aws-cdk-lib 2.189.1__py3-none-any.whl → 2.190.0__py3-none-any.whl

aws_cdk/_jsii/__init__.py

@@ -34,7 +34,7 @@ import aws_cdk.cloud_assembly_schema._jsii
 import constructs._jsii
 
 __jsii_assembly__ = jsii.JSIIAssembly.load(
-    "aws-cdk-lib", "2.189.1", __name__[0:-6], "aws-cdk-lib@2.189.1.jsii.tgz"
+    "aws-cdk-lib", "2.190.0", __name__[0:-6], "aws-cdk-lib@2.190.0.jsii.tgz"
 )
 
 __all__ = [

aws_cdk/aws_acmpca/__init__.py

@@ -2311,7 +2311,7 @@ class CfnCertificateAuthority(
         :param subject: Structure that contains X.500 distinguished name information for your private CA.
         :param type: Type of your private CA.
         :param csr_extensions: Specifies information to be added to the extension section of the certificate signing request (CSR).
-        :param key_storage_security_standard: Specifies a cryptographic key management compliance standard used for handling CA keys. Default: FIPS_140_2_LEVEL_3_OR_HIGHER .. epigraph:: Some AWS Regions do not support the default. When creating a CA in these Regions, you must provide ``FIPS_140_2_LEVEL_2_OR_HIGHER`` as the argument for ``KeyStorageSecurityStandard`` . Failure to do this results in an ``InvalidArgsException`` with the message, "A certificate authority cannot be created in this region with the specified security standard." For information about security standard support in various Regions, see `Storage and security compliance of AWS Private CA private keys <https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys>`_ .
+        :param key_storage_security_standard: Specifies a cryptographic key management compliance standard for handling and protecting CA keys. Default: FIPS_140_2_LEVEL_3_OR_HIGHER .. epigraph:: Some AWS Regions don't support the default value. When you create a CA in these Regions, you must use ``CCPC_LEVEL_1_OR_HIGHER`` for the ``KeyStorageSecurityStandard`` parameter. If you don't, the operation returns an ``InvalidArgsException`` with this message: "A certificate authority cannot be created in this region with the specified security standard." For information about security standard support in different AWS Regions, see `Storage and security compliance of AWS Private CA private keys <https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys>`_ .
         :param revocation_configuration: Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.
         :param tags: Key-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see `Controlling Access Using IAM Tags <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html>`_ .
         :param usage_mode: Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. The default value is GENERAL_PURPOSE.
@@ -2471,7 +2471,7 @@ class CfnCertificateAuthority(
     @builtins.property
     @jsii.member(jsii_name="keyStorageSecurityStandard")
     def key_storage_security_standard(self) -> typing.Optional[builtins.str]:
-        '''Specifies a cryptographic key management compliance standard used for handling CA keys.'''
+        '''Specifies a cryptographic key management compliance standard for handling and protecting CA keys.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "keyStorageSecurityStandard"))
 
     @key_storage_security_standard.setter
@@ -4575,7 +4575,7 @@ class CfnCertificateAuthorityProps:
         :param subject: Structure that contains X.500 distinguished name information for your private CA.
         :param type: Type of your private CA.
         :param csr_extensions: Specifies information to be added to the extension section of the certificate signing request (CSR).
-        :param key_storage_security_standard: Specifies a cryptographic key management compliance standard used for handling CA keys. Default: FIPS_140_2_LEVEL_3_OR_HIGHER .. epigraph:: Some AWS Regions do not support the default. When creating a CA in these Regions, you must provide ``FIPS_140_2_LEVEL_2_OR_HIGHER`` as the argument for ``KeyStorageSecurityStandard`` . Failure to do this results in an ``InvalidArgsException`` with the message, "A certificate authority cannot be created in this region with the specified security standard." For information about security standard support in various Regions, see `Storage and security compliance of AWS Private CA private keys <https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys>`_ .
+        :param key_storage_security_standard: Specifies a cryptographic key management compliance standard for handling and protecting CA keys. Default: FIPS_140_2_LEVEL_3_OR_HIGHER .. epigraph:: Some AWS Regions don't support the default value. When you create a CA in these Regions, you must use ``CCPC_LEVEL_1_OR_HIGHER`` for the ``KeyStorageSecurityStandard`` parameter. If you don't, the operation returns an ``InvalidArgsException`` with this message: "A certificate authority cannot be created in this region with the specified security standard." For information about security standard support in different AWS Regions, see `Storage and security compliance of AWS Private CA private keys <https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys>`_ .
         :param revocation_configuration: Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.
         :param tags: Key-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see `Controlling Access Using IAM Tags <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html>`_ .
         :param usage_mode: Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. The default value is GENERAL_PURPOSE.
@@ -4694,14 +4694,14 @@ class CfnCertificateAuthorityProps:
 
     @builtins.property
     def key_storage_security_standard(self) -> typing.Optional[builtins.str]:
-        '''Specifies a cryptographic key management compliance standard used for handling CA keys.
+        '''Specifies a cryptographic key management compliance standard for handling and protecting CA keys.
 
         Default: FIPS_140_2_LEVEL_3_OR_HIGHER
         .. epigraph::
 
-           Some AWS Regions do not support the default. When creating a CA in these Regions, you must provide ``FIPS_140_2_LEVEL_2_OR_HIGHER`` as the argument for ``KeyStorageSecurityStandard`` . Failure to do this results in an ``InvalidArgsException`` with the message, "A certificate authority cannot be created in this region with the specified security standard."
+           Some AWS Regions don't support the default value. When you create a CA in these Regions, you must use ``CCPC_LEVEL_1_OR_HIGHER`` for the ``KeyStorageSecurityStandard`` parameter. If you don't, the operation returns an ``InvalidArgsException`` with this message: "A certificate authority cannot be created in this region with the specified security standard."
 
-           For information about security standard support in various Regions, see `Storage and security compliance of AWS Private CA private keys <https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys>`_ .
+           For information about security standard support in different AWS Regions, see `Storage and security compliance of AWS Private CA private keys <https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificateauthority.html#cfn-acmpca-certificateauthority-keystoragesecuritystandard
         '''