aws-cdk-lib 2.198.0__py3-none-any.whl → 2.200.0__py3-none-any.whl

aws_cdk/aws_cloudformation/__init__.py

@@ -2121,12 +2121,10 @@ class CfnHookVersion(
     @builtins.property
     @jsii.member(jsii_name="attrVisibility")
     def attr_visibility(self) -> builtins.str:
-        '''The scope at which the Hook is visible and usable in CloudFormation operations.
+        '''The visibility level that determines who can see and use this Hook in CloudFormation operations:.
 
-        Valid values include:
-
-        - ``PRIVATE`` : The extension (Hook) is only visible and usable within the account in which it's registered. CloudFormation marks any resources you register as ``PRIVATE`` .
-        - ``PUBLIC`` : The extension (Hook) is publicly visible and usable within any AWS account.
+        - ``PRIVATE`` : The Hook is only visible and usable within the account where it was registered. CloudFormation automatically marks any Hooks you register as ``PRIVATE`` .
+        - ``PUBLIC`` : The Hook is publicly visible and usable within any AWS account.
 
         :cloudformationAttribute: Visibility
         '''
@@ -4048,12 +4046,10 @@ class CfnModuleVersion(
     @builtins.property
     @jsii.member(jsii_name="attrVisibility")
     def attr_visibility(self) -> builtins.str:
-        '''The scope at which the module is visible and usable in CloudFormation operations.
-
-        Valid values include:
+        '''The visibility level that determines who can see and use this module in CloudFormation operations:.
 
-        - ``PRIVATE`` : The extension (module) is only visible and usable within the account in which it is registered. CloudFormation marks any extensions you register as ``PRIVATE`` .
-        - ``PUBLIC`` : The extension (module) is publicly visible and usable within any AWS account.
+        - ``PRIVATE`` : The module is only visible and usable within the account where it was registered. CloudFormation automatically marks any modules you register as ``PRIVATE`` .
+        - ``PUBLIC`` : The module is publicly visible and usable within any AWS account.
 
         :cloudformationAttribute: Visibility
         '''
@@ -5128,7 +5124,7 @@ class CfnResourceVersion(
 
         CloudFormation determines the provisioning type during registration, based on the types of handlers in the schema handler package submitted.
 
-        Valid values include:
+        Possible values:
 
         - ``FULLY_MUTABLE`` : The resource type includes an update handler to process updates to the type during stack update operations.
         - ``IMMUTABLE`` : The resource type doesn't include an update handler, so the type can't be updated and must instead be replaced during stack update operations.
@@ -5164,12 +5160,10 @@ class CfnResourceVersion(
     @builtins.property
     @jsii.member(jsii_name="attrVisibility")
     def attr_visibility(self) -> builtins.str:
-        '''The scope at which the resource is visible and usable in CloudFormation operations.
-
-        Valid values include:
+        '''The visibility level that determines who can see and use this resource in CloudFormation operations:.
 
-        - ``PRIVATE`` : The extension (resource) is only visible and usable within the account in which it is registered. CloudFormation marks any extensions you register as ``PRIVATE`` .
-        - ``PUBLIC`` : The extension (resource) is publicly visible and usable within any AWS account.
+        - ``PRIVATE`` : The resource is only visible and usable within the account where it was registered. CloudFormation automatically marks any resources you register as ``PRIVATE`` .
+        - ``PUBLIC`` : The resource is publicly visible and usable within any AWS account.
 
         :cloudformationAttribute: Visibility
         '''
@@ -5449,7 +5443,7 @@ class CfnStack(
 ):
     '''The ``AWS::CloudFormation::Stack`` resource nests a stack as a resource in a top-level template.
 
-    For more information, see `Embed stacks within other stacks using nested stacks <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html>`_ in the *AWS CloudFormation User Guide* .
+    For more information, see `Nested stacks <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html>`_ in the *AWS CloudFormation User Guide* .
 
     You can add output values from a nested stack within the containing template. You use the `GetAtt <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html>`_ function with the nested stack's logical name and the name of the output value in the nested stack in the format ``Outputs. *NestedStackOutputName*`` .
 
@@ -5457,7 +5451,7 @@ class CfnStack(
 
     When you apply template changes to update a top-level stack, CloudFormation updates the top-level stack and initiates an update to its nested stacks. CloudFormation updates the resources of modified nested stacks, but doesn't update the resources of unmodified nested stacks.
 
-    You must acknowledge IAM capabilities for nested stacks that contain IAM resources. Also, verify that you have cancel update stack permissions, which is required if an update rolls back. For more information about IAM and CloudFormation , see `Controlling access with AWS Identity and Access Management <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/control-access-with-iam.html>`_ in the *AWS CloudFormation User Guide* .
+    For stacks that contain IAM resources, you must acknowledge IAM capabilities. Also, make sure that you have cancel update stack permissions, which are required if an update rolls back. For more information about IAM and CloudFormation , see `Controlling access with AWS Identity and Access Management <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/control-access-with-iam.html>`_ in the *AWS CloudFormation User Guide* .
     .. epigraph::
 
        A subset of ``AWS::CloudFormation::Stack`` resource type properties listed below are available to customers using CloudFormation , AWS CDK , and Cloud Control  to configure.
@@ -5623,7 +5617,7 @@ class CfnStack(
     @builtins.property
     @jsii.member(jsii_name="attrParentId")
     def attr_parent_id(self) -> builtins.str:
-        '''For nested stacks--stacks created as resources for another stack--returns the stack ID of the direct parent of this stack.
+        '''For nested stacks, returns the stack ID of the direct parent of this stack.
 
         For the first level of nested stacks, the root stack is also the parent stack.
 
@@ -5634,7 +5628,7 @@ class CfnStack(
     @builtins.property
     @jsii.member(jsii_name="attrRootId")
     def attr_root_id(self) -> builtins.str:
-        '''For nested stacks--stacks created as resources for another stack--returns the stack ID of the top-level stack to which the nested stack ultimately belongs.
+        '''For nested stacks, returns the stack ID of the top-level stack to which the nested stack ultimately belongs.
 
         :cloudformationAttribute: RootId
         '''
@@ -6102,7 +6096,7 @@ class CfnStackSet(
         :param permission_model: Describes how the IAM roles required for stack set operations are created. - With ``SELF_MANAGED`` permissions, you must create the administrator and execution roles required to deploy to target accounts. For more information, see `Grant self-managed permissions <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html>`_ in the *AWS CloudFormation User Guide* . - With ``SERVICE_MANAGED`` permissions, StackSets automatically creates the IAM roles required to deploy to accounts managed by AWS Organizations . For more information, see `Activate trusted access for stack sets with AWS Organizations <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-activate-trusted-access.html>`_ in the *AWS CloudFormation User Guide* .
         :param stack_set_name: The name to associate with the stack set. The name must be unique in the Region where you create your stack set.
         :param administration_role_arn: The Amazon Resource Number (ARN) of the IAM role to use to create this stack set. Specify an IAM role only if you are using customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. Use customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see `Grant self-managed permissions <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html>`_ in the *AWS CloudFormation User Guide* . Valid only if the permissions model is ``SELF_MANAGED`` .
-        :param auto_deployment: Describes whether StackSets automatically deploys to AWS Organizations accounts that are added to a target organization or organizational unit (OU). For more information, see `Manage automatic deployments for CloudFormation StackSets that use service-managed permissions <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-manage-auto-deployment.html>`_ in the *AWS CloudFormation User Guide* . Required if the permissions model is ``SERVICE_MANAGED`` . (Not used with self-managed permissions.)
+        :param auto_deployment: Describes whether StackSets automatically deploys to AWS Organizations accounts that are added to a target organization or organizational unit (OU). For more information, see `Enable or disable automatic deployments for StackSets in AWS Organizations <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-manage-auto-deployment.html>`_ in the *AWS CloudFormation User Guide* . Required if the permissions model is ``SERVICE_MANAGED`` . (Not used with self-managed permissions.)
         :param call_as: Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. By default, ``SELF`` is specified. Use ``SELF`` for stack sets with self-managed permissions. - To create a stack set with service-managed permissions while signed in to the management account, specify ``SELF`` . - To create a stack set with service-managed permissions while signed in to a delegated administrator account, specify ``DELEGATED_ADMIN`` . Your AWS account must be registered as a delegated admin in the management account. For more information, see `Register a delegated administrator <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-delegated-admin.html>`_ in the *AWS CloudFormation User Guide* . Stack sets with service-managed permissions are created in the management account, including stack sets that are created by delegated administrators. Valid only if the permissions model is ``SERVICE_MANAGED`` .
         :param capabilities: The capabilities that are allowed in the stack set. Some stack set templates might include resources that can affect permissions in your AWS account —for example, by creating new IAM users. For more information, see `Acknowledging IAM resources in CloudFormation templates <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/control-access-with-iam.html#using-iam-capabilities>`_ in the *AWS CloudFormation User Guide* .
         :param description: A description of the stack set.
@@ -7080,7 +7074,7 @@ class CfnStackSetProps:
         :param permission_model: Describes how the IAM roles required for stack set operations are created. - With ``SELF_MANAGED`` permissions, you must create the administrator and execution roles required to deploy to target accounts. For more information, see `Grant self-managed permissions <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html>`_ in the *AWS CloudFormation User Guide* . - With ``SERVICE_MANAGED`` permissions, StackSets automatically creates the IAM roles required to deploy to accounts managed by AWS Organizations . For more information, see `Activate trusted access for stack sets with AWS Organizations <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-activate-trusted-access.html>`_ in the *AWS CloudFormation User Guide* .
         :param stack_set_name: The name to associate with the stack set. The name must be unique in the Region where you create your stack set.
         :param administration_role_arn: The Amazon Resource Number (ARN) of the IAM role to use to create this stack set. Specify an IAM role only if you are using customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. Use customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see `Grant self-managed permissions <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html>`_ in the *AWS CloudFormation User Guide* . Valid only if the permissions model is ``SELF_MANAGED`` .
-        :param auto_deployment: Describes whether StackSets automatically deploys to AWS Organizations accounts that are added to a target organization or organizational unit (OU). For more information, see `Manage automatic deployments for CloudFormation StackSets that use service-managed permissions <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-manage-auto-deployment.html>`_ in the *AWS CloudFormation User Guide* . Required if the permissions model is ``SERVICE_MANAGED`` . (Not used with self-managed permissions.)
+        :param auto_deployment: Describes whether StackSets automatically deploys to AWS Organizations accounts that are added to a target organization or organizational unit (OU). For more information, see `Enable or disable automatic deployments for StackSets in AWS Organizations <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-manage-auto-deployment.html>`_ in the *AWS CloudFormation User Guide* . Required if the permissions model is ``SERVICE_MANAGED`` . (Not used with self-managed permissions.)
         :param call_as: Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. By default, ``SELF`` is specified. Use ``SELF`` for stack sets with self-managed permissions. - To create a stack set with service-managed permissions while signed in to the management account, specify ``SELF`` . - To create a stack set with service-managed permissions while signed in to a delegated administrator account, specify ``DELEGATED_ADMIN`` . Your AWS account must be registered as a delegated admin in the management account. For more information, see `Register a delegated administrator <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-delegated-admin.html>`_ in the *AWS CloudFormation User Guide* . Stack sets with service-managed permissions are created in the management account, including stack sets that are created by delegated administrators. Valid only if the permissions model is ``SERVICE_MANAGED`` .
         :param capabilities: The capabilities that are allowed in the stack set. Some stack set templates might include resources that can affect permissions in your AWS account —for example, by creating new IAM users. For more information, see `Acknowledging IAM resources in CloudFormation templates <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/control-access-with-iam.html#using-iam-capabilities>`_ in the *AWS CloudFormation User Guide* .
         :param description: A description of the stack set.
@@ -7249,7 +7243,7 @@ class CfnStackSetProps:
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnStackSet.AutoDeploymentProperty]]:
         '''Describes whether StackSets automatically deploys to AWS Organizations accounts that are added to a target organization or organizational unit (OU).
 
-        For more information, see `Manage automatic deployments for CloudFormation StackSets that use service-managed permissions <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-manage-auto-deployment.html>`_ in the *AWS CloudFormation User Guide* .
+        For more information, see `Enable or disable automatic deployments for StackSets in AWS Organizations <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-manage-auto-deployment.html>`_ in the *AWS CloudFormation User Guide* .
 
         Required if the permissions model is ``SERVICE_MANAGED`` . (Not used with self-managed permissions.)
 

aws_cdk/aws_cloudfront_origins/__init__.py

@@ -681,7 +681,7 @@ You can allow the traffic from the CloudFront managed prefix list named **com.am
 cf_origin_facing = ec2.PrefixList.from_lookup(self, "CloudFrontOriginFacing",
     prefix_list_name="com.amazonaws.global.cloudfront.origin-facing"
 )
-alb.connections.allow_from(ec2.Peer.prefix_list(cf_origin_facing.prefix_list_id), ec2.Port.HTTP)
+alb.connections.allow_from(cf_origin_facing, ec2.Port.HTTP)
 ```
 
 #### The VPC origin service security group

aws_cdk/aws_cloudtrail/__init__.py

@@ -2877,7 +2877,7 @@ class CfnTrail(
         :param insight_selectors: A JSON string that contains the Insights types you want to log on a trail. ``ApiCallRateInsight`` and ``ApiErrorRateInsight`` are valid Insight types. The ``ApiCallRateInsight`` Insights type analyzes write-only management API calls that are aggregated per minute against a baseline API call volume. The ``ApiErrorRateInsight`` Insights type analyzes management API calls that result in error codes. The error is shown if the API call is unsuccessful.
         :param is_multi_region_trail: Specifies whether the trail applies only to the current Region or to all Regions. The default is false. If the trail exists only in the current Region and this value is set to true, shadow trails (replications of the trail) will be created in the other Regions. If the trail exists in all Regions and this value is set to false, the trail will remain in the Region where it was created, and its shadow trails in other Regions will be deleted. As a best practice, consider using trails that log events in all Regions.
         :param is_organization_trail: Specifies whether the trail is applied to all accounts in an organization in AWS Organizations , or only for the current AWS account . The default is false, and cannot be true unless the call is made on behalf of an AWS account that is the management account for an organization in AWS Organizations . If the trail is not an organization trail and this is set to ``true`` , the trail will be created in all AWS accounts that belong to the organization. If the trail is an organization trail and this is set to ``false`` , the trail will remain in the current AWS account but be deleted from all member accounts in the organization. .. epigraph:: Only the management account for the organization can convert an organization trail to a non-organization trail, or convert a non-organization trail to an organization trail.
-        :param kms_key_id: Specifies the AWS KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be an alias name prefixed by "alias/", a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier. CloudTrail also supports AWS KMS multi-Region keys. For more information about multi-Region keys, see `Using multi-Region keys <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html>`_ in the *AWS Key Management Service Developer Guide* . Examples: - alias/MyAliasName - arn:aws:kms:us-east-2:123456789012:alias/MyAliasName - arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012 - 12345678-1234-1234-1234-123456789012
+        :param kms_key_id: Specifies the AWS KMS key ID to use to encrypt the logs and digest files delivered by CloudTrail. The value can be an alias name prefixed by "alias/", a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier. CloudTrail also supports AWS KMS multi-Region keys. For more information about multi-Region keys, see `Using multi-Region keys <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html>`_ in the *AWS Key Management Service Developer Guide* . Examples: - alias/MyAliasName - arn:aws:kms:us-east-2:123456789012:alias/MyAliasName - arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012 - 12345678-1234-1234-1234-123456789012
         :param s3_key_prefix: Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. For more information, see `Finding Your CloudTrail Log Files <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/get-and-view-cloudtrail-log-files.html#cloudtrail-find-log-files>`_ . The maximum length is 200 characters.
         :param sns_topic_name: Specifies the name or ARN of the Amazon SNS topic defined for notification of log file delivery. The maximum length is 256 characters.
         :param tags: A custom set of tags (key-value pairs) for this trail.
@@ -3157,7 +3157,7 @@ class CfnTrail(
     @builtins.property
     @jsii.member(jsii_name="kmsKeyId")
     def kms_key_id(self) -> typing.Optional[builtins.str]:
-        '''Specifies the AWS KMS key ID to use to encrypt the logs delivered by CloudTrail.'''
+        '''Specifies the AWS KMS key ID to use to encrypt the logs and digest files delivered by CloudTrail.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "kmsKeyId"))
 
     @kms_key_id.setter
@@ -3945,7 +3945,7 @@ class CfnTrailProps:
         :param insight_selectors: A JSON string that contains the Insights types you want to log on a trail. ``ApiCallRateInsight`` and ``ApiErrorRateInsight`` are valid Insight types. The ``ApiCallRateInsight`` Insights type analyzes write-only management API calls that are aggregated per minute against a baseline API call volume. The ``ApiErrorRateInsight`` Insights type analyzes management API calls that result in error codes. The error is shown if the API call is unsuccessful.
         :param is_multi_region_trail: Specifies whether the trail applies only to the current Region or to all Regions. The default is false. If the trail exists only in the current Region and this value is set to true, shadow trails (replications of the trail) will be created in the other Regions. If the trail exists in all Regions and this value is set to false, the trail will remain in the Region where it was created, and its shadow trails in other Regions will be deleted. As a best practice, consider using trails that log events in all Regions.
         :param is_organization_trail: Specifies whether the trail is applied to all accounts in an organization in AWS Organizations , or only for the current AWS account . The default is false, and cannot be true unless the call is made on behalf of an AWS account that is the management account for an organization in AWS Organizations . If the trail is not an organization trail and this is set to ``true`` , the trail will be created in all AWS accounts that belong to the organization. If the trail is an organization trail and this is set to ``false`` , the trail will remain in the current AWS account but be deleted from all member accounts in the organization. .. epigraph:: Only the management account for the organization can convert an organization trail to a non-organization trail, or convert a non-organization trail to an organization trail.
-        :param kms_key_id: Specifies the AWS KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be an alias name prefixed by "alias/", a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier. CloudTrail also supports AWS KMS multi-Region keys. For more information about multi-Region keys, see `Using multi-Region keys <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html>`_ in the *AWS Key Management Service Developer Guide* . Examples: - alias/MyAliasName - arn:aws:kms:us-east-2:123456789012:alias/MyAliasName - arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012 - 12345678-1234-1234-1234-123456789012
+        :param kms_key_id: Specifies the AWS KMS key ID to use to encrypt the logs and digest files delivered by CloudTrail. The value can be an alias name prefixed by "alias/", a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier. CloudTrail also supports AWS KMS multi-Region keys. For more information about multi-Region keys, see `Using multi-Region keys <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html>`_ in the *AWS Key Management Service Developer Guide* . Examples: - alias/MyAliasName - arn:aws:kms:us-east-2:123456789012:alias/MyAliasName - arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012 - 12345678-1234-1234-1234-123456789012
         :param s3_key_prefix: Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. For more information, see `Finding Your CloudTrail Log Files <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/get-and-view-cloudtrail-log-files.html#cloudtrail-find-log-files>`_ . The maximum length is 200 characters.
         :param sns_topic_name: Specifies the name or ARN of the Amazon SNS topic defined for notification of log file delivery. The maximum length is 256 characters.
         :param tags: A custom set of tags (key-value pairs) for this trail.
@@ -4222,7 +4222,7 @@ class CfnTrailProps:
 
     @builtins.property
     def kms_key_id(self) -> typing.Optional[builtins.str]:
-        '''Specifies the AWS KMS key ID to use to encrypt the logs delivered by CloudTrail.
+        '''Specifies the AWS KMS key ID to use to encrypt the logs and digest files delivered by CloudTrail.
 
         The value can be an alias name prefixed by "alias/", a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
 

aws_cdk/aws_cloudwatch/__init__.py

@@ -5458,6 +5458,7 @@ class CfnInsightRule(
             rule_state="ruleState",
         
             # the properties below are optional
+            apply_on_transformed_logs=False,
             tags=[CfnTag(
                 key="key",
                 value="value"
@@ -5473,6 +5474,7 @@ class CfnInsightRule(
         rule_body: builtins.str,
         rule_name: builtins.str,
         rule_state: builtins.str,
+        apply_on_transformed_logs: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''
@@ -5481,6 +5483,7 @@ class CfnInsightRule(
         :param rule_body: The definition of the rule, as a JSON object. For details about the syntax, see `Contributor Insights Rule Syntax <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/ContributorInsights-RuleSyntax.html>`_ in the *Amazon CloudWatch User Guide* .
         :param rule_name: The name of the rule.
         :param rule_state: The current state of the rule. Valid values are ``ENABLED`` and ``DISABLED`` .
+        :param apply_on_transformed_logs: 
         :param tags: A list of key-value pairs to associate with the Contributor Insights rule. You can associate as many as 50 tags with a rule. Tags can help you organize and categorize your resources. For more information, see `Tagging Your Amazon CloudWatch Resources <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Tagging.html>`_ . To be able to associate tags with a rule, you must have the ``cloudwatch:TagResource`` permission in addition to the ``cloudwatch:PutInsightRule`` permission.
         '''
         if __debug__:
@@ -5488,7 +5491,11 @@ class CfnInsightRule(
             check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         props = CfnInsightRuleProps(
-            rule_body=rule_body, rule_name=rule_name, rule_state=rule_state, tags=tags
+            rule_body=rule_body,
+            rule_name=rule_name,
+            rule_state=rule_state,
+            apply_on_transformed_logs=apply_on_transformed_logs,
+            tags=tags,
         )
 
         jsii.create(self.__class__, self, [scope, id, props])
@@ -5599,6 +5606,23 @@ class CfnInsightRule(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "ruleState", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="applyOnTransformedLogs")
+    def apply_on_transformed_logs(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "applyOnTransformedLogs"))
+
+    @apply_on_transformed_logs.setter
+    def apply_on_transformed_logs(
+        self,
+        value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__9c9111e23da0920d9dadfa879557f9838793eca0312c1c2bec0dc6eb25325512)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "applyOnTransformedLogs", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
     def tags_raw(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
@@ -5620,6 +5644,7 @@ class CfnInsightRule(
         "rule_body": "ruleBody",
         "rule_name": "ruleName",
         "rule_state": "ruleState",
+        "apply_on_transformed_logs": "applyOnTransformedLogs",
         "tags": "tags",
     },
 )
@@ -5630,6 +5655,7 @@ class CfnInsightRuleProps:
         rule_body: builtins.str,
         rule_name: builtins.str,
         rule_state: builtins.str,
+        apply_on_transformed_logs: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''Properties for defining a ``CfnInsightRule``.
@@ -5637,6 +5663,7 @@ class CfnInsightRuleProps:
         :param rule_body: The definition of the rule, as a JSON object. For details about the syntax, see `Contributor Insights Rule Syntax <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/ContributorInsights-RuleSyntax.html>`_ in the *Amazon CloudWatch User Guide* .
         :param rule_name: The name of the rule.
         :param rule_state: The current state of the rule. Valid values are ``ENABLED`` and ``DISABLED`` .
+        :param apply_on_transformed_logs: 
         :param tags: A list of key-value pairs to associate with the Contributor Insights rule. You can associate as many as 50 tags with a rule. Tags can help you organize and categorize your resources. For more information, see `Tagging Your Amazon CloudWatch Resources <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Tagging.html>`_ . To be able to associate tags with a rule, you must have the ``cloudwatch:TagResource`` permission in addition to the ``cloudwatch:PutInsightRule`` permission.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-insightrule.html
@@ -5654,6 +5681,7 @@ class CfnInsightRuleProps:
                 rule_state="ruleState",
             
                 # the properties below are optional
+                apply_on_transformed_logs=False,
                 tags=[CfnTag(
                     key="key",
                     value="value"
@@ -5665,12 +5693,15 @@ class CfnInsightRuleProps:
             check_type(argname="argument rule_body", value=rule_body, expected_type=type_hints["rule_body"])
             check_type(argname="argument rule_name", value=rule_name, expected_type=type_hints["rule_name"])
             check_type(argname="argument rule_state", value=rule_state, expected_type=type_hints["rule_state"])
+            check_type(argname="argument apply_on_transformed_logs", value=apply_on_transformed_logs, expected_type=type_hints["apply_on_transformed_logs"])
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "rule_body": rule_body,
             "rule_name": rule_name,
             "rule_state": rule_state,
         }
+        if apply_on_transformed_logs is not None:
+            self._values["apply_on_transformed_logs"] = apply_on_transformed_logs
         if tags is not None:
             self._values["tags"] = tags
 
@@ -5708,6 +5739,16 @@ class CfnInsightRuleProps:
         assert result is not None, "Required property 'rule_state' is missing"
         return typing.cast(builtins.str, result)
 
+    @builtins.property
+    def apply_on_transformed_logs(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        '''
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-insightrule.html#cfn-cloudwatch-insightrule-applyontransformedlogs
+        '''
+        result = self._values.get("apply_on_transformed_logs")
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
+
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
         '''A list of key-value pairs to associate with the Contributor Insights rule.
@@ -16475,6 +16516,7 @@ def _typecheckingstub__7d177572b447b5b9761effd52cd14b4510ca4c8fc8607968bdc5e0bd8
     rule_body: builtins.str,
     rule_name: builtins.str,
     rule_state: builtins.str,
+    apply_on_transformed_logs: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""
@@ -16510,6 +16552,12 @@ def _typecheckingstub__45517418d6e99e8c2af45e33f2d1375212c73bac3d2c9599691ac383e
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__9c9111e23da0920d9dadfa879557f9838793eca0312c1c2bec0dc6eb25325512(
+    value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__7d330e494e47f68df8f1753b4e301d3df252f832725f14292abf5fa4ee104054(
     value: typing.Optional[typing.List[_CfnTag_f6864754]],
 ) -> None:
@@ -16521,6 +16569,7 @@ def _typecheckingstub__ea720192b6c423ff900f4b69425db7a31e90fed21a852500910edce45
     rule_body: builtins.str,
     rule_name: builtins.str,
     rule_state: builtins.str,
+    apply_on_transformed_logs: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""

aws_cdk/aws_codebuild/__init__.py

@@ -3434,6 +3434,12 @@ class CfnProject(
         
                 # the properties below are optional
                 certificate="certificate",
+                docker_server=codebuild.CfnProject.DockerServerProperty(
+                    compute_type="computeType",
+        
+                    # the properties below are optional
+                    security_group_ids=["securityGroupIds"]
+                ),
                 environment_variables=[codebuild.CfnProject.EnvironmentVariableProperty(
                     name="name",
                     value="value",
@@ -4647,6 +4653,79 @@ class CfnProject(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_codebuild.CfnProject.DockerServerProperty",
+        jsii_struct_bases=[],
+        name_mapping={
+            "compute_type": "computeType",
+            "security_group_ids": "securityGroupIds",
+        },
+    )
+    class DockerServerProperty:
+        def __init__(
+            self,
+            *,
+            compute_type: builtins.str,
+            security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+        ) -> None:
+            '''
+            :param compute_type: 
+            :param security_group_ids: 
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-dockerserver.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_codebuild as codebuild
+                
+                docker_server_property = codebuild.CfnProject.DockerServerProperty(
+                    compute_type="computeType",
+                
+                    # the properties below are optional
+                    security_group_ids=["securityGroupIds"]
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__ee61866f55895d4c64262dab381d049015ede37529178930c3463abdb3999a8a)
+                check_type(argname="argument compute_type", value=compute_type, expected_type=type_hints["compute_type"])
+                check_type(argname="argument security_group_ids", value=security_group_ids, expected_type=type_hints["security_group_ids"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "compute_type": compute_type,
+            }
+            if security_group_ids is not None:
+                self._values["security_group_ids"] = security_group_ids
+
+        @builtins.property
+        def compute_type(self) -> builtins.str:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-dockerserver.html#cfn-codebuild-project-dockerserver-computetype
+            '''
+            result = self._values.get("compute_type")
+            assert result is not None, "Required property 'compute_type' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def security_group_ids(self) -> typing.Optional[typing.List[builtins.str]]:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-dockerserver.html#cfn-codebuild-project-dockerserver-securitygroupids
+            '''
+            result = self._values.get("security_group_ids")
+            return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "DockerServerProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_codebuild.CfnProject.EnvironmentProperty",
         jsii_struct_bases=[],
@@ -4655,6 +4734,7 @@ class CfnProject(
             "image": "image",
             "type": "type",
             "certificate": "certificate",
+            "docker_server": "dockerServer",
             "environment_variables": "environmentVariables",
             "fleet": "fleet",
             "image_pull_credentials_type": "imagePullCredentialsType",
@@ -4670,6 +4750,7 @@ class CfnProject(
             image: builtins.str,
             type: builtins.str,
             certificate: typing.Optional[builtins.str] = None,
+            docker_server: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnProject.DockerServerProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             environment_variables: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnProject.EnvironmentVariableProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
             fleet: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnProject.ProjectFleetProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             image_pull_credentials_type: typing.Optional[builtins.str] = None,
@@ -4682,6 +4763,7 @@ class CfnProject(
             :param image: The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats: - For an image tag: ``<registry>/<repository>:<tag>`` . For example, in the Docker repository that CodeBuild uses to manage its Docker images, this would be ``aws/codebuild/standard:4.0`` . - For an image digest: ``<registry>/<repository>@<digest>`` . For example, to specify an image with the digest "sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf," use ``<registry>/<repository>@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf`` . For more information, see `Docker images provided by CodeBuild <https://docs.aws.amazon.com//codebuild/latest/userguide/build-env-ref-available.html>`_ in the *AWS CodeBuild user guide* .
             :param type: The type of build environment to use for related builds. .. epigraph:: If you're using compute fleets during project creation, ``type`` will be ignored. For more information, see `Build environment compute types <https://docs.aws.amazon.com//codebuild/latest/userguide/build-env-ref-compute-types.html>`_ in the *AWS CodeBuild user guide* .
             :param certificate: The ARN of the Amazon S3 bucket, path prefix, and object key that contains the PEM-encoded certificate for the build project. For more information, see `certificate <https://docs.aws.amazon.com/codebuild/latest/userguide/create-project-cli.html#cli.environment.certificate>`_ in the *AWS CodeBuild User Guide* .
+            :param docker_server: 
             :param environment_variables: A set of environment variables to make available to builds for this build project.
             :param fleet: 
             :param image_pull_credentials_type: The type of credentials AWS CodeBuild uses to pull images in your build. There are two valid values:. - ``CODEBUILD`` specifies that AWS CodeBuild uses its own credentials. This requires that you modify your ECR repository policy to trust AWS CodeBuild service principal. - ``SERVICE_ROLE`` specifies that AWS CodeBuild uses your build project's service role. When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an AWS CodeBuild curated image, you must use CODEBUILD credentials.
@@ -4704,6 +4786,12 @@ class CfnProject(
                 
                     # the properties below are optional
                     certificate="certificate",
+                    docker_server=codebuild.CfnProject.DockerServerProperty(
+                        compute_type="computeType",
+                
+                        # the properties below are optional
+                        security_group_ids=["securityGroupIds"]
+                    ),
                     environment_variables=[codebuild.CfnProject.EnvironmentVariableProperty(
                         name="name",
                         value="value",
@@ -4728,6 +4816,7 @@ class CfnProject(
                 check_type(argname="argument image", value=image, expected_type=type_hints["image"])
                 check_type(argname="argument type", value=type, expected_type=type_hints["type"])
                 check_type(argname="argument certificate", value=certificate, expected_type=type_hints["certificate"])
+                check_type(argname="argument docker_server", value=docker_server, expected_type=type_hints["docker_server"])
                 check_type(argname="argument environment_variables", value=environment_variables, expected_type=type_hints["environment_variables"])
                 check_type(argname="argument fleet", value=fleet, expected_type=type_hints["fleet"])
                 check_type(argname="argument image_pull_credentials_type", value=image_pull_credentials_type, expected_type=type_hints["image_pull_credentials_type"])
@@ -4740,6 +4829,8 @@ class CfnProject(
             }
             if certificate is not None:
                 self._values["certificate"] = certificate
+            if docker_server is not None:
+                self._values["docker_server"] = docker_server
             if environment_variables is not None:
                 self._values["environment_variables"] = environment_variables
             if fleet is not None:
@@ -4838,6 +4929,16 @@ class CfnProject(
             result = self._values.get("certificate")
             return typing.cast(typing.Optional[builtins.str], result)
 
+        @builtins.property
+        def docker_server(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnProject.DockerServerProperty"]]:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-environment.html#cfn-codebuild-project-environment-dockerserver
+            '''
+            result = self._values.get("docker_server")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnProject.DockerServerProperty"]], result)
+
         @builtins.property
         def environment_variables(
             self,
@@ -6847,6 +6948,12 @@ class CfnProjectProps:
             
                     # the properties below are optional
                     certificate="certificate",
+                    docker_server=codebuild.CfnProject.DockerServerProperty(
+                        compute_type="computeType",
+            
+                        # the properties below are optional
+                        security_group_ids=["securityGroupIds"]
+                    ),
                     environment_variables=[codebuild.CfnProject.EnvironmentVariableProperty(
                         name="name",
                         value="value",
@@ -19224,12 +19331,21 @@ def _typecheckingstub__3c17ec87ec820fc95c2f50ce8b9145f0fd5d2f902f5e08f4e59b9de7c
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__ee61866f55895d4c64262dab381d049015ede37529178930c3463abdb3999a8a(
+    *,
+    compute_type: builtins.str,
+    security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__357ba2b62e83543cbaf88f71d45a8de5489e377a6db9e3c7c356c3a91c1aef44(
     *,
     compute_type: builtins.str,
     image: builtins.str,
     type: builtins.str,
     certificate: typing.Optional[builtins.str] = None,
+    docker_server: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnProject.DockerServerProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     environment_variables: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnProject.EnvironmentVariableProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     fleet: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnProject.ProjectFleetProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     image_pull_credentials_type: typing.Optional[builtins.str] = None,