aws-cdk-lib 2.200.2__py3-none-any.whl → 2.224.0__py3-none-any.whl

aws_cdk/aws_guardduty/__init__.py

@@ -68,9 +68,31 @@ from .. import (
     TagManager as _TagManager_0a598cb3,
     TreeInspector as _TreeInspector_488e0dd5,
 )
+from ..interfaces.aws_guardduty import (
+    DetectorReference as _DetectorReference_c465ba9e,
+    FilterReference as _FilterReference_41cdec6d,
+    IDetectorRef as _IDetectorRef_92be1dc2,
+    IFilterRef as _IFilterRef_c77b6aa7,
+    IIPSetRef as _IIPSetRef_0c10768b,
+    IMalwareProtectionPlanRef as _IMalwareProtectionPlanRef_3cd61995,
+    IMasterRef as _IMasterRef_d397d01d,
+    IMemberRef as _IMemberRef_63206ff9,
+    IPSetReference as _IPSetReference_1898f771,
+    IPublishingDestinationRef as _IPublishingDestinationRef_4f811c6b,
+    IThreatEntitySetRef as _IThreatEntitySetRef_9ec2a783,
+    IThreatIntelSetRef as _IThreatIntelSetRef_2efbbcb1,
+    ITrustedEntitySetRef as _ITrustedEntitySetRef_bc546ba3,
+    MalwareProtectionPlanReference as _MalwareProtectionPlanReference_097f2811,
+    MasterReference as _MasterReference_b6aabded,
+    MemberReference as _MemberReference_cee728b6,
+    PublishingDestinationReference as _PublishingDestinationReference_07aff059,
+    ThreatEntitySetReference as _ThreatEntitySetReference_41072a7f,
+    ThreatIntelSetReference as _ThreatIntelSetReference_fb526e93,
+    TrustedEntitySetReference as _TrustedEntitySetReference_ed75751f,
+)
 
 
-@jsii.implements(_IInspectable_c2943556, _ITaggable_36806126)
+@jsii.implements(_IInspectable_c2943556, _IDetectorRef_92be1dc2, _ITaggable_36806126)
 class CfnDetector(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
@@ -140,7 +162,8 @@ class CfnDetector(
         finding_publishing_frequency: typing.Optional[builtins.str] = None,
         tags: typing.Optional[typing.Sequence[typing.Union["CfnDetector.TagItemProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
-        '''
+        '''Create a new ``AWS::GuardDuty::Detector``.
+
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param enable: Specifies whether the detector is to be enabled on creation.
@@ -163,6 +186,27 @@ class CfnDetector(
 
         jsii.create(self.__class__, self, [scope, id, props])
 
+    @jsii.member(jsii_name="fromDetectorId")
+    @builtins.classmethod
+    def from_detector_id(
+        cls,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        detector_id: builtins.str,
+    ) -> _IDetectorRef_92be1dc2:
+        '''Creates a new IDetectorRef from a detectorId.
+
+        :param scope: -
+        :param id: -
+        :param detector_id: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__3c713ff5c3d63d8b0298c515dac65b7f9b853cb55d0ab5db4ed3060bd60413f3)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+            check_type(argname="argument detector_id", value=detector_id, expected_type=type_hints["detector_id"])
+        return typing.cast(_IDetectorRef_92be1dc2, jsii.sinvoke(cls, "fromDetectorId", [scope, id, detector_id]))
+
     @jsii.member(jsii_name="inspect")
     def inspect(self, inspector: _TreeInspector_488e0dd5) -> None:
         '''Examines the CloudFormation resource and discloses attributes.
@@ -207,6 +251,12 @@ class CfnDetector(
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
+    @builtins.property
+    @jsii.member(jsii_name="detectorRef")
+    def detector_ref(self) -> _DetectorReference_c465ba9e:
+        '''A reference to a Detector resource.'''
+        return typing.cast(_DetectorReference_c465ba9e, jsii.get(self, "detectorRef"))
+
     @builtins.property
     @jsii.member(jsii_name="tags")
     def tags(self) -> _TagManager_0a598cb3:
@@ -1086,7 +1136,7 @@ class CfnDetectorProps:
         )
 
 
-@jsii.implements(_IInspectable_c2943556, _ITaggable_36806126)
+@jsii.implements(_IInspectable_c2943556, _IFilterRef_c77b6aa7, _ITaggable_36806126)
 class CfnFilter(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
@@ -1151,7 +1201,8 @@ class CfnFilter(
         rank: typing.Optional[jsii.Number] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
-        '''
+        '''Create a new ``AWS::GuardDuty::Filter``.
+
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param detector_id: The detector ID associated with the GuardDuty account for which you want to create a filter. To find the ``detectorId`` in the current Region, see the Settings page in the GuardDuty console, or run the `ListDetectors <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html>`_ API.
@@ -1213,6 +1264,12 @@ class CfnFilter(
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
+    @builtins.property
+    @jsii.member(jsii_name="filterRef")
+    def filter_ref(self) -> _FilterReference_41cdec6d:
+        '''A reference to a Filter resource.'''
+        return typing.cast(_FilterReference_41cdec6d, jsii.get(self, "filterRef"))
+
     @builtins.property
     @jsii.member(jsii_name="tags")
     def tags(self) -> _TagManager_0a598cb3:
@@ -1941,15 +1998,17 @@ class CfnFilterProps:
         )
 
 
-@jsii.implements(_IInspectable_c2943556, _ITaggable_36806126)
+@jsii.implements(_IInspectable_c2943556, _IIPSetRef_0c10768b, _ITaggable_36806126)
 class CfnIPSet(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_guardduty.CfnIPSet",
 ):
-    '''The ``AWS::GuardDuty::IPSet`` resource specifies a new ``IPSet`` .
+    '''The ``AWS::GuardDuty::IPSet`` resource helps you create a list of trusted IP addresses that you can use for secure communication with AWS infrastructure and applications.
+
+    Once you activate this list, GuardDuty will not generate findings when there is an activity associated with these safe IP addresses.
 
-    An ``IPSet`` is a list of trusted IP addresses from which secure communication is allowed with AWS infrastructure and applications.
+    Only the users of the GuardDuty administrator account can manage this list. These settings are also applied to the member accounts.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html
     :cloudformationResource: AWS::GuardDuty::IPSet
@@ -1968,6 +2027,7 @@ class CfnIPSet(
             # the properties below are optional
             activate=False,
             detector_id="detectorId",
+            expected_bucket_owner="expectedBucketOwner",
             name="name",
             tags=[CfnTag(
                 key="key",
@@ -1985,18 +2045,21 @@ class CfnIPSet(
         location: builtins.str,
         activate: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         detector_id: typing.Optional[builtins.str] = None,
+        expected_bucket_owner: typing.Optional[builtins.str] = None,
         name: typing.Optional[builtins.str] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
-        '''
+        '''Create a new ``AWS::GuardDuty::IPSet``.
+
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param format: The format of the file that contains the IPSet.
+        :param format: The format of the file that contains the IPSet. For information about supported formats, see `List formats <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload-lists.html#prepare_list>`_ in the *Amazon GuardDuty User Guide* .
         :param location: The URI of the file that contains the IPSet.
-        :param activate: Indicates whether or not GuardDuty uses the ``IPSet`` .
+        :param activate: A boolean value that determines if GuardDuty can start using this list for custom threat detection. For GuardDuty to prevent generating findings based on an activity associated with these entries, this list must be active.
         :param detector_id: The unique ID of the detector of the GuardDuty account for which you want to create an IPSet. To find the ``detectorId`` in the current Region, see the Settings page in the GuardDuty console, or run the `ListDetectors <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html>`_ API.
-        :param name: The user-friendly name to identify the IPSet. Allowed characters are alphanumeric, whitespace, dash (-), and underscores (_).
-        :param tags: The tags to be added to a new IP set resource. Each tag consists of a key and an optional value, both of which you define. For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
+        :param expected_bucket_owner: The AWS account ID that owns the Amazon S3 bucket specified in the *Location* field. When you provide this account ID, GuardDuty will validate that the S3 bucket belongs to this account. If you don't specify an account ID owner, GuardDuty doesn't perform any validation.
+        :param name: The user-friendly name to identify the IPSet. The name of your list must be unique within an AWS account and Region. Valid characters are alphanumeric, whitespace, dash (-), and underscores (_).
+        :param tags: The tags to be added to a new threat entity set resource. Each tag consists of a key and an optional value, both of which you define. For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__b0c6fd2cb08b5267e6265af6fae1a30df065b4b25dc1d6d684eec9f9bb50cda0)
@@ -2007,6 +2070,7 @@ class CfnIPSet(
             location=location,
             activate=activate,
             detector_id=detector_id,
+            expected_bucket_owner=expected_bucket_owner,
             name=name,
             tags=tags,
         )
@@ -2056,6 +2120,12 @@ class CfnIPSet(
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
+    @builtins.property
+    @jsii.member(jsii_name="ipSetRef")
+    def ip_set_ref(self) -> _IPSetReference_1898f771:
+        '''A reference to a IPSet resource.'''
+        return typing.cast(_IPSetReference_1898f771, jsii.get(self, "ipSetRef"))
+
     @builtins.property
     @jsii.member(jsii_name="tags")
     def tags(self) -> _TagManager_0a598cb3:
@@ -2093,7 +2163,7 @@ class CfnIPSet(
     def activate(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''Indicates whether or not GuardDuty uses the ``IPSet`` .'''
+        '''A boolean value that determines if GuardDuty can start using this list for custom threat detection.'''
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "activate"))
 
     @activate.setter
@@ -2119,6 +2189,19 @@ class CfnIPSet(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "detectorId", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="expectedBucketOwner")
+    def expected_bucket_owner(self) -> typing.Optional[builtins.str]:
+        '''The AWS account ID that owns the Amazon S3 bucket specified in the *Location* field.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "expectedBucketOwner"))
+
+    @expected_bucket_owner.setter
+    def expected_bucket_owner(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__9191409994fec537ce4d4e8e40256113b2937c7a1bb90b2f14b71998143f9810)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "expectedBucketOwner", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="name")
     def name(self) -> typing.Optional[builtins.str]:
@@ -2135,7 +2218,7 @@ class CfnIPSet(
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
     def tags_raw(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''The tags to be added to a new IP set resource.'''
+        '''The tags to be added to a new threat entity set resource.'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tagsRaw"))
 
     @tags_raw.setter
@@ -2154,6 +2237,7 @@ class CfnIPSet(
         "location": "location",
         "activate": "activate",
         "detector_id": "detectorId",
+        "expected_bucket_owner": "expectedBucketOwner",
         "name": "name",
         "tags": "tags",
     },
@@ -2166,17 +2250,19 @@ class CfnIPSetProps:
         location: builtins.str,
         activate: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         detector_id: typing.Optional[builtins.str] = None,
+        expected_bucket_owner: typing.Optional[builtins.str] = None,
         name: typing.Optional[builtins.str] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''Properties for defining a ``CfnIPSet``.
 
-        :param format: The format of the file that contains the IPSet.
+        :param format: The format of the file that contains the IPSet. For information about supported formats, see `List formats <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload-lists.html#prepare_list>`_ in the *Amazon GuardDuty User Guide* .
         :param location: The URI of the file that contains the IPSet.
-        :param activate: Indicates whether or not GuardDuty uses the ``IPSet`` .
+        :param activate: A boolean value that determines if GuardDuty can start using this list for custom threat detection. For GuardDuty to prevent generating findings based on an activity associated with these entries, this list must be active.
         :param detector_id: The unique ID of the detector of the GuardDuty account for which you want to create an IPSet. To find the ``detectorId`` in the current Region, see the Settings page in the GuardDuty console, or run the `ListDetectors <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html>`_ API.
-        :param name: The user-friendly name to identify the IPSet. Allowed characters are alphanumeric, whitespace, dash (-), and underscores (_).
-        :param tags: The tags to be added to a new IP set resource. Each tag consists of a key and an optional value, both of which you define. For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
+        :param expected_bucket_owner: The AWS account ID that owns the Amazon S3 bucket specified in the *Location* field. When you provide this account ID, GuardDuty will validate that the S3 bucket belongs to this account. If you don't specify an account ID owner, GuardDuty doesn't perform any validation.
+        :param name: The user-friendly name to identify the IPSet. The name of your list must be unique within an AWS account and Region. Valid characters are alphanumeric, whitespace, dash (-), and underscores (_).
+        :param tags: The tags to be added to a new threat entity set resource. Each tag consists of a key and an optional value, both of which you define. For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html
         :exampleMetadata: fixture=_generated
@@ -2194,6 +2280,7 @@ class CfnIPSetProps:
                 # the properties below are optional
                 activate=False,
                 detector_id="detectorId",
+                expected_bucket_owner="expectedBucketOwner",
                 name="name",
                 tags=[CfnTag(
                     key="key",
@@ -2207,6 +2294,7 @@ class CfnIPSetProps:
             check_type(argname="argument location", value=location, expected_type=type_hints["location"])
             check_type(argname="argument activate", value=activate, expected_type=type_hints["activate"])
             check_type(argname="argument detector_id", value=detector_id, expected_type=type_hints["detector_id"])
+            check_type(argname="argument expected_bucket_owner", value=expected_bucket_owner, expected_type=type_hints["expected_bucket_owner"])
             check_type(argname="argument name", value=name, expected_type=type_hints["name"])
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
@@ -2217,6 +2305,8 @@ class CfnIPSetProps:
             self._values["activate"] = activate
         if detector_id is not None:
             self._values["detector_id"] = detector_id
+        if expected_bucket_owner is not None:
+            self._values["expected_bucket_owner"] = expected_bucket_owner
         if name is not None:
             self._values["name"] = name
         if tags is not None:
@@ -2226,6 +2316,8 @@ class CfnIPSetProps:
     def format(self) -> builtins.str:
         '''The format of the file that contains the IPSet.
 
+        For information about supported formats, see `List formats <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload-lists.html#prepare_list>`_ in the *Amazon GuardDuty User Guide* .
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-format
         '''
         result = self._values.get("format")
@@ -2246,7 +2338,9 @@ class CfnIPSetProps:
     def activate(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''Indicates whether or not GuardDuty uses the ``IPSet`` .
+        '''A boolean value that determines if GuardDuty can start using this list for custom threat detection.
+
+        For GuardDuty to prevent generating findings based on an activity associated with these entries, this list must be active.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-activate
         '''
@@ -2265,11 +2359,22 @@ class CfnIPSetProps:
         result = self._values.get("detector_id")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def expected_bucket_owner(self) -> typing.Optional[builtins.str]:
+        '''The AWS account ID that owns the Amazon S3 bucket specified in the *Location* field.
+
+        When you provide this account ID, GuardDuty will validate that the S3 bucket belongs to this account. If you don't specify an account ID owner, GuardDuty doesn't perform any validation.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-expectedbucketowner
+        '''
+        result = self._values.get("expected_bucket_owner")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def name(self) -> typing.Optional[builtins.str]:
         '''The user-friendly name to identify the IPSet.
 
-        Allowed characters are alphanumeric, whitespace, dash (-), and underscores (_).
+        The name of your list must be unique within an AWS account and Region. Valid characters are alphanumeric, whitespace, dash (-), and underscores (_).
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-name
         '''
@@ -2278,7 +2383,7 @@ class CfnIPSetProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''The tags to be added to a new IP set resource.
+        '''The tags to be added to a new threat entity set resource.
 
         Each tag consists of a key and an optional value, both of which you define.
 
@@ -2301,7 +2406,7 @@ class CfnIPSetProps:
         )
 
 
-@jsii.implements(_IInspectable_c2943556, _ITaggableV2_4e6798f8)
+@jsii.implements(_IInspectable_c2943556, _IMalwareProtectionPlanRef_3cd61995, _ITaggableV2_4e6798f8)
 class CfnMalwareProtectionPlan(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
@@ -2353,7 +2458,8 @@ class CfnMalwareProtectionPlan(
         actions: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnMalwareProtectionPlan.CFNActionsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         tags: typing.Optional[typing.Sequence[typing.Union["CfnMalwareProtectionPlan.TagItemProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
-        '''
+        '''Create a new ``AWS::GuardDuty::MalwareProtectionPlan``.
+
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param protected_resource: Information about the protected resource. Presently, ``S3Bucket`` is the only supported protected resource.
@@ -2374,6 +2480,48 @@ class CfnMalwareProtectionPlan(
 
         jsii.create(self.__class__, self, [scope, id, props])
 
+    @jsii.member(jsii_name="fromMalwareProtectionPlanArn")
+    @builtins.classmethod
+    def from_malware_protection_plan_arn(
+        cls,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        arn: builtins.str,
+    ) -> _IMalwareProtectionPlanRef_3cd61995:
+        '''Creates a new IMalwareProtectionPlanRef from an ARN.
+
+        :param scope: -
+        :param id: -
+        :param arn: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__9beb0e4b705cb1315021d1597ad3a8ef8f98d51f345baa42f6587d45977f630f)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+            check_type(argname="argument arn", value=arn, expected_type=type_hints["arn"])
+        return typing.cast(_IMalwareProtectionPlanRef_3cd61995, jsii.sinvoke(cls, "fromMalwareProtectionPlanArn", [scope, id, arn]))
+
+    @jsii.member(jsii_name="fromMalwareProtectionPlanId")
+    @builtins.classmethod
+    def from_malware_protection_plan_id(
+        cls,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        malware_protection_plan_id: builtins.str,
+    ) -> _IMalwareProtectionPlanRef_3cd61995:
+        '''Creates a new IMalwareProtectionPlanRef from a malwareProtectionPlanId.
+
+        :param scope: -
+        :param id: -
+        :param malware_protection_plan_id: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__2dc9250482abe101d6509cf926e75331c1ab605e103c4610913931bfc0ff5343)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+            check_type(argname="argument malware_protection_plan_id", value=malware_protection_plan_id, expected_type=type_hints["malware_protection_plan_id"])
+        return typing.cast(_IMalwareProtectionPlanRef_3cd61995, jsii.sinvoke(cls, "fromMalwareProtectionPlanId", [scope, id, malware_protection_plan_id]))
+
     @jsii.member(jsii_name="inspect")
     def inspect(self, inspector: _TreeInspector_488e0dd5) -> None:
         '''Examines the CloudFormation resource and discloses attributes.
@@ -2460,6 +2608,12 @@ class CfnMalwareProtectionPlan(
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
+    @builtins.property
+    @jsii.member(jsii_name="malwareProtectionPlanRef")
+    def malware_protection_plan_ref(self) -> _MalwareProtectionPlanReference_097f2811:
+        '''A reference to a MalwareProtectionPlan resource.'''
+        return typing.cast(_MalwareProtectionPlanReference_097f2811, jsii.get(self, "malwareProtectionPlanRef"))
+
     @builtins.property
     @jsii.member(jsii_name="protectedResource")
     def protected_resource(
@@ -3051,7 +3205,7 @@ class CfnMalwareProtectionPlanProps:
         )
 
 
-@jsii.implements(_IInspectable_c2943556)
+@jsii.implements(_IInspectable_c2943556, _IMasterRef_d397d01d)
 class CfnMaster(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
@@ -3089,7 +3243,8 @@ class CfnMaster(
         master_id: builtins.str,
         invitation_id: typing.Optional[builtins.str] = None,
     ) -> None:
-        '''
+        '''Create a new ``AWS::GuardDuty::Master``.
+
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param detector_id: The unique ID of the detector of the GuardDuty member account. To find the ``detectorId`` in the current Region, see the Settings page in the GuardDuty console, or run the `ListDetectors <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html>`_ API.
@@ -3141,6 +3296,12 @@ class CfnMaster(
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
+    @builtins.property
+    @jsii.member(jsii_name="masterRef")
+    def master_ref(self) -> _MasterReference_b6aabded:
+        '''A reference to a Master resource.'''
+        return typing.cast(_MasterReference_b6aabded, jsii.get(self, "masterRef"))
+
     @builtins.property
     @jsii.member(jsii_name="detectorId")
     def detector_id(self) -> builtins.str:
@@ -3279,7 +3440,7 @@ class CfnMasterProps:
         )
 
 
-@jsii.implements(_IInspectable_c2943556)
+@jsii.implements(_IInspectable_c2943556, _IMemberRef_63206ff9)
 class CfnMember(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
@@ -3323,7 +3484,8 @@ class CfnMember(
         message: typing.Optional[builtins.str] = None,
         status: typing.Optional[builtins.str] = None,
     ) -> None:
-        '''
+        '''Create a new ``AWS::GuardDuty::Member``.
+
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param email: The email address associated with the member account.
@@ -3383,6 +3545,12 @@ class CfnMember(
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
+    @builtins.property
+    @jsii.member(jsii_name="memberRef")
+    def member_ref(self) -> _MemberReference_cee728b6:
+        '''A reference to a Member resource.'''
+        return typing.cast(_MemberReference_cee728b6, jsii.get(self, "memberRef"))
+
     @builtins.property
     @jsii.member(jsii_name="email")
     def email(self) -> builtins.str:
@@ -3612,7 +3780,7 @@ class CfnMemberProps:
         )
 
 
-@jsii.implements(_IInspectable_c2943556, _ITaggableV2_4e6798f8)
+@jsii.implements(_IInspectable_c2943556, _IPublishingDestinationRef_4f811c6b, _ITaggableV2_4e6798f8)
 class CfnPublishingDestination(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
@@ -3660,7 +3828,8 @@ class CfnPublishingDestination(
         detector_id: builtins.str,
         tags: typing.Optional[typing.Sequence[typing.Union["CfnPublishingDestination.TagItemProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
-        '''
+        '''Create a new ``AWS::GuardDuty::PublishingDestination``.
+
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param destination_properties: Contains the Amazon Resource Name (ARN) of the resource to publish to, such as an S3 bucket, and the ARN of the KMS key to use to encrypt published findings.
@@ -3749,6 +3918,12 @@ class CfnPublishingDestination(
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
+    @builtins.property
+    @jsii.member(jsii_name="publishingDestinationRef")
+    def publishing_destination_ref(self) -> _PublishingDestinationReference_07aff059:
+        '''A reference to a PublishingDestination resource.'''
+        return typing.cast(_PublishingDestinationReference_07aff059, jsii.get(self, "publishingDestinationRef"))
+
     @builtins.property
     @jsii.member(jsii_name="destinationProperties")
     def destination_properties(
@@ -4069,18 +4244,20 @@ class CfnPublishingDestinationProps:
         )
 
 
-@jsii.implements(_IInspectable_c2943556, _ITaggable_36806126)
-class CfnThreatIntelSet(
+@jsii.implements(_IInspectable_c2943556, _IThreatEntitySetRef_9ec2a783, _ITaggableV2_4e6798f8)
+class CfnThreatEntitySet(
     _CfnResource_9df397a6,
     metaclass=jsii.JSIIMeta,
-    jsii_type="aws-cdk-lib.aws_guardduty.CfnThreatIntelSet",
+    jsii_type="aws-cdk-lib.aws_guardduty.CfnThreatEntitySet",
 ):
-    '''The ``AWS::GuardDuty::ThreatIntelSet`` resource specifies a new ``ThreatIntelSet`` .
+    '''The ``AWS::GuardDuty::ThreatEntitySet`` resource helps you create a list of known malicious IP addresses and domain names in your AWS environment.
 
-    A ``ThreatIntelSet`` consists of known malicious IP addresses. GuardDuty generates findings based on the ``ThreatIntelSet`` after it is activated.
+    Once you activate this list, GuardDuty will use the entries in this list as an additional source of threat detection and generate findings when there is an activity associated with these known malicious IP addresses and domain names. GuardDuty continues to monitor independently of this custom threat entity set.
 
-    :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html
-    :cloudformationResource: AWS::GuardDuty::ThreatIntelSet
+    Only the users of the GuardDuty administrator account can manage this list. These settings automatically apply to the member accounts.
+
+    :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatentityset.html
+    :cloudformationResource: AWS::GuardDuty::ThreatEntitySet
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -4089,15 +4266,16 @@ class CfnThreatIntelSet(
         # The values are placeholders you should change.
         from aws_cdk import aws_guardduty as guardduty
         
-        cfn_threat_intel_set = guardduty.CfnThreatIntelSet(self, "MyCfnThreatIntelSet",
+        cfn_threat_entity_set = guardduty.CfnThreatEntitySet(self, "MyCfnThreatEntitySet",
             format="format",
             location="location",
         
             # the properties below are optional
             activate=False,
             detector_id="detectorId",
+            expected_bucket_owner="expectedBucketOwner",
             name="name",
-            tags=[CfnTag(
+            tags=[guardduty.CfnThreatEntitySet.TagItemProperty(
                 key="key",
                 value="value"
             )]
@@ -4113,28 +4291,32 @@ class CfnThreatIntelSet(
         location: builtins.str,
         activate: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         detector_id: typing.Optional[builtins.str] = None,
+        expected_bucket_owner: typing.Optional[builtins.str] = None,
         name: typing.Optional[builtins.str] = None,
-        tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
+        tags: typing.Optional[typing.Sequence[typing.Union["CfnThreatEntitySet.TagItemProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
-        '''
+        '''Create a new ``AWS::GuardDuty::ThreatEntitySet``.
+
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param format: The format of the file that contains the ThreatIntelSet.
-        :param location: The URI of the file that contains the ThreatIntelSet.
-        :param activate: A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.
-        :param detector_id: The unique ID of the detector of the GuardDuty account for which you want to create a ``ThreatIntelSet`` . To find the ``detectorId`` in the current Region, see the Settings page in the GuardDuty console, or run the `ListDetectors <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html>`_ API.
-        :param name: A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.
-        :param tags: The tags to be added to a new threat list resource. Each tag consists of a key and an optional value, both of which you define. For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
+        :param format: The format of the file that contains the threat entity set. For information about supported formats, see `List formats <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload-lists.html#prepare_list>`_ in the *Amazon GuardDuty User Guide* .
+        :param location: The URI of the file that contains the threat entity set.
+        :param activate: A boolean value that determines if GuardDuty can start using this list for custom threat detection. For GuardDuty to consider the entries in this list and generate findings based on associated activity, this list must be active.
+        :param detector_id: The unique regional detector ID of the GuardDuty account for which you want to create a threat entity set. To find the ``detectorId`` in the current Region, see the Settings page in the GuardDuty console, or run the `ListDetectors <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html>`_ API.
+        :param expected_bucket_owner: The AWS account ID that owns the Amazon S3 bucket specified in the *Location* field. Whether or not you provide the account ID for this optional field, GuardDuty validates that the account ID associated with the ``DetectorId`` owns the S3 bucket in the ``Location`` field. If GuardDuty finds that this S3 bucket doesn't belong to the specified account ID, you will get an error at the time of activating this list.
+        :param name: The user-friendly name to identify the threat entity set. Valid characters are alphanumeric, whitespace, dash (-), and underscores (_).
+        :param tags: The tags to be added to a new threat entity set resource. Each tag consists of a key and an optional value, both of which you define. For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
         '''
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__e60035c0bc955afb794ee89f0439deae280bfec665014cbbd161f08566de73a7)
+            type_hints = typing.get_type_hints(_typecheckingstub__a633dbf3a335a1c89a81e2b20e0804a2398855b80b7f90aefcab3fcffd594ae2)
             check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
-        props = CfnThreatIntelSetProps(
+        props = CfnThreatEntitySetProps(
             format=format,
             location=location,
             activate=activate,
             detector_id=detector_id,
+            expected_bucket_owner=expected_bucket_owner,
             name=name,
             tags=tags,
         )
@@ -4148,7 +4330,7 @@ class CfnThreatIntelSet(
         :param inspector: tree inspector to collect and process attributes.
         '''
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__5d9a7dab9bf19d452d61d5fb4b5e80f876633f39a0cf5051e3a47e94c815073d)
+            type_hints = typing.get_type_hints(_typecheckingstub__1c32d5cebe463fb394e1de7987cf95ac14ed2d64bfb94244b7f53a5ae01e86fc)
             check_type(argname="argument inspector", value=inspector, expected_type=type_hints["inspector"])
         return typing.cast(None, jsii.invoke(self, "inspect", [inspector]))
 
@@ -4161,7 +4343,7 @@ class CfnThreatIntelSet(
         :param props: -
         '''
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__fa2f2572c41477f9f21703ec5b985dde17df361473f4b639cf51e738006da367)
+            type_hints = typing.get_type_hints(_typecheckingstub__4b473ab42cb6b4e41fbd30cc43368c741a796600957b905b8bd33b94ed1d9b19)
             check_type(argname="argument props", value=props, expected_type=type_hints["props"])
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.invoke(self, "renderProperties", [props]))
 
@@ -4171,49 +4353,93 @@ class CfnThreatIntelSet(
         '''The CloudFormation resource type name for this resource class.'''
         return typing.cast(builtins.str, jsii.sget(cls, "CFN_RESOURCE_TYPE_NAME"))
 
+    @builtins.property
+    @jsii.member(jsii_name="attrCreatedAt")
+    def attr_created_at(self) -> builtins.str:
+        '''The timestamp when the threat entity set was created.
+
+        :cloudformationAttribute: CreatedAt
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrCreatedAt"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrErrorDetails")
+    def attr_error_details(self) -> builtins.str:
+        '''The details associated with the *Error* status of your threat entity list.
+
+        :cloudformationAttribute: ErrorDetails
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrErrorDetails"))
+
     @builtins.property
     @jsii.member(jsii_name="attrId")
     def attr_id(self) -> builtins.str:
-        '''The unique ID of the ``threatIntelSet`` .
+        '''Returns the unique ID associated with the newly created threat entity set.
 
         :cloudformationAttribute: Id
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrId"))
 
+    @builtins.property
+    @jsii.member(jsii_name="attrStatus")
+    def attr_status(self) -> builtins.str:
+        '''The status of your ``ThreatEntitySet`` .
+
+        For information about valid status values, see `Understanding list statuses <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload-lists.html#guardduty-entity-list-statuses>`_ in the *Amazon GuardDuty User Guide* .
+
+        :cloudformationAttribute: Status
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrStatus"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrUpdatedAt")
+    def attr_updated_at(self) -> builtins.str:
+        '''The timestamp when the threat entity set was updated.
+
+        :cloudformationAttribute: UpdatedAt
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrUpdatedAt"))
+
+    @builtins.property
+    @jsii.member(jsii_name="cdkTagManager")
+    def cdk_tag_manager(self) -> _TagManager_0a598cb3:
+        '''Tag Manager which manages the tags for this resource.'''
+        return typing.cast(_TagManager_0a598cb3, jsii.get(self, "cdkTagManager"))
+
     @builtins.property
     @jsii.member(jsii_name="cfnProperties")
     def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
         return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
 
     @builtins.property
-    @jsii.member(jsii_name="tags")
-    def tags(self) -> _TagManager_0a598cb3:
-        '''Tag Manager which manages the tags for this resource.'''
-        return typing.cast(_TagManager_0a598cb3, jsii.get(self, "tags"))
+    @jsii.member(jsii_name="threatEntitySetRef")
+    def threat_entity_set_ref(self) -> _ThreatEntitySetReference_41072a7f:
+        '''A reference to a ThreatEntitySet resource.'''
+        return typing.cast(_ThreatEntitySetReference_41072a7f, jsii.get(self, "threatEntitySetRef"))
 
     @builtins.property
     @jsii.member(jsii_name="format")
     def format(self) -> builtins.str:
-        '''The format of the file that contains the ThreatIntelSet.'''
+        '''The format of the file that contains the threat entity set.'''
         return typing.cast(builtins.str, jsii.get(self, "format"))
 
     @format.setter
     def format(self, value: builtins.str) -> None:
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__df3e4ea6d2ecdcdcfdf57f71eb38574c54d5e2340fc6b41e3c5752d81380474b)
+            type_hints = typing.get_type_hints(_typecheckingstub__9bd1bb00f84d311b715627a92fb637272bd50eba86c2d16fa67691c6cc13b40b)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "format", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="location")
     def location(self) -> builtins.str:
-        '''The URI of the file that contains the ThreatIntelSet.'''
+        '''The URI of the file that contains the threat entity set.'''
         return typing.cast(builtins.str, jsii.get(self, "location"))
 
     @location.setter
     def location(self, value: builtins.str) -> None:
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__01b8f1e578ee008d23f829009bf45a0717efeb23dd3f85345a6c6203e181177a)
+            type_hints = typing.get_type_hints(_typecheckingstub__2309bb8657b4758bd1d620033861fc01383373882f360a452fe19c1513ef44e3)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "location", value) # pyright: ignore[reportArgumentType]
 
@@ -4222,7 +4448,7 @@ class CfnThreatIntelSet(
     def activate(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.'''
+        '''A boolean value that determines if GuardDuty can start using this list for custom threat detection.'''
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "activate"))
 
     @activate.setter
@@ -4231,63 +4457,152 @@ class CfnThreatIntelSet(
         value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
     ) -> None:
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__3660f9080839cb6141a3aaf57ad04008ebbf5e29b4ee2cf7c3bcbdb94c082285)
+            type_hints = typing.get_type_hints(_typecheckingstub__bdf2f505562fc426590d0aff2e1eca3a53df58abfd1e69b8495ac49ff3b42763)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "activate", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="detectorId")
     def detector_id(self) -> typing.Optional[builtins.str]:
-        '''The unique ID of the detector of the GuardDuty account for which you want to create a ``ThreatIntelSet`` .'''
+        '''The unique regional detector ID of the GuardDuty account for which you want to create a threat entity set.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "detectorId"))
 
     @detector_id.setter
     def detector_id(self, value: typing.Optional[builtins.str]) -> None:
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__6198953302f0959c3d25abb6f0063fb638c6abf44a125235eafb4937065091bb)
+            type_hints = typing.get_type_hints(_typecheckingstub__a97f7e1867e5a54a3b03a0d24bd5ec7ca8d6200145e83b0f34c562f5e83448ba)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "detectorId", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="expectedBucketOwner")
+    def expected_bucket_owner(self) -> typing.Optional[builtins.str]:
+        '''The AWS account ID that owns the Amazon S3 bucket specified in the *Location* field.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "expectedBucketOwner"))
+
+    @expected_bucket_owner.setter
+    def expected_bucket_owner(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__a7bd200e9cd51319cdc4298d4401a8a961a6af90f3ea47a9200a8820086e4278)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "expectedBucketOwner", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="name")
     def name(self) -> typing.Optional[builtins.str]:
-        '''A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.'''
+        '''The user-friendly name to identify the threat entity set.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "name"))
 
     @name.setter
     def name(self, value: typing.Optional[builtins.str]) -> None:
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__78860e52ab0e0d6681a85585054b7ed92f84696ec2b6a43bb90c609188bf36e6)
+            type_hints = typing.get_type_hints(_typecheckingstub__03df3be27a55c9923526c9497963c6527d389f1bb8ffed035526cc303afb8bd2)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "name", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
-    @jsii.member(jsii_name="tagsRaw")
-    def tags_raw(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''The tags to be added to a new threat list resource.'''
-        return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tagsRaw"))
+    @jsii.member(jsii_name="tags")
+    def tags(
+        self,
+    ) -> typing.Optional[typing.List["CfnThreatEntitySet.TagItemProperty"]]:
+        '''The tags to be added to a new threat entity set resource.'''
+        return typing.cast(typing.Optional[typing.List["CfnThreatEntitySet.TagItemProperty"]], jsii.get(self, "tags"))
 
-    @tags_raw.setter
-    def tags_raw(self, value: typing.Optional[typing.List[_CfnTag_f6864754]]) -> None:
+    @tags.setter
+    def tags(
+        self,
+        value: typing.Optional[typing.List["CfnThreatEntitySet.TagItemProperty"]],
+    ) -> None:
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__213606bb8c2a17afd6b75e6224d08fd34ab33f0ef606dcd3df99402aa81754e0)
+            type_hints = typing.get_type_hints(_typecheckingstub__fbaece4f1c2fc125ec3923bb0a3b4537f6091ab7f66da3db41faf4839aeb3931)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "tagsRaw", value) # pyright: ignore[reportArgumentType]
+        jsii.set(self, "tags", value) # pyright: ignore[reportArgumentType]
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_guardduty.CfnThreatEntitySet.TagItemProperty",
+        jsii_struct_bases=[],
+        name_mapping={"key": "key", "value": "value"},
+    )
+    class TagItemProperty:
+        def __init__(self, *, key: builtins.str, value: builtins.str) -> None:
+            '''Describes a tag.
+
+            For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
+
+            :param key: The tag key.
+            :param value: The tag value. This is optional.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-threatentityset-tagitem.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_guardduty as guardduty
+                
+                tag_item_property = guardduty.CfnThreatEntitySet.TagItemProperty(
+                    key="key",
+                    value="value"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__9bcb8d0f67c3b20709378a933f90454d6394d6f4608b78865e524eaaae71a082)
+                check_type(argname="argument key", value=key, expected_type=type_hints["key"])
+                check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "key": key,
+                "value": value,
+            }
+
+        @builtins.property
+        def key(self) -> builtins.str:
+            '''The tag key.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-threatentityset-tagitem.html#cfn-guardduty-threatentityset-tagitem-key
+            '''
+            result = self._values.get("key")
+            assert result is not None, "Required property 'key' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def value(self) -> builtins.str:
+            '''The tag value.
+
+            This is optional.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-threatentityset-tagitem.html#cfn-guardduty-threatentityset-tagitem-value
+            '''
+            result = self._values.get("value")
+            assert result is not None, "Required property 'value' is missing"
+            return typing.cast(builtins.str, result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "TagItemProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
 
 
 @jsii.data_type(
-    jsii_type="aws-cdk-lib.aws_guardduty.CfnThreatIntelSetProps",
+    jsii_type="aws-cdk-lib.aws_guardduty.CfnThreatEntitySetProps",
     jsii_struct_bases=[],
     name_mapping={
         "format": "format",
         "location": "location",
         "activate": "activate",
         "detector_id": "detectorId",
+        "expected_bucket_owner": "expectedBucketOwner",
         "name": "name",
         "tags": "tags",
     },
 )
-class CfnThreatIntelSetProps:
+class CfnThreatEntitySetProps:
     def __init__(
         self,
         *,
@@ -4295,19 +4610,21 @@ class CfnThreatIntelSetProps:
         location: builtins.str,
         activate: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         detector_id: typing.Optional[builtins.str] = None,
+        expected_bucket_owner: typing.Optional[builtins.str] = None,
         name: typing.Optional[builtins.str] = None,
-        tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
+        tags: typing.Optional[typing.Sequence[typing.Union[CfnThreatEntitySet.TagItemProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
-        '''Properties for defining a ``CfnThreatIntelSet``.
+        '''Properties for defining a ``CfnThreatEntitySet``.
 
-        :param format: The format of the file that contains the ThreatIntelSet.
-        :param location: The URI of the file that contains the ThreatIntelSet.
-        :param activate: A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.
-        :param detector_id: The unique ID of the detector of the GuardDuty account for which you want to create a ``ThreatIntelSet`` . To find the ``detectorId`` in the current Region, see the Settings page in the GuardDuty console, or run the `ListDetectors <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html>`_ API.
-        :param name: A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.
-        :param tags: The tags to be added to a new threat list resource. Each tag consists of a key and an optional value, both of which you define. For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
+        :param format: The format of the file that contains the threat entity set. For information about supported formats, see `List formats <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload-lists.html#prepare_list>`_ in the *Amazon GuardDuty User Guide* .
+        :param location: The URI of the file that contains the threat entity set.
+        :param activate: A boolean value that determines if GuardDuty can start using this list for custom threat detection. For GuardDuty to consider the entries in this list and generate findings based on associated activity, this list must be active.
+        :param detector_id: The unique regional detector ID of the GuardDuty account for which you want to create a threat entity set. To find the ``detectorId`` in the current Region, see the Settings page in the GuardDuty console, or run the `ListDetectors <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html>`_ API.
+        :param expected_bucket_owner: The AWS account ID that owns the Amazon S3 bucket specified in the *Location* field. Whether or not you provide the account ID for this optional field, GuardDuty validates that the account ID associated with the ``DetectorId`` owns the S3 bucket in the ``Location`` field. If GuardDuty finds that this S3 bucket doesn't belong to the specified account ID, you will get an error at the time of activating this list.
+        :param name: The user-friendly name to identify the threat entity set. Valid characters are alphanumeric, whitespace, dash (-), and underscores (_).
+        :param tags: The tags to be added to a new threat entity set resource. Each tag consists of a key and an optional value, both of which you define. For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
 
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatentityset.html
         :exampleMetadata: fixture=_generated
 
         Example::
@@ -4316,26 +4633,28 @@ class CfnThreatIntelSetProps:
             # The values are placeholders you should change.
             from aws_cdk import aws_guardduty as guardduty
             
-            cfn_threat_intel_set_props = guardduty.CfnThreatIntelSetProps(
+            cfn_threat_entity_set_props = guardduty.CfnThreatEntitySetProps(
                 format="format",
                 location="location",
             
                 # the properties below are optional
                 activate=False,
                 detector_id="detectorId",
+                expected_bucket_owner="expectedBucketOwner",
                 name="name",
-                tags=[CfnTag(
+                tags=[guardduty.CfnThreatEntitySet.TagItemProperty(
                     key="key",
                     value="value"
                 )]
             )
         '''
         if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__0a5d0bedab8c4fad4ab288ce5a467dbe6a4d07ef2947521b14162f1e7ac218a1)
+            type_hints = typing.get_type_hints(_typecheckingstub__adc8d4ad73863c00637d46455ebd458e48d6cb964a55dada4ed53522b2f348d3)
             check_type(argname="argument format", value=format, expected_type=type_hints["format"])
             check_type(argname="argument location", value=location, expected_type=type_hints["location"])
             check_type(argname="argument activate", value=activate, expected_type=type_hints["activate"])
             check_type(argname="argument detector_id", value=detector_id, expected_type=type_hints["detector_id"])
+            check_type(argname="argument expected_bucket_owner", value=expected_bucket_owner, expected_type=type_hints["expected_bucket_owner"])
             check_type(argname="argument name", value=name, expected_type=type_hints["name"])
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
@@ -4346,6 +4665,8 @@ class CfnThreatIntelSetProps:
             self._values["activate"] = activate
         if detector_id is not None:
             self._values["detector_id"] = detector_id
+        if expected_bucket_owner is not None:
+            self._values["expected_bucket_owner"] = expected_bucket_owner
         if name is not None:
             self._values["name"] = name
         if tags is not None:
@@ -4353,9 +4674,11 @@ class CfnThreatIntelSetProps:
 
     @builtins.property
     def format(self) -> builtins.str:
-        '''The format of the file that contains the ThreatIntelSet.
+        '''The format of the file that contains the threat entity set.
 
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-format
+        For information about supported formats, see `List formats <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload-lists.html#prepare_list>`_ in the *Amazon GuardDuty User Guide* .
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatentityset.html#cfn-guardduty-threatentityset-format
         '''
         result = self._values.get("format")
         assert result is not None, "Required property 'format' is missing"
@@ -4363,9 +4686,9 @@ class CfnThreatIntelSetProps:
 
     @builtins.property
     def location(self) -> builtins.str:
-        '''The URI of the file that contains the ThreatIntelSet.
+        '''The URI of the file that contains the threat entity set.
 
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-location
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatentityset.html#cfn-guardduty-threatentityset-location
         '''
         result = self._values.get("location")
         assert result is not None, "Required property 'location' is missing"
@@ -4375,46 +4698,60 @@ class CfnThreatIntelSetProps:
     def activate(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.
+        '''A boolean value that determines if GuardDuty can start using this list for custom threat detection.
 
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-activate
+        For GuardDuty to consider the entries in this list and generate findings based on associated activity, this list must be active.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatentityset.html#cfn-guardduty-threatentityset-activate
         '''
         result = self._values.get("activate")
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
 
     @builtins.property
     def detector_id(self) -> typing.Optional[builtins.str]:
-        '''The unique ID of the detector of the GuardDuty account for which you want to create a ``ThreatIntelSet`` .
+        '''The unique regional detector ID of the GuardDuty account for which you want to create a threat entity set.
 
-        To find the ``detectorId`` in the current Region, see the
-        Settings page in the GuardDuty console, or run the `ListDetectors <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html>`_ API.
+        To find the ``detectorId`` in the current Region, see the Settings page in the GuardDuty console, or run the `ListDetectors <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html>`_ API.
 
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-detectorid
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatentityset.html#cfn-guardduty-threatentityset-detectorid
         '''
         result = self._values.get("detector_id")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def expected_bucket_owner(self) -> typing.Optional[builtins.str]:
+        '''The AWS account ID that owns the Amazon S3 bucket specified in the *Location* field.
+
+        Whether or not you provide the account ID for this optional field, GuardDuty validates that the account ID associated with the ``DetectorId`` owns the S3 bucket in the ``Location`` field. If GuardDuty finds that this S3 bucket doesn't belong to the specified account ID, you will get an error at the time of activating this list.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatentityset.html#cfn-guardduty-threatentityset-expectedbucketowner
+        '''
+        result = self._values.get("expected_bucket_owner")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def name(self) -> typing.Optional[builtins.str]:
-        '''A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.
+        '''The user-friendly name to identify the threat entity set.
 
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-name
+        Valid characters are alphanumeric, whitespace, dash (-), and underscores (_).
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatentityset.html#cfn-guardduty-threatentityset-name
         '''
         result = self._values.get("name")
         return typing.cast(typing.Optional[builtins.str], result)
 
     @builtins.property
-    def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''The tags to be added to a new threat list resource.
+    def tags(self) -> typing.Optional[typing.List[CfnThreatEntitySet.TagItemProperty]]:
+        '''The tags to be added to a new threat entity set resource.
 
         Each tag consists of a key and an optional value, both of which you define.
 
         For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
 
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-tags
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatentityset.html#cfn-guardduty-threatentityset-tags
         '''
         result = self._values.get("tags")
-        return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], result)
+        return typing.cast(typing.Optional[typing.List[CfnThreatEntitySet.TagItemProperty]], result)
 
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
@@ -4423,30 +4760,963 @@ class CfnThreatIntelSetProps:
         return not (rhs == self)
 
     def __repr__(self) -> str:
-        return "CfnThreatIntelSetProps(%s)" % ", ".join(
+        return "CfnThreatEntitySetProps(%s)" % ", ".join(
             k + "=" + repr(v) for k, v in self._values.items()
         )
 
 
-__all__ = [
-    "CfnDetector",
-    "CfnDetectorProps",
-    "CfnFilter",
-    "CfnFilterProps",
-    "CfnIPSet",
-    "CfnIPSetProps",
-    "CfnMalwareProtectionPlan",
-    "CfnMalwareProtectionPlanProps",
-    "CfnMaster",
-    "CfnMasterProps",
-    "CfnMember",
-    "CfnMemberProps",
-    "CfnPublishingDestination",
-    "CfnPublishingDestinationProps",
-    "CfnThreatIntelSet",
-    "CfnThreatIntelSetProps",
-]
-
+@jsii.implements(_IInspectable_c2943556, _IThreatIntelSetRef_2efbbcb1, _ITaggable_36806126)
+class CfnThreatIntelSet(
+    _CfnResource_9df397a6,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_guardduty.CfnThreatIntelSet",
+):
+    '''The ``AWS::GuardDuty::ThreatIntelSet`` resource helps you create a list of known malicious IP addresses in your AWS environment.
+
+    Once you activate this list, GuardDuty will use list the entries in this list as an additional source for threat detection and generate findings when there is an activity associated with these known malicious IP addresses. GuardDuty continues to monitor independently of this custom threat intelligence set.
+
+    Only the users of the GuardDuty administrator account can manage this list. These settings automatically apply to the member accounts.
+
+    :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html
+    :cloudformationResource: AWS::GuardDuty::ThreatIntelSet
+    :exampleMetadata: fixture=_generated
+
+    Example::
+
+        # The code below shows an example of how to instantiate this type.
+        # The values are placeholders you should change.
+        from aws_cdk import aws_guardduty as guardduty
+        
+        cfn_threat_intel_set = guardduty.CfnThreatIntelSet(self, "MyCfnThreatIntelSet",
+            format="format",
+            location="location",
+        
+            # the properties below are optional
+            activate=False,
+            detector_id="detectorId",
+            expected_bucket_owner="expectedBucketOwner",
+            name="name",
+            tags=[CfnTag(
+                key="key",
+                value="value"
+            )]
+        )
+    '''
+
+    def __init__(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        format: builtins.str,
+        location: builtins.str,
+        activate: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+        detector_id: typing.Optional[builtins.str] = None,
+        expected_bucket_owner: typing.Optional[builtins.str] = None,
+        name: typing.Optional[builtins.str] = None,
+        tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
+    ) -> None:
+        '''Create a new ``AWS::GuardDuty::ThreatIntelSet``.
+
+        :param scope: Scope in which this resource is defined.
+        :param id: Construct identifier for this resource (unique in its scope).
+        :param format: The format of the file that contains the ``ThreatIntelSet`` . For information about supported formats, see `List formats <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload-lists.html#prepare_list>`_ in the *Amazon GuardDuty User Guide* .
+        :param location: The URI of the file that contains the ThreatIntelSet.
+        :param activate: A boolean value that determines if GuardDuty can start using this list for custom threat detection. For GuardDuty to be able to generate findings based on an activity associated with these entries, this list must be active.
+        :param detector_id: The unique ID of the detector of the GuardDuty account for which you want to create a ``threatIntelSet`` . To find the ``detectorId`` in the current Region, see the Settings page in the GuardDuty console, or run the `ListDetectors <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html>`_ API.
+        :param expected_bucket_owner: The AWS account ID that owns the Amazon S3 bucket specified in the *Location* field. When you provide this account ID, GuardDuty will validate that the S3 bucket belongs to this account. If you don't specify an account ID owner, GuardDuty doesn't perform any validation.
+        :param name: The user-friendly name to identify the ThreatIntelSet. The name of your list must be unique within an AWS account and Region. Valid characters are alphanumeric, whitespace, dash (-), and underscores (_).
+        :param tags: The tags to be added to a new threat entity set resource. Each tag consists of a key and an optional value, both of which you define. For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__e60035c0bc955afb794ee89f0439deae280bfec665014cbbd161f08566de73a7)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        props = CfnThreatIntelSetProps(
+            format=format,
+            location=location,
+            activate=activate,
+            detector_id=detector_id,
+            expected_bucket_owner=expected_bucket_owner,
+            name=name,
+            tags=tags,
+        )
+
+        jsii.create(self.__class__, self, [scope, id, props])
+
+    @jsii.member(jsii_name="inspect")
+    def inspect(self, inspector: _TreeInspector_488e0dd5) -> None:
+        '''Examines the CloudFormation resource and discloses attributes.
+
+        :param inspector: tree inspector to collect and process attributes.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__5d9a7dab9bf19d452d61d5fb4b5e80f876633f39a0cf5051e3a47e94c815073d)
+            check_type(argname="argument inspector", value=inspector, expected_type=type_hints["inspector"])
+        return typing.cast(None, jsii.invoke(self, "inspect", [inspector]))
+
+    @jsii.member(jsii_name="renderProperties")
+    def _render_properties(
+        self,
+        props: typing.Mapping[builtins.str, typing.Any],
+    ) -> typing.Mapping[builtins.str, typing.Any]:
+        '''
+        :param props: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__fa2f2572c41477f9f21703ec5b985dde17df361473f4b639cf51e738006da367)
+            check_type(argname="argument props", value=props, expected_type=type_hints["props"])
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.invoke(self, "renderProperties", [props]))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="CFN_RESOURCE_TYPE_NAME")
+    def CFN_RESOURCE_TYPE_NAME(cls) -> builtins.str:
+        '''The CloudFormation resource type name for this resource class.'''
+        return typing.cast(builtins.str, jsii.sget(cls, "CFN_RESOURCE_TYPE_NAME"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrId")
+    def attr_id(self) -> builtins.str:
+        '''The unique ID of the ``threatIntelSet`` .
+
+        :cloudformationAttribute: Id
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrId"))
+
+    @builtins.property
+    @jsii.member(jsii_name="cfnProperties")
+    def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
+
+    @builtins.property
+    @jsii.member(jsii_name="tags")
+    def tags(self) -> _TagManager_0a598cb3:
+        '''Tag Manager which manages the tags for this resource.'''
+        return typing.cast(_TagManager_0a598cb3, jsii.get(self, "tags"))
+
+    @builtins.property
+    @jsii.member(jsii_name="threatIntelSetRef")
+    def threat_intel_set_ref(self) -> _ThreatIntelSetReference_fb526e93:
+        '''A reference to a ThreatIntelSet resource.'''
+        return typing.cast(_ThreatIntelSetReference_fb526e93, jsii.get(self, "threatIntelSetRef"))
+
+    @builtins.property
+    @jsii.member(jsii_name="format")
+    def format(self) -> builtins.str:
+        '''The format of the file that contains the ``ThreatIntelSet`` .'''
+        return typing.cast(builtins.str, jsii.get(self, "format"))
+
+    @format.setter
+    def format(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__df3e4ea6d2ecdcdcfdf57f71eb38574c54d5e2340fc6b41e3c5752d81380474b)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "format", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="location")
+    def location(self) -> builtins.str:
+        '''The URI of the file that contains the ThreatIntelSet.'''
+        return typing.cast(builtins.str, jsii.get(self, "location"))
+
+    @location.setter
+    def location(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__01b8f1e578ee008d23f829009bf45a0717efeb23dd3f85345a6c6203e181177a)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "location", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="activate")
+    def activate(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        '''A boolean value that determines if GuardDuty can start using this list for custom threat detection.'''
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "activate"))
+
+    @activate.setter
+    def activate(
+        self,
+        value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__3660f9080839cb6141a3aaf57ad04008ebbf5e29b4ee2cf7c3bcbdb94c082285)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "activate", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="detectorId")
+    def detector_id(self) -> typing.Optional[builtins.str]:
+        '''The unique ID of the detector of the GuardDuty account for which you want to create a ``threatIntelSet`` .'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "detectorId"))
+
+    @detector_id.setter
+    def detector_id(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__6198953302f0959c3d25abb6f0063fb638c6abf44a125235eafb4937065091bb)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "detectorId", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="expectedBucketOwner")
+    def expected_bucket_owner(self) -> typing.Optional[builtins.str]:
+        '''The AWS account ID that owns the Amazon S3 bucket specified in the *Location* field.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "expectedBucketOwner"))
+
+    @expected_bucket_owner.setter
+    def expected_bucket_owner(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__45c0733c6c75c09ff089a9606f91e845cf362445012b247e68e83208c0a5aaee)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "expectedBucketOwner", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="name")
+    def name(self) -> typing.Optional[builtins.str]:
+        '''The user-friendly name to identify the ThreatIntelSet.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "name"))
+
+    @name.setter
+    def name(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__78860e52ab0e0d6681a85585054b7ed92f84696ec2b6a43bb90c609188bf36e6)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "name", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="tagsRaw")
+    def tags_raw(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
+        '''The tags to be added to a new threat entity set resource.'''
+        return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tagsRaw"))
+
+    @tags_raw.setter
+    def tags_raw(self, value: typing.Optional[typing.List[_CfnTag_f6864754]]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__213606bb8c2a17afd6b75e6224d08fd34ab33f0ef606dcd3df99402aa81754e0)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "tagsRaw", value) # pyright: ignore[reportArgumentType]
+
+
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_guardduty.CfnThreatIntelSetProps",
+    jsii_struct_bases=[],
+    name_mapping={
+        "format": "format",
+        "location": "location",
+        "activate": "activate",
+        "detector_id": "detectorId",
+        "expected_bucket_owner": "expectedBucketOwner",
+        "name": "name",
+        "tags": "tags",
+    },
+)
+class CfnThreatIntelSetProps:
+    def __init__(
+        self,
+        *,
+        format: builtins.str,
+        location: builtins.str,
+        activate: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+        detector_id: typing.Optional[builtins.str] = None,
+        expected_bucket_owner: typing.Optional[builtins.str] = None,
+        name: typing.Optional[builtins.str] = None,
+        tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
+    ) -> None:
+        '''Properties for defining a ``CfnThreatIntelSet``.
+
+        :param format: The format of the file that contains the ``ThreatIntelSet`` . For information about supported formats, see `List formats <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload-lists.html#prepare_list>`_ in the *Amazon GuardDuty User Guide* .
+        :param location: The URI of the file that contains the ThreatIntelSet.
+        :param activate: A boolean value that determines if GuardDuty can start using this list for custom threat detection. For GuardDuty to be able to generate findings based on an activity associated with these entries, this list must be active.
+        :param detector_id: The unique ID of the detector of the GuardDuty account for which you want to create a ``threatIntelSet`` . To find the ``detectorId`` in the current Region, see the Settings page in the GuardDuty console, or run the `ListDetectors <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html>`_ API.
+        :param expected_bucket_owner: The AWS account ID that owns the Amazon S3 bucket specified in the *Location* field. When you provide this account ID, GuardDuty will validate that the S3 bucket belongs to this account. If you don't specify an account ID owner, GuardDuty doesn't perform any validation.
+        :param name: The user-friendly name to identify the ThreatIntelSet. The name of your list must be unique within an AWS account and Region. Valid characters are alphanumeric, whitespace, dash (-), and underscores (_).
+        :param tags: The tags to be added to a new threat entity set resource. Each tag consists of a key and an optional value, both of which you define. For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html
+        :exampleMetadata: fixture=_generated
+
+        Example::
+
+            # The code below shows an example of how to instantiate this type.
+            # The values are placeholders you should change.
+            from aws_cdk import aws_guardduty as guardduty
+            
+            cfn_threat_intel_set_props = guardduty.CfnThreatIntelSetProps(
+                format="format",
+                location="location",
+            
+                # the properties below are optional
+                activate=False,
+                detector_id="detectorId",
+                expected_bucket_owner="expectedBucketOwner",
+                name="name",
+                tags=[CfnTag(
+                    key="key",
+                    value="value"
+                )]
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__0a5d0bedab8c4fad4ab288ce5a467dbe6a4d07ef2947521b14162f1e7ac218a1)
+            check_type(argname="argument format", value=format, expected_type=type_hints["format"])
+            check_type(argname="argument location", value=location, expected_type=type_hints["location"])
+            check_type(argname="argument activate", value=activate, expected_type=type_hints["activate"])
+            check_type(argname="argument detector_id", value=detector_id, expected_type=type_hints["detector_id"])
+            check_type(argname="argument expected_bucket_owner", value=expected_bucket_owner, expected_type=type_hints["expected_bucket_owner"])
+            check_type(argname="argument name", value=name, expected_type=type_hints["name"])
+            check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "format": format,
+            "location": location,
+        }
+        if activate is not None:
+            self._values["activate"] = activate
+        if detector_id is not None:
+            self._values["detector_id"] = detector_id
+        if expected_bucket_owner is not None:
+            self._values["expected_bucket_owner"] = expected_bucket_owner
+        if name is not None:
+            self._values["name"] = name
+        if tags is not None:
+            self._values["tags"] = tags
+
+    @builtins.property
+    def format(self) -> builtins.str:
+        '''The format of the file that contains the ``ThreatIntelSet`` .
+
+        For information about supported formats, see `List formats <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload-lists.html#prepare_list>`_ in the *Amazon GuardDuty User Guide* .
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-format
+        '''
+        result = self._values.get("format")
+        assert result is not None, "Required property 'format' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def location(self) -> builtins.str:
+        '''The URI of the file that contains the ThreatIntelSet.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-location
+        '''
+        result = self._values.get("location")
+        assert result is not None, "Required property 'location' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def activate(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        '''A boolean value that determines if GuardDuty can start using this list for custom threat detection.
+
+        For GuardDuty to be able to generate findings based on an activity associated with these entries, this list must be active.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-activate
+        '''
+        result = self._values.get("activate")
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
+
+    @builtins.property
+    def detector_id(self) -> typing.Optional[builtins.str]:
+        '''The unique ID of the detector of the GuardDuty account for which you want to create a ``threatIntelSet`` .
+
+        To find the ``detectorId`` in the current Region, see the
+        Settings page in the GuardDuty console, or run the `ListDetectors <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html>`_ API.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-detectorid
+        '''
+        result = self._values.get("detector_id")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def expected_bucket_owner(self) -> typing.Optional[builtins.str]:
+        '''The AWS account ID that owns the Amazon S3 bucket specified in the *Location* field.
+
+        When you provide this account ID, GuardDuty will validate that the S3 bucket belongs to this account. If you don't specify an account ID owner, GuardDuty doesn't perform any validation.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-expectedbucketowner
+        '''
+        result = self._values.get("expected_bucket_owner")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def name(self) -> typing.Optional[builtins.str]:
+        '''The user-friendly name to identify the ThreatIntelSet.
+
+        The name of your list must be unique within an AWS account and Region. Valid characters are alphanumeric, whitespace, dash (-), and underscores (_).
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-name
+        '''
+        result = self._values.get("name")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
+        '''The tags to be added to a new threat entity set resource.
+
+        Each tag consists of a key and an optional value, both of which you define.
+
+        For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-tags
+        '''
+        result = self._values.get("tags")
+        return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "CfnThreatIntelSetProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
+@jsii.implements(_IInspectable_c2943556, _ITrustedEntitySetRef_bc546ba3, _ITaggableV2_4e6798f8)
+class CfnTrustedEntitySet(
+    _CfnResource_9df397a6,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_guardduty.CfnTrustedEntitySet",
+):
+    '''Creates a new trusted entity set.
+
+    In the trusted entity set, you can provide IP addresses and domains that you believe are secure for communication in your AWS environment. GuardDuty will not generate findings for the entries that are specified in a trusted entity set. At any given time, you can have only one trusted entity set.
+
+    Only users of the administrator account can manage the entity sets, which automatically apply to member accounts.
+
+    :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-trustedentityset.html
+    :cloudformationResource: AWS::GuardDuty::TrustedEntitySet
+    :exampleMetadata: fixture=_generated
+
+    Example::
+
+        # The code below shows an example of how to instantiate this type.
+        # The values are placeholders you should change.
+        from aws_cdk import aws_guardduty as guardduty
+        
+        cfn_trusted_entity_set = guardduty.CfnTrustedEntitySet(self, "MyCfnTrustedEntitySet",
+            format="format",
+            location="location",
+        
+            # the properties below are optional
+            activate=False,
+            detector_id="detectorId",
+            expected_bucket_owner="expectedBucketOwner",
+            name="name",
+            tags=[guardduty.CfnTrustedEntitySet.TagItemProperty(
+                key="key",
+                value="value"
+            )]
+        )
+    '''
+
+    def __init__(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        format: builtins.str,
+        location: builtins.str,
+        activate: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+        detector_id: typing.Optional[builtins.str] = None,
+        expected_bucket_owner: typing.Optional[builtins.str] = None,
+        name: typing.Optional[builtins.str] = None,
+        tags: typing.Optional[typing.Sequence[typing.Union["CfnTrustedEntitySet.TagItemProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
+    ) -> None:
+        '''Create a new ``AWS::GuardDuty::TrustedEntitySet``.
+
+        :param scope: Scope in which this resource is defined.
+        :param id: Construct identifier for this resource (unique in its scope).
+        :param format: The format of the file that contains the trusted entity set. For information about supported formats, see `List formats <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload-lists.html#prepare_list>`_ in the *Amazon GuardDuty User Guide* .
+        :param location: The URI of the file that contains the trusted entity set.
+        :param activate: A boolean value that determines if GuardDuty can start using this list for custom threat detection. For GuardDuty to prevent generating findings based on an activity associated with these entries, this list must be active.
+        :param detector_id: The unique regional detector ID of the GuardDuty account for which you want to create a trusted entity set. To find the ``detectorId`` in the current Region, see the Settings page in the GuardDuty console, or run the `ListDetectors <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html>`_ API.
+        :param expected_bucket_owner: The AWS account ID that owns the Amazon S3 bucket specified in the *Location* field. Whether or not you provide the account ID for this optional field, GuardDuty validates that the account ID associated with the ``DetectorId`` value owns the S3 bucket in the ``Location`` field. If GuardDuty finds that this S3 bucket doesn't belong to the specified account ID, you will get an error at the time of activating this list.
+        :param name: A user-friendly name to identify the trusted entity set. Valid characters include lowercase letters, uppercase letters, numbers, dash(-), and underscore (_).
+        :param tags: The tags to be added to a new trusted entity set resource. Each tag consists of a key and an optional value, both of which you define. For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__f97ca040c13911b4ef646900134e880ef92baa555cc7ae3a3f589a5b783d6bdd)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        props = CfnTrustedEntitySetProps(
+            format=format,
+            location=location,
+            activate=activate,
+            detector_id=detector_id,
+            expected_bucket_owner=expected_bucket_owner,
+            name=name,
+            tags=tags,
+        )
+
+        jsii.create(self.__class__, self, [scope, id, props])
+
+    @jsii.member(jsii_name="inspect")
+    def inspect(self, inspector: _TreeInspector_488e0dd5) -> None:
+        '''Examines the CloudFormation resource and discloses attributes.
+
+        :param inspector: tree inspector to collect and process attributes.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__f85867f300862bdc19c810d7170de8926f6bfa348b3b9b7637ca7d82c91ca639)
+            check_type(argname="argument inspector", value=inspector, expected_type=type_hints["inspector"])
+        return typing.cast(None, jsii.invoke(self, "inspect", [inspector]))
+
+    @jsii.member(jsii_name="renderProperties")
+    def _render_properties(
+        self,
+        props: typing.Mapping[builtins.str, typing.Any],
+    ) -> typing.Mapping[builtins.str, typing.Any]:
+        '''
+        :param props: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__0655ff4592955f2b692a51501ca73340533b66fea6a2af184a48abc64610afdc)
+            check_type(argname="argument props", value=props, expected_type=type_hints["props"])
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.invoke(self, "renderProperties", [props]))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="CFN_RESOURCE_TYPE_NAME")
+    def CFN_RESOURCE_TYPE_NAME(cls) -> builtins.str:
+        '''The CloudFormation resource type name for this resource class.'''
+        return typing.cast(builtins.str, jsii.sget(cls, "CFN_RESOURCE_TYPE_NAME"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrCreatedAt")
+    def attr_created_at(self) -> builtins.str:
+        '''The timestamp when the trusted entity set was created.
+
+        :cloudformationAttribute: CreatedAt
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrCreatedAt"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrErrorDetails")
+    def attr_error_details(self) -> builtins.str:
+        '''Specifies the error details when the status of the trusted entity set shows as *Error* .
+
+        :cloudformationAttribute: ErrorDetails
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrErrorDetails"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrId")
+    def attr_id(self) -> builtins.str:
+        '''
+        :cloudformationAttribute: Id
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrId"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrStatus")
+    def attr_status(self) -> builtins.str:
+        '''The status of your ``TrustedEntitySet`` .
+
+        For information about valid status values, see `Understanding list statuses <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload-lists.html#guardduty-entity-list-statuses>`_ in the *Amazon GuardDuty User Guide* .
+
+        :cloudformationAttribute: Status
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrStatus"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrUpdatedAt")
+    def attr_updated_at(self) -> builtins.str:
+        '''The timestamp when the trusted entity set was updated.
+
+        :cloudformationAttribute: UpdatedAt
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrUpdatedAt"))
+
+    @builtins.property
+    @jsii.member(jsii_name="cdkTagManager")
+    def cdk_tag_manager(self) -> _TagManager_0a598cb3:
+        '''Tag Manager which manages the tags for this resource.'''
+        return typing.cast(_TagManager_0a598cb3, jsii.get(self, "cdkTagManager"))
+
+    @builtins.property
+    @jsii.member(jsii_name="cfnProperties")
+    def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
+
+    @builtins.property
+    @jsii.member(jsii_name="trustedEntitySetRef")
+    def trusted_entity_set_ref(self) -> _TrustedEntitySetReference_ed75751f:
+        '''A reference to a TrustedEntitySet resource.'''
+        return typing.cast(_TrustedEntitySetReference_ed75751f, jsii.get(self, "trustedEntitySetRef"))
+
+    @builtins.property
+    @jsii.member(jsii_name="format")
+    def format(self) -> builtins.str:
+        '''The format of the file that contains the trusted entity set.'''
+        return typing.cast(builtins.str, jsii.get(self, "format"))
+
+    @format.setter
+    def format(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__3f59ae26c1cd9cfdc43b89ee8cb5d6b984a93181052f1593fd7aec0dc07a1f2a)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "format", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="location")
+    def location(self) -> builtins.str:
+        '''The URI of the file that contains the trusted entity set.'''
+        return typing.cast(builtins.str, jsii.get(self, "location"))
+
+    @location.setter
+    def location(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__bcd25b55717469a06d21cea3ebb5a2ebf71c8c12f4cbe767468b1229bc75b1d6)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "location", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="activate")
+    def activate(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        '''A boolean value that determines if GuardDuty can start using this list for custom threat detection.'''
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "activate"))
+
+    @activate.setter
+    def activate(
+        self,
+        value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__fcb17f7765a352c56401cef5289d093d9eeec88b494b555090ed231a335472a8)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "activate", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="detectorId")
+    def detector_id(self) -> typing.Optional[builtins.str]:
+        '''The unique regional detector ID of the GuardDuty account for which you want to create a trusted entity set.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "detectorId"))
+
+    @detector_id.setter
+    def detector_id(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__636e61a3a1c928a11a4066ee35f6bd92c4e7d47c477e0cd77a1425f7de881ecf)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "detectorId", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="expectedBucketOwner")
+    def expected_bucket_owner(self) -> typing.Optional[builtins.str]:
+        '''The AWS account ID that owns the Amazon S3 bucket specified in the *Location* field.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "expectedBucketOwner"))
+
+    @expected_bucket_owner.setter
+    def expected_bucket_owner(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__2a30865cdc288b85a7993b1a2560d8b3fc83c414826a40802fd4657ae5addfe4)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "expectedBucketOwner", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="name")
+    def name(self) -> typing.Optional[builtins.str]:
+        '''A user-friendly name to identify the trusted entity set.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "name"))
+
+    @name.setter
+    def name(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__52b7aaed8e52f7e5b8652ad3132eee56ee0c858468ce1c9df82ddffa47a56714)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "name", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="tags")
+    def tags(
+        self,
+    ) -> typing.Optional[typing.List["CfnTrustedEntitySet.TagItemProperty"]]:
+        '''The tags to be added to a new trusted entity set resource.'''
+        return typing.cast(typing.Optional[typing.List["CfnTrustedEntitySet.TagItemProperty"]], jsii.get(self, "tags"))
+
+    @tags.setter
+    def tags(
+        self,
+        value: typing.Optional[typing.List["CfnTrustedEntitySet.TagItemProperty"]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__99d5ac870e6a4e9a44e3854050f1d9a604df1353c4102d42a55b690097b0396c)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "tags", value) # pyright: ignore[reportArgumentType]
+
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_guardduty.CfnTrustedEntitySet.TagItemProperty",
+        jsii_struct_bases=[],
+        name_mapping={"key": "key", "value": "value"},
+    )
+    class TagItemProperty:
+        def __init__(self, *, key: builtins.str, value: builtins.str) -> None:
+            '''Describes a tag.
+
+            For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
+
+            :param key: The tag key.
+            :param value: The tag value. This is optional.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-trustedentityset-tagitem.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_guardduty as guardduty
+                
+                tag_item_property = guardduty.CfnTrustedEntitySet.TagItemProperty(
+                    key="key",
+                    value="value"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__a1c81f11cd29394c009789b30463ba1931458f7dde6533e82b4d108b5890ccb6)
+                check_type(argname="argument key", value=key, expected_type=type_hints["key"])
+                check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "key": key,
+                "value": value,
+            }
+
+        @builtins.property
+        def key(self) -> builtins.str:
+            '''The tag key.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-trustedentityset-tagitem.html#cfn-guardduty-trustedentityset-tagitem-key
+            '''
+            result = self._values.get("key")
+            assert result is not None, "Required property 'key' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def value(self) -> builtins.str:
+            '''The tag value.
+
+            This is optional.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-trustedentityset-tagitem.html#cfn-guardduty-trustedentityset-tagitem-value
+            '''
+            result = self._values.get("value")
+            assert result is not None, "Required property 'value' is missing"
+            return typing.cast(builtins.str, result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "TagItemProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
+
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_guardduty.CfnTrustedEntitySetProps",
+    jsii_struct_bases=[],
+    name_mapping={
+        "format": "format",
+        "location": "location",
+        "activate": "activate",
+        "detector_id": "detectorId",
+        "expected_bucket_owner": "expectedBucketOwner",
+        "name": "name",
+        "tags": "tags",
+    },
+)
+class CfnTrustedEntitySetProps:
+    def __init__(
+        self,
+        *,
+        format: builtins.str,
+        location: builtins.str,
+        activate: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+        detector_id: typing.Optional[builtins.str] = None,
+        expected_bucket_owner: typing.Optional[builtins.str] = None,
+        name: typing.Optional[builtins.str] = None,
+        tags: typing.Optional[typing.Sequence[typing.Union[CfnTrustedEntitySet.TagItemProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+    ) -> None:
+        '''Properties for defining a ``CfnTrustedEntitySet``.
+
+        :param format: The format of the file that contains the trusted entity set. For information about supported formats, see `List formats <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload-lists.html#prepare_list>`_ in the *Amazon GuardDuty User Guide* .
+        :param location: The URI of the file that contains the trusted entity set.
+        :param activate: A boolean value that determines if GuardDuty can start using this list for custom threat detection. For GuardDuty to prevent generating findings based on an activity associated with these entries, this list must be active.
+        :param detector_id: The unique regional detector ID of the GuardDuty account for which you want to create a trusted entity set. To find the ``detectorId`` in the current Region, see the Settings page in the GuardDuty console, or run the `ListDetectors <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html>`_ API.
+        :param expected_bucket_owner: The AWS account ID that owns the Amazon S3 bucket specified in the *Location* field. Whether or not you provide the account ID for this optional field, GuardDuty validates that the account ID associated with the ``DetectorId`` value owns the S3 bucket in the ``Location`` field. If GuardDuty finds that this S3 bucket doesn't belong to the specified account ID, you will get an error at the time of activating this list.
+        :param name: A user-friendly name to identify the trusted entity set. Valid characters include lowercase letters, uppercase letters, numbers, dash(-), and underscore (_).
+        :param tags: The tags to be added to a new trusted entity set resource. Each tag consists of a key and an optional value, both of which you define. For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-trustedentityset.html
+        :exampleMetadata: fixture=_generated
+
+        Example::
+
+            # The code below shows an example of how to instantiate this type.
+            # The values are placeholders you should change.
+            from aws_cdk import aws_guardduty as guardduty
+            
+            cfn_trusted_entity_set_props = guardduty.CfnTrustedEntitySetProps(
+                format="format",
+                location="location",
+            
+                # the properties below are optional
+                activate=False,
+                detector_id="detectorId",
+                expected_bucket_owner="expectedBucketOwner",
+                name="name",
+                tags=[guardduty.CfnTrustedEntitySet.TagItemProperty(
+                    key="key",
+                    value="value"
+                )]
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__00765e3940374511fc72a70d3a0ae2969dd9c1bda5e42af5ac72c84b1ecc9735)
+            check_type(argname="argument format", value=format, expected_type=type_hints["format"])
+            check_type(argname="argument location", value=location, expected_type=type_hints["location"])
+            check_type(argname="argument activate", value=activate, expected_type=type_hints["activate"])
+            check_type(argname="argument detector_id", value=detector_id, expected_type=type_hints["detector_id"])
+            check_type(argname="argument expected_bucket_owner", value=expected_bucket_owner, expected_type=type_hints["expected_bucket_owner"])
+            check_type(argname="argument name", value=name, expected_type=type_hints["name"])
+            check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "format": format,
+            "location": location,
+        }
+        if activate is not None:
+            self._values["activate"] = activate
+        if detector_id is not None:
+            self._values["detector_id"] = detector_id
+        if expected_bucket_owner is not None:
+            self._values["expected_bucket_owner"] = expected_bucket_owner
+        if name is not None:
+            self._values["name"] = name
+        if tags is not None:
+            self._values["tags"] = tags
+
+    @builtins.property
+    def format(self) -> builtins.str:
+        '''The format of the file that contains the trusted entity set.
+
+        For information about supported formats, see `List formats <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload-lists.html#prepare_list>`_ in the *Amazon GuardDuty User Guide* .
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-trustedentityset.html#cfn-guardduty-trustedentityset-format
+        '''
+        result = self._values.get("format")
+        assert result is not None, "Required property 'format' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def location(self) -> builtins.str:
+        '''The URI of the file that contains the trusted entity set.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-trustedentityset.html#cfn-guardduty-trustedentityset-location
+        '''
+        result = self._values.get("location")
+        assert result is not None, "Required property 'location' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def activate(
+        self,
+    ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        '''A boolean value that determines if GuardDuty can start using this list for custom threat detection.
+
+        For GuardDuty to prevent generating findings based on an activity associated with these entries, this list must be active.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-trustedentityset.html#cfn-guardduty-trustedentityset-activate
+        '''
+        result = self._values.get("activate")
+        return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
+
+    @builtins.property
+    def detector_id(self) -> typing.Optional[builtins.str]:
+        '''The unique regional detector ID of the GuardDuty account for which you want to create a trusted entity set.
+
+        To find the ``detectorId`` in the current Region, see the Settings page in the GuardDuty console, or run the `ListDetectors <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html>`_ API.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-trustedentityset.html#cfn-guardduty-trustedentityset-detectorid
+        '''
+        result = self._values.get("detector_id")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def expected_bucket_owner(self) -> typing.Optional[builtins.str]:
+        '''The AWS account ID that owns the Amazon S3 bucket specified in the *Location* field.
+
+        Whether or not you provide the account ID for this optional field, GuardDuty validates that the account ID associated with the ``DetectorId`` value owns the S3 bucket in the ``Location`` field. If GuardDuty finds that this S3 bucket doesn't belong to the specified account ID, you will get an error at the time of activating this list.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-trustedentityset.html#cfn-guardduty-trustedentityset-expectedbucketowner
+        '''
+        result = self._values.get("expected_bucket_owner")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def name(self) -> typing.Optional[builtins.str]:
+        '''A user-friendly name to identify the trusted entity set.
+
+        Valid characters include lowercase letters, uppercase letters, numbers, dash(-), and underscore (_).
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-trustedentityset.html#cfn-guardduty-trustedentityset-name
+        '''
+        result = self._values.get("name")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def tags(self) -> typing.Optional[typing.List[CfnTrustedEntitySet.TagItemProperty]]:
+        '''The tags to be added to a new trusted entity set resource.
+
+        Each tag consists of a key and an optional value, both of which you define.
+
+        For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-trustedentityset.html#cfn-guardduty-trustedentityset-tags
+        '''
+        result = self._values.get("tags")
+        return typing.cast(typing.Optional[typing.List[CfnTrustedEntitySet.TagItemProperty]], result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "CfnTrustedEntitySetProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
+__all__ = [
+    "CfnDetector",
+    "CfnDetectorProps",
+    "CfnFilter",
+    "CfnFilterProps",
+    "CfnIPSet",
+    "CfnIPSetProps",
+    "CfnMalwareProtectionPlan",
+    "CfnMalwareProtectionPlanProps",
+    "CfnMaster",
+    "CfnMasterProps",
+    "CfnMember",
+    "CfnMemberProps",
+    "CfnPublishingDestination",
+    "CfnPublishingDestinationProps",
+    "CfnThreatEntitySet",
+    "CfnThreatEntitySetProps",
+    "CfnThreatIntelSet",
+    "CfnThreatIntelSetProps",
+    "CfnTrustedEntitySet",
+    "CfnTrustedEntitySetProps",
+]
+
 publication.publish()
 
 def _typecheckingstub__d4374e73b5cd2e2814bd72eb21f29547df6146e023d23ee6d5c8c8cdb4439473(
@@ -4462,6 +5732,14 @@ def _typecheckingstub__d4374e73b5cd2e2814bd72eb21f29547df6146e023d23ee6d5c8c8cdb
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__3c713ff5c3d63d8b0298c515dac65b7f9b853cb55d0ab5db4ed3060bd60413f3(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    detector_id: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__4cd13133d47f23bb91dcc2e425b360777bcd306422761af023eb8654fdc89892(
     inspector: _TreeInspector_488e0dd5,
 ) -> None:
@@ -4700,6 +5978,7 @@ def _typecheckingstub__b0c6fd2cb08b5267e6265af6fae1a30df065b4b25dc1d6d684eec9f9b
     location: builtins.str,
     activate: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     detector_id: typing.Optional[builtins.str] = None,
+    expected_bucket_owner: typing.Optional[builtins.str] = None,
     name: typing.Optional[builtins.str] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
@@ -4742,6 +6021,12 @@ def _typecheckingstub__1aa4bf6ad59c1223085a10fc5ece87e88253a83036d5b0e3947792ffc
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__9191409994fec537ce4d4e8e40256113b2937c7a1bb90b2f14b71998143f9810(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__0128f966eac1a136f141aedcb397b96308a170e31f1d45176a39160ebf5a7a8f(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -4760,6 +6045,7 @@ def _typecheckingstub__f47aa340c89b95bf1878c9cb7463920b568c23940ad283e6f2c2bb481
     location: builtins.str,
     activate: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     detector_id: typing.Optional[builtins.str] = None,
+    expected_bucket_owner: typing.Optional[builtins.str] = None,
     name: typing.Optional[builtins.str] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
@@ -4778,6 +6064,22 @@ def _typecheckingstub__00ef930fce1d868abb00d70b721805e86a6ec1fb82c9df9f9974877a5
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__9beb0e4b705cb1315021d1597ad3a8ef8f98d51f345baa42f6587d45977f630f(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    arn: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__2dc9250482abe101d6509cf926e75331c1ab605e103c4610913931bfc0ff5343(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    malware_protection_plan_id: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__f305bc4bdb4472c75f91bda6264efa88f5fca08c3003eadba070f5026ad64459(
     inspector: _TreeInspector_488e0dd5,
 ) -> None:
@@ -5067,6 +6369,96 @@ def _typecheckingstub__5035cd8908ac8fcff142733ecf98576b3480f30c7c0fd250caa41a83b
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__a633dbf3a335a1c89a81e2b20e0804a2398855b80b7f90aefcab3fcffd594ae2(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    format: builtins.str,
+    location: builtins.str,
+    activate: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+    detector_id: typing.Optional[builtins.str] = None,
+    expected_bucket_owner: typing.Optional[builtins.str] = None,
+    name: typing.Optional[builtins.str] = None,
+    tags: typing.Optional[typing.Sequence[typing.Union[CfnThreatEntitySet.TagItemProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__1c32d5cebe463fb394e1de7987cf95ac14ed2d64bfb94244b7f53a5ae01e86fc(
+    inspector: _TreeInspector_488e0dd5,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__4b473ab42cb6b4e41fbd30cc43368c741a796600957b905b8bd33b94ed1d9b19(
+    props: typing.Mapping[builtins.str, typing.Any],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__9bd1bb00f84d311b715627a92fb637272bd50eba86c2d16fa67691c6cc13b40b(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__2309bb8657b4758bd1d620033861fc01383373882f360a452fe19c1513ef44e3(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__bdf2f505562fc426590d0aff2e1eca3a53df58abfd1e69b8495ac49ff3b42763(
+    value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__a97f7e1867e5a54a3b03a0d24bd5ec7ca8d6200145e83b0f34c562f5e83448ba(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__a7bd200e9cd51319cdc4298d4401a8a961a6af90f3ea47a9200a8820086e4278(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__03df3be27a55c9923526c9497963c6527d389f1bb8ffed035526cc303afb8bd2(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__fbaece4f1c2fc125ec3923bb0a3b4537f6091ab7f66da3db41faf4839aeb3931(
+    value: typing.Optional[typing.List[CfnThreatEntitySet.TagItemProperty]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__9bcb8d0f67c3b20709378a933f90454d6394d6f4608b78865e524eaaae71a082(
+    *,
+    key: builtins.str,
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__adc8d4ad73863c00637d46455ebd458e48d6cb964a55dada4ed53522b2f348d3(
+    *,
+    format: builtins.str,
+    location: builtins.str,
+    activate: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+    detector_id: typing.Optional[builtins.str] = None,
+    expected_bucket_owner: typing.Optional[builtins.str] = None,
+    name: typing.Optional[builtins.str] = None,
+    tags: typing.Optional[typing.Sequence[typing.Union[CfnThreatEntitySet.TagItemProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__e60035c0bc955afb794ee89f0439deae280bfec665014cbbd161f08566de73a7(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
@@ -5075,6 +6467,7 @@ def _typecheckingstub__e60035c0bc955afb794ee89f0439deae280bfec665014cbbd161f0856
     location: builtins.str,
     activate: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     detector_id: typing.Optional[builtins.str] = None,
+    expected_bucket_owner: typing.Optional[builtins.str] = None,
     name: typing.Optional[builtins.str] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
@@ -5117,6 +6510,12 @@ def _typecheckingstub__6198953302f0959c3d25abb6f0063fb638c6abf44a125235eafb49370
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__45c0733c6c75c09ff089a9606f91e845cf362445012b247e68e83208c0a5aaee(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__78860e52ab0e0d6681a85585054b7ed92f84696ec2b6a43bb90c609188bf36e6(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -5135,8 +6534,99 @@ def _typecheckingstub__0a5d0bedab8c4fad4ab288ce5a467dbe6a4d07ef2947521b14162f1e7
     location: builtins.str,
     activate: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     detector_id: typing.Optional[builtins.str] = None,
+    expected_bucket_owner: typing.Optional[builtins.str] = None,
     name: typing.Optional[builtins.str] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""
     pass
+
+def _typecheckingstub__f97ca040c13911b4ef646900134e880ef92baa555cc7ae3a3f589a5b783d6bdd(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    format: builtins.str,
+    location: builtins.str,
+    activate: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+    detector_id: typing.Optional[builtins.str] = None,
+    expected_bucket_owner: typing.Optional[builtins.str] = None,
+    name: typing.Optional[builtins.str] = None,
+    tags: typing.Optional[typing.Sequence[typing.Union[CfnTrustedEntitySet.TagItemProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__f85867f300862bdc19c810d7170de8926f6bfa348b3b9b7637ca7d82c91ca639(
+    inspector: _TreeInspector_488e0dd5,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__0655ff4592955f2b692a51501ca73340533b66fea6a2af184a48abc64610afdc(
+    props: typing.Mapping[builtins.str, typing.Any],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__3f59ae26c1cd9cfdc43b89ee8cb5d6b984a93181052f1593fd7aec0dc07a1f2a(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__bcd25b55717469a06d21cea3ebb5a2ebf71c8c12f4cbe767468b1229bc75b1d6(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__fcb17f7765a352c56401cef5289d093d9eeec88b494b555090ed231a335472a8(
+    value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__636e61a3a1c928a11a4066ee35f6bd92c4e7d47c477e0cd77a1425f7de881ecf(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__2a30865cdc288b85a7993b1a2560d8b3fc83c414826a40802fd4657ae5addfe4(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__52b7aaed8e52f7e5b8652ad3132eee56ee0c858468ce1c9df82ddffa47a56714(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__99d5ac870e6a4e9a44e3854050f1d9a604df1353c4102d42a55b690097b0396c(
+    value: typing.Optional[typing.List[CfnTrustedEntitySet.TagItemProperty]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__a1c81f11cd29394c009789b30463ba1931458f7dde6533e82b4d108b5890ccb6(
+    *,
+    key: builtins.str,
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__00765e3940374511fc72a70d3a0ae2969dd9c1bda5e42af5ac72c84b1ecc9735(
+    *,
+    format: builtins.str,
+    location: builtins.str,
+    activate: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+    detector_id: typing.Optional[builtins.str] = None,
+    expected_bucket_owner: typing.Optional[builtins.str] = None,
+    name: typing.Optional[builtins.str] = None,
+    tags: typing.Optional[typing.Sequence[typing.Union[CfnTrustedEntitySet.TagItemProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass