aws-cdk-lib 2.190.0__py3-none-any.whl → 2.192.0__py3-none-any.whl

aws_cdk/aws_events/__init__.py

@@ -89,6 +89,22 @@ on_commit_rule.add_target(targets.SnsTopic(topic,
 ))
 ```
 
+### Role
+
+You can specify an IAM Role:
+
+```python
+# role: iam.IRole
+
+
+events.Rule(self, "MyRule",
+    schedule=events.Schedule.cron(minute="0", hour="4"),
+    role=role
+)
+```
+
+**Note**: If you're setting an event bus in another account as the target and that account granted permission to your account through an organization instead of directly by the account ID, you must specify a RoleArn with proper permissions in the Target structure, instead of here in this parameter.
+
 ### Matchers
 
 To define a pattern, use the `Match` class, which provides a number of factory methods to declare
@@ -1710,6 +1726,7 @@ class CfnConnection(
                     resource_association_arn="resourceAssociationArn"
                 )
             ),
+            kms_key_identifier="kmsKeyIdentifier",
             name="name"
         )
     '''
@@ -1723,6 +1740,7 @@ class CfnConnection(
         auth_parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnConnection.AuthParametersProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         description: typing.Optional[builtins.str] = None,
         invocation_connectivity_parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnConnection.InvocationConnectivityParametersProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
+        kms_key_identifier: typing.Optional[builtins.str] = None,
         name: typing.Optional[builtins.str] = None,
     ) -> None:
         '''
@@ -1732,6 +1750,7 @@ class CfnConnection(
         :param auth_parameters: The authorization parameters to use to authorize with the endpoint. You must include only authorization parameters for the ``AuthorizationType`` you specify.
         :param description: A description for the connection to create.
         :param invocation_connectivity_parameters: For connections to private APIs, the parameters to use for invoking the API. For more information, see `Connecting to private APIs <https://docs.aws.amazon.com/eventbridge/latest/userguide/connection-private.html>`_ in the **Amazon EventBridge User Guide** .
+        :param kms_key_identifier: 
         :param name: The name for the connection to create.
         '''
         if __debug__:
@@ -1743,6 +1762,7 @@ class CfnConnection(
             auth_parameters=auth_parameters,
             description=description,
             invocation_connectivity_parameters=invocation_connectivity_parameters,
+            kms_key_identifier=kms_key_identifier,
             name=name,
         )
 
@@ -1902,6 +1922,18 @@ class CfnConnection(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "invocationConnectivityParameters", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="kmsKeyIdentifier")
+    def kms_key_identifier(self) -> typing.Optional[builtins.str]:
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "kmsKeyIdentifier"))
+
+    @kms_key_identifier.setter
+    def kms_key_identifier(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__579f1ad92b1c0b7657d928d388da032a83ada8c6564dd3ab6da98459fced8ae1)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "kmsKeyIdentifier", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="name")
     def name(self) -> typing.Optional[builtins.str]:
@@ -2890,6 +2922,7 @@ class CfnConnection(
         "auth_parameters": "authParameters",
         "description": "description",
         "invocation_connectivity_parameters": "invocationConnectivityParameters",
+        "kms_key_identifier": "kmsKeyIdentifier",
         "name": "name",
     },
 )
@@ -2901,6 +2934,7 @@ class CfnConnectionProps:
         auth_parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnConnection.AuthParametersProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         description: typing.Optional[builtins.str] = None,
         invocation_connectivity_parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnConnection.InvocationConnectivityParametersProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+        kms_key_identifier: typing.Optional[builtins.str] = None,
         name: typing.Optional[builtins.str] = None,
     ) -> None:
         '''Properties for defining a ``CfnConnection``.
@@ -2909,6 +2943,7 @@ class CfnConnectionProps:
         :param auth_parameters: The authorization parameters to use to authorize with the endpoint. You must include only authorization parameters for the ``AuthorizationType`` you specify.
         :param description: A description for the connection to create.
         :param invocation_connectivity_parameters: For connections to private APIs, the parameters to use for invoking the API. For more information, see `Connecting to private APIs <https://docs.aws.amazon.com/eventbridge/latest/userguide/connection-private.html>`_ in the **Amazon EventBridge User Guide** .
+        :param kms_key_identifier: 
         :param name: The name for the connection to create.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-connection.html
@@ -3005,6 +3040,7 @@ class CfnConnectionProps:
                         resource_association_arn="resourceAssociationArn"
                     )
                 ),
+                kms_key_identifier="kmsKeyIdentifier",
                 name="name"
             )
         '''
@@ -3014,6 +3050,7 @@ class CfnConnectionProps:
             check_type(argname="argument auth_parameters", value=auth_parameters, expected_type=type_hints["auth_parameters"])
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
             check_type(argname="argument invocation_connectivity_parameters", value=invocation_connectivity_parameters, expected_type=type_hints["invocation_connectivity_parameters"])
+            check_type(argname="argument kms_key_identifier", value=kms_key_identifier, expected_type=type_hints["kms_key_identifier"])
             check_type(argname="argument name", value=name, expected_type=type_hints["name"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
         if authorization_type is not None:
@@ -3024,6 +3061,8 @@ class CfnConnectionProps:
             self._values["description"] = description
         if invocation_connectivity_parameters is not None:
             self._values["invocation_connectivity_parameters"] = invocation_connectivity_parameters
+        if kms_key_identifier is not None:
+            self._values["kms_key_identifier"] = kms_key_identifier
         if name is not None:
             self._values["name"] = name
 
@@ -3075,6 +3114,14 @@ class CfnConnectionProps:
         result = self._values.get("invocation_connectivity_parameters")
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, CfnConnection.InvocationConnectivityParametersProperty]], result)
 
+    @builtins.property
+    def kms_key_identifier(self) -> typing.Optional[builtins.str]:
+        '''
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-connection.html#cfn-events-connection-kmskeyidentifier
+        '''
+        result = self._values.get("kms_key_identifier")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def name(self) -> typing.Optional[builtins.str]:
         '''The name for the connection to create.
@@ -10487,6 +10534,7 @@ class Rule(
         *,
         enabled: typing.Optional[builtins.bool] = None,
         event_bus: typing.Optional[IEventBus] = None,
+        role: typing.Optional[_IRole_235f5d8e] = None,
         schedule: typing.Optional["Schedule"] = None,
         targets: typing.Optional[typing.Sequence[IRuleTarget]] = None,
         cross_stack_scope: typing.Optional[_constructs_77d1e7e8.Construct] = None,
@@ -10499,6 +10547,7 @@ class Rule(
         :param id: -
         :param enabled: Indicates whether the rule is enabled. Default: true
         :param event_bus: The event bus to associate with this rule. Default: - The default event bus.
+        :param role: The role that is used for target invocation. Must be assumable by principal ``events.amazonaws.com``. Default: - No role associated
         :param schedule: The schedule or rate (frequency) that determines when EventBridge runs the rule. You must specify this property, the ``eventPattern`` property, or both. For more information, see Schedule Expression Syntax for Rules in the Amazon EventBridge User Guide. Default: - None.
         :param targets: Targets to invoke when this rule matches an event. Input will be the full matched event. If you wish to specify custom target input, use ``addTarget(target[, inputOptions])``. Default: - No targets.
         :param cross_stack_scope: The scope to use if the source of the rule and its target are in different Stacks (but in the same account & region). This helps dealing with cycles that often arise in these situations. Default: - none (the main scope will be used, even for cross-stack Events)
@@ -10513,6 +10562,7 @@ class Rule(
         props = RuleProps(
             enabled=enabled,
             event_bus=event_bus,
+            role=role,
             schedule=schedule,
             targets=targets,
             cross_stack_scope=cross_stack_scope,
@@ -10655,6 +10705,7 @@ class Rule(
         "rule_name": "ruleName",
         "enabled": "enabled",
         "event_bus": "eventBus",
+        "role": "role",
         "schedule": "schedule",
         "targets": "targets",
     },
@@ -10669,6 +10720,7 @@ class RuleProps(EventCommonOptions):
         rule_name: typing.Optional[builtins.str] = None,
         enabled: typing.Optional[builtins.bool] = None,
         event_bus: typing.Optional[IEventBus] = None,
+        role: typing.Optional[_IRole_235f5d8e] = None,
         schedule: typing.Optional["Schedule"] = None,
         targets: typing.Optional[typing.Sequence[IRuleTarget]] = None,
     ) -> None:
@@ -10680,6 +10732,7 @@ class RuleProps(EventCommonOptions):
         :param rule_name: A name for the rule. Default: AWS CloudFormation generates a unique physical ID.
         :param enabled: Indicates whether the rule is enabled. Default: true
         :param event_bus: The event bus to associate with this rule. Default: - The default event bus.
+        :param role: The role that is used for target invocation. Must be assumable by principal ``events.amazonaws.com``. Default: - No role associated
         :param schedule: The schedule or rate (frequency) that determines when EventBridge runs the rule. You must specify this property, the ``eventPattern`` property, or both. For more information, see Schedule Expression Syntax for Rules in the Amazon EventBridge User Guide. Default: - None.
         :param targets: Targets to invoke when this rule matches an event. Input will be the full matched event. If you wish to specify custom target input, use ``addTarget(target[, inputOptions])``. Default: - No targets.
 
@@ -10714,6 +10767,7 @@ class RuleProps(EventCommonOptions):
             check_type(argname="argument rule_name", value=rule_name, expected_type=type_hints["rule_name"])
             check_type(argname="argument enabled", value=enabled, expected_type=type_hints["enabled"])
             check_type(argname="argument event_bus", value=event_bus, expected_type=type_hints["event_bus"])
+            check_type(argname="argument role", value=role, expected_type=type_hints["role"])
             check_type(argname="argument schedule", value=schedule, expected_type=type_hints["schedule"])
             check_type(argname="argument targets", value=targets, expected_type=type_hints["targets"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
@@ -10729,6 +10783,8 @@ class RuleProps(EventCommonOptions):
             self._values["enabled"] = enabled
         if event_bus is not None:
             self._values["event_bus"] = event_bus
+        if role is not None:
+            self._values["role"] = role
         if schedule is not None:
             self._values["schedule"] = schedule
         if targets is not None:
@@ -10796,6 +10852,17 @@ class RuleProps(EventCommonOptions):
         result = self._values.get("event_bus")
         return typing.cast(typing.Optional[IEventBus], result)
 
+    @builtins.property
+    def role(self) -> typing.Optional[_IRole_235f5d8e]:
+        '''The role that is used for target invocation.
+
+        Must be assumable by principal ``events.amazonaws.com``.
+
+        :default: - No role associated
+        '''
+        result = self._values.get("role")
+        return typing.cast(typing.Optional[_IRole_235f5d8e], result)
+
     @builtins.property
     def schedule(self) -> typing.Optional["Schedule"]:
         '''The schedule or rate (frequency) that determines when EventBridge runs the rule.
@@ -12474,6 +12541,7 @@ def _typecheckingstub__65bde9b35de094b905dd335652d04503af85c50ac027a006a1d7ec926
     auth_parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnConnection.AuthParametersProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     description: typing.Optional[builtins.str] = None,
     invocation_connectivity_parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnConnection.InvocationConnectivityParametersProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+    kms_key_identifier: typing.Optional[builtins.str] = None,
     name: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
@@ -12515,6 +12583,12 @@ def _typecheckingstub__81977d37ca8e880d59a06a5f2212ea535fd65a2615c824916ce07bd93
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__579f1ad92b1c0b7657d928d388da032a83ada8c6564dd3ab6da98459fced8ae1(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__d93a7e7bebc6e390076ef7174623c4da1c018543554603bbb442c270a532a536(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -12612,6 +12686,7 @@ def _typecheckingstub__2b32e6c6e8c1c2772bb604474216b07683c108c349058e240d272750b
     auth_parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnConnection.AuthParametersProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     description: typing.Optional[builtins.str] = None,
     invocation_connectivity_parameters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnConnection.InvocationConnectivityParametersProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+    kms_key_identifier: typing.Optional[builtins.str] = None,
     name: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
@@ -13525,6 +13600,7 @@ def _typecheckingstub__15ada85ef5f1cb4f0237eff6253e200138049f1bebbea7163294d28f9
     *,
     enabled: typing.Optional[builtins.bool] = None,
     event_bus: typing.Optional[IEventBus] = None,
+    role: typing.Optional[_IRole_235f5d8e] = None,
     schedule: typing.Optional[Schedule] = None,
     targets: typing.Optional[typing.Sequence[IRuleTarget]] = None,
     cross_stack_scope: typing.Optional[_constructs_77d1e7e8.Construct] = None,
@@ -13557,6 +13633,7 @@ def _typecheckingstub__26677a946da4037892c1c589c005b7536d8ffed632ca92c5c52a92586
     rule_name: typing.Optional[builtins.str] = None,
     enabled: typing.Optional[builtins.bool] = None,
     event_bus: typing.Optional[IEventBus] = None,
+    role: typing.Optional[_IRole_235f5d8e] = None,
     schedule: typing.Optional[Schedule] = None,
     targets: typing.Optional[typing.Sequence[IRuleTarget]] = None,
 ) -> None:

aws_cdk/aws_iam/__init__.py

@@ -145,6 +145,14 @@ role = iam.Role.from_role_arn(self, "Role", "arn:aws:iam::123456789012:role/MyEx
 )
 ```
 
+If you want to lookup roles that actually exist in your account, you can use `Role.fromLookup()`.
+
+```python
+role = iam.Role.from_lookup(self, "Role",
+    role_name="MyExistingRole"
+)
+```
+
 ### Customizing role creation
 
 It is best practice to allow CDK to manage IAM roles and permissions. You can prevent CDK from
@@ -11101,6 +11109,119 @@ class PrincipalPolicyFragment(
         return typing.cast(typing.Mapping[builtins.str, typing.List[builtins.str]], jsii.get(self, "principalJson"))
 
 
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_iam.RoleLookupOptions",
+    jsii_struct_bases=[FromRoleArnOptions],
+    name_mapping={
+        "add_grants_to_resources": "addGrantsToResources",
+        "default_policy_name": "defaultPolicyName",
+        "mutable": "mutable",
+        "role_name": "roleName",
+    },
+)
+class RoleLookupOptions(FromRoleArnOptions):
+    def __init__(
+        self,
+        *,
+        add_grants_to_resources: typing.Optional[builtins.bool] = None,
+        default_policy_name: typing.Optional[builtins.str] = None,
+        mutable: typing.Optional[builtins.bool] = None,
+        role_name: builtins.str,
+    ) -> None:
+        '''Properties for looking up an existing Role.
+
+        :param add_grants_to_resources: For immutable roles: add grants to resources instead of dropping them. If this is ``false`` or not specified, grant permissions added to this role are ignored. It is your own responsibility to make sure the role has the required permissions. If this is ``true``, any grant permissions will be added to the resource instead. Default: false
+        :param default_policy_name: Any policies created by this role will use this value as their ID, if specified. Specify this if importing the same role in multiple stacks, and granting it different permissions in at least two stacks. If this is not specified (or if the same name is specified in more than one stack), a CloudFormation issue will result in the policy created in whichever stack is deployed last overwriting the policies created by the others. Default: 'Policy'
+        :param mutable: Whether the imported role can be modified by attaching policy resources to it. Default: true
+        :param role_name: The name of the role to lookup. If the role you want to lookup is a service role, you need to specify the role name without the 'service-role' prefix. For example, if the role arn is 'arn:aws:iam::123456789012:role/service-role/ExampleServiceExecutionRole', you need to specify the role name as 'ExampleServiceExecutionRole'.
+
+        :exampleMetadata: infused
+
+        Example::
+
+            role = iam.Role.from_lookup(self, "Role",
+                role_name="MyExistingRole"
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__06f459857ae55dc3473fba5b10ef4188eca762038ac741736a6d4b8cac006356)
+            check_type(argname="argument add_grants_to_resources", value=add_grants_to_resources, expected_type=type_hints["add_grants_to_resources"])
+            check_type(argname="argument default_policy_name", value=default_policy_name, expected_type=type_hints["default_policy_name"])
+            check_type(argname="argument mutable", value=mutable, expected_type=type_hints["mutable"])
+            check_type(argname="argument role_name", value=role_name, expected_type=type_hints["role_name"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "role_name": role_name,
+        }
+        if add_grants_to_resources is not None:
+            self._values["add_grants_to_resources"] = add_grants_to_resources
+        if default_policy_name is not None:
+            self._values["default_policy_name"] = default_policy_name
+        if mutable is not None:
+            self._values["mutable"] = mutable
+
+    @builtins.property
+    def add_grants_to_resources(self) -> typing.Optional[builtins.bool]:
+        '''For immutable roles: add grants to resources instead of dropping them.
+
+        If this is ``false`` or not specified, grant permissions added to this role are ignored.
+        It is your own responsibility to make sure the role has the required permissions.
+
+        If this is ``true``, any grant permissions will be added to the resource instead.
+
+        :default: false
+        '''
+        result = self._values.get("add_grants_to_resources")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    @builtins.property
+    def default_policy_name(self) -> typing.Optional[builtins.str]:
+        '''Any policies created by this role will use this value as their ID, if specified.
+
+        Specify this if importing the same role in multiple stacks, and granting it
+        different permissions in at least two stacks. If this is not specified
+        (or if the same name is specified in more than one stack),
+        a CloudFormation issue will result in the policy created in whichever stack
+        is deployed last overwriting the policies created by the others.
+
+        :default: 'Policy'
+        '''
+        result = self._values.get("default_policy_name")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def mutable(self) -> typing.Optional[builtins.bool]:
+        '''Whether the imported role can be modified by attaching policy resources to it.
+
+        :default: true
+        '''
+        result = self._values.get("mutable")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    @builtins.property
+    def role_name(self) -> builtins.str:
+        '''The name of the role to lookup.
+
+        If the role you want to lookup is a service role, you need to specify
+        the role name without the 'service-role' prefix. For example, if the role arn is
+        'arn:aws:iam::123456789012:role/service-role/ExampleServiceExecutionRole',
+        you need to specify the role name as 'ExampleServiceExecutionRole'.
+        '''
+        result = self._values.get("role_name")
+        assert result is not None, "Required property 'role_name' is missing"
+        return typing.cast(builtins.str, result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "RoleLookupOptions(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
 @jsii.data_type(
     jsii_type="aws-cdk-lib.aws_iam.RoleProps",
     jsii_struct_bases=[],
@@ -13568,6 +13689,40 @@ class Role(
 
         return typing.cast(None, jsii.sinvoke(cls, "customizeRoles", [scope, options]))
 
+    @jsii.member(jsii_name="fromLookup")
+    @builtins.classmethod
+    def from_lookup(
+        cls,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        role_name: builtins.str,
+        add_grants_to_resources: typing.Optional[builtins.bool] = None,
+        default_policy_name: typing.Optional[builtins.str] = None,
+        mutable: typing.Optional[builtins.bool] = None,
+    ) -> IRole:
+        '''Lookup an existing Role.
+
+        :param scope: -
+        :param id: -
+        :param role_name: The name of the role to lookup. If the role you want to lookup is a service role, you need to specify the role name without the 'service-role' prefix. For example, if the role arn is 'arn:aws:iam::123456789012:role/service-role/ExampleServiceExecutionRole', you need to specify the role name as 'ExampleServiceExecutionRole'.
+        :param add_grants_to_resources: For immutable roles: add grants to resources instead of dropping them. If this is ``false`` or not specified, grant permissions added to this role are ignored. It is your own responsibility to make sure the role has the required permissions. If this is ``true``, any grant permissions will be added to the resource instead. Default: false
+        :param default_policy_name: Any policies created by this role will use this value as their ID, if specified. Specify this if importing the same role in multiple stacks, and granting it different permissions in at least two stacks. If this is not specified (or if the same name is specified in more than one stack), a CloudFormation issue will result in the policy created in whichever stack is deployed last overwriting the policies created by the others. Default: 'Policy'
+        :param mutable: Whether the imported role can be modified by attaching policy resources to it. Default: true
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__bb04fc568ec6668a9d1d9742e44b19ae3793417172af39b9989724471935e6d7)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        options = RoleLookupOptions(
+            role_name=role_name,
+            add_grants_to_resources=add_grants_to_resources,
+            default_policy_name=default_policy_name,
+            mutable=mutable,
+        )
+
+        return typing.cast(IRole, jsii.sinvoke(cls, "fromLookup", [scope, id, options]))
+
     @jsii.member(jsii_name="fromRoleArn")
     @builtins.classmethod
     def from_role_arn(
@@ -15399,6 +15554,7 @@ __all__ = [
     "PrincipalPolicyFragment",
     "PrincipalWithConditions",
     "Role",
+    "RoleLookupOptions",
     "RoleProps",
     "SamlConsolePrincipal",
     "SamlMetadataDocument",
@@ -17021,6 +17177,16 @@ def _typecheckingstub__278426b331a0d887bf9449f77f6f9c562033abef58a3d7279c5604a1e
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__06f459857ae55dc3473fba5b10ef4188eca762038ac741736a6d4b8cac006356(
+    *,
+    add_grants_to_resources: typing.Optional[builtins.bool] = None,
+    default_policy_name: typing.Optional[builtins.str] = None,
+    mutable: typing.Optional[builtins.bool] = None,
+    role_name: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__9c9223cb9fa6dff45ee4fd7013629ab18542c2499a83f542c5405968fad2287c(
     *,
     assumed_by: IPrincipal,
@@ -17364,6 +17530,18 @@ def _typecheckingstub__3abda5df0b9e172ab6b6506372119fbc1518a3e56245c4130fbbbd573
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__bb04fc568ec6668a9d1d9742e44b19ae3793417172af39b9989724471935e6d7(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    role_name: builtins.str,
+    add_grants_to_resources: typing.Optional[builtins.bool] = None,
+    default_policy_name: typing.Optional[builtins.str] = None,
+    mutable: typing.Optional[builtins.bool] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__5c43d6c30d91c1507a4d83080c4d03e80839da9ab22909456251bc529eb41a48(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,