aws-cdk-lib 2.200.2__py3-none-any.whl → 2.202.0__py3-none-any.whl

aws_cdk/aws_s3/__init__.py

@@ -152,6 +152,22 @@ bucket.grant_read_write(my_lambda)
 Will give the Lambda's execution role permissions to read and write
 from the bucket.
 
+### Understanding "grant" Methods
+
+The S3 construct library provides several grant methods for the `Bucket` resource, but two of them have a special behavior. This two accept an `objectsKeyPattern` parameter to restrict granted permissions to specific resources:
+
+* `grantRead`
+* `grantReadWrite`
+
+When examining the synthesized policy, you'll notice it includes both your specified object key patterns and the bucket itself.
+This is by design. Some permissions (like `s3:ListBucket`) apply at the bucket level, while others (like `s3:GetObject`) apply to specific objects.
+
+Specifically, the [`s3:ListBucket` action operates on bucket resources](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html#amazons3-bucket)
+and requires the bucket ARN to work properly. This might be seen as a bug, giving the impression that more permissions were granted than the ones you intended, but the reality is that the policy does not ignore your `objectsKeyPattern` - object-specific actions like `s3:GetObject`
+will still be limited to the resources defined in your pattern.
+
+If you need to restrict the `s3:ListBucket` action to specific paths, you can add a `Condition` to your policy that limits the `objectsKeyPattern` to specific folders. For more details and examples, see the [AWS documentation on bucket policies](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-folders).
+
 ## AWS Foundational Security Best Practices
 
 ### Enforcing SSL
@@ -1086,8 +1102,15 @@ class BlockPublicAccess(
 
     Example::
 
-        bucket = s3.Bucket(self, "MyBlockedBucket",
-            block_public_access=s3.BlockPublicAccess(block_public_policy=False)
+        from aws_cdk import RemovalPolicy
+        
+        
+        s3.Bucket(scope, "Bucket",
+            block_public_access=s3.BlockPublicAccess.BLOCK_ALL,
+            encryption=s3.BucketEncryption.S3_MANAGED,
+            enforce_sSL=True,
+            versioned=True,
+            removal_policy=RemovalPolicy.RETAIN
         )
     '''
 
@@ -1607,16 +1630,17 @@ class BucketEncryption(enum.Enum):
 
     Example::
 
-        from aws_cdk.aws_s3 import BucketEncryption
+        # application: appconfig.Application
         
         
-        app = App(
-            default_stack_synthesizer=AppStagingSynthesizer.default_resources(
-                app_id="my-app-id",
-                staging_bucket_encryption=BucketEncryption.S3_MANAGED,
-                file_asset_publishing_role=BootstrapRole.from_role_arn("arn:aws:iam::123456789012:role/S3Access"),
-                image_asset_publishing_role=BootstrapRole.from_role_arn("arn:aws:iam::123456789012:role/ECRAccess")
-            )
+        bucket = s3.Bucket(self, "MyBucket",
+            versioned=True,
+            encryption=s3.BucketEncryption.KMS
+        )
+        
+        appconfig.SourcedConfiguration(self, "MySourcedConfiguration",
+            application=application,
+            location=appconfig.ConfigurationSource.from_bucket(bucket, "path/to/file.json")
         )
     '''
 
@@ -9179,7 +9203,7 @@ class CfnBucket(
             For example, 1. If request is for pages in the ``/docs`` folder, redirect to the ``/documents`` folder. 2. If request results in HTTP error 4xx, redirect request to another host where you might process the error.
 
             :param http_error_code_returned_equals: The HTTP error code when the redirect is applied. In the event of an error, if the error code equals this value, then the specified redirect is applied. Required when parent element ``Condition`` is specified and sibling ``KeyPrefixEquals`` is not specified. If both are specified, then both must be true for the redirect to be applied.
-            :param key_prefix_equals: The object key name prefix when the redirect is applied. For example, to redirect requests for ``ExamplePage.html`` , the key prefix will be ``ExamplePage.html`` . To redirect request for all pages with the prefix ``docs/`` , the key prefix will be ``/docs`` , which identifies all objects in the docs/ folder. Required when the parent element ``Condition`` is specified and sibling ``HttpErrorCodeReturnedEquals`` is not specified. If both conditions are specified, both must be true for the redirect to be applied.
+            :param key_prefix_equals: The object key name prefix when the redirect is applied. For example, to redirect requests for ``ExamplePage.html`` , the key prefix will be ``ExamplePage.html`` . To redirect request for all pages with the prefix ``docs/`` , the key prefix will be ``docs/`` , which identifies all objects in the docs/ folder. Required when the parent element ``Condition`` is specified and sibling ``HttpErrorCodeReturnedEquals`` is not specified. If both conditions are specified, both must be true for the redirect to be applied.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-routingrulecondition.html
             :exampleMetadata: fixture=_generated
@@ -9222,7 +9246,7 @@ class CfnBucket(
         def key_prefix_equals(self) -> typing.Optional[builtins.str]:
             '''The object key name prefix when the redirect is applied.
 
-            For example, to redirect requests for ``ExamplePage.html`` , the key prefix will be ``ExamplePage.html`` . To redirect request for all pages with the prefix ``docs/`` , the key prefix will be ``/docs`` , which identifies all objects in the docs/ folder.
+            For example, to redirect requests for ``ExamplePage.html`` , the key prefix will be ``ExamplePage.html`` . To redirect request for all pages with the prefix ``docs/`` , the key prefix will be ``docs/`` , which identifies all objects in the docs/ folder.
 
             Required when the parent element ``Condition`` is specified and sibling ``HttpErrorCodeReturnedEquals`` is not specified. If both conditions are specified, both must be true for the redirect to be applied.
 
@@ -17994,7 +18018,7 @@ class LifecycleRule:
         :param id: A unique identifier for this rule. The value cannot be more than 255 characters.
         :param noncurrent_version_expiration: Time between when a new version of the object is uploaded to the bucket and when old versions of the object expire. For buckets with versioning enabled (or suspended), specifies the time, in days, between when a new version of the object is uploaded to the bucket and when old versions of the object expire. When object versions expire, Amazon S3 permanently deletes them. If you specify a transition and expiration time, the expiration time must be later than the transition time. The underlying configuration is expressed in whole numbers of days. Providing a Duration that does not represent a whole number of days will result in a runtime or deployment error. Default: - No noncurrent version expiration
         :param noncurrent_versions_to_retain: Indicates a maximum number of noncurrent versions to retain. If there are this many more noncurrent versions, Amazon S3 permanently deletes them. Default: - No noncurrent versions to retain
-        :param noncurrent_version_transitions: One or more transition rules that specify when non-current objects transition to a specified storage class. Only for for buckets with versioning enabled (or suspended). If you specify a transition and expiration time, the expiration time must be later than the transition time.
+        :param noncurrent_version_transitions: One or more transition rules that specify when non-current objects transition to a specified storage class. Only for buckets with versioning enabled (or suspended). If you specify a transition and expiration time, the expiration time must be later than the transition time.
         :param object_size_greater_than: Specifies the minimum object size in bytes for this rule to apply to. Objects must be larger than this value in bytes. Default: - No rule
         :param object_size_less_than: Specifies the maximum object size in bytes for this rule to apply to. Objects must be smaller than this value in bytes. Default: - No rule
         :param prefix: Object key prefix that identifies one or more objects to which this rule applies. Default: - Rule applies to all objects
@@ -18206,7 +18230,7 @@ class LifecycleRule:
     ) -> typing.Optional[typing.List["NoncurrentVersionTransition"]]:
         '''One or more transition rules that specify when non-current objects transition to a specified storage class.
 
-        Only for for buckets with versioning enabled (or suspended).
+        Only for buckets with versioning enabled (or suspended).
 
         If you specify a transition and expiration time, the expiration time
         must be later than the transition time.
@@ -21337,7 +21361,7 @@ class Bucket(
         :param id: A unique identifier for this rule. The value cannot be more than 255 characters.
         :param noncurrent_version_expiration: Time between when a new version of the object is uploaded to the bucket and when old versions of the object expire. For buckets with versioning enabled (or suspended), specifies the time, in days, between when a new version of the object is uploaded to the bucket and when old versions of the object expire. When object versions expire, Amazon S3 permanently deletes them. If you specify a transition and expiration time, the expiration time must be later than the transition time. The underlying configuration is expressed in whole numbers of days. Providing a Duration that does not represent a whole number of days will result in a runtime or deployment error. Default: - No noncurrent version expiration
         :param noncurrent_versions_to_retain: Indicates a maximum number of noncurrent versions to retain. If there are this many more noncurrent versions, Amazon S3 permanently deletes them. Default: - No noncurrent versions to retain
-        :param noncurrent_version_transitions: One or more transition rules that specify when non-current objects transition to a specified storage class. Only for for buckets with versioning enabled (or suspended). If you specify a transition and expiration time, the expiration time must be later than the transition time.
+        :param noncurrent_version_transitions: One or more transition rules that specify when non-current objects transition to a specified storage class. Only for buckets with versioning enabled (or suspended). If you specify a transition and expiration time, the expiration time must be later than the transition time.
         :param object_size_greater_than: Specifies the minimum object size in bytes for this rule to apply to. Objects must be larger than this value in bytes. Default: - No rule
         :param object_size_less_than: Specifies the maximum object size in bytes for this rule to apply to. Objects must be smaller than this value in bytes. Default: - No rule
         :param prefix: Object key prefix that identifies one or more objects to which this rule applies. Default: - Rule applies to all objects

aws_cdk/aws_sagemaker/__init__.py

@@ -6395,7 +6395,16 @@ class CfnDomain(
                     r_studio_connect_url="rStudioConnectUrl",
                     r_studio_package_manager_url="rStudioPackageManagerUrl"
                 ),
-                security_group_ids=["securityGroupIds"]
+                security_group_ids=["securityGroupIds"],
+                unified_studio_settings=sagemaker.CfnDomain.UnifiedStudioSettingsProperty(
+                    domain_account_id="domainAccountId",
+                    domain_id="domainId",
+                    domain_region="domainRegion",
+                    environment_id="environmentId",
+                    project_id="projectId",
+                    project_s3_path="projectS3Path",
+                    studio_web_portal_access="studioWebPortalAccess"
+                )
             ),
             kms_key_id="kmsKeyId",
             tag_propagation="tagPropagation",
@@ -7733,6 +7742,7 @@ class CfnDomain(
             "execution_role_identity_config": "executionRoleIdentityConfig",
             "r_studio_server_pro_domain_settings": "rStudioServerProDomainSettings",
             "security_group_ids": "securityGroupIds",
+            "unified_studio_settings": "unifiedStudioSettings",
         },
     )
     class DomainSettingsProperty:
@@ -7743,6 +7753,7 @@ class CfnDomain(
             execution_role_identity_config: typing.Optional[builtins.str] = None,
             r_studio_server_pro_domain_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnDomain.RStudioServerProDomainSettingsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+            unified_studio_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnDomain.UnifiedStudioSettingsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         ) -> None:
             '''A collection of settings that apply to the ``SageMaker Domain`` .
 
@@ -7752,6 +7763,7 @@ class CfnDomain(
             :param execution_role_identity_config: The configuration for attaching a SageMaker AI user profile name to the execution role as a `sts:SourceIdentity key <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html>`_ .
             :param r_studio_server_pro_domain_settings: A collection of settings that configure the ``RStudioServerPro`` Domain-level app.
             :param security_group_ids: The security groups for the Amazon Virtual Private Cloud that the ``Domain`` uses for communication between Domain-level apps and user apps.
+            :param unified_studio_settings: The settings that apply to an SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-domainsettings.html
             :exampleMetadata: fixture=_generated
@@ -7781,7 +7793,16 @@ class CfnDomain(
                         r_studio_connect_url="rStudioConnectUrl",
                         r_studio_package_manager_url="rStudioPackageManagerUrl"
                     ),
-                    security_group_ids=["securityGroupIds"]
+                    security_group_ids=["securityGroupIds"],
+                    unified_studio_settings=sagemaker.CfnDomain.UnifiedStudioSettingsProperty(
+                        domain_account_id="domainAccountId",
+                        domain_id="domainId",
+                        domain_region="domainRegion",
+                        environment_id="environmentId",
+                        project_id="projectId",
+                        project_s3_path="projectS3Path",
+                        studio_web_portal_access="studioWebPortalAccess"
+                    )
                 )
             '''
             if __debug__:
@@ -7790,6 +7811,7 @@ class CfnDomain(
                 check_type(argname="argument execution_role_identity_config", value=execution_role_identity_config, expected_type=type_hints["execution_role_identity_config"])
                 check_type(argname="argument r_studio_server_pro_domain_settings", value=r_studio_server_pro_domain_settings, expected_type=type_hints["r_studio_server_pro_domain_settings"])
                 check_type(argname="argument security_group_ids", value=security_group_ids, expected_type=type_hints["security_group_ids"])
+                check_type(argname="argument unified_studio_settings", value=unified_studio_settings, expected_type=type_hints["unified_studio_settings"])
             self._values: typing.Dict[builtins.str, typing.Any] = {}
             if docker_settings is not None:
                 self._values["docker_settings"] = docker_settings
@@ -7799,6 +7821,8 @@ class CfnDomain(
                 self._values["r_studio_server_pro_domain_settings"] = r_studio_server_pro_domain_settings
             if security_group_ids is not None:
                 self._values["security_group_ids"] = security_group_ids
+            if unified_studio_settings is not None:
+                self._values["unified_studio_settings"] = unified_studio_settings
 
         @builtins.property
         def docker_settings(
@@ -7840,6 +7864,17 @@ class CfnDomain(
             result = self._values.get("security_group_ids")
             return typing.cast(typing.Optional[typing.List[builtins.str]], result)
 
+        @builtins.property
+        def unified_studio_settings(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDomain.UnifiedStudioSettingsProperty"]]:
+            '''The settings that apply to an SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-domainsettings.html#cfn-sagemaker-domain-domainsettings-unifiedstudiosettings
+            '''
+            result = self._values.get("unified_studio_settings")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDomain.UnifiedStudioSettingsProperty"]], result)
+
         def __eq__(self, rhs: typing.Any) -> builtins.bool:
             return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -9156,6 +9191,168 @@ class CfnDomain(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_sagemaker.CfnDomain.UnifiedStudioSettingsProperty",
+        jsii_struct_bases=[],
+        name_mapping={
+            "domain_account_id": "domainAccountId",
+            "domain_id": "domainId",
+            "domain_region": "domainRegion",
+            "environment_id": "environmentId",
+            "project_id": "projectId",
+            "project_s3_path": "projectS3Path",
+            "studio_web_portal_access": "studioWebPortalAccess",
+        },
+    )
+    class UnifiedStudioSettingsProperty:
+        def __init__(
+            self,
+            *,
+            domain_account_id: typing.Optional[builtins.str] = None,
+            domain_id: typing.Optional[builtins.str] = None,
+            domain_region: typing.Optional[builtins.str] = None,
+            environment_id: typing.Optional[builtins.str] = None,
+            project_id: typing.Optional[builtins.str] = None,
+            project_s3_path: typing.Optional[builtins.str] = None,
+            studio_web_portal_access: typing.Optional[builtins.str] = None,
+        ) -> None:
+            '''The settings that apply to an Amazon SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.
+
+            :param domain_account_id: The ID of the AWS account that has the Amazon SageMaker Unified Studio domain. The default value, if you don't specify an ID, is the ID of the account that has the Amazon SageMaker AI domain.
+            :param domain_id: The ID of the Amazon SageMaker Unified Studio domain associated with this domain.
+            :param domain_region: The AWS Region where the domain is located in Amazon SageMaker Unified Studio. The default value, if you don't specify a Region, is the Region where the Amazon SageMaker AI domain is located.
+            :param environment_id: The ID of the environment that Amazon SageMaker Unified Studio associates with the domain.
+            :param project_id: The ID of the Amazon SageMaker Unified Studio project that corresponds to the domain.
+            :param project_s3_path: The location where Amazon S3 stores temporary execution data and other artifacts for the project that corresponds to the domain.
+            :param studio_web_portal_access: Sets whether you can access the domain in Amazon SageMaker Studio:. - **ENABLED** - You can access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it in both studio interfaces. - **DISABLED** - You can't access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it only in that studio interface. To migrate a domain to Amazon SageMaker Unified Studio, you specify the UnifiedStudioSettings data type when you use the UpdateDomain action.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-unifiedstudiosettings.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_sagemaker as sagemaker
+                
+                unified_studio_settings_property = sagemaker.CfnDomain.UnifiedStudioSettingsProperty(
+                    domain_account_id="domainAccountId",
+                    domain_id="domainId",
+                    domain_region="domainRegion",
+                    environment_id="environmentId",
+                    project_id="projectId",
+                    project_s3_path="projectS3Path",
+                    studio_web_portal_access="studioWebPortalAccess"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__b4dad77d25b548827f5bcfd63cb5788816c5db5845110e1912053632c788fa19)
+                check_type(argname="argument domain_account_id", value=domain_account_id, expected_type=type_hints["domain_account_id"])
+                check_type(argname="argument domain_id", value=domain_id, expected_type=type_hints["domain_id"])
+                check_type(argname="argument domain_region", value=domain_region, expected_type=type_hints["domain_region"])
+                check_type(argname="argument environment_id", value=environment_id, expected_type=type_hints["environment_id"])
+                check_type(argname="argument project_id", value=project_id, expected_type=type_hints["project_id"])
+                check_type(argname="argument project_s3_path", value=project_s3_path, expected_type=type_hints["project_s3_path"])
+                check_type(argname="argument studio_web_portal_access", value=studio_web_portal_access, expected_type=type_hints["studio_web_portal_access"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if domain_account_id is not None:
+                self._values["domain_account_id"] = domain_account_id
+            if domain_id is not None:
+                self._values["domain_id"] = domain_id
+            if domain_region is not None:
+                self._values["domain_region"] = domain_region
+            if environment_id is not None:
+                self._values["environment_id"] = environment_id
+            if project_id is not None:
+                self._values["project_id"] = project_id
+            if project_s3_path is not None:
+                self._values["project_s3_path"] = project_s3_path
+            if studio_web_portal_access is not None:
+                self._values["studio_web_portal_access"] = studio_web_portal_access
+
+        @builtins.property
+        def domain_account_id(self) -> typing.Optional[builtins.str]:
+            '''The ID of the AWS account that has the Amazon SageMaker Unified Studio domain.
+
+            The default value, if you don't specify an ID, is the ID of the account that has the Amazon SageMaker AI domain.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-unifiedstudiosettings.html#cfn-sagemaker-domain-unifiedstudiosettings-domainaccountid
+            '''
+            result = self._values.get("domain_account_id")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def domain_id(self) -> typing.Optional[builtins.str]:
+            '''The ID of the Amazon SageMaker Unified Studio domain associated with this domain.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-unifiedstudiosettings.html#cfn-sagemaker-domain-unifiedstudiosettings-domainid
+            '''
+            result = self._values.get("domain_id")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def domain_region(self) -> typing.Optional[builtins.str]:
+            '''The AWS Region where the domain is located in Amazon SageMaker Unified Studio.
+
+            The default value, if you don't specify a Region, is the Region where the Amazon SageMaker AI domain is located.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-unifiedstudiosettings.html#cfn-sagemaker-domain-unifiedstudiosettings-domainregion
+            '''
+            result = self._values.get("domain_region")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def environment_id(self) -> typing.Optional[builtins.str]:
+            '''The ID of the environment that Amazon SageMaker Unified Studio associates with the domain.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-unifiedstudiosettings.html#cfn-sagemaker-domain-unifiedstudiosettings-environmentid
+            '''
+            result = self._values.get("environment_id")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def project_id(self) -> typing.Optional[builtins.str]:
+            '''The ID of the Amazon SageMaker Unified Studio project that corresponds to the domain.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-unifiedstudiosettings.html#cfn-sagemaker-domain-unifiedstudiosettings-projectid
+            '''
+            result = self._values.get("project_id")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def project_s3_path(self) -> typing.Optional[builtins.str]:
+            '''The location where Amazon S3 stores temporary execution data and other artifacts for the project that corresponds to the domain.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-unifiedstudiosettings.html#cfn-sagemaker-domain-unifiedstudiosettings-projects3path
+            '''
+            result = self._values.get("project_s3_path")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        @builtins.property
+        def studio_web_portal_access(self) -> typing.Optional[builtins.str]:
+            '''Sets whether you can access the domain in Amazon SageMaker Studio:.
+
+            - **ENABLED** - You can access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it in both studio interfaces.
+            - **DISABLED** - You can't access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it only in that studio interface.
+
+            To migrate a domain to Amazon SageMaker Unified Studio, you specify the UnifiedStudioSettings data type when you use the UpdateDomain action.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-unifiedstudiosettings.html#cfn-sagemaker-domain-unifiedstudiosettings-studiowebportalaccess
+            '''
+            result = self._values.get("studio_web_portal_access")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "UnifiedStudioSettingsProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_sagemaker.CfnDomain.UserSettingsProperty",
         jsii_struct_bases=[],
@@ -9954,7 +10151,16 @@ class CfnDomainProps:
                         r_studio_connect_url="rStudioConnectUrl",
                         r_studio_package_manager_url="rStudioPackageManagerUrl"
                     ),
-                    security_group_ids=["securityGroupIds"]
+                    security_group_ids=["securityGroupIds"],
+                    unified_studio_settings=sagemaker.CfnDomain.UnifiedStudioSettingsProperty(
+                        domain_account_id="domainAccountId",
+                        domain_id="domainId",
+                        domain_region="domainRegion",
+                        environment_id="environmentId",
+                        project_id="projectId",
+                        project_s3_path="projectS3Path",
+                        studio_web_portal_access="studioWebPortalAccess"
+                    )
                 ),
                 kms_key_id="kmsKeyId",
                 tag_propagation="tagPropagation",
@@ -51181,6 +51387,7 @@ def _typecheckingstub__b23323cc301476d59d77a279da88bfc3d14a3c21fb8709a0ecc6db607
     execution_role_identity_config: typing.Optional[builtins.str] = None,
     r_studio_server_pro_domain_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDomain.RStudioServerProDomainSettingsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+    unified_studio_settings: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnDomain.UnifiedStudioSettingsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -51303,6 +51510,19 @@ def _typecheckingstub__8a8ec723792b0ed26599d28b5d7a21fbc89e286f4d03c0e5a17ecf559
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__b4dad77d25b548827f5bcfd63cb5788816c5db5845110e1912053632c788fa19(
+    *,
+    domain_account_id: typing.Optional[builtins.str] = None,
+    domain_id: typing.Optional[builtins.str] = None,
+    domain_region: typing.Optional[builtins.str] = None,
+    environment_id: typing.Optional[builtins.str] = None,
+    project_id: typing.Optional[builtins.str] = None,
+    project_s3_path: typing.Optional[builtins.str] = None,
+    studio_web_portal_access: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__88423e90a647fb1fb625855a5ca5160b5e8125e664363a24f90939664cc2d507(
     *,
     execution_role: builtins.str,

aws_cdk/aws_securityhub/__init__.py

@@ -89,9 +89,6 @@ class CfnAutomationRule(
         # The values are placeholders you should change.
         from aws_cdk import aws_securityhub as securityhub
         
-        # id: Any
-        # updated_by: Any
-        
         cfn_automation_rule = securityhub.CfnAutomationRule(self, "MyCfnAutomationRule",
             actions=[securityhub.CfnAutomationRule.AutomationRulesActionProperty(
                 finding_fields_update=securityhub.CfnAutomationRule.AutomationRulesFindingFieldsUpdateProperty(
@@ -99,10 +96,10 @@ class CfnAutomationRule(
                     criticality=123,
                     note=securityhub.CfnAutomationRule.NoteUpdateProperty(
                         text="text",
-                        updated_by=updated_by
+                        updated_by="updatedBy"
                     ),
                     related_findings=[securityhub.CfnAutomationRule.RelatedFindingProperty(
-                        id=id,
+                        id="id",
                         product_arn="productArn"
                     )],
                     severity=securityhub.CfnAutomationRule.SeverityUpdateProperty(
@@ -577,19 +574,16 @@ class CfnAutomationRule(
                 # The values are placeholders you should change.
                 from aws_cdk import aws_securityhub as securityhub
                 
-                # id: Any
-                # updated_by: Any
-                
                 automation_rules_action_property = securityhub.CfnAutomationRule.AutomationRulesActionProperty(
                     finding_fields_update=securityhub.CfnAutomationRule.AutomationRulesFindingFieldsUpdateProperty(
                         confidence=123,
                         criticality=123,
                         note=securityhub.CfnAutomationRule.NoteUpdateProperty(
                             text="text",
-                            updated_by=updated_by
+                            updated_by="updatedBy"
                         ),
                         related_findings=[securityhub.CfnAutomationRule.RelatedFindingProperty(
-                            id=id,
+                            id="id",
                             product_arn="productArn"
                         )],
                         severity=securityhub.CfnAutomationRule.SeverityUpdateProperty(
@@ -701,18 +695,15 @@ class CfnAutomationRule(
                 # The values are placeholders you should change.
                 from aws_cdk import aws_securityhub as securityhub
                 
-                # id: Any
-                # updated_by: Any
-                
                 automation_rules_finding_fields_update_property = securityhub.CfnAutomationRule.AutomationRulesFindingFieldsUpdateProperty(
                     confidence=123,
                     criticality=123,
                     note=securityhub.CfnAutomationRule.NoteUpdateProperty(
                         text="text",
-                        updated_by=updated_by
+                        updated_by="updatedBy"
                     ),
                     related_findings=[securityhub.CfnAutomationRule.RelatedFindingProperty(
-                        id=id,
+                        id="id",
                         product_arn="productArn"
                     )],
                     severity=securityhub.CfnAutomationRule.SeverityUpdateProperty(
@@ -2036,7 +2027,7 @@ class CfnAutomationRule(
         name_mapping={"text": "text", "updated_by": "updatedBy"},
     )
     class NoteUpdateProperty:
-        def __init__(self, *, text: builtins.str, updated_by: typing.Any) -> None:
+        def __init__(self, *, text: builtins.str, updated_by: builtins.str) -> None:
             '''The updated note.
 
             :param text: The updated note text.
@@ -2051,11 +2042,9 @@ class CfnAutomationRule(
                 # The values are placeholders you should change.
                 from aws_cdk import aws_securityhub as securityhub
                 
-                # updated_by: Any
-                
                 note_update_property = securityhub.CfnAutomationRule.NoteUpdateProperty(
                     text="text",
-                    updated_by=updated_by
+                    updated_by="updatedBy"
                 )
             '''
             if __debug__:
@@ -2078,14 +2067,14 @@ class CfnAutomationRule(
             return typing.cast(builtins.str, result)
 
         @builtins.property
-        def updated_by(self) -> typing.Any:
+        def updated_by(self) -> builtins.str:
             '''The principal that updated the note.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrule-noteupdate.html#cfn-securityhub-automationrule-noteupdate-updatedby
             '''
             result = self._values.get("updated_by")
             assert result is not None, "Required property 'updated_by' is missing"
-            return typing.cast(typing.Any, result)
+            return typing.cast(builtins.str, result)
 
         def __eq__(self, rhs: typing.Any) -> builtins.bool:
             return isinstance(rhs, self.__class__) and rhs._values == self._values
@@ -2189,7 +2178,7 @@ class CfnAutomationRule(
         name_mapping={"id": "id", "product_arn": "productArn"},
     )
     class RelatedFindingProperty:
-        def __init__(self, *, id: typing.Any, product_arn: builtins.str) -> None:
+        def __init__(self, *, id: builtins.str, product_arn: builtins.str) -> None:
             '''Provides details about a list of findings that the current finding relates to.
 
             :param id: The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
@@ -2204,10 +2193,8 @@ class CfnAutomationRule(
                 # The values are placeholders you should change.
                 from aws_cdk import aws_securityhub as securityhub
                 
-                # id: Any
-                
                 related_finding_property = securityhub.CfnAutomationRule.RelatedFindingProperty(
-                    id=id,
+                    id="id",
                     product_arn="productArn"
                 )
             '''
@@ -2221,7 +2208,7 @@ class CfnAutomationRule(
             }
 
         @builtins.property
-        def id(self) -> typing.Any:
+        def id(self) -> builtins.str:
             '''The product-generated identifier for a related finding.
 
             Array Members: Minimum number of 1 item. Maximum number of 20 items.
@@ -2230,7 +2217,7 @@ class CfnAutomationRule(
             '''
             result = self._values.get("id")
             assert result is not None, "Required property 'id' is missing"
-            return typing.cast(typing.Any, result)
+            return typing.cast(builtins.str, result)
 
         @builtins.property
         def product_arn(self) -> builtins.str:
@@ -2567,9 +2554,6 @@ class CfnAutomationRuleProps:
             # The values are placeholders you should change.
             from aws_cdk import aws_securityhub as securityhub
             
-            # id: Any
-            # updated_by: Any
-            
             cfn_automation_rule_props = securityhub.CfnAutomationRuleProps(
                 actions=[securityhub.CfnAutomationRule.AutomationRulesActionProperty(
                     finding_fields_update=securityhub.CfnAutomationRule.AutomationRulesFindingFieldsUpdateProperty(
@@ -2577,10 +2561,10 @@ class CfnAutomationRuleProps:
                         criticality=123,
                         note=securityhub.CfnAutomationRule.NoteUpdateProperty(
                             text="text",
-                            updated_by=updated_by
+                            updated_by="updatedBy"
                         ),
                         related_findings=[securityhub.CfnAutomationRule.RelatedFindingProperty(
-                            id=id,
+                            id="id",
                             product_arn="productArn"
                         )],
                         severity=securityhub.CfnAutomationRule.SeverityUpdateProperty(
@@ -10633,7 +10617,7 @@ def _typecheckingstub__91f36875bd267215fe022e63a4ce087a699536cdc1b9f8b3c84b53aa8
 def _typecheckingstub__1f01ce6428aaccb76a4dd3111c6a58270f1129efa37f87f346378055261a8a01(
     *,
     text: builtins.str,
-    updated_by: typing.Any,
+    updated_by: builtins.str,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -10649,7 +10633,7 @@ def _typecheckingstub__000b578e595fbfb6609bb2cf3b90f42c91b01240906d31c22b9f1dd98
 
 def _typecheckingstub__9df6b75e5070bcb08d999a08b3bd84da05079be466527b5ce60bbe470f59dd64(
     *,
-    id: typing.Any,
+    id: builtins.str,
     product_arn: builtins.str,
 ) -> None:
     """Type checking stubs"""