aws-cdk-lib 2.201.0__py3-none-any.whl → 2.202.0__py3-none-any.whl

aws_cdk/aws_msk/__init__.py

@@ -843,7 +843,7 @@ class CfnCluster(
             '''Describes the setup to be used for the broker nodes in the cluster.
 
             :param client_subnets: The list of subnets to connect to in the client virtual private cloud (VPC). Amazon creates elastic network interfaces (ENIs) inside these subnets. Client applications use ENIs to produce and consume data. If you use the US West (N. California) Region, specify exactly two subnets. For other Regions where Amazon MSK is available, you can specify either two or three subnets. The subnets that you specify must be in distinct Availability Zones. When you create a cluster, Amazon MSK distributes the broker nodes evenly across the subnets that you specify. Client subnets can't occupy the Availability Zone with ID ``use1-az3`` .
-            :param instance_type: The type of Amazon EC2 instances to use for brokers. The following instance types are allowed: kafka.m5.large, kafka.m5.xlarge, kafka.m5.2xlarge, kafka.m5.4xlarge, kafka.m5.8xlarge, kafka.m5.12xlarge, kafka.m5.16xlarge, kafka.m5.24xlarge, and kafka.t3.small.
+            :param instance_type: The type of Amazon EC2 instances to use for brokers. Depending on the `broker type <https://docs.aws.amazon.com/msk/latest/developerguide/broker-instance-types.html>`_ , Amazon MSK supports the following broker sizes: *Standard broker sizes* - kafka.t3.small .. epigraph:: You can't select the kafka.t3.small instance type when the metadata mode is KRaft. - kafka.m5.large, kafka.m5.xlarge, kafka.m5.2xlarge, kafka.m5.4xlarge, kafka.m5.8xlarge, kafka.m5.12xlarge, kafka.m5.16xlarge, kafka.m5.24xlarge - kafka.m7g.large, kafka.m7g.xlarge, kafka.m7g.2xlarge, kafka.m7g.4xlarge, kafka.m7g.8xlarge, kafka.m7g.12xlarge, kafka.m7g.16xlarge *Express broker sizes* - express.m7g.large, express.m7g.xlarge, express.m7g.2xlarge, express.m7g.4xlarge, express.m7g.8xlarge, express.m7g.12xlarge, express.m7g.16xlarge .. epigraph:: Some broker sizes might not be available in certian AWS Regions. See the updated `Pricing tools <https://docs.aws.amazon.com/msk/pricing/>`_ section on the Amazon MSK pricing page for the latest list of available instances by Region.
             :param broker_az_distribution: This parameter is currently not in use.
             :param connectivity_info: Information about the cluster's connectivity setting.
             :param security_groups: The security groups to associate with the ENIs in order to specify who can connect to and communicate with the Amazon MSK cluster. If you don't specify a security group, Amazon MSK uses the default security group associated with the VPC. If you specify security groups that were shared with you, you must ensure that you have permissions to them. Specifically, you need the ``ec2:DescribeSecurityGroups`` permission.
@@ -937,7 +937,26 @@ class CfnCluster(
         def instance_type(self) -> builtins.str:
             '''The type of Amazon EC2 instances to use for brokers.
 
-            The following instance types are allowed: kafka.m5.large, kafka.m5.xlarge, kafka.m5.2xlarge, kafka.m5.4xlarge, kafka.m5.8xlarge, kafka.m5.12xlarge, kafka.m5.16xlarge, kafka.m5.24xlarge, and kafka.t3.small.
+            Depending on the `broker type <https://docs.aws.amazon.com/msk/latest/developerguide/broker-instance-types.html>`_ , Amazon MSK supports the following broker sizes:
+
+            *Standard broker sizes*
+
+            - kafka.t3.small
+
+            .. epigraph::
+
+               You can't select the kafka.t3.small instance type when the metadata mode is KRaft.
+
+            - kafka.m5.large, kafka.m5.xlarge, kafka.m5.2xlarge, kafka.m5.4xlarge, kafka.m5.8xlarge, kafka.m5.12xlarge, kafka.m5.16xlarge, kafka.m5.24xlarge
+            - kafka.m7g.large, kafka.m7g.xlarge, kafka.m7g.2xlarge, kafka.m7g.4xlarge, kafka.m7g.8xlarge, kafka.m7g.12xlarge, kafka.m7g.16xlarge
+
+            *Express broker sizes*
+
+            - express.m7g.large, express.m7g.xlarge, express.m7g.2xlarge, express.m7g.4xlarge, express.m7g.8xlarge, express.m7g.12xlarge, express.m7g.16xlarge
+
+            .. epigraph::
+
+               Some broker sizes might not be available in certian AWS Regions. See the updated `Pricing tools <https://docs.aws.amazon.com/msk/pricing/>`_ section on the Amazon MSK pricing page for the latest list of available instances by Region.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-msk-cluster-brokernodegroupinfo.html#cfn-msk-cluster-brokernodegroupinfo-instancetype
             '''

aws_cdk/aws_mwaa/__init__.py

@@ -145,7 +145,8 @@ class CfnEnvironment(
             startup_script_s3_path="startupScriptS3Path",
             tags=tags,
             webserver_access_mode="webserverAccessMode",
-            weekly_maintenance_window_start="weeklyMaintenanceWindowStart"
+            weekly_maintenance_window_start="weeklyMaintenanceWindowStart",
+            worker_replacement_strategy="workerReplacementStrategy"
         )
     '''
 
@@ -179,6 +180,7 @@ class CfnEnvironment(
         tags: typing.Any = None,
         webserver_access_mode: typing.Optional[builtins.str] = None,
         weekly_maintenance_window_start: typing.Optional[builtins.str] = None,
+        worker_replacement_strategy: typing.Optional[builtins.str] = None,
     ) -> None:
         '''
         :param scope: Scope in which this resource is defined.
@@ -208,6 +210,7 @@ class CfnEnvironment(
         :param tags: The key-value tag pairs associated to your environment. For example, ``"Environment": "Staging"`` . To learn more, see `Tagging <https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html>`_ . If you specify new tags for an existing environment, the update requires service interruption before taking effect.
         :param webserver_access_mode: The Apache Airflow *Web server* access mode. To learn more, see `Apache Airflow access modes <https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-networking.html>`_ . Valid values: ``PRIVATE_ONLY`` or ``PUBLIC_ONLY`` .
         :param weekly_maintenance_window_start: The day and time of the week to start weekly maintenance updates of your environment in the following format: ``DAY:HH:MM`` . For example: ``TUE:03:30`` . You can specify a start time in 30 minute increments only. Supported input includes the following: - MON|TUE|WED|THU|FRI|SAT|SUN:([01]\\d|2[0-3]):(00|30)
+        :param worker_replacement_strategy: The worker replacement strategy to use when updating the environment. Valid values: ``FORCED``, ``GRACEFUL``. FORCED means Apache Airflow workers will be stopped and replaced without waiting for tasks to complete before an update. GRACEFUL means Apache Airflow workers will be able to complete running tasks for up to 12 hours during an update before being stopped and replaced.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__558d6a60af086ab1a40ad8057fcb128456129bbbd328752ab90d8a6d573efb1c)
@@ -239,6 +242,7 @@ class CfnEnvironment(
             tags=tags,
             webserver_access_mode=webserver_access_mode,
             weekly_maintenance_window_start=weekly_maintenance_window_start,
+            worker_replacement_strategy=worker_replacement_strategy,
         )
 
         jsii.create(self.__class__, self, [scope, id, props])
@@ -737,6 +741,19 @@ class CfnEnvironment(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "weeklyMaintenanceWindowStart", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="workerReplacementStrategy")
+    def worker_replacement_strategy(self) -> typing.Optional[builtins.str]:
+        '''The worker replacement strategy to use when updating the environment.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "workerReplacementStrategy"))
+
+    @worker_replacement_strategy.setter
+    def worker_replacement_strategy(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__6a69a886eac1c8570e29fe73891b3d0a6bf8bc1d04ac36bc656c130c6498adef)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "workerReplacementStrategy", value) # pyright: ignore[reportArgumentType]
+
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_mwaa.CfnEnvironment.LoggingConfigurationProperty",
         jsii_struct_bases=[],
@@ -1092,6 +1109,7 @@ class CfnEnvironment(
         "tags": "tags",
         "webserver_access_mode": "webserverAccessMode",
         "weekly_maintenance_window_start": "weeklyMaintenanceWindowStart",
+        "worker_replacement_strategy": "workerReplacementStrategy",
     },
 )
 class CfnEnvironmentProps:
@@ -1123,6 +1141,7 @@ class CfnEnvironmentProps:
         tags: typing.Any = None,
         webserver_access_mode: typing.Optional[builtins.str] = None,
         weekly_maintenance_window_start: typing.Optional[builtins.str] = None,
+        worker_replacement_strategy: typing.Optional[builtins.str] = None,
     ) -> None:
         '''Properties for defining a ``CfnEnvironment``.
 
@@ -1151,6 +1170,7 @@ class CfnEnvironmentProps:
         :param tags: The key-value tag pairs associated to your environment. For example, ``"Environment": "Staging"`` . To learn more, see `Tagging <https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html>`_ . If you specify new tags for an existing environment, the update requires service interruption before taking effect.
         :param webserver_access_mode: The Apache Airflow *Web server* access mode. To learn more, see `Apache Airflow access modes <https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-networking.html>`_ . Valid values: ``PRIVATE_ONLY`` or ``PUBLIC_ONLY`` .
         :param weekly_maintenance_window_start: The day and time of the week to start weekly maintenance updates of your environment in the following format: ``DAY:HH:MM`` . For example: ``TUE:03:30`` . You can specify a start time in 30 minute increments only. Supported input includes the following: - MON|TUE|WED|THU|FRI|SAT|SUN:([01]\\d|2[0-3]):(00|30)
+        :param worker_replacement_strategy: The worker replacement strategy to use when updating the environment. Valid values: ``FORCED``, ``GRACEFUL``. FORCED means Apache Airflow workers will be stopped and replaced without waiting for tasks to complete before an update. GRACEFUL means Apache Airflow workers will be able to complete running tasks for up to 12 hours during an update before being stopped and replaced.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-mwaa-environment.html
         :exampleMetadata: fixture=_generated
@@ -1220,7 +1240,8 @@ class CfnEnvironmentProps:
                 startup_script_s3_path="startupScriptS3Path",
                 tags=tags,
                 webserver_access_mode="webserverAccessMode",
-                weekly_maintenance_window_start="weeklyMaintenanceWindowStart"
+                weekly_maintenance_window_start="weeklyMaintenanceWindowStart",
+                worker_replacement_strategy="workerReplacementStrategy"
             )
         '''
         if __debug__:
@@ -1250,6 +1271,7 @@ class CfnEnvironmentProps:
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
             check_type(argname="argument webserver_access_mode", value=webserver_access_mode, expected_type=type_hints["webserver_access_mode"])
             check_type(argname="argument weekly_maintenance_window_start", value=weekly_maintenance_window_start, expected_type=type_hints["weekly_maintenance_window_start"])
+            check_type(argname="argument worker_replacement_strategy", value=worker_replacement_strategy, expected_type=type_hints["worker_replacement_strategy"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "name": name,
         }
@@ -1301,6 +1323,8 @@ class CfnEnvironmentProps:
             self._values["webserver_access_mode"] = webserver_access_mode
         if weekly_maintenance_window_start is not None:
             self._values["weekly_maintenance_window_start"] = weekly_maintenance_window_start
+        if worker_replacement_strategy is not None:
+            self._values["worker_replacement_strategy"] = worker_replacement_strategy
 
     @builtins.property
     def name(self) -> builtins.str:
@@ -1587,6 +1611,17 @@ class CfnEnvironmentProps:
         result = self._values.get("weekly_maintenance_window_start")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def worker_replacement_strategy(self) -> typing.Optional[builtins.str]:
+        '''The worker replacement strategy to use when updating the environment.
+
+        Valid values: ``FORCED``, ``GRACEFUL``. FORCED means Apache Airflow workers will be stopped and replaced without waiting for tasks to complete before an update. GRACEFUL means Apache Airflow workers will be able to complete running tasks for up to 12 hours during an update before being stopped and replaced.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-mwaa-environment.html#cfn-mwaa-environment-workerreplacementstrategy
+        '''
+        result = self._values.get("worker_replacement_strategy")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -1635,6 +1670,7 @@ def _typecheckingstub__558d6a60af086ab1a40ad8057fcb128456129bbbd328752ab90d8a6d5
     tags: typing.Any = None,
     webserver_access_mode: typing.Optional[builtins.str] = None,
     weekly_maintenance_window_start: typing.Optional[builtins.str] = None,
+    worker_replacement_strategy: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -1801,6 +1837,12 @@ def _typecheckingstub__c4b7b1ca9a0752d370dddfd37838d62fc0fdbdce81d79923961a78bfa
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__6a69a886eac1c8570e29fe73891b3d0a6bf8bc1d04ac36bc656c130c6498adef(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__d823c014bd64bec48bc3afd2f5085d92c0e9f9e6f7641f491eeb3020665639f5(
     *,
     dag_processing_logs: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnEnvironment.ModuleLoggingConfigurationProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -1856,6 +1898,7 @@ def _typecheckingstub__9d7baed808ece1f6aca4fce5dbeac04c731d688aec6f3395e1f0892ea
     tags: typing.Any = None,
     webserver_access_mode: typing.Optional[builtins.str] = None,
     weekly_maintenance_window_start: typing.Optional[builtins.str] = None,
+    worker_replacement_strategy: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
     pass

aws_cdk/aws_rds/__init__.py

@@ -15182,7 +15182,7 @@ class CfnDBProxyTargetGroup(
             '''Specifies the settings that control the size and behavior of the connection pool associated with a ``DBProxyTargetGroup`` .
 
             :param connection_borrow_timeout: The number of seconds for a proxy to wait for a connection to become available in the connection pool. This setting only applies when the proxy has opened its maximum number of connections and all connections are busy with client sessions. Default: ``120`` Constraints: - Must be between 0 and 300.
-            :param init_query: Add an initialization query, or modify the current one. You can specify one or more SQL statements for the proxy to run when opening each new database connection. The setting is typically used with ``SET`` statements to make sure that each connection has identical settings. Make sure the query added here is valid. This is an optional field, so you can choose to leave it empty. For including multiple variables in a single SET statement, use a comma separator. For example: ``SET variable1=value1, variable2=value2`` Default: no initialization query
+            :param init_query: Add an initialization query, or modify the current one. You can specify one or more SQL statements for the proxy to run when opening each new database connection. The setting is typically used with ``SET`` statements to make sure that each connection has identical settings. Make sure the query added here is valid. This is an optional field, so you can choose to leave it empty. For including multiple variables in a single SET statement, use a comma separator. For example: ``SET variable1=value1, variable2=value2`` Default: no initialization query .. epigraph:: Since you can access initialization query as part of target group configuration, it is not protected by authentication or cryptographic methods. Anyone with access to view or manage your proxy target group configuration can view the initialization query. You should not add sensitive data, such as passwords or long-lived encryption keys, to this option.
             :param max_connections_percent: The maximum size of the connection pool for each target in a target group. The value is expressed as a percentage of the ``max_connections`` setting for the RDS DB instance or Aurora DB cluster used by the target group. If you specify ``MaxIdleConnectionsPercent`` , then you must also include a value for this parameter. Default: ``10`` for RDS for Microsoft SQL Server, and ``100`` for all other engines Constraints: - Must be between 1 and 100.
             :param max_idle_connections_percent: A value that controls how actively the proxy closes idle database connections in the connection pool. The value is expressed as a percentage of the ``max_connections`` setting for the RDS DB instance or Aurora DB cluster used by the target group. With a high value, the proxy leaves a high percentage of idle database connections open. A low value causes the proxy to close more idle connections and return them to the database. If you specify this parameter, then you must also include a value for ``MaxConnectionsPercent`` . Default: The default value is half of the value of ``MaxConnectionsPercent`` . For example, if ``MaxConnectionsPercent`` is 80, then the default value of ``MaxIdleConnectionsPercent`` is 40. If the value of ``MaxConnectionsPercent`` isn't specified, then for SQL Server, ``MaxIdleConnectionsPercent`` is ``5`` , and for all other engines, the default is ``50`` . Constraints: - Must be between 0 and the value of ``MaxConnectionsPercent`` .
             :param session_pinning_filters: Each item in the list represents a class of SQL operations that normally cause all later statements in a session using a proxy to be pinned to the same underlying database connection. Including an item in the list exempts that class of SQL operations from the pinning behavior. Default: no session pinning filters
@@ -15249,6 +15249,9 @@ class CfnDBProxyTargetGroup(
             For example: ``SET variable1=value1, variable2=value2``
 
             Default: no initialization query
+            .. epigraph::
+
+               Since you can access initialization query as part of target group configuration, it is not protected by authentication or cryptographic methods. Anyone with access to view or manage your proxy target group configuration can view the initialization query. You should not add sensitive data, such as passwords or long-lived encryption keys, to this option.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbproxytargetgroup-connectionpoolconfigurationinfoformat.html#cfn-rds-dbproxytargetgroup-connectionpoolconfigurationinfoformat-initquery
             '''

aws_cdk/aws_s3/__init__.py

@@ -152,6 +152,22 @@ bucket.grant_read_write(my_lambda)
 Will give the Lambda's execution role permissions to read and write
 from the bucket.
 
+### Understanding "grant" Methods
+
+The S3 construct library provides several grant methods for the `Bucket` resource, but two of them have a special behavior. This two accept an `objectsKeyPattern` parameter to restrict granted permissions to specific resources:
+
+* `grantRead`
+* `grantReadWrite`
+
+When examining the synthesized policy, you'll notice it includes both your specified object key patterns and the bucket itself.
+This is by design. Some permissions (like `s3:ListBucket`) apply at the bucket level, while others (like `s3:GetObject`) apply to specific objects.
+
+Specifically, the [`s3:ListBucket` action operates on bucket resources](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html#amazons3-bucket)
+and requires the bucket ARN to work properly. This might be seen as a bug, giving the impression that more permissions were granted than the ones you intended, but the reality is that the policy does not ignore your `objectsKeyPattern` - object-specific actions like `s3:GetObject`
+will still be limited to the resources defined in your pattern.
+
+If you need to restrict the `s3:ListBucket` action to specific paths, you can add a `Condition` to your policy that limits the `objectsKeyPattern` to specific folders. For more details and examples, see the [AWS documentation on bucket policies](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-folders).
+
 ## AWS Foundational Security Best Practices
 
 ### Enforcing SSL

aws_cdk/aws_sagemaker/__init__.py

@@ -7763,7 +7763,7 @@ class CfnDomain(
             :param execution_role_identity_config: The configuration for attaching a SageMaker AI user profile name to the execution role as a `sts:SourceIdentity key <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html>`_ .
             :param r_studio_server_pro_domain_settings: A collection of settings that configure the ``RStudioServerPro`` Domain-level app.
             :param security_group_ids: The security groups for the Amazon Virtual Private Cloud that the ``Domain`` uses for communication between Domain-level apps and user apps.
-            :param unified_studio_settings: A collection of settings that apply to an Amazon SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.
+            :param unified_studio_settings: The settings that apply to an SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-domainsettings.html
             :exampleMetadata: fixture=_generated
@@ -7868,7 +7868,7 @@ class CfnDomain(
         def unified_studio_settings(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDomain.UnifiedStudioSettingsProperty"]]:
-            '''A collection of settings that apply to an Amazon SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.
+            '''The settings that apply to an SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-domainsettings.html#cfn-sagemaker-domain-domainsettings-unifiedstudiosettings
             '''
@@ -9216,7 +9216,7 @@ class CfnDomain(
             project_s3_path: typing.Optional[builtins.str] = None,
             studio_web_portal_access: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''A collection of settings that apply to an Amazon SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.
+            '''The settings that apply to an Amazon SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.
 
             :param domain_account_id: The ID of the AWS account that has the Amazon SageMaker Unified Studio domain. The default value, if you don't specify an ID, is the ID of the account that has the Amazon SageMaker AI domain.
             :param domain_id: The ID of the Amazon SageMaker Unified Studio domain associated with this domain.
@@ -9224,7 +9224,7 @@ class CfnDomain(
             :param environment_id: The ID of the environment that Amazon SageMaker Unified Studio associates with the domain.
             :param project_id: The ID of the Amazon SageMaker Unified Studio project that corresponds to the domain.
             :param project_s3_path: The location where Amazon S3 stores temporary execution data and other artifacts for the project that corresponds to the domain.
-            :param studio_web_portal_access: Sets whether you can access the domain in Amazon SageMaker Studio:. ENABLED You can access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it in both studio interfaces. DISABLED You can't access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it only in that studio interface.
+            :param studio_web_portal_access: Sets whether you can access the domain in Amazon SageMaker Studio:. - **ENABLED** - You can access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it in both studio interfaces. - **DISABLED** - You can't access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it only in that studio interface. To migrate a domain to Amazon SageMaker Unified Studio, you specify the UnifiedStudioSettings data type when you use the UpdateDomain action.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-unifiedstudiosettings.html
             :exampleMetadata: fixture=_generated
@@ -9332,10 +9332,10 @@ class CfnDomain(
         def studio_web_portal_access(self) -> typing.Optional[builtins.str]:
             '''Sets whether you can access the domain in Amazon SageMaker Studio:.
 
-            ENABLED
-            You can access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it in both studio interfaces.
-            DISABLED
-            You can't access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it only in that studio interface.
+            - **ENABLED** - You can access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it in both studio interfaces.
+            - **DISABLED** - You can't access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it only in that studio interface.
+
+            To migrate a domain to Amazon SageMaker Unified Studio, you specify the UnifiedStudioSettings data type when you use the UpdateDomain action.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-unifiedstudiosettings.html#cfn-sagemaker-domain-unifiedstudiosettings-studiowebportalaccess
             '''