aws-cdk-lib 2.189.1__py3-none-any.whl → 2.190.0__py3-none-any.whl

aws_cdk/aws_ecs/__init__.py

@@ -543,7 +543,7 @@ To grant a principal permission to run your `TaskDefinition`, you can use the `T
 # role: iam.IGrantable
 
 task_def = ecs.TaskDefinition(self, "TaskDef",
-    cpu="256",
+    cpu="512",
     memory_mi_b="512",
     compatibility=ecs.Compatibility.EC2_AND_FARGATE
 )
@@ -30260,6 +30260,7 @@ class FirelensOptions:
         "labels": "labels",
         "tag": "tag",
         "address": "address",
+        "async_": "async",
         "async_connect": "asyncConnect",
         "buffer_limit": "bufferLimit",
         "max_retries": "maxRetries",
@@ -30276,6 +30277,7 @@ class FluentdLogDriverProps(BaseLogDriverProps):
         labels: typing.Optional[typing.Sequence[builtins.str]] = None,
         tag: typing.Optional[builtins.str] = None,
         address: typing.Optional[builtins.str] = None,
+        async_: typing.Optional[builtins.bool] = None,
         async_connect: typing.Optional[builtins.bool] = None,
         buffer_limit: typing.Optional[jsii.Number] = None,
         max_retries: typing.Optional[jsii.Number] = None,
@@ -30291,7 +30293,8 @@ class FluentdLogDriverProps(BaseLogDriverProps):
         :param labels: The labels option takes an array of keys. If there is collision between label and env keys, the value of the env takes precedence. Adds additional fields to the extra attributes of a logging message. Default: - No labels
         :param tag: By default, Docker uses the first 12 characters of the container ID to tag log messages. Refer to the log tag option documentation for customizing the log tag format. Default: - The first 12 characters of the container ID
         :param address: By default, the logging driver connects to localhost:24224. Supply the address option to connect to a different address. tcp(default) and unix sockets are supported. Default: - address not set.
-        :param async_connect: Docker connects to Fluentd in the background. Messages are buffered until the connection is established. Default: - false
+        :param async_: Docker connects to Fluentd in the background. Messages are buffered until the connection is established. Default: - false
+        :param async_connect: (deprecated) Docker connects to Fluentd in the background. Messages are buffered until the connection is established. Default: - false
         :param buffer_limit: The amount of data to buffer before flushing to disk. Default: - The amount of RAM available to the container.
         :param max_retries: The maximum number of retries. Default: - 4294967295 (2**32 - 1).
         :param retry_wait: How long to wait between retries. Default: - 1 second
@@ -30308,6 +30311,7 @@ class FluentdLogDriverProps(BaseLogDriverProps):
             
             fluentd_log_driver_props = ecs.FluentdLogDriverProps(
                 address="address",
+                async=False,
                 async_connect=False,
                 buffer_limit=123,
                 env=["env"],
@@ -30326,6 +30330,7 @@ class FluentdLogDriverProps(BaseLogDriverProps):
             check_type(argname="argument labels", value=labels, expected_type=type_hints["labels"])
             check_type(argname="argument tag", value=tag, expected_type=type_hints["tag"])
             check_type(argname="argument address", value=address, expected_type=type_hints["address"])
+            check_type(argname="argument async_", value=async_, expected_type=type_hints["async_"])
             check_type(argname="argument async_connect", value=async_connect, expected_type=type_hints["async_connect"])
             check_type(argname="argument buffer_limit", value=buffer_limit, expected_type=type_hints["buffer_limit"])
             check_type(argname="argument max_retries", value=max_retries, expected_type=type_hints["max_retries"])
@@ -30342,6 +30347,8 @@ class FluentdLogDriverProps(BaseLogDriverProps):
             self._values["tag"] = tag
         if address is not None:
             self._values["address"] = address
+        if async_ is not None:
+            self._values["async_"] = async_
         if async_connect is not None:
             self._values["async_connect"] = async_connect
         if buffer_limit is not None:
@@ -30418,7 +30425,7 @@ class FluentdLogDriverProps(BaseLogDriverProps):
         return typing.cast(typing.Optional[builtins.str], result)
 
     @builtins.property
-    def async_connect(self) -> typing.Optional[builtins.bool]:
+    def async_(self) -> typing.Optional[builtins.bool]:
         '''Docker connects to Fluentd in the background.
 
         Messages are buffered until
@@ -30426,6 +30433,22 @@ class FluentdLogDriverProps(BaseLogDriverProps):
 
         :default: - false
         '''
+        result = self._values.get("async_")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    @builtins.property
+    def async_connect(self) -> typing.Optional[builtins.bool]:
+        '''(deprecated) Docker connects to Fluentd in the background.
+
+        Messages are buffered until
+        the connection is established.
+
+        :default: - false
+
+        :deprecated: use ``async`` instead
+
+        :stability: deprecated
+        '''
         result = self._values.get("async_connect")
         return typing.cast(typing.Optional[builtins.bool], result)
 
@@ -32591,6 +32614,7 @@ class LogDrivers(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_ecs.LogDriv
         cls,
         *,
         address: typing.Optional[builtins.str] = None,
+        async_: typing.Optional[builtins.bool] = None,
         async_connect: typing.Optional[builtins.bool] = None,
         buffer_limit: typing.Optional[jsii.Number] = None,
         max_retries: typing.Optional[jsii.Number] = None,
@@ -32604,7 +32628,8 @@ class LogDrivers(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_ecs.LogDriv
         '''Creates a log driver configuration that sends log information to fluentd Logs.
 
         :param address: By default, the logging driver connects to localhost:24224. Supply the address option to connect to a different address. tcp(default) and unix sockets are supported. Default: - address not set.
-        :param async_connect: Docker connects to Fluentd in the background. Messages are buffered until the connection is established. Default: - false
+        :param async_: Docker connects to Fluentd in the background. Messages are buffered until the connection is established. Default: - false
+        :param async_connect: (deprecated) Docker connects to Fluentd in the background. Messages are buffered until the connection is established. Default: - false
         :param buffer_limit: The amount of data to buffer before flushing to disk. Default: - The amount of RAM available to the container.
         :param max_retries: The maximum number of retries. Default: - 4294967295 (2**32 - 1).
         :param retry_wait: How long to wait between retries. Default: - 1 second
@@ -32616,6 +32641,7 @@ class LogDrivers(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_ecs.LogDriv
         '''
         props = FluentdLogDriverProps(
             address=address,
+            async_=async_,
             async_connect=async_connect,
             buffer_limit=buffer_limit,
             max_retries=max_retries,
@@ -40488,6 +40514,7 @@ class FluentdLogDriver(
         
         fluentd_log_driver = ecs.FluentdLogDriver(
             address="address",
+            async=False,
             async_connect=False,
             buffer_limit=123,
             env=["env"],
@@ -40504,6 +40531,7 @@ class FluentdLogDriver(
         self,
         *,
         address: typing.Optional[builtins.str] = None,
+        async_: typing.Optional[builtins.bool] = None,
         async_connect: typing.Optional[builtins.bool] = None,
         buffer_limit: typing.Optional[jsii.Number] = None,
         max_retries: typing.Optional[jsii.Number] = None,
@@ -40517,7 +40545,8 @@ class FluentdLogDriver(
         '''Constructs a new instance of the FluentdLogDriver class.
 
         :param address: By default, the logging driver connects to localhost:24224. Supply the address option to connect to a different address. tcp(default) and unix sockets are supported. Default: - address not set.
-        :param async_connect: Docker connects to Fluentd in the background. Messages are buffered until the connection is established. Default: - false
+        :param async_: Docker connects to Fluentd in the background. Messages are buffered until the connection is established. Default: - false
+        :param async_connect: (deprecated) Docker connects to Fluentd in the background. Messages are buffered until the connection is established. Default: - false
         :param buffer_limit: The amount of data to buffer before flushing to disk. Default: - The amount of RAM available to the container.
         :param max_retries: The maximum number of retries. Default: - 4294967295 (2**32 - 1).
         :param retry_wait: How long to wait between retries. Default: - 1 second
@@ -40529,6 +40558,7 @@ class FluentdLogDriver(
         '''
         props = FluentdLogDriverProps(
             address=address,
+            async_=async_,
             async_connect=async_connect,
             buffer_limit=buffer_limit,
             max_retries=max_retries,
@@ -45864,6 +45894,7 @@ def _typecheckingstub__8e972440032bde8e8099eb1b3a14e366177bcc168b1c9493f91d85b75
     labels: typing.Optional[typing.Sequence[builtins.str]] = None,
     tag: typing.Optional[builtins.str] = None,
     address: typing.Optional[builtins.str] = None,
+    async_: typing.Optional[builtins.bool] = None,
     async_connect: typing.Optional[builtins.bool] = None,
     buffer_limit: typing.Optional[jsii.Number] = None,
     max_retries: typing.Optional[jsii.Number] = None,

aws_cdk/aws_eks/__init__.py

@@ -11033,12 +11033,10 @@ class CfnPodIdentityAssociation(
             service_account="serviceAccount",
         
             # the properties below are optional
-            disable_session_tags=False,
             tags=[CfnTag(
                 key="key",
                 value="value"
-            )],
-            target_role_arn="targetRoleArn"
+            )]
         )
     '''
 
@@ -11051,9 +11049,7 @@ class CfnPodIdentityAssociation(
         namespace: builtins.str,
         role_arn: builtins.str,
         service_account: builtins.str,
-        disable_session_tags: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
-        target_role_arn: typing.Optional[builtins.str] = None,
     ) -> None:
         '''
         :param scope: Scope in which this resource is defined.
@@ -11062,9 +11058,7 @@ class CfnPodIdentityAssociation(
         :param namespace: The name of the Kubernetes namespace inside the cluster to create the association in. The service account and the pods that use the service account must be in this namespace.
         :param role_arn: The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.
         :param service_account: The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.
-        :param disable_session_tags: The Disable Session Tags of the pod identity association.
         :param tags: Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or AWS resources. The following basic restrictions apply to tags: - Maximum number of tags per resource – 50 - For each resource, each tag key must be unique, and each tag key can have only one value. - Maximum key length – 128 Unicode characters in UTF-8 - Maximum value length – 256 Unicode characters in UTF-8 - If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : /
-        :param target_role_arn: The Target Role Arn of the pod identity association.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__be8311b6089cea26f85c63a586f0c5b063230a1b4a96ffcd4c6c983a331d8652)
@@ -11075,9 +11069,7 @@ class CfnPodIdentityAssociation(
             namespace=namespace,
             role_arn=role_arn,
             service_account=service_account,
-            disable_session_tags=disable_session_tags,
             tags=tags,
-            target_role_arn=target_role_arn,
         )
 
         jsii.create(self.__class__, self, [scope, id, props])
@@ -11130,15 +11122,6 @@ class CfnPodIdentityAssociation(
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrAssociationId"))
 
-    @builtins.property
-    @jsii.member(jsii_name="attrExternalId")
-    def attr_external_id(self) -> builtins.str:
-        '''The External Id of the pod identity association.
-
-        :cloudformationAttribute: ExternalId
-        '''
-        return typing.cast(builtins.str, jsii.get(self, "attrExternalId"))
-
     @builtins.property
     @jsii.member(jsii_name="cdkTagManager")
     def cdk_tag_manager(self) -> _TagManager_0a598cb3:
@@ -11202,24 +11185,6 @@ class CfnPodIdentityAssociation(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "serviceAccount", value) # pyright: ignore[reportArgumentType]
 
-    @builtins.property
-    @jsii.member(jsii_name="disableSessionTags")
-    def disable_session_tags(
-        self,
-    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''The Disable Session Tags of the pod identity association.'''
-        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "disableSessionTags"))
-
-    @disable_session_tags.setter
-    def disable_session_tags(
-        self,
-        value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
-    ) -> None:
-        if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__cb3dbe4cc3b44e9265bbfe13e41235db909b0c1dc0e052b3bdda07fd4b228e8b)
-            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "disableSessionTags", value) # pyright: ignore[reportArgumentType]
-
     @builtins.property
     @jsii.member(jsii_name="tags")
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
@@ -11233,19 +11198,6 @@ class CfnPodIdentityAssociation(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "tags", value) # pyright: ignore[reportArgumentType]
 
-    @builtins.property
-    @jsii.member(jsii_name="targetRoleArn")
-    def target_role_arn(self) -> typing.Optional[builtins.str]:
-        '''The Target Role Arn of the pod identity association.'''
-        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "targetRoleArn"))
-
-    @target_role_arn.setter
-    def target_role_arn(self, value: typing.Optional[builtins.str]) -> None:
-        if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__cb6220c6db8cf93a8a307b1ba0630d6bc64b4a09325e7cfe5854228aa75ff833)
-            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "targetRoleArn", value) # pyright: ignore[reportArgumentType]
-
 
 @jsii.data_type(
     jsii_type="aws-cdk-lib.aws_eks.CfnPodIdentityAssociationProps",
@@ -11255,9 +11207,7 @@ class CfnPodIdentityAssociation(
         "namespace": "namespace",
         "role_arn": "roleArn",
         "service_account": "serviceAccount",
-        "disable_session_tags": "disableSessionTags",
         "tags": "tags",
-        "target_role_arn": "targetRoleArn",
     },
 )
 class CfnPodIdentityAssociationProps:
@@ -11268,9 +11218,7 @@ class CfnPodIdentityAssociationProps:
         namespace: builtins.str,
         role_arn: builtins.str,
         service_account: builtins.str,
-        disable_session_tags: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
-        target_role_arn: typing.Optional[builtins.str] = None,
     ) -> None:
         '''Properties for defining a ``CfnPodIdentityAssociation``.
 
@@ -11278,9 +11226,7 @@ class CfnPodIdentityAssociationProps:
         :param namespace: The name of the Kubernetes namespace inside the cluster to create the association in. The service account and the pods that use the service account must be in this namespace.
         :param role_arn: The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account.
         :param service_account: The name of the Kubernetes service account inside the cluster to associate the IAM credentials with.
-        :param disable_session_tags: The Disable Session Tags of the pod identity association.
         :param tags: Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or AWS resources. The following basic restrictions apply to tags: - Maximum number of tags per resource – 50 - For each resource, each tag key must be unique, and each tag key can have only one value. - Maximum key length – 128 Unicode characters in UTF-8 - Maximum value length – 256 Unicode characters in UTF-8 - If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : /
-        :param target_role_arn: The Target Role Arn of the pod identity association.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-podidentityassociation.html
         :exampleMetadata: fixture=_generated
@@ -11298,12 +11244,10 @@ class CfnPodIdentityAssociationProps:
                 service_account="serviceAccount",
             
                 # the properties below are optional
-                disable_session_tags=False,
                 tags=[CfnTag(
                     key="key",
                     value="value"
-                )],
-                target_role_arn="targetRoleArn"
+                )]
             )
         '''
         if __debug__:
@@ -11312,21 +11256,15 @@ class CfnPodIdentityAssociationProps:
             check_type(argname="argument namespace", value=namespace, expected_type=type_hints["namespace"])
             check_type(argname="argument role_arn", value=role_arn, expected_type=type_hints["role_arn"])
             check_type(argname="argument service_account", value=service_account, expected_type=type_hints["service_account"])
-            check_type(argname="argument disable_session_tags", value=disable_session_tags, expected_type=type_hints["disable_session_tags"])
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
-            check_type(argname="argument target_role_arn", value=target_role_arn, expected_type=type_hints["target_role_arn"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "cluster_name": cluster_name,
             "namespace": namespace,
             "role_arn": role_arn,
             "service_account": service_account,
         }
-        if disable_session_tags is not None:
-            self._values["disable_session_tags"] = disable_session_tags
         if tags is not None:
             self._values["tags"] = tags
-        if target_role_arn is not None:
-            self._values["target_role_arn"] = target_role_arn
 
     @builtins.property
     def cluster_name(self) -> builtins.str:
@@ -11372,17 +11310,6 @@ class CfnPodIdentityAssociationProps:
         assert result is not None, "Required property 'service_account' is missing"
         return typing.cast(builtins.str, result)
 
-    @builtins.property
-    def disable_session_tags(
-        self,
-    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''The Disable Session Tags of the pod identity association.
-
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-podidentityassociation.html#cfn-eks-podidentityassociation-disablesessiontags
-        '''
-        result = self._values.get("disable_session_tags")
-        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
-
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
         '''Metadata that assists with categorization and organization.
@@ -11408,15 +11335,6 @@ class CfnPodIdentityAssociationProps:
         result = self._values.get("tags")
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], result)
 
-    @builtins.property
-    def target_role_arn(self) -> typing.Optional[builtins.str]:
-        '''The Target Role Arn of the pod identity association.
-
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-podidentityassociation.html#cfn-eks-podidentityassociation-targetrolearn
-        '''
-        result = self._values.get("target_role_arn")
-        return typing.cast(typing.Optional[builtins.str], result)
-
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -22792,9 +22710,7 @@ def _typecheckingstub__be8311b6089cea26f85c63a586f0c5b063230a1b4a96ffcd4c6c983a3
     namespace: builtins.str,
     role_arn: builtins.str,
     service_account: builtins.str,
-    disable_session_tags: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
-    target_role_arn: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -22835,33 +22751,19 @@ def _typecheckingstub__ea3bb34348aff57e29a5352e7460510bda8dd51720dbf7d275297137f
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__cb3dbe4cc3b44e9265bbfe13e41235db909b0c1dc0e052b3bdda07fd4b228e8b(
-    value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
-) -> None:
-    """Type checking stubs"""
-    pass
-
 def _typecheckingstub__b0e0a0551adefc10761733af04b8c51e7dad6b483be9252882ecff10539c7dcc(
     value: typing.Optional[typing.List[_CfnTag_f6864754]],
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__cb6220c6db8cf93a8a307b1ba0630d6bc64b4a09325e7cfe5854228aa75ff833(
-    value: typing.Optional[builtins.str],
-) -> None:
-    """Type checking stubs"""
-    pass
-
 def _typecheckingstub__40e8da56b529234cdbb596fa46af952a935adf744e907347861dfc232b89038b(
     *,
     cluster_name: builtins.str,
     namespace: builtins.str,
     role_arn: builtins.str,
     service_account: builtins.str,
-    disable_session_tags: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
-    target_role_arn: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
     pass

aws_cdk/aws_elasticache/__init__.py

@@ -2843,7 +2843,7 @@ class CfnReplicationGroup(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param replication_group_description: A user-created description for the replication group.
-        :param at_rest_encryption_enabled: A flag that enables encryption at rest when set to ``true`` . You cannot modify the value of ``AtRestEncryptionEnabled`` after the replication group is created. To enable encryption at rest on a replication group you must set ``AtRestEncryptionEnabled`` to ``true`` when you create the replication group. *Required:* Only available when creating a replication group in an Amazon VPC using Redis OSS version ``3.2.6`` or ``4.x`` onward. Default: ``false``
+        :param at_rest_encryption_enabled: A flag that enables encryption at rest when set to ``true`` . *Required:* Only available when creating a replication group in an Amazon VPC using Redis OSS version ``3.2.6`` or ``4.x`` onward. Default: ``false``
         :param auth_token: *Reserved parameter.* The password used to access a password protected server. ``AuthToken`` can be specified only on replication groups where ``TransitEncryptionEnabled`` is ``true`` . For more information, see `Authenticating Valkey or Redis OSS users with the AUTH Command <https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/auth.html>`_ . .. epigraph:: For HIPAA compliance, you must specify ``TransitEncryptionEnabled`` as ``true`` , an ``AuthToken`` , and a ``CacheSubnetGroup`` . Password constraints: - Must be only printable ASCII characters. - Must be at least 16 characters and no more than 128 characters in length. - Nonalphanumeric characters are restricted to (!, &, #, $, ^, <, >, -, ). For more information, see `AUTH password <https://docs.aws.amazon.com/http://redis.io/commands/AUTH>`_ at http://redis.io/commands/AUTH. .. epigraph:: If ADDING the AuthToken, update requires `Replacement <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement>`_ .
         :param automatic_failover_enabled: Specifies whether a read-only replica is automatically promoted to read/write primary if the existing primary fails. ``AutomaticFailoverEnabled`` must be enabled for Valkey or Redis OSS (cluster mode enabled) replication groups. Default: false
         :param auto_minor_version_upgrade: If you are running Valkey 7.2 or later, or Redis OSS 6.0 or later, set this parameter to yes if you want to opt-in to the next minor version upgrade campaign. This parameter is disabled for previous versions.
@@ -2878,7 +2878,7 @@ class CfnReplicationGroup(
         :param snapshotting_cluster_id: The cluster ID that is used as the daily snapshot source for the replication group. This parameter cannot be set for Valkey or Redis OSS (cluster mode enabled) replication groups.
         :param snapshot_window: The daily time range (in UTC) during which ElastiCache begins taking a daily snapshot of your node group (shard). Example: ``05:00-09:00`` If you do not specify this parameter, ElastiCache automatically chooses an appropriate time range.
         :param tags: A list of tags to be added to this resource. Tags are comma-separated key,value pairs (e.g. Key= ``myKey`` , Value= ``myKeyValue`` . You can include multiple tags as shown following: Key= ``myKey`` , Value= ``myKeyValue`` Key= ``mySecondKey`` , Value= ``mySecondKeyValue`` . Tags on replication groups will be replicated to all nodes.
-        :param transit_encryption_enabled: A flag that enables in-transit encryption when set to ``true`` . You cannot modify the value of ``TransitEncryptionEnabled`` after the cluster is created. To enable in-transit encryption on a cluster you must set ``TransitEncryptionEnabled`` to ``true`` when you create a cluster. This parameter is valid only if the ``Engine`` parameter is ``redis`` , the ``EngineVersion`` parameter is ``3.2.6`` or ``4.x`` onward, and the cluster is being created in an Amazon VPC. If you enable in-transit encryption, you must also specify a value for ``CacheSubnetGroup`` . .. epigraph:: - TransitEncryptionEnabled is only available when creating a replication group in an Amazon VPC using Valkey version ``7.2`` and above, Redis OSS version ``3.2.6`` , or Redis OSS version ``4.x`` and above. - TransitEncryptionEnabled is required when creating a new valkey replication group. Default: ``false`` .. epigraph:: For HIPAA compliance, you must specify ``TransitEncryptionEnabled`` as ``true`` , an ``AuthToken`` , and a ``CacheSubnetGroup`` .
+        :param transit_encryption_enabled: A flag that enables in-transit encryption when set to ``true`` . This parameter is only available when creating a replication group in an Amazon VPC using Valkey version ``7.2`` and above, Redis OSS version ``3.2.6`` , or Redis OSS version ``4.x`` and above, and the cluster is being created in an Amazon VPC. If you enable in-transit encryption, you must also specify a value for ``CacheSubnetGroup`` . .. epigraph:: TransitEncryptionEnabled is required when creating a new valkey replication group. Default: ``false`` .. epigraph:: For HIPAA compliance, you must specify ``TransitEncryptionEnabled`` as ``true`` , an ``AuthToken`` , and a ``CacheSubnetGroup`` .
         :param transit_encryption_mode: A setting that allows you to migrate your clients to use in-transit encryption, with no downtime. When setting ``TransitEncryptionEnabled`` to ``true`` , you can set your ``TransitEncryptionMode`` to ``preferred`` in the same request, to allow both encrypted and unencrypted connections at the same time. Once you migrate all your Valkey or Redis OSS clients to use encrypted connections you can modify the value to ``required`` to allow encrypted connections only. Setting ``TransitEncryptionMode`` to ``required`` is a two-step process that requires you to first set the ``TransitEncryptionMode`` to ``preferred`` , after that you can set ``TransitEncryptionMode`` to ``required`` . This process will not trigger the replacement of the replication group.
         :param user_group_ids: The ID of user group to associate with the replication group.
         '''
@@ -4171,7 +4171,7 @@ class CfnReplicationGroupProps:
         '''Properties for defining a ``CfnReplicationGroup``.
 
         :param replication_group_description: A user-created description for the replication group.
-        :param at_rest_encryption_enabled: A flag that enables encryption at rest when set to ``true`` . You cannot modify the value of ``AtRestEncryptionEnabled`` after the replication group is created. To enable encryption at rest on a replication group you must set ``AtRestEncryptionEnabled`` to ``true`` when you create the replication group. *Required:* Only available when creating a replication group in an Amazon VPC using Redis OSS version ``3.2.6`` or ``4.x`` onward. Default: ``false``
+        :param at_rest_encryption_enabled: A flag that enables encryption at rest when set to ``true`` . *Required:* Only available when creating a replication group in an Amazon VPC using Redis OSS version ``3.2.6`` or ``4.x`` onward. Default: ``false``
         :param auth_token: *Reserved parameter.* The password used to access a password protected server. ``AuthToken`` can be specified only on replication groups where ``TransitEncryptionEnabled`` is ``true`` . For more information, see `Authenticating Valkey or Redis OSS users with the AUTH Command <https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/auth.html>`_ . .. epigraph:: For HIPAA compliance, you must specify ``TransitEncryptionEnabled`` as ``true`` , an ``AuthToken`` , and a ``CacheSubnetGroup`` . Password constraints: - Must be only printable ASCII characters. - Must be at least 16 characters and no more than 128 characters in length. - Nonalphanumeric characters are restricted to (!, &, #, $, ^, <, >, -, ). For more information, see `AUTH password <https://docs.aws.amazon.com/http://redis.io/commands/AUTH>`_ at http://redis.io/commands/AUTH. .. epigraph:: If ADDING the AuthToken, update requires `Replacement <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement>`_ .
         :param automatic_failover_enabled: Specifies whether a read-only replica is automatically promoted to read/write primary if the existing primary fails. ``AutomaticFailoverEnabled`` must be enabled for Valkey or Redis OSS (cluster mode enabled) replication groups. Default: false
         :param auto_minor_version_upgrade: If you are running Valkey 7.2 or later, or Redis OSS 6.0 or later, set this parameter to yes if you want to opt-in to the next minor version upgrade campaign. This parameter is disabled for previous versions.
@@ -4206,7 +4206,7 @@ class CfnReplicationGroupProps:
         :param snapshotting_cluster_id: The cluster ID that is used as the daily snapshot source for the replication group. This parameter cannot be set for Valkey or Redis OSS (cluster mode enabled) replication groups.
         :param snapshot_window: The daily time range (in UTC) during which ElastiCache begins taking a daily snapshot of your node group (shard). Example: ``05:00-09:00`` If you do not specify this parameter, ElastiCache automatically chooses an appropriate time range.
         :param tags: A list of tags to be added to this resource. Tags are comma-separated key,value pairs (e.g. Key= ``myKey`` , Value= ``myKeyValue`` . You can include multiple tags as shown following: Key= ``myKey`` , Value= ``myKeyValue`` Key= ``mySecondKey`` , Value= ``mySecondKeyValue`` . Tags on replication groups will be replicated to all nodes.
-        :param transit_encryption_enabled: A flag that enables in-transit encryption when set to ``true`` . You cannot modify the value of ``TransitEncryptionEnabled`` after the cluster is created. To enable in-transit encryption on a cluster you must set ``TransitEncryptionEnabled`` to ``true`` when you create a cluster. This parameter is valid only if the ``Engine`` parameter is ``redis`` , the ``EngineVersion`` parameter is ``3.2.6`` or ``4.x`` onward, and the cluster is being created in an Amazon VPC. If you enable in-transit encryption, you must also specify a value for ``CacheSubnetGroup`` . .. epigraph:: - TransitEncryptionEnabled is only available when creating a replication group in an Amazon VPC using Valkey version ``7.2`` and above, Redis OSS version ``3.2.6`` , or Redis OSS version ``4.x`` and above. - TransitEncryptionEnabled is required when creating a new valkey replication group. Default: ``false`` .. epigraph:: For HIPAA compliance, you must specify ``TransitEncryptionEnabled`` as ``true`` , an ``AuthToken`` , and a ``CacheSubnetGroup`` .
+        :param transit_encryption_enabled: A flag that enables in-transit encryption when set to ``true`` . This parameter is only available when creating a replication group in an Amazon VPC using Valkey version ``7.2`` and above, Redis OSS version ``3.2.6`` , or Redis OSS version ``4.x`` and above, and the cluster is being created in an Amazon VPC. If you enable in-transit encryption, you must also specify a value for ``CacheSubnetGroup`` . .. epigraph:: TransitEncryptionEnabled is required when creating a new valkey replication group. Default: ``false`` .. epigraph:: For HIPAA compliance, you must specify ``TransitEncryptionEnabled`` as ``true`` , an ``AuthToken`` , and a ``CacheSubnetGroup`` .
         :param transit_encryption_mode: A setting that allows you to migrate your clients to use in-transit encryption, with no downtime. When setting ``TransitEncryptionEnabled`` to ``true`` , you can set your ``TransitEncryptionMode`` to ``preferred`` in the same request, to allow both encrypted and unencrypted connections at the same time. Once you migrate all your Valkey or Redis OSS clients to use encrypted connections you can modify the value to ``required`` to allow encrypted connections only. Setting ``TransitEncryptionMode`` to ``required`` is a two-step process that requires you to first set the ``TransitEncryptionMode`` to ``preferred`` , after that you can set ``TransitEncryptionMode`` to ``required`` . This process will not trigger the replacement of the replication group.
         :param user_group_ids: The ID of user group to associate with the replication group.
 
@@ -4421,8 +4421,6 @@ class CfnReplicationGroupProps:
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
         '''A flag that enables encryption at rest when set to ``true`` .
 
-        You cannot modify the value of ``AtRestEncryptionEnabled`` after the replication group is created. To enable encryption at rest on a replication group you must set ``AtRestEncryptionEnabled`` to ``true`` when you create the replication group.
-
         *Required:* Only available when creating a replication group in an Amazon VPC using Redis OSS version ``3.2.6`` or ``4.x`` onward.
 
         Default: ``false``
@@ -4935,15 +4933,12 @@ class CfnReplicationGroupProps:
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
         '''A flag that enables in-transit encryption when set to ``true`` .
 
-        You cannot modify the value of ``TransitEncryptionEnabled`` after the cluster is created. To enable in-transit encryption on a cluster you must set ``TransitEncryptionEnabled`` to ``true`` when you create a cluster.
-
-        This parameter is valid only if the ``Engine`` parameter is ``redis`` , the ``EngineVersion`` parameter is ``3.2.6`` or ``4.x`` onward, and the cluster is being created in an Amazon VPC.
+        This parameter is only available when creating a replication group in an Amazon VPC using Valkey version ``7.2`` and above, Redis OSS version ``3.2.6`` , or Redis OSS version ``4.x`` and above, and the cluster is being created in an Amazon VPC.
 
         If you enable in-transit encryption, you must also specify a value for ``CacheSubnetGroup`` .
         .. epigraph::
 
-           - TransitEncryptionEnabled is only available when creating a replication group in an Amazon VPC using Valkey version ``7.2`` and above, Redis OSS version ``3.2.6`` , or Redis OSS version ``4.x`` and above.
-           - TransitEncryptionEnabled is required when creating a new valkey replication group.
+           TransitEncryptionEnabled is required when creating a new valkey replication group.
 
         Default: ``false``
         .. epigraph::