aws-cdk-lib 2.197.0__py3-none-any.whl → 2.198.0__py3-none-any.whl

aws_cdk/aws_sagemaker/__init__.py

@@ -202,6 +202,8 @@ class CfnApp(
     def attr_built_in_lifecycle_config_arn(self) -> builtins.str:
         '''The lifecycle configuration that runs before the default lifecycle configuration.
 
+        It can override changes made in the default lifecycle configuration.
+
         :cloudformationAttribute: BuiltInLifecycleConfigArn
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrBuiltInLifecycleConfigArn"))
@@ -6830,7 +6832,7 @@ class CfnDomain(
             For more information about Code Editor, see `Get started with Code Editor in Amazon SageMaker <https://docs.aws.amazon.com/sagemaker/latest/dg/code-editor.html>`_ .
 
             :param app_lifecycle_management: Settings that are used to configure and manage the lifecycle of CodeEditor applications.
-            :param built_in_lifecycle_config_arn: The lifecycle configuration that runs before the default lifecycle configuration.
+            :param built_in_lifecycle_config_arn: The lifecycle configuration that runs before the default lifecycle configuration. It can override changes made in the default lifecycle configuration.
             :param custom_images: A list of custom SageMaker images that are configured to run as a Code Editor app.
             :param default_resource_spec: The default instance type and the Amazon Resource Name (ARN) of the default SageMaker image used by the Code Editor app.
             :param lifecycle_config_arns: The Amazon Resource Name (ARN) of the Code Editor application lifecycle configuration.
@@ -6904,6 +6906,8 @@ class CfnDomain(
         def built_in_lifecycle_config_arn(self) -> typing.Optional[builtins.str]:
             '''The lifecycle configuration that runs before the default lifecycle configuration.
 
+            It can override changes made in the default lifecycle configuration.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-codeeditorappsettings.html#cfn-sagemaker-domain-codeeditorappsettings-builtinlifecycleconfigarn
             '''
             result = self._values.get("built_in_lifecycle_config_arn")
@@ -8018,9 +8022,12 @@ class CfnDomain(
             sage_maker_image_name: typing.Optional[builtins.str] = None,
             version_aliases: typing.Optional[typing.Sequence[builtins.str]] = None,
         ) -> None:
-            '''
+            '''The SageMaker images that are hidden from the Studio user interface.
+
+            You must specify the SageMaker image name and version aliases.
+
             :param sage_maker_image_name: The SageMaker image name that you are hiding from the Studio user interface.
-            :param version_aliases: 
+            :param version_aliases: The version aliases you are hiding from the Studio user interface.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-hiddensagemakerimage.html
             :exampleMetadata: fixture=_generated
@@ -8057,7 +8064,8 @@ class CfnDomain(
 
         @builtins.property
         def version_aliases(self) -> typing.Optional[typing.List[builtins.str]]:
-            '''
+            '''The version aliases you are hiding from the Studio user interface.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-hiddensagemakerimage.html#cfn-sagemaker-domain-hiddensagemakerimage-versionaliases
             '''
             result = self._values.get("version_aliases")
@@ -8205,7 +8213,7 @@ class CfnDomain(
             '''The settings for the JupyterLab application.
 
             :param app_lifecycle_management: Indicates whether idle shutdown is activated for JupyterLab applications.
-            :param built_in_lifecycle_config_arn: The lifecycle configuration that runs before the default lifecycle configuration.
+            :param built_in_lifecycle_config_arn: The lifecycle configuration that runs before the default lifecycle configuration. It can override changes made in the default lifecycle configuration.
             :param code_repositories: A list of Git repositories that SageMaker automatically displays to users for cloning in the JupyterLab application.
             :param custom_images: A list of custom SageMaker images that are configured to run as a JupyterLab app.
             :param default_resource_spec: The default instance type and the Amazon Resource Name (ARN) of the default SageMaker image used by the JupyterLab app.
@@ -8286,6 +8294,8 @@ class CfnDomain(
         def built_in_lifecycle_config_arn(self) -> typing.Optional[builtins.str]:
             '''The lifecycle configuration that runs before the default lifecycle configuration.
 
+            It can override changes made in the default lifecycle configuration.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-jupyterlabappsettings.html#cfn-sagemaker-domain-jupyterlabappsettings-builtinlifecycleconfigarn
             '''
             result = self._values.get("built_in_lifecycle_config_arn")
@@ -9196,7 +9206,7 @@ class CfnDomain(
             ``SecurityGroups`` is aggregated when specified in both calls. For all other settings in ``UserSettings`` , the values specified in ``CreateUserProfile`` take precedence over those specified in ``CreateDomain`` .
 
             :param execution_role: The execution role for the user. SageMaker applies this setting only to private spaces that the user creates in the domain. SageMaker doesn't apply this setting to shared spaces.
-            :param auto_mount_home_efs: Indicates whether auto-mounting of an EFS volume is supported for the user profile.
+            :param auto_mount_home_efs: Indicates whether auto-mounting of an EFS volume is supported for the user profile. The ``DefaultAsDomain`` value is only supported for user profiles. Do not use the ``DefaultAsDomain`` value when setting this parameter for a domain. SageMaker applies this setting only to private spaces that the user creates in the domain. SageMaker doesn't apply this setting to shared spaces.
             :param code_editor_app_settings: The Code Editor application settings. SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
             :param custom_file_system_configs: The settings for assigning a custom file system to a user profile. Permitted users can access this file system in Amazon SageMaker AI Studio. SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
             :param custom_posix_user_config: Details about the POSIX identity that is used for file system operations. SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
@@ -9434,6 +9444,10 @@ class CfnDomain(
         def auto_mount_home_efs(self) -> typing.Optional[builtins.str]:
             '''Indicates whether auto-mounting of an EFS volume is supported for the user profile.
 
+            The ``DefaultAsDomain`` value is only supported for user profiles. Do not use the ``DefaultAsDomain`` value when setting this parameter for a domain.
+
+            SageMaker applies this setting only to private spaces that the user creates in the domain. SageMaker doesn't apply this setting to shared spaces.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-usersettings.html#cfn-sagemaker-domain-usersettings-automounthomeefs
             '''
             result = self._values.get("auto_mount_home_efs")
@@ -46876,7 +46890,7 @@ class CfnUserProfile(
             For more information about Code Editor, see `Get started with Code Editor in Amazon SageMaker <https://docs.aws.amazon.com/sagemaker/latest/dg/code-editor.html>`_ .
 
             :param app_lifecycle_management: Settings that are used to configure and manage the lifecycle of CodeEditor applications.
-            :param built_in_lifecycle_config_arn: The lifecycle configuration that runs before the default lifecycle configuration.
+            :param built_in_lifecycle_config_arn: The lifecycle configuration that runs before the default lifecycle configuration. It can override changes made in the default lifecycle configuration.
             :param custom_images: A list of custom SageMaker images that are configured to run as a Code Editor app.
             :param default_resource_spec: The default instance type and the Amazon Resource Name (ARN) of the default SageMaker image used by the Code Editor app.
             :param lifecycle_config_arns: The Amazon Resource Name (ARN) of the Code Editor application lifecycle configuration.
@@ -46950,6 +46964,8 @@ class CfnUserProfile(
         def built_in_lifecycle_config_arn(self) -> typing.Optional[builtins.str]:
             '''The lifecycle configuration that runs before the default lifecycle configuration.
 
+            It can override changes made in the default lifecycle configuration.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-userprofile-codeeditorappsettings.html#cfn-sagemaker-userprofile-codeeditorappsettings-builtinlifecycleconfigarn
             '''
             result = self._values.get("built_in_lifecycle_config_arn")
@@ -47605,9 +47621,12 @@ class CfnUserProfile(
             sage_maker_image_name: typing.Optional[builtins.str] = None,
             version_aliases: typing.Optional[typing.Sequence[builtins.str]] = None,
         ) -> None:
-            '''
+            '''The SageMaker images that are hidden from the Studio user interface.
+
+            You must specify the SageMaker image name and version aliases.
+
             :param sage_maker_image_name: The SageMaker image name that you are hiding from the Studio user interface.
-            :param version_aliases: 
+            :param version_aliases: The version aliases you are hiding from the Studio user interface.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-userprofile-hiddensagemakerimage.html
             :exampleMetadata: fixture=_generated
@@ -47644,7 +47663,8 @@ class CfnUserProfile(
 
         @builtins.property
         def version_aliases(self) -> typing.Optional[typing.List[builtins.str]]:
-            '''
+            '''The version aliases you are hiding from the Studio user interface.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-userprofile-hiddensagemakerimage.html#cfn-sagemaker-userprofile-hiddensagemakerimage-versionaliases
             '''
             result = self._values.get("version_aliases")
@@ -47792,7 +47812,7 @@ class CfnUserProfile(
             '''The settings for the JupyterLab application.
 
             :param app_lifecycle_management: Indicates whether idle shutdown is activated for JupyterLab applications.
-            :param built_in_lifecycle_config_arn: The lifecycle configuration that runs before the default lifecycle configuration.
+            :param built_in_lifecycle_config_arn: The lifecycle configuration that runs before the default lifecycle configuration. It can override changes made in the default lifecycle configuration.
             :param code_repositories: A list of Git repositories that SageMaker automatically displays to users for cloning in the JupyterLab application.
             :param custom_images: A list of custom SageMaker images that are configured to run as a JupyterLab app.
             :param default_resource_spec: The default instance type and the Amazon Resource Name (ARN) of the default SageMaker image used by the JupyterLab app.
@@ -47873,6 +47893,8 @@ class CfnUserProfile(
         def built_in_lifecycle_config_arn(self) -> typing.Optional[builtins.str]:
             '''The lifecycle configuration that runs before the default lifecycle configuration.
 
+            It can override changes made in the default lifecycle configuration.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-userprofile-jupyterlabappsettings.html#cfn-sagemaker-userprofile-jupyterlabappsettings-builtinlifecycleconfigarn
             '''
             result = self._values.get("built_in_lifecycle_config_arn")
@@ -48577,7 +48599,7 @@ class CfnUserProfile(
 
             ``SecurityGroups`` is aggregated when specified in both calls. For all other settings in ``UserSettings`` , the values specified in ``CreateUserProfile`` take precedence over those specified in ``CreateDomain`` .
 
-            :param auto_mount_home_efs: Indicates whether auto-mounting of an EFS volume is supported for the user profile.
+            :param auto_mount_home_efs: Indicates whether auto-mounting of an EFS volume is supported for the user profile. The ``DefaultAsDomain`` value is only supported for user profiles. Do not use the ``DefaultAsDomain`` value when setting this parameter for a domain. SageMaker applies this setting only to private spaces that the user creates in the domain. SageMaker doesn't apply this setting to shared spaces.
             :param code_editor_app_settings: The Code Editor application settings. SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
             :param custom_file_system_configs: The settings for assigning a custom file system to a user profile. Permitted users can access this file system in Amazon SageMaker AI Studio. SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
             :param custom_posix_user_config: Details about the POSIX identity that is used for file system operations. SageMaker applies these settings only to private spaces that the user creates in the domain. SageMaker doesn't apply these settings to shared spaces.
@@ -48783,6 +48805,10 @@ class CfnUserProfile(
         def auto_mount_home_efs(self) -> typing.Optional[builtins.str]:
             '''Indicates whether auto-mounting of an EFS volume is supported for the user profile.
 
+            The ``DefaultAsDomain`` value is only supported for user profiles. Do not use the ``DefaultAsDomain`` value when setting this parameter for a domain.
+
+            SageMaker applies this setting only to private spaces that the user creates in the domain. SageMaker doesn't apply this setting to shared spaces.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-userprofile-usersettings.html#cfn-sagemaker-userprofile-usersettings-automounthomeefs
             '''
             result = self._values.get("auto_mount_home_efs")

aws_cdk/aws_ses/__init__.py

@@ -100,6 +100,12 @@ ses.AllowListReceiptFilter(self, "AllowList",
 
 This will first create a block all filter and then create allow filters for the listed ip addresses.
 
+### AWS Service Principal permissions
+
+When adding an s3 action to a receipt rule, the CDK will automatically create a policy statement that allows the ses service principal to get write access to the bucket. This is done with the `SourceAccount` condition key, which is automatically added to the policy statement.
+Previously, the policy used the `Referer` condition key, which caused confused deputy problems when the bucket policy allowed access to the bucket for all principals.
+See more information in [this github issue](https://github.com/aws/aws-cdk/issues/29811)
+
 ## Email sending
 
 ### Dedicated IP pools
@@ -6023,6 +6029,15 @@ class CfnMailManagerRuleSet(
                         action_failure_policy="actionFailurePolicy"
                     ),
                     drop=drop,
+                    publish_to_sns=ses.CfnMailManagerRuleSet.SnsActionProperty(
+                        role_arn="roleArn",
+                        topic_arn="topicArn",
+        
+                        # the properties below are optional
+                        action_failure_policy="actionFailurePolicy",
+                        encoding="encoding",
+                        payload_type="payloadType"
+                    ),
                     relay=ses.CfnMailManagerRuleSet.RelayActionProperty(
                         relay="relay",
         
@@ -6892,6 +6907,7 @@ class CfnMailManagerRuleSet(
             "deliver_to_mailbox": "deliverToMailbox",
             "deliver_to_q_business": "deliverToQBusiness",
             "drop": "drop",
+            "publish_to_sns": "publishToSns",
             "relay": "relay",
             "replace_recipient": "replaceRecipient",
             "send": "send",
@@ -6907,6 +6923,7 @@ class CfnMailManagerRuleSet(
             deliver_to_mailbox: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnMailManagerRuleSet.DeliverToMailboxActionProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             deliver_to_q_business: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnMailManagerRuleSet.DeliverToQBusinessActionProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             drop: typing.Any = None,
+            publish_to_sns: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnMailManagerRuleSet.SnsActionProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             relay: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnMailManagerRuleSet.RelayActionProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             replace_recipient: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnMailManagerRuleSet.ReplaceRecipientActionProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             send: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnMailManagerRuleSet.SendActionProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -6923,6 +6940,7 @@ class CfnMailManagerRuleSet(
             :param deliver_to_mailbox: This action delivers an email to a WorkMail mailbox.
             :param deliver_to_q_business: This action delivers an email to an Amazon Q Business application for ingestion into its knowledge base.
             :param drop: This action terminates the evaluation of rules in the rule set.
+            :param publish_to_sns: 
             :param relay: This action relays the email to another SMTP server.
             :param replace_recipient: The action replaces certain or all recipients with a different set of recipients.
             :param send: This action sends the email to the internet.
@@ -6966,6 +6984,15 @@ class CfnMailManagerRuleSet(
                         action_failure_policy="actionFailurePolicy"
                     ),
                     drop=drop,
+                    publish_to_sns=ses.CfnMailManagerRuleSet.SnsActionProperty(
+                        role_arn="roleArn",
+                        topic_arn="topicArn",
+                
+                        # the properties below are optional
+                        action_failure_policy="actionFailurePolicy",
+                        encoding="encoding",
+                        payload_type="payloadType"
+                    ),
                     relay=ses.CfnMailManagerRuleSet.RelayActionProperty(
                         relay="relay",
                 
@@ -7000,6 +7027,7 @@ class CfnMailManagerRuleSet(
                 check_type(argname="argument deliver_to_mailbox", value=deliver_to_mailbox, expected_type=type_hints["deliver_to_mailbox"])
                 check_type(argname="argument deliver_to_q_business", value=deliver_to_q_business, expected_type=type_hints["deliver_to_q_business"])
                 check_type(argname="argument drop", value=drop, expected_type=type_hints["drop"])
+                check_type(argname="argument publish_to_sns", value=publish_to_sns, expected_type=type_hints["publish_to_sns"])
                 check_type(argname="argument relay", value=relay, expected_type=type_hints["relay"])
                 check_type(argname="argument replace_recipient", value=replace_recipient, expected_type=type_hints["replace_recipient"])
                 check_type(argname="argument send", value=send, expected_type=type_hints["send"])
@@ -7015,6 +7043,8 @@ class CfnMailManagerRuleSet(
                 self._values["deliver_to_q_business"] = deliver_to_q_business
             if drop is not None:
                 self._values["drop"] = drop
+            if publish_to_sns is not None:
+                self._values["publish_to_sns"] = publish_to_sns
             if relay is not None:
                 self._values["relay"] = relay
             if replace_recipient is not None:
@@ -7081,6 +7111,16 @@ class CfnMailManagerRuleSet(
             result = self._values.get("drop")
             return typing.cast(typing.Any, result)
 
+        @builtins.property
+        def publish_to_sns(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnMailManagerRuleSet.SnsActionProperty"]]:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-mailmanagerruleset-ruleaction.html#cfn-ses-mailmanagerruleset-ruleaction-publishtosns
+            '''
+            result = self._values.get("publish_to_sns")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnMailManagerRuleSet.SnsActionProperty"]], result)
+
         @builtins.property
         def relay(
             self,
@@ -7922,6 +7962,15 @@ class CfnMailManagerRuleSet(
                             action_failure_policy="actionFailurePolicy"
                         ),
                         drop=drop,
+                        publish_to_sns=ses.CfnMailManagerRuleSet.SnsActionProperty(
+                            role_arn="roleArn",
+                            topic_arn="topicArn",
+                
+                            # the properties below are optional
+                            action_failure_policy="actionFailurePolicy",
+                            encoding="encoding",
+                            payload_type="payloadType"
+                        ),
                         relay=ses.CfnMailManagerRuleSet.RelayActionProperty(
                             relay="relay",
                 
@@ -8719,6 +8768,124 @@ class CfnMailManagerRuleSet(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_ses.CfnMailManagerRuleSet.SnsActionProperty",
+        jsii_struct_bases=[],
+        name_mapping={
+            "role_arn": "roleArn",
+            "topic_arn": "topicArn",
+            "action_failure_policy": "actionFailurePolicy",
+            "encoding": "encoding",
+            "payload_type": "payloadType",
+        },
+    )
+    class SnsActionProperty:
+        def __init__(
+            self,
+            *,
+            role_arn: builtins.str,
+            topic_arn: builtins.str,
+            action_failure_policy: typing.Optional[builtins.str] = None,
+            encoding: typing.Optional[builtins.str] = None,
+            payload_type: typing.Optional[builtins.str] = None,
+        ) -> None:
+            '''
+            :param role_arn: 
+            :param topic_arn: 
+            :param action_failure_policy: 
+            :param encoding: 
+            :param payload_type: 
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-mailmanagerruleset-snsaction.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_ses as ses
+                
+                sns_action_property = ses.CfnMailManagerRuleSet.SnsActionProperty(
+                    role_arn="roleArn",
+                    topic_arn="topicArn",
+                
+                    # the properties below are optional
+                    action_failure_policy="actionFailurePolicy",
+                    encoding="encoding",
+                    payload_type="payloadType"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__c1dba6e94fdb5a871528ffcc897120b50f8c7998718a851aaed472055a2a05a6)
+                check_type(argname="argument role_arn", value=role_arn, expected_type=type_hints["role_arn"])
+                check_type(argname="argument topic_arn", value=topic_arn, expected_type=type_hints["topic_arn"])
+                check_type(argname="argument action_failure_policy", value=action_failure_policy, expected_type=type_hints["action_failure_policy"])
+                check_type(argname="argument encoding", value=encoding, expected_type=type_hints["encoding"])
+                check_type(argname="argument payload_type", value=payload_type, expected_type=type_hints["payload_type"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "role_arn": role_arn,
+                "topic_arn": topic_arn,
+            }
+            if action_failure_policy is not None:
+                self._values["action_failure_policy"] = action_failure_policy
+            if encoding is not None:
+                self._values["encoding"] = encoding
+            if payload_type is not None:
+                self._values["payload_type"] = payload_type
+
+        @builtins.property
+        def role_arn(self) -> builtins.str:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-mailmanagerruleset-snsaction.html#cfn-ses-mailmanagerruleset-snsaction-rolearn
+            '''
+            result = self._values.get("role_arn")
+            assert result is not None, "Required property 'role_arn' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def topic_arn(self) -> builtins.str:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-mailmanagerruleset-snsaction.html#cfn-ses-mailmanagerruleset-snsaction-topicarn
+            '''
+            result = self._values.get("topic_arn")
+            assert result is not None, "Required property 'topic_arn' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def action_failure_policy(self) -> typing.Optional[builtins.str]:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-mailmanagerruleset-snsaction.html#cfn-ses-mailmanagerruleset-snsaction-actionfailurepolicy
+            '''
+            result = self._values.get("action_failure_policy")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def encoding(self) -> typing.Optional[builtins.str]:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-mailmanagerruleset-snsaction.html#cfn-ses-mailmanagerruleset-snsaction-encoding
+            '''
+            result = self._values.get("encoding")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def payload_type(self) -> typing.Optional[builtins.str]:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ses-mailmanagerruleset-snsaction.html#cfn-ses-mailmanagerruleset-snsaction-payloadtype
+            '''
+            result = self._values.get("payload_type")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "SnsActionProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
 
 @jsii.data_type(
     jsii_type="aws-cdk-lib.aws_ses.CfnMailManagerRuleSetProps",
@@ -8779,6 +8946,15 @@ class CfnMailManagerRuleSetProps:
                             action_failure_policy="actionFailurePolicy"
                         ),
                         drop=drop,
+                        publish_to_sns=ses.CfnMailManagerRuleSet.SnsActionProperty(
+                            role_arn="roleArn",
+                            topic_arn="topicArn",
+            
+                            # the properties below are optional
+                            action_failure_policy="actionFailurePolicy",
+                            encoding="encoding",
+                            payload_type="payloadType"
+                        ),
                         relay=ses.CfnMailManagerRuleSet.RelayActionProperty(
                             relay="relay",
             
@@ -18663,6 +18839,7 @@ def _typecheckingstub__305f0be9d67c9da493953a4770d737df26a1af8dedfd249fd91350062
     deliver_to_mailbox: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnMailManagerRuleSet.DeliverToMailboxActionProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     deliver_to_q_business: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnMailManagerRuleSet.DeliverToQBusinessActionProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     drop: typing.Any = None,
+    publish_to_sns: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnMailManagerRuleSet.SnsActionProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     relay: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnMailManagerRuleSet.RelayActionProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     replace_recipient: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnMailManagerRuleSet.ReplaceRecipientActionProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     send: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnMailManagerRuleSet.SendActionProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -18803,6 +18980,17 @@ def _typecheckingstub__55318dc538596167d3b14e3c3844f14a00b3cbe799ecfea26bbb89d52
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__c1dba6e94fdb5a871528ffcc897120b50f8c7998718a851aaed472055a2a05a6(
+    *,
+    role_arn: builtins.str,
+    topic_arn: builtins.str,
+    action_failure_policy: typing.Optional[builtins.str] = None,
+    encoding: typing.Optional[builtins.str] = None,
+    payload_type: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__9120678c5e64c2879e05de88594491cf3cdaac302d42183fc9f8d7289a9725cf(
     *,
     rules: typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnMailManagerRuleSet.RuleProperty, typing.Dict[builtins.str, typing.Any]]]]],

aws_cdk/aws_ssmquicksetup/__init__.py

@@ -319,8 +319,8 @@ class CfnConfigurationManager(
             :param parameters: The parameters for the configuration definition type. Parameters for configuration definitions vary based the configuration type. The following lists outline the parameters for each configuration type. - **AWS Config Recording (Type: AWS QuickSetupType-CFGRecording)** - - ``RecordAllResources`` - Description: (Optional) A boolean value that determines whether all supported resources are recorded. The default value is " ``true`` ". - ``ResourceTypesToRecord`` - Description: (Optional) A comma separated list of resource types you want to record. - ``RecordGlobalResourceTypes`` - Description: (Optional) A boolean value that determines whether global resources are recorded with all resource configurations. The default value is " ``false`` ". - ``GlobalResourceTypesRegion`` - Description: (Optional) Determines the AWS Region where global resources are recorded. - ``UseCustomBucket`` - Description: (Optional) A boolean value that determines whether a custom Amazon S3 bucket is used for delivery. The default value is " ``false`` ". - ``DeliveryBucketName`` - Description: (Optional) The name of the Amazon S3 bucket you want AWS Config to deliver configuration snapshots and configuration history files to. - ``DeliveryBucketPrefix`` - Description: (Optional) The key prefix you want to use in the custom Amazon S3 bucket. - ``NotificationOptions`` - Description: (Optional) Determines the notification configuration for the recorder. The valid values are ``NoStreaming`` , ``UseExistingTopic`` , and ``CreateTopic`` . The default value is ``NoStreaming`` . - ``CustomDeliveryTopicAccountId`` - Description: (Optional) The ID of the AWS account where the Amazon SNS topic you want to use for notifications resides. You must specify a value for this parameter if you use the ``UseExistingTopic`` notification option. - ``CustomDeliveryTopicName`` - Description: (Optional) The name of the Amazon SNS topic you want to use for notifications. You must specify a value for this parameter if you use the ``UseExistingTopic`` notification option. - ``RemediationSchedule`` - Description: (Optional) A rate expression that defines the schedule for drift remediation. The valid values are ``rate(30 days)`` , ``rate(7 days)`` , ``rate(1 days)`` , and ``none`` . The default value is " ``none`` ". - ``TargetAccounts`` - Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either ``TargetAccounts`` or ``TargetOrganizationalUnits`` . - ``TargetOrganizationalUnits`` - Description: (Optional) The ID of the root of your Organization. This configuration type doesn't currently support choosing specific OUs. The configuration will be deployed to all the OUs in the Organization. - ``TargetRegions`` - Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to. - **Change Manager (Type: AWS QuickSetupType-SSMChangeMgr)** - - ``DelegatedAccountId`` - Description: (Required) The ID of the delegated administrator account. - ``JobFunction`` - Description: (Required) The name for the Change Manager job function. - ``PermissionType`` - Description: (Optional) Specifies whether you want to use default administrator permissions for the job function role, or provide a custom IAM policy. The valid values are ``CustomPermissions`` and ``AdminPermissions`` . The default value for the parameter is ``CustomerPermissions`` . - ``CustomPermissions`` - Description: (Optional) A JSON string containing the IAM policy you want your job function to use. You must provide a value for this parameter if you specify ``CustomPermissions`` for the ``PermissionType`` parameter. - ``TargetOrganizationalUnits`` - Description: (Required) A comma separated list of organizational units (OUs) you want to deploy the configuration to. - ``TargetRegions`` - Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to. - **Conformance Packs (Type: AWS QuickSetupType-CFGCPacks)** - - ``DelegatedAccountId`` - Description: (Optional) The ID of the delegated administrator account. This parameter is required for Organization deployments. - ``RemediationSchedule`` - Description: (Optional) A rate expression that defines the schedule for drift remediation. The valid values are ``rate(30 days)`` , ``rate(14 days)`` , ``rate(2 days)`` , and ``none`` . The default value is " ``none`` ". - ``CPackNames`` - Description: (Required) A comma separated list of AWS Config conformance packs. - ``TargetAccounts`` - Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either ``TargetAccounts`` or ``TargetOrganizationalUnits`` . - ``TargetOrganizationalUnits`` - Description: (Optional) The ID of the root of your Organization. This configuration type doesn't currently support choosing specific OUs. The configuration will be deployed to all the OUs in the Organization. - ``TargetRegions`` - Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to. - **Default Host Management Configuration (Type: AWS QuickSetupType-DHMC)** - - ``UpdateSSMAgent`` - Description: (Optional) A boolean value that determines whether the SSM Agent is updated on the target instances every 2 weeks. The default value is " ``true`` ". - ``TargetOrganizationalUnits`` - Description: (Required) A comma separated list of organizational units (OUs) you want to deploy the configuration to. - ``TargetRegions`` - Description: (Required) The AWS Regions to deploy the configuration to. For this type, the parameter only accepts a value of ``AllRegions`` . - **DevOps Guru (Type: AWS QuickSetupType-DevOpsGuru)** - - ``AnalyseAllResources`` - Description: (Optional) A boolean value that determines whether DevOps Guru analyzes all AWS CloudFormation stacks in the account. The default value is " ``false`` ". - ``EnableSnsNotifications`` - Description: (Optional) A boolean value that determines whether DevOps Guru sends notifications when an insight is created. The default value is " ``true`` ". - ``EnableSsmOpsItems`` - Description: (Optional) A boolean value that determines whether DevOps Guru creates an OpsCenter OpsItem when an insight is created. The default value is " ``true`` ". - ``EnableDriftRemediation`` - Description: (Optional) A boolean value that determines whether a drift remediation schedule is used. The default value is " ``false`` ". - ``RemediationSchedule`` - Description: (Optional) A rate expression that defines the schedule for drift remediation. The valid values are ``rate(30 days)`` , ``rate(14 days)`` , ``rate(1 days)`` , and ``none`` . The default value is " ``none`` ". - ``TargetAccounts`` - Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either ``TargetAccounts`` or ``TargetOrganizationalUnits`` . - ``TargetOrganizationalUnits`` - Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to. - ``TargetRegions`` - Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to. - **Distributor (Type: AWS QuickSetupType-Distributor)** - - ``PackagesToInstall`` - Description: (Required) A comma separated list of packages you want to install on the target instances. The valid values are ``AWSEFSTools`` , ``AWSCWAgent`` , and ``AWSEC2LaunchAgent`` . - ``RemediationSchedule`` - Description: (Optional) A rate expression that defines the schedule for drift remediation. The valid values are ``rate(30 days)`` , ``rate(14 days)`` , ``rate(2 days)`` , and ``none`` . The default value is " ``rate(30 days)`` ". - ``IsPolicyAttachAllowed`` - Description: (Optional) A boolean value that determines whether Quick Setup attaches policies to instances profiles already associated with the target instances. The default value is " ``false`` ". - ``TargetType`` - Description: (Optional) Determines how instances are targeted for local account deployments. Don't specify a value for this parameter if you're deploying to OUs. The valid values are ``*`` , ``InstanceIds`` , ``ResourceGroups`` , and ``Tags`` . Use ``*`` to target all instances in the account. - ``TargetInstances`` - Description: (Optional) A comma separated list of instance IDs. You must provide a value for this parameter if you specify ``InstanceIds`` for the ``TargetType`` parameter. - ``TargetTagKey`` - Description: (Required) The tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify ``Tags`` for the ``TargetType`` parameter. - ``TargetTagValue`` - Description: (Required) The value of the tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify ``Tags`` for the ``TargetType`` parameter. - ``ResourceGroupName`` - Description: (Required) The name of the resource group associated with the instances you want to target. You must provide a value for this parameter if you specify ``ResourceGroups`` for the ``TargetType`` parameter. - ``TargetAccounts`` - Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either ``TargetAccounts`` or ``TargetOrganizationalUnits`` . - ``TargetOrganizationalUnits`` - Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to. - ``TargetRegions`` - Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to. - **Host Management (Type: AWS QuickSetupType-SSMHostMgmt)** - - ``UpdateSSMAgent`` - Description: (Optional) A boolean value that determines whether the SSM Agent is updated on the target instances every 2 weeks. The default value is " ``true`` ". - ``UpdateEc2LaunchAgent`` - Description: (Optional) A boolean value that determines whether the EC2 Launch agent is updated on the target instances every month. The default value is " ``false`` ". - ``CollectInventory`` - Description: (Optional) A boolean value that determines whether instance metadata is collected on the target instances every 30 minutes. The default value is " ``true`` ". - ``ScanInstances`` - Description: (Optional) A boolean value that determines whether the target instances are scanned daily for available patches. The default value is " ``true`` ". - ``InstallCloudWatchAgent`` - Description: (Optional) A boolean value that determines whether the Amazon CloudWatch agent is installed on the target instances. The default value is " ``false`` ". - ``UpdateCloudWatchAgent`` - Description: (Optional) A boolean value that determines whether the Amazon CloudWatch agent is updated on the target instances every month. The default value is " ``false`` ". - ``IsPolicyAttachAllowed`` - Description: (Optional) A boolean value that determines whether Quick Setup attaches policies to instances profiles already associated with the target instances. The default value is " ``false`` ". - ``TargetType`` - Description: (Optional) Determines how instances are targeted for local account deployments. Don't specify a value for this parameter if you're deploying to OUs. The valid values are ``*`` , ``InstanceIds`` , ``ResourceGroups`` , and ``Tags`` . Use ``*`` to target all instances in the account. - ``TargetInstances`` - Description: (Optional) A comma separated list of instance IDs. You must provide a value for this parameter if you specify ``InstanceIds`` for the ``TargetType`` parameter. - ``TargetTagKey`` - Description: (Optional) The tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify ``Tags`` for the ``TargetType`` parameter. - ``TargetTagValue`` - Description: (Optional) The value of the tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify ``Tags`` for the ``TargetType`` parameter. - ``ResourceGroupName`` - Description: (Optional) The name of the resource group associated with the instances you want to target. You must provide a value for this parameter if you specify ``ResourceGroups`` for the ``TargetType`` parameter. - ``TargetAccounts`` - Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either ``TargetAccounts`` or ``TargetOrganizationalUnits`` . - ``TargetOrganizationalUnits`` - Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to. - ``TargetRegions`` - Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to. - **OpsCenter (Type: AWS QuickSetupType-SSMOpsCenter)** - - ``DelegatedAccountId`` - Description: (Required) The ID of the delegated administrator account. - ``TargetOrganizationalUnits`` - Description: (Required) A comma separated list of organizational units (OUs) you want to deploy the configuration to. - ``TargetRegions`` - Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to. - **Patch Policy (Type: AWS QuickSetupType-PatchPolicy)** - - ``PatchPolicyName`` - Description: (Required) A name for the patch policy. The value you provide is applied to target Amazon EC2 instances as a tag. - ``SelectedPatchBaselines`` - Description: (Required) An array of JSON objects containing the information for the patch baselines to include in your patch policy. - ``PatchBaselineUseDefault`` - Description: (Optional) A value that determines whether the selected patch baselines are all AWS provided. Supported values are ``default`` and ``custom`` . - ``PatchBaselineRegion`` - Description: (Required) The AWS Region where the patch baseline exist. - ``ConfigurationOptionsPatchOperation`` - Description: (Optional) Determines whether target instances scan for available patches, or scan and install available patches. The valid values are ``Scan`` and ``ScanAndInstall`` . The default value for the parameter is ``Scan`` . - ``ConfigurationOptionsScanValue`` - Description: (Optional) A cron expression that is used as the schedule for when instances scan for available patches. - ``ConfigurationOptionsInstallValue`` - Description: (Optional) A cron expression that is used as the schedule for when instances install available patches. - ``ConfigurationOptionsScanNextInterval`` - Description: (Optional) A boolean value that determines whether instances should scan for available patches at the next cron interval. The default value is " ``false`` ". - ``ConfigurationOptionsInstallNextInterval`` - Description: (Optional) A boolean value that determines whether instances should scan for available patches at the next cron interval. The default value is " ``false`` ". - ``RebootOption`` - Description: (Optional) Determines whether instances are rebooted after patches are installed. Valid values are ``RebootIfNeeded`` and ``NoReboot`` . - ``IsPolicyAttachAllowed`` - Description: (Optional) A boolean value that determines whether Quick Setup attaches policies to instances profiles already associated with the target instances. The default value is " ``false`` ". - ``OutputLogEnableS3`` - Description: (Optional) A boolean value that determines whether command output logs are sent to Amazon S3. - ``OutputS3Location`` - Description: (Optional) Information about the Amazon S3 bucket where you want to store the output details of the request. - ``OutputBucketRegion`` - Description: (Optional) The AWS Region where the Amazon S3 bucket you want to deliver command output to is located. - ``OutputS3BucketName`` - Description: (Optional) The name of the Amazon S3 bucket you want to deliver command output to. - ``OutputS3KeyPrefix`` - Description: (Optional) The key prefix you want to use in the custom Amazon S3 bucket. - ``TargetType`` - Description: (Optional) Determines how instances are targeted for local account deployments. Don't specify a value for this parameter if you're deploying to OUs. The valid values are ``*`` , ``InstanceIds`` , ``ResourceGroups`` , and ``Tags`` . Use ``*`` to target all instances in the account. - ``TargetInstances`` - Description: (Optional) A comma separated list of instance IDs. You must provide a value for this parameter if you specify ``InstanceIds`` for the ``TargetType`` parameter. - ``TargetTagKey`` - Description: (Required) The tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify ``Tags`` for the ``TargetType`` parameter. - ``TargetTagValue`` - Description: (Required) The value of the tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify ``Tags`` for the ``TargetType`` parameter. - ``ResourceGroupName`` - Description: (Required) The name of the resource group associated with the instances you want to target. You must provide a value for this parameter if you specify ``ResourceGroups`` for the ``TargetType`` parameter. - ``TargetAccounts`` - Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either ``TargetAccounts`` or ``TargetOrganizationalUnits`` . - ``TargetOrganizationalUnits`` - Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to. - ``TargetRegions`` - Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to. - **Resource Explorer (Type: AWS QuickSetupType-ResourceExplorer)** - - ``SelectedAggregatorRegion`` - Description: (Required) The AWS Region where you want to create the aggregator index. - ``ReplaceExistingAggregator`` - Description: (Required) A boolean value that determines whether to demote an existing aggregator if it is in a Region that differs from the value you specify for the ``SelectedAggregatorRegion`` . - ``TargetOrganizationalUnits`` - Description: (Required) A comma separated list of organizational units (OUs) you want to deploy the configuration to. - ``TargetRegions`` - Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to. - **Resource Scheduler (Type: AWS QuickSetupType-Scheduler)** - - ``TargetTagKey`` - Description: (Required) The tag key assigned to the instances you want to target. - ``TargetTagValue`` - Description: (Required) The value of the tag key assigned to the instances you want to target. - ``ICalendarString`` - Description: (Required) An iCalendar formatted string containing the schedule you want Change Manager to use. - ``TargetAccounts`` - Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either ``TargetAccounts`` or ``TargetOrganizationalUnits`` . - ``TargetOrganizationalUnits`` - Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to. - ``TargetRegions`` - Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.
             :param type: The type of the Quick Setup configuration.
             :param id: The ID of the configuration definition.
-            :param local_deployment_administration_role_arn: The ARN of the IAM role used to administrate local configuration deployments.
-            :param local_deployment_execution_role_name: The name of the IAM role used to deploy local configurations.
+            :param local_deployment_administration_role_arn: The ARN of the IAM role used to administrate local configuration deployments. .. epigraph:: Although this element is listed as "Required: No", a value can be omitted only for organizational deployments of types other than ``AWSQuickSetupType-PatchPolicy`` . A value must be provided when you are running an organizational deployment for a patch policy or running any type of deployment for a single account.
+            :param local_deployment_execution_role_name: The name of the IAM role used to deploy local configurations. .. epigraph:: Although this element is listed as "Required: No", a value can be omitted only for organizational deployments of types other than ``AWSQuickSetupType-PatchPolicy`` . A value must be provided when you are running an organizational deployment for a patch policy or running any type of deployment for a single account.
             :param type_version: The version of the Quick Setup type used.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssmquicksetup-configurationmanager-configurationdefinition.html
@@ -606,6 +606,10 @@ class CfnConfigurationManager(
         ) -> typing.Optional[builtins.str]:
             '''The ARN of the IAM role used to administrate local configuration deployments.
 
+            .. epigraph::
+
+               Although this element is listed as "Required: No", a value can be omitted only for organizational deployments of types other than ``AWSQuickSetupType-PatchPolicy`` . A value must be provided when you are running an organizational deployment for a patch policy or running any type of deployment for a single account.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssmquicksetup-configurationmanager-configurationdefinition.html#cfn-ssmquicksetup-configurationmanager-configurationdefinition-localdeploymentadministrationrolearn
             '''
             result = self._values.get("local_deployment_administration_role_arn")
@@ -615,6 +619,10 @@ class CfnConfigurationManager(
         def local_deployment_execution_role_name(self) -> typing.Optional[builtins.str]:
             '''The name of the IAM role used to deploy local configurations.
 
+            .. epigraph::
+
+               Although this element is listed as "Required: No", a value can be omitted only for organizational deployments of types other than ``AWSQuickSetupType-PatchPolicy`` . A value must be provided when you are running an organizational deployment for a patch policy or running any type of deployment for a single account.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssmquicksetup-configurationmanager-configurationdefinition.html#cfn-ssmquicksetup-configurationmanager-configurationdefinition-localdeploymentexecutionrolename
             '''
             result = self._values.get("local_deployment_execution_role_name")