aws-cdk-lib 2.189.1__py3-none-any.whl → 2.191.0__py3-none-any.whl

aws_cdk/aws_s3_deployment/__init__.py

@@ -361,6 +361,31 @@ resource handler.
 > NOTE: a new AWS Lambda handler will be created in your stack for each combination
 > of memory and storage size.
 
+## JSON-Aware Source Processing
+
+When using `Source.jsonData` with CDK Tokens (references to construct properties), you may need to enable the escaping option. This is particularly important when the referenced properties might contain special characters that require proper JSON escaping (like double quotes, line breaks, etc.).
+
+```python
+# bucket: s3.Bucket
+# param: ssm.StringParameter
+
+
+# Example with a secret value that contains double quotes
+deployment = s3deploy.BucketDeployment(self, "JsonDeployment",
+    sources=[
+        s3deploy.Source.json_data("config.json", {
+            "api_endpoint": "https://api.example.com",
+            "secret_value": param.string_value,  # value with double quotes
+            "config": {
+                "enabled": True,
+                "features": ["feature1", "feature2"]
+            }
+        }, escape=True)
+    ],
+    destination_bucket=bucket
+)
+```
+
 ## EFS Support
 
 If your workflow needs more disk space than default (512 MB) disk space, you may attach an EFS storage to underlying
@@ -1872,6 +1897,119 @@ class _ISourceProxy:
 typing.cast(typing.Any, ISource).__jsii_proxy_class__ = lambda : _ISourceProxy
 
 
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_s3_deployment.JsonProcessingOptions",
+    jsii_struct_bases=[],
+    name_mapping={"escape": "escape"},
+)
+class JsonProcessingOptions:
+    def __init__(self, *, escape: typing.Optional[builtins.bool] = None) -> None:
+        '''Define options which can be passed using the method ``Source.jsonData()``.
+
+        :param escape: If set to ``true``, the marker substitution will make sure the value inserted in the file will be a valid JSON string. Default: - false
+
+        :exampleMetadata: infused
+
+        Example::
+
+            # bucket: s3.Bucket
+            # param: ssm.StringParameter
+            
+            
+            # Example with a secret value that contains double quotes
+            deployment = s3deploy.BucketDeployment(self, "JsonDeployment",
+                sources=[
+                    s3deploy.Source.json_data("config.json", {
+                        "api_endpoint": "https://api.example.com",
+                        "secret_value": param.string_value,  # value with double quotes
+                        "config": {
+                            "enabled": True,
+                            "features": ["feature1", "feature2"]
+                        }
+                    }, escape=True)
+                ],
+                destination_bucket=bucket
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__fd3ea1f1e2f77d50d09982cb82214db60db317cbfc5d9891f173d39c88e742ff)
+            check_type(argname="argument escape", value=escape, expected_type=type_hints["escape"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {}
+        if escape is not None:
+            self._values["escape"] = escape
+
+    @builtins.property
+    def escape(self) -> typing.Optional[builtins.bool]:
+        '''If set to ``true``, the marker substitution will make sure the value inserted in the file will be a valid JSON string.
+
+        :default: - false
+        '''
+        result = self._values.get("escape")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "JsonProcessingOptions(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_s3_deployment.MarkersConfig",
+    jsii_struct_bases=[],
+    name_mapping={"json_escape": "jsonEscape"},
+)
+class MarkersConfig:
+    def __init__(self, *, json_escape: typing.Optional[builtins.bool] = None) -> None:
+        '''A configuration for markers substitution strategy.
+
+        :param json_escape: If set to ``true``, the marker substitution will make ure the value inserted in the file will be a valid JSON string. Default: - false
+
+        :exampleMetadata: fixture=_generated
+
+        Example::
+
+            # The code below shows an example of how to instantiate this type.
+            # The values are placeholders you should change.
+            from aws_cdk import aws_s3_deployment as s3_deployment
+            
+            markers_config = s3_deployment.MarkersConfig(
+                json_escape=False
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__c22b4c70cadefb9701fc5773d5fda6fec94ecfa3854d7d72003b50084bc4d20e)
+            check_type(argname="argument json_escape", value=json_escape, expected_type=type_hints["json_escape"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {}
+        if json_escape is not None:
+            self._values["json_escape"] = json_escape
+
+    @builtins.property
+    def json_escape(self) -> typing.Optional[builtins.bool]:
+        '''If set to ``true``, the marker substitution will make ure the value inserted in the file will be a valid JSON string.
+
+        :default: - false
+        '''
+        result = self._values.get("json_escape")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "MarkersConfig(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
 @jsii.enum(jsii_type="aws-cdk-lib.aws_s3_deployment.ServerSideEncryption")
 class ServerSideEncryption(enum.Enum):
     '''Indicates whether server-side encryption is enabled for the object, and whether that encryption is from the AWS Key Management Service (AWS KMS) or from Amazon S3 managed encryption (SSE-S3).
@@ -2038,7 +2176,13 @@ class Source(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_s3_deployment.S
 
     @jsii.member(jsii_name="data")
     @builtins.classmethod
-    def data(cls, object_key: builtins.str, data: builtins.str) -> ISource:
+    def data(
+        cls,
+        object_key: builtins.str,
+        data: builtins.str,
+        *,
+        json_escape: typing.Optional[builtins.bool] = None,
+    ) -> ISource:
         '''Deploys an object with the specified string contents into the bucket.
 
         The
@@ -2050,16 +2194,25 @@ class Source(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_s3_deployment.S
 
         :param object_key: The destination S3 object key (relative to the root of the S3 deployment).
         :param data: The data to be stored in the object.
+        :param json_escape: If set to ``true``, the marker substitution will make ure the value inserted in the file will be a valid JSON string. Default: - false
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__798b55b643d389adf599acde4d214b0b843e07f8c7984ea0e848f2da7c62822c)
             check_type(argname="argument object_key", value=object_key, expected_type=type_hints["object_key"])
             check_type(argname="argument data", value=data, expected_type=type_hints["data"])
-        return typing.cast(ISource, jsii.sinvoke(cls, "data", [object_key, data]))
+        markers_config = MarkersConfig(json_escape=json_escape)
+
+        return typing.cast(ISource, jsii.sinvoke(cls, "data", [object_key, data, markers_config]))
 
     @jsii.member(jsii_name="jsonData")
     @builtins.classmethod
-    def json_data(cls, object_key: builtins.str, obj: typing.Any) -> ISource:
+    def json_data(
+        cls,
+        object_key: builtins.str,
+        obj: typing.Any,
+        *,
+        escape: typing.Optional[builtins.bool] = None,
+    ) -> ISource:
         '''Deploys an object with the specified JSON object into the bucket.
 
         The
@@ -2068,12 +2221,15 @@ class Source(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_s3_deployment.S
 
         :param object_key: The destination S3 object key (relative to the root of the S3 deployment).
         :param obj: A JSON object.
+        :param escape: If set to ``true``, the marker substitution will make sure the value inserted in the file will be a valid JSON string. Default: - false
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__34bf47f9cf16464b2d85173fbce8786a1afe889c23001b8c7575c49e0bf93ff9)
             check_type(argname="argument object_key", value=object_key, expected_type=type_hints["object_key"])
             check_type(argname="argument obj", value=obj, expected_type=type_hints["obj"])
-        return typing.cast(ISource, jsii.sinvoke(cls, "jsonData", [object_key, obj]))
+        json_processing_options = JsonProcessingOptions(escape=escape)
+
+        return typing.cast(ISource, jsii.sinvoke(cls, "jsonData", [object_key, obj, json_processing_options]))
 
     @jsii.member(jsii_name="yamlData")
     @builtins.classmethod
@@ -2100,6 +2256,7 @@ class Source(metaclass=jsii.JSIIMeta, jsii_type="aws-cdk-lib.aws_s3_deployment.S
         "bucket": "bucket",
         "zip_object_key": "zipObjectKey",
         "markers": "markers",
+        "markers_config": "markersConfig",
     },
 )
 class SourceConfig:
@@ -2109,12 +2266,14 @@ class SourceConfig:
         bucket: _IBucket_42e086fd,
         zip_object_key: builtins.str,
         markers: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
+        markers_config: typing.Optional[typing.Union[MarkersConfig, typing.Dict[builtins.str, typing.Any]]] = None,
     ) -> None:
         '''Source information.
 
         :param bucket: The source bucket to deploy from.
         :param zip_object_key: An S3 object key in the source bucket that points to a zip file.
         :param markers: A set of markers to substitute in the source content. Default: - no markers
+        :param markers_config: A configuration for markers substitution strategy. Default: - no configuration
 
         :exampleMetadata: fixture=_generated
 
@@ -2135,20 +2294,28 @@ class SourceConfig:
                 # the properties below are optional
                 markers={
                     "markers_key": markers
-                }
+                },
+                markers_config=s3_deployment.MarkersConfig(
+                    json_escape=False
+                )
             )
         '''
+        if isinstance(markers_config, dict):
+            markers_config = MarkersConfig(**markers_config)
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__dafa1619bb92595ec0ff7aa95e55221719ed81eb6d2f7d44a84193d810c4265c)
             check_type(argname="argument bucket", value=bucket, expected_type=type_hints["bucket"])
             check_type(argname="argument zip_object_key", value=zip_object_key, expected_type=type_hints["zip_object_key"])
             check_type(argname="argument markers", value=markers, expected_type=type_hints["markers"])
+            check_type(argname="argument markers_config", value=markers_config, expected_type=type_hints["markers_config"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "bucket": bucket,
             "zip_object_key": zip_object_key,
         }
         if markers is not None:
             self._values["markers"] = markers
+        if markers_config is not None:
+            self._values["markers_config"] = markers_config
 
     @builtins.property
     def bucket(self) -> _IBucket_42e086fd:
@@ -2173,6 +2340,15 @@ class SourceConfig:
         result = self._values.get("markers")
         return typing.cast(typing.Optional[typing.Mapping[builtins.str, typing.Any]], result)
 
+    @builtins.property
+    def markers_config(self) -> typing.Optional[MarkersConfig]:
+        '''A configuration for markers substitution strategy.
+
+        :default: - no configuration
+        '''
+        result = self._values.get("markers_config")
+        return typing.cast(typing.Optional[MarkersConfig], result)
+
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -2278,6 +2454,8 @@ __all__ = [
     "DeployTimeSubstitutedFileProps",
     "DeploymentSourceContext",
     "ISource",
+    "JsonProcessingOptions",
+    "MarkersConfig",
     "ServerSideEncryption",
     "Source",
     "SourceConfig",
@@ -2442,6 +2620,20 @@ def _typecheckingstub__09970416699f317cf422c30f785da12ff6ed72f1358bc0e3e4adcf6e6
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__fd3ea1f1e2f77d50d09982cb82214db60db317cbfc5d9891f173d39c88e742ff(
+    *,
+    escape: typing.Optional[builtins.bool] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__c22b4c70cadefb9701fc5773d5fda6fec94ecfa3854d7d72003b50084bc4d20e(
+    *,
+    json_escape: typing.Optional[builtins.bool] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__fc877c69568cee7364ec77003356fc6818118602dda64adf3dbf38ff7eec10b2(
     path: builtins.str,
     *,
@@ -2469,6 +2661,8 @@ def _typecheckingstub__bcaba123a95f1aa9d99f9f5af319da23dd5f345454e757ba925736432
 def _typecheckingstub__798b55b643d389adf599acde4d214b0b843e07f8c7984ea0e848f2da7c62822c(
     object_key: builtins.str,
     data: builtins.str,
+    *,
+    json_escape: typing.Optional[builtins.bool] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -2476,6 +2670,8 @@ def _typecheckingstub__798b55b643d389adf599acde4d214b0b843e07f8c7984ea0e848f2da7
 def _typecheckingstub__34bf47f9cf16464b2d85173fbce8786a1afe889c23001b8c7575c49e0bf93ff9(
     object_key: builtins.str,
     obj: typing.Any,
+    *,
+    escape: typing.Optional[builtins.bool] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -2492,6 +2688,7 @@ def _typecheckingstub__dafa1619bb92595ec0ff7aa95e55221719ed81eb6d2f7d44a84193d81
     bucket: _IBucket_42e086fd,
     zip_object_key: builtins.str,
     markers: typing.Optional[typing.Mapping[builtins.str, typing.Any]] = None,
+    markers_config: typing.Optional[typing.Union[MarkersConfig, typing.Dict[builtins.str, typing.Any]]] = None,
 ) -> None:
     """Type checking stubs"""
     pass

aws_cdk/aws_s3tables/__init__.py

@@ -86,7 +86,8 @@ class CfnTableBucket(
 
     For more information, see `Creating a table bucket <https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-buckets-create.html>`_ in the *Amazon Simple Storage Service User Guide* .
 
-    - **Permissions** - You must have the ``s3tables:CreateTableBucket`` permission to use this operation.
+    - **Permissions** - - You must have the ``s3tables:CreateTableBucket`` permission to use this operation.
+    - If you use this operation with the optional ``encryptionConfiguration`` parameter you must have the ``s3tables:PutTableBucketEncryption`` permission.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3tables-tablebucket.html
     :cloudformationResource: AWS::S3Tables::TableBucket
@@ -102,6 +103,10 @@ class CfnTableBucket(
             table_bucket_name="tableBucketName",
         
             # the properties below are optional
+            encryption_configuration=s3tables.CfnTableBucket.EncryptionConfigurationProperty(
+                kms_key_arn="kmsKeyArn",
+                sse_algorithm="sseAlgorithm"
+            ),
             unreferenced_file_removal=s3tables.CfnTableBucket.UnreferencedFileRemovalProperty(
                 noncurrent_days=123,
                 status="status",
@@ -116,12 +121,14 @@ class CfnTableBucket(
         id: builtins.str,
         *,
         table_bucket_name: builtins.str,
+        encryption_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnTableBucket.EncryptionConfigurationProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         unreferenced_file_removal: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnTableBucket.UnreferencedFileRemovalProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param table_bucket_name: The name for the table bucket.
+        :param encryption_configuration: Configuration specifying how data should be encrypted. This structure defines the encryption algorithm and optional KMS key to be used for server-side encryption.
         :param unreferenced_file_removal: The unreferenced file removal settings for your table bucket. Unreferenced file removal identifies and deletes all objects that are not referenced by any table snapshots. For more information, see the `*Amazon S3 User Guide* <https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-table-buckets-maintenance.html>`_ .
         '''
         if __debug__:
@@ -130,6 +137,7 @@ class CfnTableBucket(
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         props = CfnTableBucketProps(
             table_bucket_name=table_bucket_name,
+            encryption_configuration=encryption_configuration,
             unreferenced_file_removal=unreferenced_file_removal,
         )
 
@@ -192,6 +200,24 @@ class CfnTableBucket(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "tableBucketName", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="encryptionConfiguration")
+    def encryption_configuration(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnTableBucket.EncryptionConfigurationProperty"]]:
+        '''Configuration specifying how data should be encrypted.'''
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnTableBucket.EncryptionConfigurationProperty"]], jsii.get(self, "encryptionConfiguration"))
+
+    @encryption_configuration.setter
+    def encryption_configuration(
+        self,
+        value: typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnTableBucket.EncryptionConfigurationProperty"]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__61499f569b4e5dc20b99defd26e29c6e9b7761b6630e1adec9c20e97e099dd4a)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "encryptionConfiguration", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="unreferencedFileRemoval")
     def unreferenced_file_removal(
@@ -210,6 +236,82 @@ class CfnTableBucket(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "unreferencedFileRemoval", value) # pyright: ignore[reportArgumentType]
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_s3tables.CfnTableBucket.EncryptionConfigurationProperty",
+        jsii_struct_bases=[],
+        name_mapping={"kms_key_arn": "kmsKeyArn", "sse_algorithm": "sseAlgorithm"},
+    )
+    class EncryptionConfigurationProperty:
+        def __init__(
+            self,
+            *,
+            kms_key_arn: typing.Optional[builtins.str] = None,
+            sse_algorithm: typing.Optional[builtins.str] = None,
+        ) -> None:
+            '''Configuration specifying how data should be encrypted.
+
+            This structure defines the encryption algorithm and optional KMS key to be used for server-side encryption.
+
+            :param kms_key_arn: The Amazon Resource Name (ARN) of the KMS key to use for encryption. This field is required only when ``sseAlgorithm`` is set to ``aws:kms`` .
+            :param sse_algorithm: The server-side encryption algorithm to use. Valid values are ``AES256`` for S3-managed encryption keys, or ``aws:kms`` for AWS KMS-managed encryption keys. If you choose SSE-KMS encryption you must grant the S3 Tables maintenance principal access to your KMS key. For more information, see `Permissions requirements for S3 Tables SSE-KMS encryption <https://docs.aws.amazon.com//AmazonS3/latest/userguide/s3-tables-kms-permissions.html>`_ .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3tables-tablebucket-encryptionconfiguration.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_s3tables as s3tables
+                
+                encryption_configuration_property = s3tables.CfnTableBucket.EncryptionConfigurationProperty(
+                    kms_key_arn="kmsKeyArn",
+                    sse_algorithm="sseAlgorithm"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__659e946ab1ee4bc0eb13a519adc57d2cb4431347d47a9e6cb4d4086a87be1b2a)
+                check_type(argname="argument kms_key_arn", value=kms_key_arn, expected_type=type_hints["kms_key_arn"])
+                check_type(argname="argument sse_algorithm", value=sse_algorithm, expected_type=type_hints["sse_algorithm"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if kms_key_arn is not None:
+                self._values["kms_key_arn"] = kms_key_arn
+            if sse_algorithm is not None:
+                self._values["sse_algorithm"] = sse_algorithm
+
+        @builtins.property
+        def kms_key_arn(self) -> typing.Optional[builtins.str]:
+            '''The Amazon Resource Name (ARN) of the KMS key to use for encryption.
+
+            This field is required only when ``sseAlgorithm`` is set to ``aws:kms`` .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3tables-tablebucket-encryptionconfiguration.html#cfn-s3tables-tablebucket-encryptionconfiguration-kmskeyarn
+            '''
+            result = self._values.get("kms_key_arn")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def sse_algorithm(self) -> typing.Optional[builtins.str]:
+            '''The server-side encryption algorithm to use.
+
+            Valid values are ``AES256`` for S3-managed encryption keys, or ``aws:kms`` for AWS KMS-managed encryption keys. If you choose SSE-KMS encryption you must grant the S3 Tables maintenance principal access to your KMS key. For more information, see `Permissions requirements for S3 Tables SSE-KMS encryption <https://docs.aws.amazon.com//AmazonS3/latest/userguide/s3-tables-kms-permissions.html>`_ .
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3tables-tablebucket-encryptionconfiguration.html#cfn-s3tables-tablebucket-encryptionconfiguration-ssealgorithm
+            '''
+            result = self._values.get("sse_algorithm")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "EncryptionConfigurationProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_s3tables.CfnTableBucket.UnreferencedFileRemovalProperty",
         jsii_struct_bases=[],
@@ -500,6 +602,7 @@ class CfnTableBucketPolicyProps:
     jsii_struct_bases=[],
     name_mapping={
         "table_bucket_name": "tableBucketName",
+        "encryption_configuration": "encryptionConfiguration",
         "unreferenced_file_removal": "unreferencedFileRemoval",
     },
 )
@@ -508,11 +611,13 @@ class CfnTableBucketProps:
         self,
         *,
         table_bucket_name: builtins.str,
+        encryption_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTableBucket.EncryptionConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         unreferenced_file_removal: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTableBucket.UnreferencedFileRemovalProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''Properties for defining a ``CfnTableBucket``.
 
         :param table_bucket_name: The name for the table bucket.
+        :param encryption_configuration: Configuration specifying how data should be encrypted. This structure defines the encryption algorithm and optional KMS key to be used for server-side encryption.
         :param unreferenced_file_removal: The unreferenced file removal settings for your table bucket. Unreferenced file removal identifies and deletes all objects that are not referenced by any table snapshots. For more information, see the `*Amazon S3 User Guide* <https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-table-buckets-maintenance.html>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3tables-tablebucket.html
@@ -528,6 +633,10 @@ class CfnTableBucketProps:
                 table_bucket_name="tableBucketName",
             
                 # the properties below are optional
+                encryption_configuration=s3tables.CfnTableBucket.EncryptionConfigurationProperty(
+                    kms_key_arn="kmsKeyArn",
+                    sse_algorithm="sseAlgorithm"
+                ),
                 unreferenced_file_removal=s3tables.CfnTableBucket.UnreferencedFileRemovalProperty(
                     noncurrent_days=123,
                     status="status",
@@ -538,10 +647,13 @@ class CfnTableBucketProps:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__6fb9342a13c0e9f7b21679814e793d7ccc0964ccfe53bc5e0916676b628d20f3)
             check_type(argname="argument table_bucket_name", value=table_bucket_name, expected_type=type_hints["table_bucket_name"])
+            check_type(argname="argument encryption_configuration", value=encryption_configuration, expected_type=type_hints["encryption_configuration"])
             check_type(argname="argument unreferenced_file_removal", value=unreferenced_file_removal, expected_type=type_hints["unreferenced_file_removal"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "table_bucket_name": table_bucket_name,
         }
+        if encryption_configuration is not None:
+            self._values["encryption_configuration"] = encryption_configuration
         if unreferenced_file_removal is not None:
             self._values["unreferenced_file_removal"] = unreferenced_file_removal
 
@@ -555,6 +667,19 @@ class CfnTableBucketProps:
         assert result is not None, "Required property 'table_bucket_name' is missing"
         return typing.cast(builtins.str, result)
 
+    @builtins.property
+    def encryption_configuration(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnTableBucket.EncryptionConfigurationProperty]]:
+        '''Configuration specifying how data should be encrypted.
+
+        This structure defines the encryption algorithm and optional KMS key to be used for server-side encryption.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3tables-tablebucket.html#cfn-s3tables-tablebucket-encryptionconfiguration
+        '''
+        result = self._values.get("encryption_configuration")
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, CfnTableBucket.EncryptionConfigurationProperty]], result)
+
     @builtins.property
     def unreferenced_file_removal(
         self,
@@ -594,6 +719,7 @@ def _typecheckingstub__de433918cd34eecbcaab0e81b6a287f71a48dd308c2f4d42e07a0e19c
     id: builtins.str,
     *,
     table_bucket_name: builtins.str,
+    encryption_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTableBucket.EncryptionConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     unreferenced_file_removal: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTableBucket.UnreferencedFileRemovalProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""
@@ -617,12 +743,26 @@ def _typecheckingstub__42ef5079e6a92822a2e6ccbb91b02661f493a7d44dc79dfba0916840d
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__61499f569b4e5dc20b99defd26e29c6e9b7761b6630e1adec9c20e97e099dd4a(
+    value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnTableBucket.EncryptionConfigurationProperty]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__02bf42691243dcbc8ea49c2499d3414260e70a80c4e38a371b64664c49f17e6e(
     value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnTableBucket.UnreferencedFileRemovalProperty]],
 ) -> None:
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__659e946ab1ee4bc0eb13a519adc57d2cb4431347d47a9e6cb4d4086a87be1b2a(
+    *,
+    kms_key_arn: typing.Optional[builtins.str] = None,
+    sse_algorithm: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__e5a5e0b11a3cbe8be01a72f3ac6efc85af9472104c94585d26f630d3354c816b(
     *,
     noncurrent_days: typing.Optional[jsii.Number] = None,
@@ -677,6 +817,7 @@ def _typecheckingstub__df8972559ed3d0ff90d01d70d1cf8f77869398b91f03a408d49a7b5be
 def _typecheckingstub__6fb9342a13c0e9f7b21679814e793d7ccc0964ccfe53bc5e0916676b628d20f3(
     *,
     table_bucket_name: builtins.str,
+    encryption_configuration: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTableBucket.EncryptionConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     unreferenced_file_removal: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnTableBucket.UnreferencedFileRemovalProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""