aws-cdk-lib 2.189.1__py3-none-any.whl → 2.191.0__py3-none-any.whl

aws_cdk/aws_events/__init__.py

@@ -1022,6 +1022,15 @@ class CfnApiDestination(
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrArn"))
 
+    @builtins.property
+    @jsii.member(jsii_name="attrArnForPolicy")
+    def attr_arn_for_policy(self) -> builtins.str:
+        '''The arn of the api destination to be used in IAM policies.
+
+        :cloudformationAttribute: ArnForPolicy
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrArnForPolicy"))
+
     @builtins.property
     @jsii.member(jsii_name="cfnProperties")
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
@@ -1263,13 +1272,9 @@ class CfnArchive(
     When you create an archive, incoming events might not immediately start being sent to the archive. Allow a short period of time for changes to take effect. If you do not specify a pattern to filter events sent to the archive, all events are sent to the archive except replayed events. Replayed events are not sent to an archive.
     .. epigraph::
 
-       Archives and schema discovery are not supported for event buses encrypted using a customer managed key. EventBridge returns an error if:
-
-       - You call ``[CreateArchive](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_CreateArchive.html)`` on an event bus set to use a customer managed key for encryption.
-       - You call ``[CreateDiscoverer](https://docs.aws.amazon.com/eventbridge/latest/schema-reference/v1-discoverers.html#CreateDiscoverer)`` on an event bus set to use a customer managed key for encryption.
-       - You call ``[UpdatedEventBus](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_UpdatedEventBus.html)`` to set a customer managed key on an event bus with an archives or schema discovery enabled.
+       If you have specified that EventBridge use a customer managed key for encrypting the source event bus, we strongly recommend you also specify a customer managed key for any archives for the event bus as well.
 
-       To enable archives or schema discovery on an event bus, choose to use an AWS owned key . For more information, see `Data encryption in EventBridge <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption.html>`_ in the *Amazon EventBridge User Guide* .
+       For more information, see `Encrypting archives <https://docs.aws.amazon.com/eventbridge/latest/userguide/encryption-archives.html>`_ in the *Amazon EventBridge User Guide* .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-archive.html
     :cloudformationResource: AWS::Events::Archive
@@ -1290,6 +1295,7 @@ class CfnArchive(
             archive_name="archiveName",
             description="description",
             event_pattern=event_pattern,
+            kms_key_identifier="kmsKeyIdentifier",
             retention_days=123
         )
     '''
@@ -1303,6 +1309,7 @@ class CfnArchive(
         archive_name: typing.Optional[builtins.str] = None,
         description: typing.Optional[builtins.str] = None,
         event_pattern: typing.Any = None,
+        kms_key_identifier: typing.Optional[builtins.str] = None,
         retention_days: typing.Optional[jsii.Number] = None,
     ) -> None:
         '''
@@ -1312,6 +1319,7 @@ class CfnArchive(
         :param archive_name: The name for the archive to create.
         :param description: A description for the archive.
         :param event_pattern: An event pattern to use to filter events sent to the archive.
+        :param kms_key_identifier: 
         :param retention_days: The number of days to retain events for. Default value is 0. If set to 0, events are retained indefinitely
         '''
         if __debug__:
@@ -1323,6 +1331,7 @@ class CfnArchive(
             archive_name=archive_name,
             description=description,
             event_pattern=event_pattern,
+            kms_key_identifier=kms_key_identifier,
             retention_days=retention_days,
         )
 
@@ -1424,6 +1433,18 @@ class CfnArchive(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "eventPattern", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="kmsKeyIdentifier")
+    def kms_key_identifier(self) -> typing.Optional[builtins.str]:
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "kmsKeyIdentifier"))
+
+    @kms_key_identifier.setter
+    def kms_key_identifier(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__afc87131b030ea9e94a54d65380d8caa92af44402dd0a1c9ec3e6c55aa14bbad)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "kmsKeyIdentifier", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="retentionDays")
     def retention_days(self) -> typing.Optional[jsii.Number]:
@@ -1446,6 +1467,7 @@ class CfnArchive(
         "archive_name": "archiveName",
         "description": "description",
         "event_pattern": "eventPattern",
+        "kms_key_identifier": "kmsKeyIdentifier",
         "retention_days": "retentionDays",
     },
 )
@@ -1457,6 +1479,7 @@ class CfnArchiveProps:
         archive_name: typing.Optional[builtins.str] = None,
         description: typing.Optional[builtins.str] = None,
         event_pattern: typing.Any = None,
+        kms_key_identifier: typing.Optional[builtins.str] = None,
         retention_days: typing.Optional[jsii.Number] = None,
     ) -> None:
         '''Properties for defining a ``CfnArchive``.
@@ -1465,6 +1488,7 @@ class CfnArchiveProps:
         :param archive_name: The name for the archive to create.
         :param description: A description for the archive.
         :param event_pattern: An event pattern to use to filter events sent to the archive.
+        :param kms_key_identifier: 
         :param retention_days: The number of days to retain events for. Default value is 0. If set to 0, events are retained indefinitely
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-archive.html
@@ -1485,6 +1509,7 @@ class CfnArchiveProps:
                 archive_name="archiveName",
                 description="description",
                 event_pattern=event_pattern,
+                kms_key_identifier="kmsKeyIdentifier",
                 retention_days=123
             )
         '''
@@ -1494,6 +1519,7 @@ class CfnArchiveProps:
             check_type(argname="argument archive_name", value=archive_name, expected_type=type_hints["archive_name"])
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
             check_type(argname="argument event_pattern", value=event_pattern, expected_type=type_hints["event_pattern"])
+            check_type(argname="argument kms_key_identifier", value=kms_key_identifier, expected_type=type_hints["kms_key_identifier"])
             check_type(argname="argument retention_days", value=retention_days, expected_type=type_hints["retention_days"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "source_arn": source_arn,
@@ -1504,6 +1530,8 @@ class CfnArchiveProps:
             self._values["description"] = description
         if event_pattern is not None:
             self._values["event_pattern"] = event_pattern
+        if kms_key_identifier is not None:
+            self._values["kms_key_identifier"] = kms_key_identifier
         if retention_days is not None:
             self._values["retention_days"] = retention_days
 
@@ -1544,6 +1572,14 @@ class CfnArchiveProps:
         result = self._values.get("event_pattern")
         return typing.cast(typing.Any, result)
 
+    @builtins.property
+    def kms_key_identifier(self) -> typing.Optional[builtins.str]:
+        '''
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-archive.html#cfn-events-archive-kmskeyidentifier
+        '''
+        result = self._values.get("kms_key_identifier")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def retention_days(self) -> typing.Optional[jsii.Number]:
         '''The number of days to retain events for.
@@ -1674,6 +1710,7 @@ class CfnConnection(
                     resource_association_arn="resourceAssociationArn"
                 )
             ),
+            kms_key_identifier="kmsKeyIdentifier",
             name="name"
         )
     '''
@@ -1687,6 +1724,7 @@ class CfnConnection(
         auth_parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnConnection.AuthParametersProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         description: typing.Optional[builtins.str] = None,
         invocation_connectivity_parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnConnection.InvocationConnectivityParametersProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
+        kms_key_identifier: typing.Optional[builtins.str] = None,
         name: typing.Optional[builtins.str] = None,
     ) -> None:
         '''
@@ -1696,6 +1734,7 @@ class CfnConnection(
         :param auth_parameters: The authorization parameters to use to authorize with the endpoint. You must include only authorization parameters for the ``AuthorizationType`` you specify.
         :param description: A description for the connection to create.
         :param invocation_connectivity_parameters: For connections to private APIs, the parameters to use for invoking the API. For more information, see `Connecting to private APIs <https://docs.aws.amazon.com/eventbridge/latest/userguide/connection-private.html>`_ in the **Amazon EventBridge User Guide** .
+        :param kms_key_identifier: 
         :param name: The name for the connection to create.
         '''
         if __debug__:
@@ -1707,6 +1746,7 @@ class CfnConnection(
             auth_parameters=auth_parameters,
             description=description,
             invocation_connectivity_parameters=invocation_connectivity_parameters,
+            kms_key_identifier=kms_key_identifier,
             name=name,
         )
 
@@ -1751,6 +1791,15 @@ class CfnConnection(
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrArn"))
 
+    @builtins.property
+    @jsii.member(jsii_name="attrArnForPolicy")
+    def attr_arn_for_policy(self) -> builtins.str:
+        '''The arn of the connection resource to be used in IAM policies.
+
+        :cloudformationAttribute: ArnForPolicy
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrArnForPolicy"))
+
     @builtins.property
     @jsii.member(jsii_name="attrAuthParametersConnectivityParametersResourceParametersResourceAssociationArn")
     def attr_auth_parameters_connectivity_parameters_resource_parameters_resource_association_arn(
@@ -1857,6 +1906,18 @@ class CfnConnection(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "invocationConnectivityParameters", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="kmsKeyIdentifier")
+    def kms_key_identifier(self) -> typing.Optional[builtins.str]:
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "kmsKeyIdentifier"))
+
+    @kms_key_identifier.setter
+    def kms_key_identifier(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__579f1ad92b1c0b7657d928d388da032a83ada8c6564dd3ab6da98459fced8ae1)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "kmsKeyIdentifier", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="name")
     def name(self) -> typing.Optional[builtins.str]:
@@ -2845,6 +2906,7 @@ class CfnConnection(
         "auth_parameters": "authParameters",
         "description": "description",
         "invocation_connectivity_parameters": "invocationConnectivityParameters",
+        "kms_key_identifier": "kmsKeyIdentifier",
         "name": "name",
     },
 )
@@ -2856,6 +2918,7 @@ class CfnConnectionProps:
         auth_parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnConnection.AuthParametersProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         description: typing.Optional[builtins.str] = None,
         invocation_connectivity_parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnConnection.InvocationConnectivityParametersProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+        kms_key_identifier: typing.Optional[builtins.str] = None,
         name: typing.Optional[builtins.str] = None,
     ) -> None:
         '''Properties for defining a ``CfnConnection``.
@@ -2864,6 +2927,7 @@ class CfnConnectionProps:
         :param auth_parameters: The authorization parameters to use to authorize with the endpoint. You must include only authorization parameters for the ``AuthorizationType`` you specify.
         :param description: A description for the connection to create.
         :param invocation_connectivity_parameters: For connections to private APIs, the parameters to use for invoking the API. For more information, see `Connecting to private APIs <https://docs.aws.amazon.com/eventbridge/latest/userguide/connection-private.html>`_ in the **Amazon EventBridge User Guide** .
+        :param kms_key_identifier: 
         :param name: The name for the connection to create.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-connection.html
@@ -2960,6 +3024,7 @@ class CfnConnectionProps:
                         resource_association_arn="resourceAssociationArn"
                     )
                 ),
+                kms_key_identifier="kmsKeyIdentifier",
                 name="name"
             )
         '''
@@ -2969,6 +3034,7 @@ class CfnConnectionProps:
             check_type(argname="argument auth_parameters", value=auth_parameters, expected_type=type_hints["auth_parameters"])
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
             check_type(argname="argument invocation_connectivity_parameters", value=invocation_connectivity_parameters, expected_type=type_hints["invocation_connectivity_parameters"])
+            check_type(argname="argument kms_key_identifier", value=kms_key_identifier, expected_type=type_hints["kms_key_identifier"])
             check_type(argname="argument name", value=name, expected_type=type_hints["name"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
         if authorization_type is not None:
@@ -2979,6 +3045,8 @@ class CfnConnectionProps:
             self._values["description"] = description
         if invocation_connectivity_parameters is not None:
             self._values["invocation_connectivity_parameters"] = invocation_connectivity_parameters
+        if kms_key_identifier is not None:
+            self._values["kms_key_identifier"] = kms_key_identifier
         if name is not None:
             self._values["name"] = name
 
@@ -3030,6 +3098,14 @@ class CfnConnectionProps:
         result = self._values.get("invocation_connectivity_parameters")
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, CfnConnection.InvocationConnectivityParametersProperty]], result)
 
+    @builtins.property
+    def kms_key_identifier(self) -> typing.Optional[builtins.str]:
+        '''
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-connection.html#cfn-events-connection-kmskeyidentifier
+        '''
+        result = self._values.get("kms_key_identifier")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def name(self) -> typing.Optional[builtins.str]:
         '''The name for the connection to create.
@@ -3890,7 +3966,7 @@ class CfnEventBus(
         :param dead_letter_config: Configuration details of the Amazon SQS queue for EventBridge to use as a dead-letter queue (DLQ). For more information, see `Using dead-letter queues to process undelivered events <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-rule-event-delivery.html#eb-rule-dlq>`_ in the *EventBridge User Guide* .
         :param description: The event bus description.
         :param event_source_name: If you are creating a partner event bus, this specifies the partner event source that the new event bus will be matched with.
-        :param kms_key_identifier: The identifier of the AWS KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt events on this event bus. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN. If you do not specify a customer managed key identifier, EventBridge uses an AWS owned key to encrypt events on the event bus. For more information, see `Managing keys <https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html>`_ in the *AWS Key Management Service Developer Guide* . .. epigraph:: Archives and schema discovery are not supported for event buses encrypted using a customer managed key. EventBridge returns an error if: - You call ``[CreateArchive](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_CreateArchive.html)`` on an event bus set to use a customer managed key for encryption. - You call ``[CreateDiscoverer](https://docs.aws.amazon.com/eventbridge/latest/schema-reference/v1-discoverers.html#CreateDiscoverer)`` on an event bus set to use a customer managed key for encryption. - You call ``[UpdatedEventBus](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_UpdatedEventBus.html)`` to set a customer managed key on an event bus with an archives or schema discovery enabled. To enable archives or schema discovery on an event bus, choose to use an AWS owned key . For more information, see `Data encryption in EventBridge <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption.html>`_ in the *Amazon EventBridge User Guide* .
+        :param kms_key_identifier: The identifier of the AWS KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt events on this event bus. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN. If you do not specify a customer managed key identifier, EventBridge uses an AWS owned key to encrypt events on the event bus. For more information, see `Identify and view keys <https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html>`_ in the *AWS Key Management Service Developer Guide* . .. epigraph:: Schema discovery is not supported for event buses encrypted using a customer managed key. EventBridge returns an error if: - You call ``[CreateDiscoverer](https://docs.aws.amazon.com/eventbridge/latest/schema-reference/v1-discoverers.html#CreateDiscoverer)`` on an event bus set to use a customer managed key for encryption. - You call ``[UpdatedEventBus](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_UpdatedEventBus.html)`` to set a customer managed key on an event bus with schema discovery enabled. To enable schema discovery on an event bus, choose to use an AWS owned key . For more information, see `Encrypting events <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption-event-bus-cmkey.html>`_ in the *Amazon EventBridge User Guide* . > If you have specified that EventBridge use a customer managed key for encrypting the source event bus, we strongly recommend you also specify a customer managed key for any archives for the event bus as well. For more information, see `Encrypting archives <https://docs.aws.amazon.com/eventbridge/latest/userguide/encryption-archives.html>`_ in the *Amazon EventBridge User Guide* .
         :param policy: The permissions policy of the event bus, describing which other AWS accounts can write events to this event bus.
         :param tags: Tags to associate with the event bus.
         '''
@@ -4631,7 +4707,7 @@ class CfnEventBusProps:
         :param dead_letter_config: Configuration details of the Amazon SQS queue for EventBridge to use as a dead-letter queue (DLQ). For more information, see `Using dead-letter queues to process undelivered events <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-rule-event-delivery.html#eb-rule-dlq>`_ in the *EventBridge User Guide* .
         :param description: The event bus description.
         :param event_source_name: If you are creating a partner event bus, this specifies the partner event source that the new event bus will be matched with.
-        :param kms_key_identifier: The identifier of the AWS KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt events on this event bus. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN. If you do not specify a customer managed key identifier, EventBridge uses an AWS owned key to encrypt events on the event bus. For more information, see `Managing keys <https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html>`_ in the *AWS Key Management Service Developer Guide* . .. epigraph:: Archives and schema discovery are not supported for event buses encrypted using a customer managed key. EventBridge returns an error if: - You call ``[CreateArchive](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_CreateArchive.html)`` on an event bus set to use a customer managed key for encryption. - You call ``[CreateDiscoverer](https://docs.aws.amazon.com/eventbridge/latest/schema-reference/v1-discoverers.html#CreateDiscoverer)`` on an event bus set to use a customer managed key for encryption. - You call ``[UpdatedEventBus](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_UpdatedEventBus.html)`` to set a customer managed key on an event bus with an archives or schema discovery enabled. To enable archives or schema discovery on an event bus, choose to use an AWS owned key . For more information, see `Data encryption in EventBridge <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption.html>`_ in the *Amazon EventBridge User Guide* .
+        :param kms_key_identifier: The identifier of the AWS KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt events on this event bus. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN. If you do not specify a customer managed key identifier, EventBridge uses an AWS owned key to encrypt events on the event bus. For more information, see `Identify and view keys <https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html>`_ in the *AWS Key Management Service Developer Guide* . .. epigraph:: Schema discovery is not supported for event buses encrypted using a customer managed key. EventBridge returns an error if: - You call ``[CreateDiscoverer](https://docs.aws.amazon.com/eventbridge/latest/schema-reference/v1-discoverers.html#CreateDiscoverer)`` on an event bus set to use a customer managed key for encryption. - You call ``[UpdatedEventBus](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_UpdatedEventBus.html)`` to set a customer managed key on an event bus with schema discovery enabled. To enable schema discovery on an event bus, choose to use an AWS owned key . For more information, see `Encrypting events <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption-event-bus-cmkey.html>`_ in the *Amazon EventBridge User Guide* . > If you have specified that EventBridge use a customer managed key for encrypting the source event bus, we strongly recommend you also specify a customer managed key for any archives for the event bus as well. For more information, see `Encrypting archives <https://docs.aws.amazon.com/eventbridge/latest/userguide/encryption-archives.html>`_ in the *Amazon EventBridge User Guide* .
         :param policy: The permissions policy of the event bus, describing which other AWS accounts can write events to this event bus.
         :param tags: Tags to associate with the event bus.
 
@@ -4741,16 +4817,17 @@ class CfnEventBusProps:
 
         If you do not specify a customer managed key identifier, EventBridge uses an AWS owned key to encrypt events on the event bus.
 
-        For more information, see `Managing keys <https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html>`_ in the *AWS Key Management Service Developer Guide* .
+        For more information, see `Identify and view keys <https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html>`_ in the *AWS Key Management Service Developer Guide* .
         .. epigraph::
 
-           Archives and schema discovery are not supported for event buses encrypted using a customer managed key. EventBridge returns an error if:
+           Schema discovery is not supported for event buses encrypted using a customer managed key. EventBridge returns an error if:
 
-           - You call ``[CreateArchive](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_CreateArchive.html)`` on an event bus set to use a customer managed key for encryption.
            - You call ``[CreateDiscoverer](https://docs.aws.amazon.com/eventbridge/latest/schema-reference/v1-discoverers.html#CreateDiscoverer)`` on an event bus set to use a customer managed key for encryption.
-           - You call ``[UpdatedEventBus](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_UpdatedEventBus.html)`` to set a customer managed key on an event bus with an archives or schema discovery enabled.
+           - You call ``[UpdatedEventBus](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_UpdatedEventBus.html)`` to set a customer managed key on an event bus with schema discovery enabled.
+
+           To enable schema discovery on an event bus, choose to use an AWS owned key . For more information, see `Encrypting events <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption-event-bus-cmkey.html>`_ in the *Amazon EventBridge User Guide* . > If you have specified that EventBridge use a customer managed key for encrypting the source event bus, we strongly recommend you also specify a customer managed key for any archives for the event bus as well.
 
-           To enable archives or schema discovery on an event bus, choose to use an AWS owned key . For more information, see `Data encryption in EventBridge <https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption.html>`_ in the *Amazon EventBridge User Guide* .
+           For more information, see `Encrypting archives <https://docs.aws.amazon.com/eventbridge/latest/userguide/encryption-archives.html>`_ in the *Amazon EventBridge User Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-eventbus.html#cfn-events-eventbus-kmskeyidentifier
         '''
@@ -12354,6 +12431,7 @@ def _typecheckingstub__a963410c1802040879d7bcae9506f4438510f71eb6934c222d9c998db
     archive_name: typing.Optional[builtins.str] = None,
     description: typing.Optional[builtins.str] = None,
     event_pattern: typing.Any = None,
+    kms_key_identifier: typing.Optional[builtins.str] = None,
     retention_days: typing.Optional[jsii.Number] = None,
 ) -> None:
     """Type checking stubs"""
@@ -12395,6 +12473,12 @@ def _typecheckingstub__229e944ea16e6854933c9a20124a27cfd106abe05b88911fd42e7be41
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__afc87131b030ea9e94a54d65380d8caa92af44402dd0a1c9ec3e6c55aa14bbad(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__229cf18aa238d335d766c6c1400f98e797e1cf2caf404b1270a8fb743453e352(
     value: typing.Optional[jsii.Number],
 ) -> None:
@@ -12407,6 +12491,7 @@ def _typecheckingstub__f8d605e2ff54dddadf4166fbd47f7e65ae554a5e5f40fa2fffd0d8af8
     archive_name: typing.Optional[builtins.str] = None,
     description: typing.Optional[builtins.str] = None,
     event_pattern: typing.Any = None,
+    kms_key_identifier: typing.Optional[builtins.str] = None,
     retention_days: typing.Optional[jsii.Number] = None,
 ) -> None:
     """Type checking stubs"""
@@ -12420,6 +12505,7 @@ def _typecheckingstub__65bde9b35de094b905dd335652d04503af85c50ac027a006a1d7ec926
     auth_parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnConnection.AuthParametersProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     description: typing.Optional[builtins.str] = None,
     invocation_connectivity_parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnConnection.InvocationConnectivityParametersProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+    kms_key_identifier: typing.Optional[builtins.str] = None,
     name: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
@@ -12461,6 +12547,12 @@ def _typecheckingstub__81977d37ca8e880d59a06a5f2212ea535fd65a2615c824916ce07bd93
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__579f1ad92b1c0b7657d928d388da032a83ada8c6564dd3ab6da98459fced8ae1(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__d93a7e7bebc6e390076ef7174623c4da1c018543554603bbb442c270a532a536(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -12558,6 +12650,7 @@ def _typecheckingstub__2b32e6c6e8c1c2772bb604474216b07683c108c349058e240d272750b
     auth_parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnConnection.AuthParametersProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     description: typing.Optional[builtins.str] = None,
     invocation_connectivity_parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnConnection.InvocationConnectivityParametersProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+    kms_key_identifier: typing.Optional[builtins.str] = None,
     name: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""

aws_cdk/aws_fsx/__init__.py

@@ -1170,7 +1170,7 @@ class CfnFileSystem(
         :param open_zfs_configuration: The Amazon FSx for OpenZFS configuration properties for the file system that you are creating.
         :param security_group_ids: A list of IDs specifying the security groups to apply to all network interfaces created for file system access. This list isn't returned in later requests to describe the file system. .. epigraph:: You must specify a security group if you are creating a Multi-AZ FSx for ONTAP file system in a VPC subnet that has been shared with you.
         :param storage_capacity: Sets the storage capacity of the file system that you're creating. ``StorageCapacity`` is required if you are creating a new file system. It is not required if you are creating a file system by restoring a backup. *FSx for Lustre file systems* - The amount of storage capacity that you can configure depends on the value that you set for ``StorageType`` and the Lustre ``DeploymentType`` , as follows: - For ``SCRATCH_2`` , ``PERSISTENT_2`` and ``PERSISTENT_1`` deployment types using SSD storage type, the valid values are 1200 GiB, 2400 GiB, and increments of 2400 GiB. - For ``PERSISTENT_1`` HDD file systems, valid values are increments of 6000 GiB for 12 MB/s/TiB file systems and increments of 1800 GiB for 40 MB/s/TiB file systems. - For ``SCRATCH_1`` deployment type, valid values are 1200 GiB, 2400 GiB, and increments of 3600 GiB. *FSx for ONTAP file systems* - The amount of SSD storage capacity that you can configure depends on the value of the ``HAPairs`` property. The minimum value is calculated as 1,024 GiB * HAPairs and the maximum is calculated as 524,288 GiB * HAPairs, up to a maximum amount of SSD storage capacity of 1,048,576 GiB (1 pebibyte). *FSx for OpenZFS file systems* - The amount of storage capacity that you can configure is from 64 GiB up to 524,288 GiB (512 TiB). If you are creating a file system from a backup, you can specify a storage capacity equal to or greater than the original file system's storage capacity. *FSx for Windows File Server file systems* - The amount of storage capacity that you can configure depends on the value that you set for ``StorageType`` as follows: - For SSD storage, valid values are 32 GiB-65,536 GiB (64 TiB). - For HDD storage, valid values are 2000 GiB-65,536 GiB (64 TiB).
-        :param storage_type: Sets the storage class for the file system that you're creating. Valid values are ``SSD`` , ``HDD`` , and ``INTELLIGENT_TIERING`` . - Set to ``SSD`` to use solid state drive storage. SSD is supported on all Windows, Lustre, ONTAP, and OpenZFS deployment types. - Set to ``HDD`` to use hard disk drive storage. HDD is supported on ``SINGLE_AZ_2`` and ``MULTI_AZ_1`` Windows file system deployment types, and on ``PERSISTENT_1`` Lustre file system deployment types. - Set to ``INTELLIGENT_TIERING`` to use fully elastic, intelligently-tiered storage. Intelligent-Tiering is only available for OpenZFS file systems with the Multi-AZ deployment type. Default value is ``SSD`` . For more information, see `Storage type options <https://docs.aws.amazon.com/fsx/latest/WindowsGuide/optimize-fsx-costs.html#storage-type-options>`_ in the *FSx for Windows File Server User Guide* , `Multiple storage options <https://docs.aws.amazon.com/fsx/latest/LustreGuide/what-is.html#storage-options>`_ in the *FSx for Lustre User Guide* , and `Working with Intelligent-Tiering <https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/performance-intelligent-tiering>`_ in the *Amazon FSx for OpenZFS User Guide* .
+        :param storage_type: Sets the storage class for the file system that you're creating. Valid values are ``SSD`` , ``HDD`` , and ``INTELLIGENT_TIERING`` . - Set to ``SSD`` to use solid state drive storage. SSD is supported on all Windows, Lustre, ONTAP, and OpenZFS deployment types. - Set to ``HDD`` to use hard disk drive storage, which is supported on ``SINGLE_AZ_2`` and ``MULTI_AZ_1`` Windows file system deployment types, and on ``PERSISTENT_1`` Lustre file system deployment types. - Set to ``INTELLIGENT_TIERING`` to use fully elastic, intelligently-tiered storage. Intelligent-Tiering is only available for OpenZFS file systems with the Multi-AZ deployment type. Default value is ``SSD`` . For more information, see `Storage type options <https://docs.aws.amazon.com/fsx/latest/WindowsGuide/optimize-fsx-costs.html#storage-type-options>`_ in the *FSx for Windows File Server User Guide* , `Multiple storage options <https://docs.aws.amazon.com/fsx/latest/LustreGuide/what-is.html#storage-options>`_ in the *FSx for Lustre User Guide* , and `Working with Intelligent-Tiering <https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/performance-intelligent-tiering>`_ in the *Amazon FSx for OpenZFS User Guide* .
         :param tags: The tags to associate with the file system. For more information, see `Tagging your Amazon FSx resources <https://docs.aws.amazon.com/fsx/latest/LustreGuide/tag-resources.html>`_ in the *Amazon FSx for Lustre User Guide* .
         :param windows_configuration: The configuration object for the Microsoft Windows file system you are creating. This value is required if ``FileSystemType`` is set to ``WINDOWS`` .
         '''
@@ -1798,7 +1798,7 @@ class CfnFileSystem(
             :param import_path: (Optional) The path to the Amazon S3 bucket (including the optional prefix) that you're using as the data repository for your Amazon FSx for Lustre file system. The root of your FSx for Lustre file system will be mapped to the root of the Amazon S3 bucket you select. An example is ``s3://import-bucket/optional-prefix`` . If you specify a prefix after the Amazon S3 bucket name, only object keys with that prefix are loaded into the file system. .. epigraph:: This parameter is not supported for Lustre file systems with a data repository association.
             :param metadata_configuration: 
             :param per_unit_storage_throughput: Required with ``PERSISTENT_1`` and ``PERSISTENT_2`` deployment types, provisions the amount of read and write throughput for each 1 tebibyte (TiB) of file system storage capacity, in MB/s/TiB. File system throughput capacity is calculated by multiplying file system storage capacity (TiB) by the ``PerUnitStorageThroughput`` (MB/s/TiB). For a 2.4-TiB file system, provisioning 50 MB/s/TiB of ``PerUnitStorageThroughput`` yields 120 MB/s of file system throughput. You pay for the amount of throughput that you provision. Valid values: - For ``PERSISTENT_1`` SSD storage: 50, 100, 200 MB/s/TiB. - For ``PERSISTENT_1`` HDD storage: 12, 40 MB/s/TiB. - For ``PERSISTENT_2`` SSD storage: 125, 250, 500, 1000 MB/s/TiB.
-            :param weekly_maintenance_start_time: A recurring weekly time, in the format ``D:HH:MM`` . ``D`` is the day of the week, for which 1 represents Monday and 7 represents Sunday. For further details, see `the ISO-8601 spec as described on Wikipedia <https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/ISO_week_date>`_ . ``HH`` is the zero-padded hour of the day (0-23), and ``MM`` is the zero-padded minute of the hour. For example, ``1:05:00`` specifies maintenance at 5 AM Monday.
+            :param weekly_maintenance_start_time: The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone, where d is the weekday number, from 1 through 7, beginning with Monday and ending with Sunday. For example, ``1:05:00`` specifies maintenance at 5 AM Monday.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fsx-filesystem-lustreconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -2069,11 +2069,7 @@ class CfnFileSystem(
 
         @builtins.property
         def weekly_maintenance_start_time(self) -> typing.Optional[builtins.str]:
-            '''A recurring weekly time, in the format ``D:HH:MM`` .
-
-            ``D`` is the day of the week, for which 1 represents Monday and 7 represents Sunday. For further details, see `the ISO-8601 spec as described on Wikipedia <https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/ISO_week_date>`_ .
-
-            ``HH`` is the zero-padded hour of the day (0-23), and ``MM`` is the zero-padded minute of the hour.
+            '''The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone, where d is the weekday number, from 1 through 7, beginning with Monday and ending with Sunday.
 
             For example, ``1:05:00`` specifies maintenance at 5 AM Monday.
 
@@ -2268,7 +2264,7 @@ class CfnFileSystem(
             :param route_table_ids: (Multi-AZ only) Specifies the route tables in which Amazon FSx creates the rules for routing traffic to the correct file server. You should specify all virtual private cloud (VPC) route tables associated with the subnets in which your clients are located. By default, Amazon FSx selects your VPC's default route table. .. epigraph:: Amazon FSx manages these route tables for Multi-AZ file systems using tag-based authentication. These route tables are tagged with ``Key: AmazonFSx; Value: ManagedByAmazonFSx`` . When creating FSx for ONTAP Multi-AZ file systems using AWS CloudFormation we recommend that you add the ``Key: AmazonFSx; Value: ManagedByAmazonFSx`` tag manually.
             :param throughput_capacity: Sets the throughput capacity for the file system that you're creating in megabytes per second (MBps). For more information, see `Managing throughput capacity <https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/managing-throughput-capacity.html>`_ in the FSx for ONTAP User Guide. Amazon FSx responds with an HTTP status code 400 (Bad Request) for the following conditions: - The value of ``ThroughputCapacity`` and ``ThroughputCapacityPerHAPair`` are not the same value. - The value of ``ThroughputCapacity`` when divided by the value of ``HAPairs`` is outside of the valid range for ``ThroughputCapacity`` .
             :param throughput_capacity_per_ha_pair: Use to choose the throughput capacity per HA pair, rather than the total throughput for the file system. You can define either the ``ThroughputCapacityPerHAPair`` or the ``ThroughputCapacity`` when creating a file system, but not both. This field and ``ThroughputCapacity`` are the same for file systems powered by one HA pair. - For ``SINGLE_AZ_1`` and ``MULTI_AZ_1`` file systems, valid values are 128, 256, 512, 1024, 2048, or 4096 MBps. - For ``SINGLE_AZ_2`` , valid values are 1536, 3072, or 6144 MBps. - For ``MULTI_AZ_2`` , valid values are 384, 768, 1536, 3072, or 6144 MBps. Amazon FSx responds with an HTTP status code 400 (Bad Request) for the following conditions: - The value of ``ThroughputCapacity`` and ``ThroughputCapacityPerHAPair`` are not the same value for file systems with one HA pair. - The value of deployment type is ``SINGLE_AZ_2`` and ``ThroughputCapacity`` / ``ThroughputCapacityPerHAPair`` is not a valid HA pair (a value between 1 and 12). - The value of ``ThroughputCapacityPerHAPair`` is not a valid value.
-            :param weekly_maintenance_start_time: A recurring weekly time, in the format ``D:HH:MM`` . ``D`` is the day of the week, for which 1 represents Monday and 7 represents Sunday. For further details, see `the ISO-8601 spec as described on Wikipedia <https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/ISO_week_date>`_ . ``HH`` is the zero-padded hour of the day (0-23), and ``MM`` is the zero-padded minute of the hour. For example, ``1:05:00`` specifies maintenance at 5 AM Monday.
+            :param weekly_maintenance_start_time: The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone, where d is the weekday number, from 1 through 7, beginning with Monday and ending with Sunday. For example, ``1:05:00`` specifies maintenance at 5 AM Monday.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fsx-filesystem-ontapconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -2491,11 +2487,7 @@ class CfnFileSystem(
 
         @builtins.property
         def weekly_maintenance_start_time(self) -> typing.Optional[builtins.str]:
-            '''A recurring weekly time, in the format ``D:HH:MM`` .
-
-            ``D`` is the day of the week, for which 1 represents Monday and 7 represents Sunday. For further details, see `the ISO-8601 spec as described on Wikipedia <https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/ISO_week_date>`_ .
-
-            ``HH`` is the zero-padded hour of the day (0-23), and ``MM`` is the zero-padded minute of the hour.
+            '''The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone, where d is the weekday number, from 1 through 7, beginning with Monday and ending with Sunday.
 
             For example, ``1:05:00`` specifies maintenance at 5 AM Monday.
 
@@ -2569,7 +2561,7 @@ class CfnFileSystem(
             :param root_volume_configuration: The configuration Amazon FSx uses when creating the root value of the Amazon FSx for OpenZFS file system. All volumes are children of the root volume.
             :param route_table_ids: (Multi-AZ only) Specifies the route tables in which Amazon FSx creates the rules for routing traffic to the correct file server. You should specify all virtual private cloud (VPC) route tables associated with the subnets in which your clients are located. By default, Amazon FSx selects your VPC's default route table.
             :param throughput_capacity: Specifies the throughput of an Amazon FSx for OpenZFS file system, measured in megabytes per second (MBps). Valid values depend on the ``DeploymentType`` and ``StorageType`` that you choose, as follows: - For ``INTELIGENT_TIERING`` , valid values are 1280, 2560, 3840, 5120, 7680, or 10240 MBps. - For ``MULTI_AZ_1`` and ``SINGLE_AZ_2`` , valid values are 160, 320, 640, 1280, 2560, 3840, 5120, 7680, or 10240 MBps. - For ``SINGLE_AZ_1`` , valid values are 64, 128, 256, 512, 1024, 2048, 3072, or 4096 MBps. You pay for additional throughput capacity that you provision.
-            :param weekly_maintenance_start_time: A recurring weekly time, in the format ``D:HH:MM`` . ``D`` is the day of the week, for which 1 represents Monday and 7 represents Sunday. For further details, see `the ISO-8601 spec as described on Wikipedia <https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/ISO_week_date>`_ . ``HH`` is the zero-padded hour of the day (0-23), and ``MM`` is the zero-padded minute of the hour. For example, ``1:05:00`` specifies maintenance at 5 AM Monday.
+            :param weekly_maintenance_start_time: The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone, where d is the weekday number, from 1 through 7, beginning with Monday and ending with Sunday. For example, ``1:05:00`` specifies maintenance at 5 AM Monday.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fsx-filesystem-openzfsconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -2833,11 +2825,7 @@ class CfnFileSystem(
 
         @builtins.property
         def weekly_maintenance_start_time(self) -> typing.Optional[builtins.str]:
-            '''A recurring weekly time, in the format ``D:HH:MM`` .
-
-            ``D`` is the day of the week, for which 1 represents Monday and 7 represents Sunday. For further details, see `the ISO-8601 spec as described on Wikipedia <https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/ISO_week_date>`_ .
-
-            ``HH`` is the zero-padded hour of the day (0-23), and ``MM`` is the zero-padded minute of the hour.
+            '''The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone, where d is the weekday number, from 1 through 7, beginning with Monday and ending with Sunday.
 
             For example, ``1:05:00`` specifies maintenance at 5 AM Monday.
 
@@ -3685,7 +3673,7 @@ class CfnFileSystemProps:
         :param open_zfs_configuration: The Amazon FSx for OpenZFS configuration properties for the file system that you are creating.
         :param security_group_ids: A list of IDs specifying the security groups to apply to all network interfaces created for file system access. This list isn't returned in later requests to describe the file system. .. epigraph:: You must specify a security group if you are creating a Multi-AZ FSx for ONTAP file system in a VPC subnet that has been shared with you.
         :param storage_capacity: Sets the storage capacity of the file system that you're creating. ``StorageCapacity`` is required if you are creating a new file system. It is not required if you are creating a file system by restoring a backup. *FSx for Lustre file systems* - The amount of storage capacity that you can configure depends on the value that you set for ``StorageType`` and the Lustre ``DeploymentType`` , as follows: - For ``SCRATCH_2`` , ``PERSISTENT_2`` and ``PERSISTENT_1`` deployment types using SSD storage type, the valid values are 1200 GiB, 2400 GiB, and increments of 2400 GiB. - For ``PERSISTENT_1`` HDD file systems, valid values are increments of 6000 GiB for 12 MB/s/TiB file systems and increments of 1800 GiB for 40 MB/s/TiB file systems. - For ``SCRATCH_1`` deployment type, valid values are 1200 GiB, 2400 GiB, and increments of 3600 GiB. *FSx for ONTAP file systems* - The amount of SSD storage capacity that you can configure depends on the value of the ``HAPairs`` property. The minimum value is calculated as 1,024 GiB * HAPairs and the maximum is calculated as 524,288 GiB * HAPairs, up to a maximum amount of SSD storage capacity of 1,048,576 GiB (1 pebibyte). *FSx for OpenZFS file systems* - The amount of storage capacity that you can configure is from 64 GiB up to 524,288 GiB (512 TiB). If you are creating a file system from a backup, you can specify a storage capacity equal to or greater than the original file system's storage capacity. *FSx for Windows File Server file systems* - The amount of storage capacity that you can configure depends on the value that you set for ``StorageType`` as follows: - For SSD storage, valid values are 32 GiB-65,536 GiB (64 TiB). - For HDD storage, valid values are 2000 GiB-65,536 GiB (64 TiB).
-        :param storage_type: Sets the storage class for the file system that you're creating. Valid values are ``SSD`` , ``HDD`` , and ``INTELLIGENT_TIERING`` . - Set to ``SSD`` to use solid state drive storage. SSD is supported on all Windows, Lustre, ONTAP, and OpenZFS deployment types. - Set to ``HDD`` to use hard disk drive storage. HDD is supported on ``SINGLE_AZ_2`` and ``MULTI_AZ_1`` Windows file system deployment types, and on ``PERSISTENT_1`` Lustre file system deployment types. - Set to ``INTELLIGENT_TIERING`` to use fully elastic, intelligently-tiered storage. Intelligent-Tiering is only available for OpenZFS file systems with the Multi-AZ deployment type. Default value is ``SSD`` . For more information, see `Storage type options <https://docs.aws.amazon.com/fsx/latest/WindowsGuide/optimize-fsx-costs.html#storage-type-options>`_ in the *FSx for Windows File Server User Guide* , `Multiple storage options <https://docs.aws.amazon.com/fsx/latest/LustreGuide/what-is.html#storage-options>`_ in the *FSx for Lustre User Guide* , and `Working with Intelligent-Tiering <https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/performance-intelligent-tiering>`_ in the *Amazon FSx for OpenZFS User Guide* .
+        :param storage_type: Sets the storage class for the file system that you're creating. Valid values are ``SSD`` , ``HDD`` , and ``INTELLIGENT_TIERING`` . - Set to ``SSD`` to use solid state drive storage. SSD is supported on all Windows, Lustre, ONTAP, and OpenZFS deployment types. - Set to ``HDD`` to use hard disk drive storage, which is supported on ``SINGLE_AZ_2`` and ``MULTI_AZ_1`` Windows file system deployment types, and on ``PERSISTENT_1`` Lustre file system deployment types. - Set to ``INTELLIGENT_TIERING`` to use fully elastic, intelligently-tiered storage. Intelligent-Tiering is only available for OpenZFS file systems with the Multi-AZ deployment type. Default value is ``SSD`` . For more information, see `Storage type options <https://docs.aws.amazon.com/fsx/latest/WindowsGuide/optimize-fsx-costs.html#storage-type-options>`_ in the *FSx for Windows File Server User Guide* , `Multiple storage options <https://docs.aws.amazon.com/fsx/latest/LustreGuide/what-is.html#storage-options>`_ in the *FSx for Lustre User Guide* , and `Working with Intelligent-Tiering <https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/performance-intelligent-tiering>`_ in the *Amazon FSx for OpenZFS User Guide* .
         :param tags: The tags to associate with the file system. For more information, see `Tagging your Amazon FSx resources <https://docs.aws.amazon.com/fsx/latest/LustreGuide/tag-resources.html>`_ in the *Amazon FSx for Lustre User Guide* .
         :param windows_configuration: The configuration object for the Microsoft Windows file system you are creating. This value is required if ``FileSystemType`` is set to ``WINDOWS`` .
 
@@ -4030,7 +4018,7 @@ class CfnFileSystemProps:
         Valid values are ``SSD`` , ``HDD`` , and ``INTELLIGENT_TIERING`` .
 
         - Set to ``SSD`` to use solid state drive storage. SSD is supported on all Windows, Lustre, ONTAP, and OpenZFS deployment types.
-        - Set to ``HDD`` to use hard disk drive storage. HDD is supported on ``SINGLE_AZ_2`` and ``MULTI_AZ_1`` Windows file system deployment types, and on ``PERSISTENT_1`` Lustre file system deployment types.
+        - Set to ``HDD`` to use hard disk drive storage, which is supported on ``SINGLE_AZ_2`` and ``MULTI_AZ_1`` Windows file system deployment types, and on ``PERSISTENT_1`` Lustre file system deployment types.
         - Set to ``INTELLIGENT_TIERING`` to use fully elastic, intelligently-tiered storage. Intelligent-Tiering is only available for OpenZFS file systems with the Multi-AZ deployment type.
 
         Default value is ``SSD`` . For more information, see `Storage type options <https://docs.aws.amazon.com/fsx/latest/WindowsGuide/optimize-fsx-costs.html#storage-type-options>`_ in the *FSx for Windows File Server User Guide* , `Multiple storage options <https://docs.aws.amazon.com/fsx/latest/LustreGuide/what-is.html#storage-options>`_ in the *FSx for Lustre User Guide* , and `Working with Intelligent-Tiering <https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/performance-intelligent-tiering>`_ in the *Amazon FSx for OpenZFS User Guide* .

aws_cdk/aws_iam/__init__.py

@@ -7630,7 +7630,7 @@ class Grant(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_iam.Grant"):
     @builtins.property
     @jsii.member(jsii_name="resourceStatements")
     def resource_statements(self) -> typing.List["PolicyStatement"]:
-        '''The statements that were added to the principal's policy.'''
+        '''The statements that were added to the resource policy.'''
         return typing.cast(typing.List["PolicyStatement"], jsii.get(self, "resourceStatements"))
 
     @builtins.property

aws_cdk/aws_iot/__init__.py

@@ -180,7 +180,7 @@ class CfnAccountAuditConfiguration(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param account_id: The ID of the account. You can use the expression ``!Sub "${AWS::AccountId}"`` to use your account ID.
-        :param audit_check_configurations: Specifies which audit checks are enabled and disabled for this account. Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the ``Enabled:`` key to ``false`` . If an enabled check is removed from the template, it will also be disabled. You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check. For more information on avialbe auidt checks see `AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html>`_
+        :param audit_check_configurations: Specifies which audit checks are enabled and disabled for this account. Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the ``Enabled:`` key to ``false`` . If an enabled check is removed from the template, it will also be disabled. You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check. For more information on available audit checks see `AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html>`_
         :param role_arn: The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit.
         :param audit_notification_target_configurations: Information about the targets to which audit notifications are sent.
         '''
@@ -1057,7 +1057,7 @@ class CfnAccountAuditConfigurationProps:
         '''Properties for defining a ``CfnAccountAuditConfiguration``.
 
         :param account_id: The ID of the account. You can use the expression ``!Sub "${AWS::AccountId}"`` to use your account ID.
-        :param audit_check_configurations: Specifies which audit checks are enabled and disabled for this account. Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the ``Enabled:`` key to ``false`` . If an enabled check is removed from the template, it will also be disabled. You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check. For more information on avialbe auidt checks see `AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html>`_
+        :param audit_check_configurations: Specifies which audit checks are enabled and disabled for this account. Some data collection might start immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted. To disable a check, set the value of the ``Enabled:`` key to ``false`` . If an enabled check is removed from the template, it will also be disabled. You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check. For more information on available audit checks see `AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html>`_
         :param role_arn: The Amazon Resource Name (ARN) of the role that grants permission to AWS IoT to access information about your devices, policies, certificates, and other items as required when performing an audit.
         :param audit_notification_target_configurations: Information about the targets to which audit notifications are sent.
 
@@ -1178,7 +1178,7 @@ class CfnAccountAuditConfigurationProps:
 
         You can't disable a check if it's used by any scheduled audit. You must delete the check from the scheduled audit or delete the scheduled audit itself to disable the check.
 
-        For more information on avialbe auidt checks see `AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html>`_
+        For more information on available audit checks see `AWS::IoT::AccountAuditConfiguration AuditCheckConfigurations <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iot-accountauditconfiguration-auditcheckconfigurations.html>`_
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iot-accountauditconfiguration.html#cfn-iot-accountauditconfiguration-auditcheckconfigurations
         '''
@@ -10325,7 +10325,7 @@ class CfnScheduledAudit(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param frequency: How often the scheduled audit occurs.
-        :param target_check_names: Which checks are performed during the scheduled audit. Checks must be enabled for your account. (Use ``DescribeAccountAuditConfiguration`` to see the list of all checks, including those that are enabled or use ``UpdateAccountAuditConfiguration`` to select which checks are enabled.) The following checks are currently aviable: - ``AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK`` - ``CA_CERTIFICATE_EXPIRING_CHECK`` - ``CA_CERTIFICATE_KEY_QUALITY_CHECK`` - ``CONFLICTING_CLIENT_IDS_CHECK`` - ``DEVICE_CERTIFICATE_EXPIRING_CHECK`` - ``DEVICE_CERTIFICATE_KEY_QUALITY_CHECK`` - ``DEVICE_CERTIFICATE_SHARED_CHECK`` - ``IOT_POLICY_OVERLY_PERMISSIVE_CHECK`` - ``IOT_ROLE_ALIAS_ALLOWS_ACCESS_TO_UNUSED_SERVICES_CHECK`` - ``IOT_ROLE_ALIAS_OVERLY_PERMISSIVE_CHECK`` - ``LOGGING_DISABLED_CHECK`` - ``REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK`` - ``REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK`` - ``UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK``
+        :param target_check_names: Which checks are performed during the scheduled audit. Checks must be enabled for your account. (Use ``DescribeAccountAuditConfiguration`` to see the list of all checks, including those that are enabled or use ``UpdateAccountAuditConfiguration`` to select which checks are enabled.) The following checks are currently available: - ``AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK`` - ``CA_CERTIFICATE_EXPIRING_CHECK`` - ``CA_CERTIFICATE_KEY_QUALITY_CHECK`` - ``CONFLICTING_CLIENT_IDS_CHECK`` - ``DEVICE_CERTIFICATE_EXPIRING_CHECK`` - ``DEVICE_CERTIFICATE_KEY_QUALITY_CHECK`` - ``DEVICE_CERTIFICATE_SHARED_CHECK`` - ``IOT_POLICY_OVERLY_PERMISSIVE_CHECK`` - ``IOT_ROLE_ALIAS_ALLOWS_ACCESS_TO_UNUSED_SERVICES_CHECK`` - ``IOT_ROLE_ALIAS_OVERLY_PERMISSIVE_CHECK`` - ``LOGGING_DISABLED_CHECK`` - ``REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK`` - ``REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK`` - ``UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK``
         :param day_of_month: The day of the month on which the scheduled audit is run (if the ``frequency`` is "MONTHLY"). If days 29-31 are specified, and the month does not have that many days, the audit takes place on the "LAST" day of the month.
         :param day_of_week: The day of the week on which the scheduled audit is run (if the ``frequency`` is "WEEKLY" or "BIWEEKLY").
         :param scheduled_audit_name: The name of the scheduled audit.
@@ -10501,7 +10501,7 @@ class CfnScheduledAuditProps:
         '''Properties for defining a ``CfnScheduledAudit``.
 
         :param frequency: How often the scheduled audit occurs.
-        :param target_check_names: Which checks are performed during the scheduled audit. Checks must be enabled for your account. (Use ``DescribeAccountAuditConfiguration`` to see the list of all checks, including those that are enabled or use ``UpdateAccountAuditConfiguration`` to select which checks are enabled.) The following checks are currently aviable: - ``AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK`` - ``CA_CERTIFICATE_EXPIRING_CHECK`` - ``CA_CERTIFICATE_KEY_QUALITY_CHECK`` - ``CONFLICTING_CLIENT_IDS_CHECK`` - ``DEVICE_CERTIFICATE_EXPIRING_CHECK`` - ``DEVICE_CERTIFICATE_KEY_QUALITY_CHECK`` - ``DEVICE_CERTIFICATE_SHARED_CHECK`` - ``IOT_POLICY_OVERLY_PERMISSIVE_CHECK`` - ``IOT_ROLE_ALIAS_ALLOWS_ACCESS_TO_UNUSED_SERVICES_CHECK`` - ``IOT_ROLE_ALIAS_OVERLY_PERMISSIVE_CHECK`` - ``LOGGING_DISABLED_CHECK`` - ``REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK`` - ``REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK`` - ``UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK``
+        :param target_check_names: Which checks are performed during the scheduled audit. Checks must be enabled for your account. (Use ``DescribeAccountAuditConfiguration`` to see the list of all checks, including those that are enabled or use ``UpdateAccountAuditConfiguration`` to select which checks are enabled.) The following checks are currently available: - ``AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK`` - ``CA_CERTIFICATE_EXPIRING_CHECK`` - ``CA_CERTIFICATE_KEY_QUALITY_CHECK`` - ``CONFLICTING_CLIENT_IDS_CHECK`` - ``DEVICE_CERTIFICATE_EXPIRING_CHECK`` - ``DEVICE_CERTIFICATE_KEY_QUALITY_CHECK`` - ``DEVICE_CERTIFICATE_SHARED_CHECK`` - ``IOT_POLICY_OVERLY_PERMISSIVE_CHECK`` - ``IOT_ROLE_ALIAS_ALLOWS_ACCESS_TO_UNUSED_SERVICES_CHECK`` - ``IOT_ROLE_ALIAS_OVERLY_PERMISSIVE_CHECK`` - ``LOGGING_DISABLED_CHECK`` - ``REVOKED_CA_CERTIFICATE_STILL_ACTIVE_CHECK`` - ``REVOKED_DEVICE_CERTIFICATE_STILL_ACTIVE_CHECK`` - ``UNAUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK``
         :param day_of_month: The day of the month on which the scheduled audit is run (if the ``frequency`` is "MONTHLY"). If days 29-31 are specified, and the month does not have that many days, the audit takes place on the "LAST" day of the month.
         :param day_of_week: The day of the week on which the scheduled audit is run (if the ``frequency`` is "WEEKLY" or "BIWEEKLY").
         :param scheduled_audit_name: The name of the scheduled audit.
@@ -10567,7 +10567,7 @@ class CfnScheduledAuditProps:
 
         Checks must be enabled for your account. (Use ``DescribeAccountAuditConfiguration`` to see the list of all checks, including those that are enabled or use ``UpdateAccountAuditConfiguration`` to select which checks are enabled.)
 
-        The following checks are currently aviable:
+        The following checks are currently available:
 
         - ``AUTHENTICATED_COGNITO_ROLE_OVERLY_PERMISSIVE_CHECK``
         - ``CA_CERTIFICATE_EXPIRING_CHECK``

aws_cdk/aws_kafkaconnect/__init__.py

@@ -1597,7 +1597,7 @@ class CfnConnector(
         ) -> None:
             '''Information about the VPC in which the connector resides.
 
-            :param security_groups: The security groups for the connector.
+            :param security_groups: The security group IDs for the connector.
             :param subnets: The subnets for the connector.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kafkaconnect-connector-vpc.html
@@ -1625,7 +1625,7 @@ class CfnConnector(
 
         @builtins.property
         def security_groups(self) -> typing.List[builtins.str]:
-            '''The security groups for the connector.
+            '''The security group IDs for the connector.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kafkaconnect-connector-vpc.html#cfn-kafkaconnect-connector-vpc-securitygroups
             '''