aws-cdk-lib 2.191.0__py3-none-any.whl → 2.193.0__py3-none-any.whl

aws_cdk/aws_iam/__init__.py

@@ -145,6 +145,14 @@ role = iam.Role.from_role_arn(self, "Role", "arn:aws:iam::123456789012:role/MyEx
 )
 ```
 
+If you want to lookup roles that actually exist in your account, you can use `Role.fromLookup()`.
+
+```python
+role = iam.Role.from_lookup(self, "Role",
+    role_name="MyExistingRole"
+)
+```
+
 ### Customizing role creation
 
 It is best practice to allow CDK to manage IAM roles and permissions. You can prevent CDK from
@@ -11101,6 +11109,119 @@ class PrincipalPolicyFragment(
         return typing.cast(typing.Mapping[builtins.str, typing.List[builtins.str]], jsii.get(self, "principalJson"))
 
 
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_iam.RoleLookupOptions",
+    jsii_struct_bases=[FromRoleArnOptions],
+    name_mapping={
+        "add_grants_to_resources": "addGrantsToResources",
+        "default_policy_name": "defaultPolicyName",
+        "mutable": "mutable",
+        "role_name": "roleName",
+    },
+)
+class RoleLookupOptions(FromRoleArnOptions):
+    def __init__(
+        self,
+        *,
+        add_grants_to_resources: typing.Optional[builtins.bool] = None,
+        default_policy_name: typing.Optional[builtins.str] = None,
+        mutable: typing.Optional[builtins.bool] = None,
+        role_name: builtins.str,
+    ) -> None:
+        '''Properties for looking up an existing Role.
+
+        :param add_grants_to_resources: For immutable roles: add grants to resources instead of dropping them. If this is ``false`` or not specified, grant permissions added to this role are ignored. It is your own responsibility to make sure the role has the required permissions. If this is ``true``, any grant permissions will be added to the resource instead. Default: false
+        :param default_policy_name: Any policies created by this role will use this value as their ID, if specified. Specify this if importing the same role in multiple stacks, and granting it different permissions in at least two stacks. If this is not specified (or if the same name is specified in more than one stack), a CloudFormation issue will result in the policy created in whichever stack is deployed last overwriting the policies created by the others. Default: 'Policy'
+        :param mutable: Whether the imported role can be modified by attaching policy resources to it. Default: true
+        :param role_name: The name of the role to lookup. If the role you want to lookup is a service role, you need to specify the role name without the 'service-role' prefix. For example, if the role arn is 'arn:aws:iam::123456789012:role/service-role/ExampleServiceExecutionRole', you need to specify the role name as 'ExampleServiceExecutionRole'.
+
+        :exampleMetadata: infused
+
+        Example::
+
+            role = iam.Role.from_lookup(self, "Role",
+                role_name="MyExistingRole"
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__06f459857ae55dc3473fba5b10ef4188eca762038ac741736a6d4b8cac006356)
+            check_type(argname="argument add_grants_to_resources", value=add_grants_to_resources, expected_type=type_hints["add_grants_to_resources"])
+            check_type(argname="argument default_policy_name", value=default_policy_name, expected_type=type_hints["default_policy_name"])
+            check_type(argname="argument mutable", value=mutable, expected_type=type_hints["mutable"])
+            check_type(argname="argument role_name", value=role_name, expected_type=type_hints["role_name"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "role_name": role_name,
+        }
+        if add_grants_to_resources is not None:
+            self._values["add_grants_to_resources"] = add_grants_to_resources
+        if default_policy_name is not None:
+            self._values["default_policy_name"] = default_policy_name
+        if mutable is not None:
+            self._values["mutable"] = mutable
+
+    @builtins.property
+    def add_grants_to_resources(self) -> typing.Optional[builtins.bool]:
+        '''For immutable roles: add grants to resources instead of dropping them.
+
+        If this is ``false`` or not specified, grant permissions added to this role are ignored.
+        It is your own responsibility to make sure the role has the required permissions.
+
+        If this is ``true``, any grant permissions will be added to the resource instead.
+
+        :default: false
+        '''
+        result = self._values.get("add_grants_to_resources")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    @builtins.property
+    def default_policy_name(self) -> typing.Optional[builtins.str]:
+        '''Any policies created by this role will use this value as their ID, if specified.
+
+        Specify this if importing the same role in multiple stacks, and granting it
+        different permissions in at least two stacks. If this is not specified
+        (or if the same name is specified in more than one stack),
+        a CloudFormation issue will result in the policy created in whichever stack
+        is deployed last overwriting the policies created by the others.
+
+        :default: 'Policy'
+        '''
+        result = self._values.get("default_policy_name")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def mutable(self) -> typing.Optional[builtins.bool]:
+        '''Whether the imported role can be modified by attaching policy resources to it.
+
+        :default: true
+        '''
+        result = self._values.get("mutable")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    @builtins.property
+    def role_name(self) -> builtins.str:
+        '''The name of the role to lookup.
+
+        If the role you want to lookup is a service role, you need to specify
+        the role name without the 'service-role' prefix. For example, if the role arn is
+        'arn:aws:iam::123456789012:role/service-role/ExampleServiceExecutionRole',
+        you need to specify the role name as 'ExampleServiceExecutionRole'.
+        '''
+        result = self._values.get("role_name")
+        assert result is not None, "Required property 'role_name' is missing"
+        return typing.cast(builtins.str, result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "RoleLookupOptions(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
 @jsii.data_type(
     jsii_type="aws-cdk-lib.aws_iam.RoleProps",
     jsii_struct_bases=[],
@@ -13568,6 +13689,40 @@ class Role(
 
         return typing.cast(None, jsii.sinvoke(cls, "customizeRoles", [scope, options]))
 
+    @jsii.member(jsii_name="fromLookup")
+    @builtins.classmethod
+    def from_lookup(
+        cls,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        role_name: builtins.str,
+        add_grants_to_resources: typing.Optional[builtins.bool] = None,
+        default_policy_name: typing.Optional[builtins.str] = None,
+        mutable: typing.Optional[builtins.bool] = None,
+    ) -> IRole:
+        '''Lookup an existing Role.
+
+        :param scope: -
+        :param id: -
+        :param role_name: The name of the role to lookup. If the role you want to lookup is a service role, you need to specify the role name without the 'service-role' prefix. For example, if the role arn is 'arn:aws:iam::123456789012:role/service-role/ExampleServiceExecutionRole', you need to specify the role name as 'ExampleServiceExecutionRole'.
+        :param add_grants_to_resources: For immutable roles: add grants to resources instead of dropping them. If this is ``false`` or not specified, grant permissions added to this role are ignored. It is your own responsibility to make sure the role has the required permissions. If this is ``true``, any grant permissions will be added to the resource instead. Default: false
+        :param default_policy_name: Any policies created by this role will use this value as their ID, if specified. Specify this if importing the same role in multiple stacks, and granting it different permissions in at least two stacks. If this is not specified (or if the same name is specified in more than one stack), a CloudFormation issue will result in the policy created in whichever stack is deployed last overwriting the policies created by the others. Default: 'Policy'
+        :param mutable: Whether the imported role can be modified by attaching policy resources to it. Default: true
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__bb04fc568ec6668a9d1d9742e44b19ae3793417172af39b9989724471935e6d7)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        options = RoleLookupOptions(
+            role_name=role_name,
+            add_grants_to_resources=add_grants_to_resources,
+            default_policy_name=default_policy_name,
+            mutable=mutable,
+        )
+
+        return typing.cast(IRole, jsii.sinvoke(cls, "fromLookup", [scope, id, options]))
+
     @jsii.member(jsii_name="fromRoleArn")
     @builtins.classmethod
     def from_role_arn(
@@ -15399,6 +15554,7 @@ __all__ = [
     "PrincipalPolicyFragment",
     "PrincipalWithConditions",
     "Role",
+    "RoleLookupOptions",
     "RoleProps",
     "SamlConsolePrincipal",
     "SamlMetadataDocument",
@@ -17021,6 +17177,16 @@ def _typecheckingstub__278426b331a0d887bf9449f77f6f9c562033abef58a3d7279c5604a1e
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__06f459857ae55dc3473fba5b10ef4188eca762038ac741736a6d4b8cac006356(
+    *,
+    add_grants_to_resources: typing.Optional[builtins.bool] = None,
+    default_policy_name: typing.Optional[builtins.str] = None,
+    mutable: typing.Optional[builtins.bool] = None,
+    role_name: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__9c9223cb9fa6dff45ee4fd7013629ab18542c2499a83f542c5405968fad2287c(
     *,
     assumed_by: IPrincipal,
@@ -17364,6 +17530,18 @@ def _typecheckingstub__3abda5df0b9e172ab6b6506372119fbc1518a3e56245c4130fbbbd573
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__bb04fc568ec6668a9d1d9742e44b19ae3793417172af39b9989724471935e6d7(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    role_name: builtins.str,
+    add_grants_to_resources: typing.Optional[builtins.bool] = None,
+    default_policy_name: typing.Optional[builtins.str] = None,
+    mutable: typing.Optional[builtins.bool] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__5c43d6c30d91c1507a4d83080c4d03e80839da9ab22909456251bc529eb41a48(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,

aws_cdk/aws_opensearchservice/__init__.py

@@ -806,14 +806,22 @@ class CapacityConfig:
 
         Example::
 
+            import aws_cdk.aws_opensearchservice as opensearch
+            
+            
             domain = Domain(self, "Domain",
-                version=EngineVersion.OPENSEARCH_1_0,
-                capacity=CapacityConfig(
-                    master_nodes=2,
-                    warm_nodes=2,
-                    warm_instance_type="ultrawarm1.medium.search"
-                ),
-                cold_storage_enabled=True
+                version=EngineVersion.OPENSEARCH_1_3,
+                capacity=opensearch.CapacityConfig(
+                    node_options=[opensearch.NodeOptions(
+                        node_type=opensearch.NodeType.COORDINATOR,
+                        node_config=opensearch.NodeConfig(
+                            enabled=True,
+                            count=2,
+                            type="m5.large.search"
+                        )
+                    )
+                    ]
+                )
             )
         '''
         if __debug__:
@@ -6269,14 +6277,19 @@ class EbsOptions:
         Example::
 
             domain = Domain(self, "Domain",
-                version=EngineVersion.OPENSEARCH_1_0,
+                version=EngineVersion.OPENSEARCH_1_3,
                 ebs=EbsOptions(
-                    volume_size=100,
-                    volume_type=ec2.EbsDeviceVolumeType.GENERAL_PURPOSE_SSD
+                    volume_size=10,
+                    volume_type=ec2.EbsDeviceVolumeType.GENERAL_PURPOSE_SSD_GP3
                 ),
-                node_to_node_encryption=True,
-                encryption_at_rest=EncryptionAtRestOptions(
-                    enabled=True
+                zone_awareness=ZoneAwarenessConfig(
+                    enabled=True,
+                    availability_zone_count=3
+                ),
+                capacity=CapacityConfig(
+                    multi_az_with_standby_enabled=True,
+                    master_nodes=3,
+                    data_nodes=3
                 )
             )
         '''
@@ -6391,22 +6404,29 @@ class EncryptionAtRestOptions:
 
         Example::
 
-            domain = Domain(self, "Domain",
-                version=EngineVersion.OPENSEARCH_1_0,
-                enforce_https=True,
-                node_to_node_encryption=True,
-                encryption_at_rest=EncryptionAtRestOptions(
+            import aws_cdk.aws_opensearchservice as opensearch
+            
+            
+            domain = opensearch.Domain(self, "Domain",
+                version=opensearch.EngineVersion.OPENSEARCH_2_17,
+                encryption_at_rest=opensearch.EncryptionAtRestOptions(
                     enabled=True
                 ),
-                fine_grained_access_control=AdvancedSecurityOptions(
-                    master_user_name="master-user",
-                    saml_authentication_enabled=True,
-                    saml_authentication_options=SAMLOptionsProperty(
-                        idp_entity_id="entity-id",
-                        idp_metadata_content="metadata-content-with-quotes-escaped"
-                    )
+                node_to_node_encryption=True,
+                enforce_https=True,
+                capacity=opensearch.CapacityConfig(
+                    multi_az_with_standby_enabled=False
+                ),
+                ebs=opensearch.EbsOptions(
+                    enabled=True,
+                    volume_size=10
                 )
             )
+            api = appsync.EventApi(self, "EventApiOpenSearch",
+                api_name="OpenSearchEventApi"
+            )
+            
+            data_source = api.add_open_search_data_source("opensearchds", domain)
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__b5973f04ac98b9a2d9bddce35a01a16416d58b7f8a10bd553cfabe3909eb2523)

aws_cdk/aws_rds/__init__.py

@@ -40462,6 +40462,12 @@ class SqlServerEngineVersion(
         '''Version "15.00.4420.2.v1".'''
         return typing.cast("SqlServerEngineVersion", jsii.sget(cls, "VER_15_00_4420_2_V1"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_15_00_4430_1_V1")
+    def VER_15_00_4430_1_V1(cls) -> "SqlServerEngineVersion":
+        '''Version "15.00.4430.1.v1".'''
+        return typing.cast("SqlServerEngineVersion", jsii.sget(cls, "VER_15_00_4430_1_V1"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_16")
     def VER_16(cls) -> "SqlServerEngineVersion":
@@ -40540,6 +40546,12 @@ class SqlServerEngineVersion(
         '''Version "16.00.4175.1.v1".'''
         return typing.cast("SqlServerEngineVersion", jsii.sget(cls, "VER_16_00_4175_1_V1"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_16_00_4185_3_V1")
+    def VER_16_00_4185_3_V1(cls) -> "SqlServerEngineVersion":
+        '''Version "16.00.4185.3.v1".'''
+        return typing.cast("SqlServerEngineVersion", jsii.sget(cls, "VER_16_00_4185_3_V1"))
+
     @builtins.property
     @jsii.member(jsii_name="sqlServerFullVersion")
     def sql_server_full_version(self) -> builtins.str:

aws_cdk/aws_servicediscovery/__init__.py

@@ -4982,29 +4982,44 @@ class PrivateDnsNamespace(
 ):
     '''Define a Service Discovery HTTP Namespace.
 
-    :exampleMetadata: infused
+    :exampleMetadata: lit=aws-servicediscovery/test/integ.service-with-private-dns-namespace.lit.ts infused
 
     Example::
 
-        # mesh: appmesh.Mesh
-        # Cloud Map service discovery is currently required for host ejection by outlier detection
-        vpc = ec2.Vpc(self, "vpc")
-        namespace = cloudmap.PrivateDnsNamespace(self, "test-namespace",
-            vpc=vpc,
-            name="domain.local"
+        import aws_cdk.aws_ec2 as ec2
+        import aws_cdk.aws_elasticloadbalancingv2 as elbv2
+        import aws_cdk as cdk
+        import aws_cdk as servicediscovery
+        
+        app = cdk.App()
+        stack = cdk.Stack(app, "aws-servicediscovery-integ")
+        
+        vpc = ec2.Vpc(stack, "Vpc", max_azs=2)
+        
+        namespace = servicediscovery.PrivateDnsNamespace(stack, "Namespace",
+            name="boobar.com",
+            vpc=vpc
         )
-        service = namespace.create_service("Svc")
-        node = mesh.add_virtual_node("virtual-node",
-            service_discovery=appmesh.ServiceDiscovery.cloud_map(service),
-            listeners=[appmesh.VirtualNodeListener.http(
-                outlier_detection=appmesh.OutlierDetection(
-                    base_ejection_duration=Duration.seconds(10),
-                    interval=Duration.seconds(30),
-                    max_ejection_percent=50,
-                    max_server_errors=5
-                )
-            )]
+        
+        service = namespace.create_service("Service",
+            dns_record_type=servicediscovery.DnsRecordType.A_AAAA,
+            dns_ttl=cdk.Duration.seconds(30),
+            load_balancer=True
         )
+        
+        loadbalancer = elbv2.ApplicationLoadBalancer(stack, "LB", vpc=vpc, internet_facing=True)
+        
+        service.register_load_balancer("Loadbalancer", loadbalancer)
+        
+        arn_service = namespace.create_service("ArnService",
+            discovery_type=servicediscovery.DiscoveryType.API
+        )
+        
+        arn_service.register_non_ip_instance("NonIpInstance",
+            custom_attributes={"arn": "arn://"}
+        )
+        
+        app.synth()
     '''
 
     def __init__(
@@ -5259,29 +5274,44 @@ class PrivateDnsNamespaceProps(BaseNamespaceProps):
         :param description: A description of the Namespace. Default: none
         :param vpc: The Amazon VPC that you want to associate the namespace with.
 
-        :exampleMetadata: infused
+        :exampleMetadata: lit=aws-servicediscovery/test/integ.service-with-private-dns-namespace.lit.ts infused
 
         Example::
 
-            # mesh: appmesh.Mesh
-            # Cloud Map service discovery is currently required for host ejection by outlier detection
-            vpc = ec2.Vpc(self, "vpc")
-            namespace = cloudmap.PrivateDnsNamespace(self, "test-namespace",
-                vpc=vpc,
-                name="domain.local"
+            import aws_cdk.aws_ec2 as ec2
+            import aws_cdk.aws_elasticloadbalancingv2 as elbv2
+            import aws_cdk as cdk
+            import aws_cdk as servicediscovery
+            
+            app = cdk.App()
+            stack = cdk.Stack(app, "aws-servicediscovery-integ")
+            
+            vpc = ec2.Vpc(stack, "Vpc", max_azs=2)
+            
+            namespace = servicediscovery.PrivateDnsNamespace(stack, "Namespace",
+                name="boobar.com",
+                vpc=vpc
             )
-            service = namespace.create_service("Svc")
-            node = mesh.add_virtual_node("virtual-node",
-                service_discovery=appmesh.ServiceDiscovery.cloud_map(service),
-                listeners=[appmesh.VirtualNodeListener.http(
-                    outlier_detection=appmesh.OutlierDetection(
-                        base_ejection_duration=Duration.seconds(10),
-                        interval=Duration.seconds(30),
-                        max_ejection_percent=50,
-                        max_server_errors=5
-                    )
-                )]
+            
+            service = namespace.create_service("Service",
+                dns_record_type=servicediscovery.DnsRecordType.A_AAAA,
+                dns_ttl=cdk.Duration.seconds(30),
+                load_balancer=True
+            )
+            
+            loadbalancer = elbv2.ApplicationLoadBalancer(stack, "LB", vpc=vpc, internet_facing=True)
+            
+            service.register_load_balancer("Loadbalancer", loadbalancer)
+            
+            arn_service = namespace.create_service("ArnService",
+                discovery_type=servicediscovery.DiscoveryType.API
             )
+            
+            arn_service.register_non_ip_instance("NonIpInstance",
+                custom_attributes={"arn": "arn://"}
+            )
+            
+            app.synth()
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__f5a438cb76c40139835b65e440e9010402611db76baf5e4c500427a16a0b00e7)

aws_cdk/aws_ses/__init__.py

@@ -310,6 +310,21 @@ identity = ses.EmailIdentity(self, "Identity",
 identity.grant_send_email(user)
 ```
 
+You can also reference an existing email identity using its ARN and grant permissions to it:
+
+```python
+import aws_cdk.aws_iam as iam
+# user: iam.User
+
+
+# Imports an existing email identity using its ARN.
+# This is one way to reference an existing identity; another option is using its name via fromEmailIdentityName.
+imported_identity = ses.EmailIdentity.from_email_identity_arn(self, "ImportedIdentity", "arn:aws:ses:us-east-1:123456789012:identity/example.com")
+
+# Grant send email permission to the imported identity
+imported_identity.grant_send_email(user)
+```
+
 ### Virtual Deliverability Manager (VDM)
 
 Virtual Deliverability Manager is an Amazon SES feature that helps you enhance email deliverability,
@@ -17359,6 +17374,27 @@ class EmailIdentity(
 
         jsii.create(self.__class__, self, [scope, id, props])
 
+    @jsii.member(jsii_name="fromEmailIdentityArn")
+    @builtins.classmethod
+    def from_email_identity_arn(
+        cls,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        email_identity_arn: builtins.str,
+    ) -> IEmailIdentity:
+        '''Import an email identity by ARN.
+
+        :param scope: -
+        :param id: -
+        :param email_identity_arn: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__2de9549a4fca6f40216fb37a5702ca1bed885d852e1611aee32de9a296311f79)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+            check_type(argname="argument email_identity_arn", value=email_identity_arn, expected_type=type_hints["email_identity_arn"])
+        return typing.cast(IEmailIdentity, jsii.sinvoke(cls, "fromEmailIdentityArn", [scope, id, email_identity_arn]))
+
     @jsii.member(jsii_name="fromEmailIdentityName")
     @builtins.classmethod
     def from_email_identity_name(
@@ -19686,6 +19722,14 @@ def _typecheckingstub__a0d44bf733be67b29d51a6c681c3faafee6103884474147b68d4b466a
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__2de9549a4fca6f40216fb37a5702ca1bed885d852e1611aee32de9a296311f79(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    email_identity_arn: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__eb1cb50e69249e3f61387a80db0e14cc9a9790c024548390466a511484409a85(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,

{aws_cdk_lib-2.191.0.dist-info → aws_cdk_lib-2.193.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aws-cdk-lib
-Version: 2.191.0
+Version: 2.193.0
 Summary: Version 2 of the AWS Cloud Development Kit library
 Home-page: https://github.com/aws/aws-cdk
 Author: Amazon Web Services