ``NotEquals`` operators. - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator. For a list of available resource types for data events, see `Data events <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events>`_ in the *AWS CloudTrail User Guide* . You can have only one ``resources.type`` field per selector. To log events on more than one resource type, add another selector. - *``resources.ARN``* - The ``resources.ARN`` is an optional field for data events. You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. For more information about the ARN formats of data event resources, see `Actions, resources, and condition keys for AWS services <https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html>`_ in the *Service Authorization Reference* . .. epigraph:: You can't use the ``resources.ARN`` field to filter resource types that do not have ARNs. - *``userIdentity.arn``* - For event data stores, this is an optional field used to filter management and data events for actions taken by specific IAM identities. For trails, this is an optional field used to filter data events. You can use any operator with ``userIdentity.arn`` . For more information on the userIdentity element, see `CloudTrail userIdentity element <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html>`_ in the *AWS CloudTrail User Guide* . - *``vpcEndpointId``* - This field is only used to filter CloudTrail network activity events and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with ``vpcEndpointId`` .
             :param ends_with: An operator that includes events that match the last few characters of the event record field specified as the value of ``Field`` .
             :param equal_to: An operator that includes events that match the exact value of the event record field specified as the value of ``Field`` . This is the only valid operator that you can use with the ``readOnly`` , ``eventCategory`` , and ``resources.type`` fields.
             :param not_ends_with: An operator that excludes events that match the last few characters of the event record field specified as the value of ``Field`` .
@@ -3441,7 +3437,7 @@ class CfnTrail(
 
             For CloudTrail management events, supported fields include ``eventCategory`` (required), ``eventSource`` , and ``readOnly`` . The following additional fields are available for event data stores: ``eventName`` , ``eventType`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` .
 
-            For CloudTrail data events, supported fields include ``eventCategory`` (required), ``resources.type`` (required), ``eventName`` , ``readOnly`` , and ``resources.ARN`` . The following additional fields are available for event data stores: ``eventSource`` , ``eventType`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` .
+            For CloudTrail data events, supported fields include ``eventCategory`` (required), ``eventName`` , ``eventSource`` , ``eventType`` , ``resources.type`` (required), ``readOnly`` , ``resources.ARN`` , ``sessionCredentialFromConsole`` , and ``userIdentity.arn`` .
 
             For CloudTrail network activity events, supported fields include ``eventCategory`` (required), ``eventSource`` (required), ``eventName`` , ``errorCode`` , and ``vpcEndpointId`` .
 
@@ -3451,11 +3447,13 @@ class CfnTrail(
                Selectors don't support the use of wildcards like ``*`` . To match multiple values with a single condition, you may use ``StartsWith`` , ``EndsWith`` , ``NotStartsWith`` , or ``NotEndsWith`` to explicitly match the beginning or end of the event field.
 
             - *``readOnly``* - This is an optional field that is only used for management events and data events. This field can be set to ``Equals`` with a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events.
-            - *``eventSource``* - This field is only used for management events, data events (for event data stores only), and network activity events.
+            - *``eventSource``* - This field is only used for management events, data events, and network activity events.
 
             For management events for trails, this is an optional field that can be set to ``NotEquals`` ``kms.amazonaws.com`` to exclude KMS management events, or ``NotEquals`` ``rdsdata.amazonaws.com`` to exclude RDS management events.
 
-            For management and data events for event data stores, you can use it to include or exclude any event source and can use any operator.
+            For data events for trails, this is an optional field that you can use to include or exclude any event source and can use any operator.
+
+            For management and data events for event data stores, this is an optional field that you can use to include or exclude any event source and can use any operator.
 
             For network activity events, this is a required field that only uses the ``Equals`` operator. Set this field to the event source for which you want to log network activity events. If you want to log network activity events for multiple event sources, you must create a separate field selector for each event source. For a list of services supporting network activity events, see `Logging network activity events <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html>`_ in the *AWS CloudTrail User Guide* .
 
@@ -3471,9 +3469,9 @@ class CfnTrail(
             - For AWS Config configuration items, the value must be ``ConfigurationItem`` .
             - For Audit Manager evidence, the value must be ``Evidence`` .
             - For events outside of AWS , the value must be ``ActivityAuditLog`` .
-            - *``eventType``* - This is an optional field available only for event data stores, which is used to filter management and data events on the event type. For information about available event types, see `CloudTrail record contents <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html#ct-event-type>`_ in the *AWS CloudTrail user guide* .
+            - *``eventType``* - For event data stores, this is an optional field available for event data stores to filter management and data events on the event type. For trails, this is an optional field to filter data events on the event type. For information about available event types, see `CloudTrail record contents <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html#ct-event-type>`_ in the *AWS CloudTrail user guide* .
             - *``errorCode``* - This field is only used to filter CloudTrail network activity events and is optional. This is the error code to filter on. Currently, the only valid ``errorCode`` is ``VpceAccessDenied`` . ``errorCode`` can only use the ``Equals`` operator.
-            - *``sessionCredentialFromConsole``* - This is an optional field available only for event data stores, which is used to filter management and data events based on whether the events originated from an AWS Management Console session. ``sessionCredentialFromConsole`` can only use the ``Equals`` and ``NotEquals`` operators.
+            - *``sessionCredentialFromConsole``* - For event data stores, this is an optional field used to filter management and data events based on whether the events originated from an AWS Management Console session. For trails, this is an optional field used to filter data events. ``sessionCredentialFromConsole`` can only use the ``Equals`` and ``NotEquals`` operators.
             - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator.
 
             For a list of available resource types for data events, see `Data events <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events>`_ in the *AWS CloudTrail User Guide* .
@@ -3487,7 +3485,7 @@ class CfnTrail(
 
                You can't use the ``resources.ARN`` field to filter resource types that do not have ARNs.
 
-            - *``userIdentity.arn``* - This is an optional field available only for event data stores, which is used to filter management and data events on the userIdentity ARN. You can use any operator with ``userIdentity.arn`` . For more information on the userIdentity element, see `CloudTrail userIdentity element <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html>`_ in the *AWS CloudTrail User Guide* .
+            - *``userIdentity.arn``* - For event data stores, this is an optional field used to filter management and data events for actions taken by specific IAM identities. For trails, this is an optional field used to filter data events. You can use any operator with ``userIdentity.arn`` . For more information on the userIdentity element, see `CloudTrail userIdentity element <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html>`_ in the *AWS CloudTrail User Guide* .
             - *``vpcEndpointId``* - This field is only used to filter CloudTrail network activity events and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with ``vpcEndpointId`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudtrail-trail-advancedfieldselector.html#cfn-cloudtrail-trail-advancedfieldselector-field

aws_cdk/aws_codebuild/__init__.py

@@ -3564,7 +3564,11 @@ class CfnProject(
                     exclude_matched_pattern=False
                 )]],
                 scope_configuration=codebuild.CfnProject.ScopeConfigurationProperty(
-                    name="name"
+                    name="name",
+        
+                    # the properties below are optional
+                    domain="domain",
+                    scope="scope"
                 ),
                 webhook=False
             ),
@@ -5732,7 +5736,11 @@ class CfnProject(
                         exclude_matched_pattern=False
                     )]],
                     scope_configuration=codebuild.CfnProject.ScopeConfigurationProperty(
-                        name="name"
+                        name="name",
+                
+                        # the properties below are optional
+                        domain="domain",
+                        scope="scope"
                     ),
                     webhook=False
                 )
@@ -6000,13 +6008,21 @@ class CfnProject(
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_codebuild.CfnProject.ScopeConfigurationProperty",
         jsii_struct_bases=[],
-        name_mapping={"name": "name"},
+        name_mapping={"name": "name", "domain": "domain", "scope": "scope"},
     )
     class ScopeConfigurationProperty:
-        def __init__(self, *, name: builtins.str) -> None:
+        def __init__(
+            self,
+            *,
+            name: builtins.str,
+            domain: typing.Optional[builtins.str] = None,
+            scope: typing.Optional[builtins.str] = None,
+        ) -> None:
             '''Contains configuration information about the scope for a webhook.
 
             :param name: The name of either the enterprise or organization that will send webhook events to CodeBuild , depending on if the webhook is a global or organization webhook respectively.
+            :param domain: 
+            :param scope: 
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-scopeconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -6018,15 +6034,25 @@ class CfnProject(
                 from aws_cdk import aws_codebuild as codebuild
                 
                 scope_configuration_property = codebuild.CfnProject.ScopeConfigurationProperty(
-                    name="name"
+                    name="name",
+                
+                    # the properties below are optional
+                    domain="domain",
+                    scope="scope"
                 )
             '''
             if __debug__:
                 type_hints = typing.get_type_hints(_typecheckingstub__32a108f04a81dd1f44ef69553884cac321bd7631e9997ac93f2e0891bca04d74)
                 check_type(argname="argument name", value=name, expected_type=type_hints["name"])
+                check_type(argname="argument domain", value=domain, expected_type=type_hints["domain"])
+                check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
             self._values: typing.Dict[builtins.str, typing.Any] = {
                 "name": name,
             }
+            if domain is not None:
+                self._values["domain"] = domain
+            if scope is not None:
+                self._values["scope"] = scope
 
         @builtins.property
         def name(self) -> builtins.str:
@@ -6038,6 +6064,22 @@ class CfnProject(
             assert result is not None, "Required property 'name' is missing"
             return typing.cast(builtins.str, result)
 
+        @builtins.property
+        def domain(self) -> typing.Optional[builtins.str]:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-scopeconfiguration.html#cfn-codebuild-project-scopeconfiguration-domain
+            '''
+            result = self._values.get("domain")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def scope(self) -> typing.Optional[builtins.str]:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-scopeconfiguration.html#cfn-codebuild-project-scopeconfiguration-scope
+            '''
+            result = self._values.get("scope")
+            return typing.cast(typing.Optional[builtins.str], result)
+
         def __eq__(self, rhs: typing.Any) -> builtins.bool:
             return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -6926,7 +6968,11 @@ class CfnProjectProps:
                         exclude_matched_pattern=False
                     )]],
                     scope_configuration=codebuild.CfnProject.ScopeConfigurationProperty(
-                        name="name"
+                        name="name",
+            
+                        # the properties below are optional
+                        domain="domain",
+                        scope="scope"
                     ),
                     webhook=False
                 ),
@@ -16198,7 +16244,11 @@ class SourceConfig:
                         exclude_matched_pattern=False
                     )]],
                     scope_configuration=codebuild.CfnProject.ScopeConfigurationProperty(
-                        name="name"
+                        name="name",
+            
+                        # the properties below are optional
+                        domain="domain",
+                        scope="scope"
                     ),
                     webhook=False
                 ),
@@ -19166,6 +19216,8 @@ def _typecheckingstub__339e3977bff464cdbd76e63b42bfebb18a64e99f952fa16884abebf8e
 def _typecheckingstub__32a108f04a81dd1f44ef69553884cac321bd7631e9997ac93f2e0891bca04d74(
     *,
     name: builtins.str,
+    domain: typing.Optional[builtins.str] = None,
+    scope: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
     pass

aws_cdk/aws_dms/__init__.py

@@ -12661,6 +12661,7 @@ class CfnReplicationInstance(
             allow_major_version_upgrade=False,
             auto_minor_version_upgrade=False,
             availability_zone="availabilityZone",
+            dns_name_servers="dnsNameServers",
             engine_version="engineVersion",
             kms_key_id="kmsKeyId",
             multi_az=False,
@@ -12688,6 +12689,7 @@ class CfnReplicationInstance(
         allow_major_version_upgrade: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         auto_minor_version_upgrade: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         availability_zone: typing.Optional[builtins.str] = None,
+        dns_name_servers: typing.Optional[builtins.str] = None,
         engine_version: typing.Optional[builtins.str] = None,
         kms_key_id: typing.Optional[builtins.str] = None,
         multi_az: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
@@ -12708,6 +12710,7 @@ class CfnReplicationInstance(
         :param allow_major_version_upgrade: Indicates that major version upgrades are allowed. Changing this parameter does not result in an outage, and the change is asynchronously applied as soon as possible. This parameter must be set to ``true`` when specifying a value for the ``EngineVersion`` parameter that is a different major version than the replication instance's current version.
         :param auto_minor_version_upgrade: A value that indicates whether minor engine upgrades are applied automatically to the replication instance during the maintenance window. This parameter defaults to ``true`` . Default: ``true``
         :param availability_zone: The Availability Zone that the replication instance will be created in. The default value is a random, system-chosen Availability Zone in the endpoint's AWS Region , for example ``us-east-1d`` .
+        :param dns_name_servers: A list of custom DNS name servers supported for the replication instance to access your on-premise source or target database. This list overrides the default name servers supported by the replication instance. You can specify a comma-separated list of internet addresses for up to four on-premise DNS name servers. For example: ``"1.1.1.1,2.2.2.2,3.3.3.3,4.4.4.4"``
         :param engine_version: The engine version number of the replication instance. If an engine version number is not specified when a replication instance is created, the default is the latest engine version available.
         :param kms_key_id: An AWS KMS key identifier that is used to encrypt the data on the replication instance. If you don't specify a value for the ``KmsKeyId`` parameter, AWS DMS uses your default encryption key. AWS KMS creates the default encryption key for your AWS account . Your AWS account has a different default encryption key for each AWS Region .
         :param multi_az: Specifies whether the replication instance is a Multi-AZ deployment. You can't set the ``AvailabilityZone`` parameter if the Multi-AZ parameter is set to ``true`` .
@@ -12730,6 +12733,7 @@ class CfnReplicationInstance(
             allow_major_version_upgrade=allow_major_version_upgrade,
             auto_minor_version_upgrade=auto_minor_version_upgrade,
             availability_zone=availability_zone,
+            dns_name_servers=dns_name_servers,
             engine_version=engine_version,
             kms_key_id=kms_key_id,
             multi_az=multi_az,
@@ -12887,6 +12891,19 @@ class CfnReplicationInstance(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "availabilityZone", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="dnsNameServers")
+    def dns_name_servers(self) -> typing.Optional[builtins.str]:
+        '''A list of custom DNS name servers supported for the replication instance to access your on-premise source or target database.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "dnsNameServers"))
+
+    @dns_name_servers.setter
+    def dns_name_servers(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__833271e74c850f837f6e8dff595605bf2efd4a1ab4234131f44a14e4048371ab)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "dnsNameServers", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="engineVersion")
     def engine_version(self) -> typing.Optional[builtins.str]:
@@ -13065,6 +13082,7 @@ class CfnReplicationInstance(
         "allow_major_version_upgrade": "allowMajorVersionUpgrade",
         "auto_minor_version_upgrade": "autoMinorVersionUpgrade",
         "availability_zone": "availabilityZone",
+        "dns_name_servers": "dnsNameServers",
         "engine_version": "engineVersion",
         "kms_key_id": "kmsKeyId",
         "multi_az": "multiAz",
@@ -13087,6 +13105,7 @@ class CfnReplicationInstanceProps:
         allow_major_version_upgrade: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         auto_minor_version_upgrade: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         availability_zone: typing.Optional[builtins.str] = None,
+        dns_name_servers: typing.Optional[builtins.str] = None,
         engine_version: typing.Optional[builtins.str] = None,
         kms_key_id: typing.Optional[builtins.str] = None,
         multi_az: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
@@ -13106,6 +13125,7 @@ class CfnReplicationInstanceProps:
         :param allow_major_version_upgrade: Indicates that major version upgrades are allowed. Changing this parameter does not result in an outage, and the change is asynchronously applied as soon as possible. This parameter must be set to ``true`` when specifying a value for the ``EngineVersion`` parameter that is a different major version than the replication instance's current version.
         :param auto_minor_version_upgrade: A value that indicates whether minor engine upgrades are applied automatically to the replication instance during the maintenance window. This parameter defaults to ``true`` . Default: ``true``
         :param availability_zone: The Availability Zone that the replication instance will be created in. The default value is a random, system-chosen Availability Zone in the endpoint's AWS Region , for example ``us-east-1d`` .
+        :param dns_name_servers: A list of custom DNS name servers supported for the replication instance to access your on-premise source or target database. This list overrides the default name servers supported by the replication instance. You can specify a comma-separated list of internet addresses for up to four on-premise DNS name servers. For example: ``"1.1.1.1,2.2.2.2,3.3.3.3,4.4.4.4"``
         :param engine_version: The engine version number of the replication instance. If an engine version number is not specified when a replication instance is created, the default is the latest engine version available.
         :param kms_key_id: An AWS KMS key identifier that is used to encrypt the data on the replication instance. If you don't specify a value for the ``KmsKeyId`` parameter, AWS DMS uses your default encryption key. AWS KMS creates the default encryption key for your AWS account . Your AWS account has a different default encryption key for each AWS Region .
         :param multi_az: Specifies whether the replication instance is a Multi-AZ deployment. You can't set the ``AvailabilityZone`` parameter if the Multi-AZ parameter is set to ``true`` .
@@ -13135,6 +13155,7 @@ class CfnReplicationInstanceProps:
                 allow_major_version_upgrade=False,
                 auto_minor_version_upgrade=False,
                 availability_zone="availabilityZone",
+                dns_name_servers="dnsNameServers",
                 engine_version="engineVersion",
                 kms_key_id="kmsKeyId",
                 multi_az=False,
@@ -13158,6 +13179,7 @@ class CfnReplicationInstanceProps:
             check_type(argname="argument allow_major_version_upgrade", value=allow_major_version_upgrade, expected_type=type_hints["allow_major_version_upgrade"])
             check_type(argname="argument auto_minor_version_upgrade", value=auto_minor_version_upgrade, expected_type=type_hints["auto_minor_version_upgrade"])
             check_type(argname="argument availability_zone", value=availability_zone, expected_type=type_hints["availability_zone"])
+            check_type(argname="argument dns_name_servers", value=dns_name_servers, expected_type=type_hints["dns_name_servers"])
             check_type(argname="argument engine_version", value=engine_version, expected_type=type_hints["engine_version"])
             check_type(argname="argument kms_key_id", value=kms_key_id, expected_type=type_hints["kms_key_id"])
             check_type(argname="argument multi_az", value=multi_az, expected_type=type_hints["multi_az"])
@@ -13180,6 +13202,8 @@ class CfnReplicationInstanceProps:
             self._values["auto_minor_version_upgrade"] = auto_minor_version_upgrade
         if availability_zone is not None:
             self._values["availability_zone"] = availability_zone
+        if dns_name_servers is not None:
+            self._values["dns_name_servers"] = dns_name_servers
         if engine_version is not None:
             self._values["engine_version"] = engine_version
         if kms_key_id is not None:
@@ -13265,6 +13289,17 @@ class CfnReplicationInstanceProps:
         result = self._values.get("availability_zone")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def dns_name_servers(self) -> typing.Optional[builtins.str]:
+        '''A list of custom DNS name servers supported for the replication instance to access your on-premise source or target database.
+
+        This list overrides the default name servers supported by the replication instance. You can specify a comma-separated list of internet addresses for up to four on-premise DNS name servers. For example: ``"1.1.1.1,2.2.2.2,3.3.3.3,4.4.4.4"``
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-replicationinstance.html#cfn-dms-replicationinstance-dnsnameservers
+        '''
+        result = self._values.get("dns_name_servers")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def engine_version(self) -> typing.Optional[builtins.str]:
         '''The engine version number of the replication instance.
@@ -15774,6 +15809,7 @@ def _typecheckingstub__77ad0bed39c8ffa41b7998189a1d03defd3bc9e64d11468a83ada78f3
     allow_major_version_upgrade: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     auto_minor_version_upgrade: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     availability_zone: typing.Optional[builtins.str] = None,
+    dns_name_servers: typing.Optional[builtins.str] = None,
     engine_version: typing.Optional[builtins.str] = None,
     kms_key_id: typing.Optional[builtins.str] = None,
     multi_az: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
@@ -15831,6 +15867,12 @@ def _typecheckingstub__ee6e53d98bd50e381b61c765da3209f4c1b0aa394cf600eb2ccbafb35
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__833271e74c850f837f6e8dff595605bf2efd4a1ab4234131f44a14e4048371ab(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__d057c8319f7bf4d361b904777f661a4864eb7ad3c9a58d1f9f491601759c9956(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -15904,6 +15946,7 @@ def _typecheckingstub__c195b8dd61348ff1d9f7bd70b0a5b897ad23028c6c9ea122bf051cb2a
     allow_major_version_upgrade: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     auto_minor_version_upgrade: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     availability_zone: typing.Optional[builtins.str] = None,
+    dns_name_servers: typing.Optional[builtins.str] = None,
     engine_version: typing.Optional[builtins.str] = None,
     kms_key_id: typing.Optional[builtins.str] = None,
     multi_az: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,