aws-cdk-lib 2.201.0__py3-none-any.whl → 2.203.0__py3-none-any.whl

aws_cdk/aws_route53resolver/__init__.py

@@ -2317,13 +2317,13 @@ class CfnResolverEndpoint(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param direction: Indicates whether the Resolver endpoint allows inbound or outbound DNS queries:. - ``INBOUND`` : allows DNS queries to your VPC from your network - ``OUTBOUND`` : allows DNS queries from your VPC to your network
+        :param direction: Indicates whether the Resolver endpoint allows inbound or outbound DNS queries:. - ``INBOUND`` : allows DNS queries to your VPC from your network - ``OUTBOUND`` : allows DNS queries from your VPC to your network - ``INBOUND_DELEGATION`` : Resolver delegates queries to Route 53 private hosted zones from your network.
         :param ip_addresses: The subnets and IP addresses in your VPC that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints). The subnet ID uniquely identifies a VPC. .. epigraph:: Even though the minimum is 1, Route 53 requires that you create at least two.
         :param security_group_ids: The ID of one or more security groups that control access to this VPC. The security group must include one or more inbound rules (for inbound endpoints) or outbound rules (for outbound endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network.
         :param name: A friendly name that lets you easily find a configuration in the Resolver dashboard in the Route 53 console.
         :param outpost_arn: The ARN (Amazon Resource Name) for the Outpost.
         :param preferred_instance_type: The Amazon EC2 instance type.
-        :param protocols: Protocols used for the endpoint. DoH-FIPS is applicable for inbound endpoints only. For an inbound endpoint you can apply the protocols as follows: - Do53 and DoH in combination. - Do53 and DoH-FIPS in combination. - Do53 alone. - DoH alone. - DoH-FIPS alone. - None, which is treated as Do53. For an outbound endpoint you can apply the protocols as follows: - Do53 and DoH in combination. - Do53 alone. - DoH alone. - None, which is treated as Do53.
+        :param protocols: Protocols used for the endpoint. DoH-FIPS is applicable for a default inbound endpoints only. For an inbound endpoint you can apply the protocols as follows: - Do53 and DoH in combination. - Do53 and DoH-FIPS in combination. - Do53 alone. - DoH alone. - DoH-FIPS alone. - None, which is treated as Do53. For a delegation inbound endpoint you can use Do53 only. For an outbound endpoint you can apply the protocols as follows: - Do53 and DoH in combination. - Do53 alone. - DoH alone. - None, which is treated as Do53.
         :param resolver_endpoint_type: The Resolver endpoint IP address type.
         :param tags: Route 53 Resolver doesn't support updating tags through CloudFormation.
         '''
@@ -2552,7 +2552,7 @@ class CfnResolverEndpoint(
     def protocols(self) -> typing.Optional[typing.List[builtins.str]]:
         '''Protocols used for the endpoint.
 
-        DoH-FIPS is applicable for inbound endpoints only.
+        DoH-FIPS is applicable for a default inbound endpoints only.
         '''
         return typing.cast(typing.Optional[typing.List[builtins.str]], jsii.get(self, "protocols"))
 
@@ -2709,13 +2709,13 @@ class CfnResolverEndpointProps:
     ) -> None:
         '''Properties for defining a ``CfnResolverEndpoint``.
 
-        :param direction: Indicates whether the Resolver endpoint allows inbound or outbound DNS queries:. - ``INBOUND`` : allows DNS queries to your VPC from your network - ``OUTBOUND`` : allows DNS queries from your VPC to your network
+        :param direction: Indicates whether the Resolver endpoint allows inbound or outbound DNS queries:. - ``INBOUND`` : allows DNS queries to your VPC from your network - ``OUTBOUND`` : allows DNS queries from your VPC to your network - ``INBOUND_DELEGATION`` : Resolver delegates queries to Route 53 private hosted zones from your network.
         :param ip_addresses: The subnets and IP addresses in your VPC that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints). The subnet ID uniquely identifies a VPC. .. epigraph:: Even though the minimum is 1, Route 53 requires that you create at least two.
         :param security_group_ids: The ID of one or more security groups that control access to this VPC. The security group must include one or more inbound rules (for inbound endpoints) or outbound rules (for outbound endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network.
         :param name: A friendly name that lets you easily find a configuration in the Resolver dashboard in the Route 53 console.
         :param outpost_arn: The ARN (Amazon Resource Name) for the Outpost.
         :param preferred_instance_type: The Amazon EC2 instance type.
-        :param protocols: Protocols used for the endpoint. DoH-FIPS is applicable for inbound endpoints only. For an inbound endpoint you can apply the protocols as follows: - Do53 and DoH in combination. - Do53 and DoH-FIPS in combination. - Do53 alone. - DoH alone. - DoH-FIPS alone. - None, which is treated as Do53. For an outbound endpoint you can apply the protocols as follows: - Do53 and DoH in combination. - Do53 alone. - DoH alone. - None, which is treated as Do53.
+        :param protocols: Protocols used for the endpoint. DoH-FIPS is applicable for a default inbound endpoints only. For an inbound endpoint you can apply the protocols as follows: - Do53 and DoH in combination. - Do53 and DoH-FIPS in combination. - Do53 alone. - DoH alone. - DoH-FIPS alone. - None, which is treated as Do53. For a delegation inbound endpoint you can use Do53 only. For an outbound endpoint you can apply the protocols as follows: - Do53 and DoH in combination. - Do53 alone. - DoH alone. - None, which is treated as Do53.
         :param resolver_endpoint_type: The Resolver endpoint IP address type.
         :param tags: Route 53 Resolver doesn't support updating tags through CloudFormation.
 
@@ -2786,6 +2786,7 @@ class CfnResolverEndpointProps:
 
         - ``INBOUND`` : allows DNS queries to your VPC from your network
         - ``OUTBOUND`` : allows DNS queries from your VPC to your network
+        - ``INBOUND_DELEGATION`` : Resolver delegates queries to Route 53 private hosted zones from your network.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-resolverendpoint.html#cfn-route53resolver-resolverendpoint-direction
         '''
@@ -2851,7 +2852,7 @@ class CfnResolverEndpointProps:
 
     @builtins.property
     def protocols(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''Protocols used for the endpoint. DoH-FIPS is applicable for inbound endpoints only.
+        '''Protocols used for the endpoint. DoH-FIPS is applicable for a default inbound endpoints only.
 
         For an inbound endpoint you can apply the protocols as follows:
 
@@ -2862,6 +2863,8 @@ class CfnResolverEndpointProps:
         - DoH-FIPS alone.
         - None, which is treated as Do53.
 
+        For a delegation inbound endpoint you can use Do53 only.
+
         For an outbound endpoint you can apply the protocols as follows:
 
         - Do53 and DoH in combination.
@@ -3480,6 +3483,7 @@ class CfnResolverRule(
             rule_type="ruleType",
         
             # the properties below are optional
+            delegation_record="delegationRecord",
             domain_name="domainName",
             name="name",
             resolver_endpoint_id="resolverEndpointId",
@@ -3503,6 +3507,7 @@ class CfnResolverRule(
         id: builtins.str,
         *,
         rule_type: builtins.str,
+        delegation_record: typing.Optional[builtins.str] = None,
         domain_name: typing.Optional[builtins.str] = None,
         name: typing.Optional[builtins.str] = None,
         resolver_endpoint_id: typing.Optional[builtins.str] = None,
@@ -3512,7 +3517,8 @@ class CfnResolverRule(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param rule_type: When you want to forward DNS queries for specified domain name to resolvers on your network, specify ``FORWARD`` . When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify ``SYSTEM`` . For example, to forward DNS queries for example.com to resolvers on your network, you create a rule and specify ``FORWARD`` for ``RuleType`` . To then have Resolver process queries for apex.example.com, you create a rule and specify ``SYSTEM`` for ``RuleType`` . Currently, only Resolver can create rules that have a value of ``RECURSIVE`` for ``RuleType`` .
+        :param rule_type: When you want to forward DNS queries for specified domain name to resolvers on your network, specify ``FORWARD`` or ``DELEGATE`` . If a query matches multiple Resolver rules (example.com and www.example.com), outbound DNS queries are routed using the Resolver rule that contains the most specific domain name (www.example.com). When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify ``SYSTEM`` . For example, to forward DNS queries for example.com to resolvers on your network, you create a rule and specify ``FORWARD`` for ``RuleType`` . To then have Resolver process queries for apex.example.com, you create a rule and specify ``SYSTEM`` for ``RuleType`` . Currently, only Resolver can create rules that have a value of ``RECURSIVE`` for ``RuleType`` .
+        :param delegation_record: DNS queries with delegation records that point to this domain name are forwarded to resolvers on your network.
         :param domain_name: DNS queries for this domain name are forwarded to the IP addresses that are specified in ``TargetIps`` . If a query matches multiple Resolver rules (example.com and www.example.com), the query is routed using the Resolver rule that contains the most specific domain name (www.example.com).
         :param name: The name for the Resolver rule, which you specified when you created the Resolver rule.
         :param resolver_endpoint_id: The ID of the endpoint that the rule is associated with.
@@ -3525,6 +3531,7 @@ class CfnResolverRule(
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         props = CfnResolverRuleProps(
             rule_type=rule_type,
+            delegation_record=delegation_record,
             domain_name=domain_name,
             name=name,
             resolver_endpoint_id=resolver_endpoint_id,
@@ -3620,6 +3627,8 @@ class CfnResolverRule(
 
         This value isn't applicable when ``RuleType`` is ``SYSTEM`` .
 
+        ``TargetIps`` is available only when the value of ``RuleType`` is ``FORWARD`` . You should not provide ``TargetIps`` when the ``RuleType`` is ``DELEGATE`` .
+
         :cloudformationAttribute: TargetIps
         '''
         return typing.cast(_IResolvable_da3f097b, jsii.get(self, "attrTargetIps"))
@@ -3638,7 +3647,7 @@ class CfnResolverRule(
     @builtins.property
     @jsii.member(jsii_name="ruleType")
     def rule_type(self) -> builtins.str:
-        '''When you want to forward DNS queries for specified domain name to resolvers on your network, specify ``FORWARD`` .'''
+        '''When you want to forward DNS queries for specified domain name to resolvers on your network, specify ``FORWARD`` or ``DELEGATE`` .'''
         return typing.cast(builtins.str, jsii.get(self, "ruleType"))
 
     @rule_type.setter
@@ -3648,6 +3657,19 @@ class CfnResolverRule(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "ruleType", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="delegationRecord")
+    def delegation_record(self) -> typing.Optional[builtins.str]:
+        '''DNS queries with delegation records that point to this domain name are forwarded to resolvers on your network.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "delegationRecord"))
+
+    @delegation_record.setter
+    def delegation_record(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__b1126d07ce449d0d6220e3fbf183f2d786e81574a4f131914dfe0914a55bb851)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "delegationRecord", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="domainName")
     def domain_name(self) -> typing.Optional[builtins.str]:
@@ -4106,6 +4128,7 @@ class CfnResolverRuleAssociationProps:
     jsii_struct_bases=[],
     name_mapping={
         "rule_type": "ruleType",
+        "delegation_record": "delegationRecord",
         "domain_name": "domainName",
         "name": "name",
         "resolver_endpoint_id": "resolverEndpointId",
@@ -4118,6 +4141,7 @@ class CfnResolverRuleProps:
         self,
         *,
         rule_type: builtins.str,
+        delegation_record: typing.Optional[builtins.str] = None,
         domain_name: typing.Optional[builtins.str] = None,
         name: typing.Optional[builtins.str] = None,
         resolver_endpoint_id: typing.Optional[builtins.str] = None,
@@ -4126,7 +4150,8 @@ class CfnResolverRuleProps:
     ) -> None:
         '''Properties for defining a ``CfnResolverRule``.
 
-        :param rule_type: When you want to forward DNS queries for specified domain name to resolvers on your network, specify ``FORWARD`` . When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify ``SYSTEM`` . For example, to forward DNS queries for example.com to resolvers on your network, you create a rule and specify ``FORWARD`` for ``RuleType`` . To then have Resolver process queries for apex.example.com, you create a rule and specify ``SYSTEM`` for ``RuleType`` . Currently, only Resolver can create rules that have a value of ``RECURSIVE`` for ``RuleType`` .
+        :param rule_type: When you want to forward DNS queries for specified domain name to resolvers on your network, specify ``FORWARD`` or ``DELEGATE`` . If a query matches multiple Resolver rules (example.com and www.example.com), outbound DNS queries are routed using the Resolver rule that contains the most specific domain name (www.example.com). When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify ``SYSTEM`` . For example, to forward DNS queries for example.com to resolvers on your network, you create a rule and specify ``FORWARD`` for ``RuleType`` . To then have Resolver process queries for apex.example.com, you create a rule and specify ``SYSTEM`` for ``RuleType`` . Currently, only Resolver can create rules that have a value of ``RECURSIVE`` for ``RuleType`` .
+        :param delegation_record: DNS queries with delegation records that point to this domain name are forwarded to resolvers on your network.
         :param domain_name: DNS queries for this domain name are forwarded to the IP addresses that are specified in ``TargetIps`` . If a query matches multiple Resolver rules (example.com and www.example.com), the query is routed using the Resolver rule that contains the most specific domain name (www.example.com).
         :param name: The name for the Resolver rule, which you specified when you created the Resolver rule.
         :param resolver_endpoint_id: The ID of the endpoint that the rule is associated with.
@@ -4146,6 +4171,7 @@ class CfnResolverRuleProps:
                 rule_type="ruleType",
             
                 # the properties below are optional
+                delegation_record="delegationRecord",
                 domain_name="domainName",
                 name="name",
                 resolver_endpoint_id="resolverEndpointId",
@@ -4165,6 +4191,7 @@ class CfnResolverRuleProps:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__fdcaea1870aaf2dc13fe56b2d15a89d6adba2ad5884071fc618c9e4bb2c3ddec)
             check_type(argname="argument rule_type", value=rule_type, expected_type=type_hints["rule_type"])
+            check_type(argname="argument delegation_record", value=delegation_record, expected_type=type_hints["delegation_record"])
             check_type(argname="argument domain_name", value=domain_name, expected_type=type_hints["domain_name"])
             check_type(argname="argument name", value=name, expected_type=type_hints["name"])
             check_type(argname="argument resolver_endpoint_id", value=resolver_endpoint_id, expected_type=type_hints["resolver_endpoint_id"])
@@ -4173,6 +4200,8 @@ class CfnResolverRuleProps:
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "rule_type": rule_type,
         }
+        if delegation_record is not None:
+            self._values["delegation_record"] = delegation_record
         if domain_name is not None:
             self._values["domain_name"] = domain_name
         if name is not None:
@@ -4186,7 +4215,9 @@ class CfnResolverRuleProps:
 
     @builtins.property
     def rule_type(self) -> builtins.str:
-        '''When you want to forward DNS queries for specified domain name to resolvers on your network, specify ``FORWARD`` .
+        '''When you want to forward DNS queries for specified domain name to resolvers on your network, specify ``FORWARD`` or ``DELEGATE`` .
+
+        If a query matches multiple Resolver rules (example.com and www.example.com), outbound DNS queries are routed using the Resolver rule that contains the most specific domain name (www.example.com).
 
         When you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify ``SYSTEM`` .
 
@@ -4200,6 +4231,15 @@ class CfnResolverRuleProps:
         assert result is not None, "Required property 'rule_type' is missing"
         return typing.cast(builtins.str, result)
 
+    @builtins.property
+    def delegation_record(self) -> typing.Optional[builtins.str]:
+        '''DNS queries with delegation records that point to this domain name are forwarded to resolvers on your network.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-resolverrule.html#cfn-route53resolver-resolverrule-delegationrecord
+        '''
+        result = self._values.get("delegation_record")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def domain_name(self) -> typing.Optional[builtins.str]:
         '''DNS queries for this domain name are forwarded to the IP addresses that are specified in ``TargetIps`` .
@@ -4838,6 +4878,7 @@ def _typecheckingstub__7253810e416357d129df95b3c7aa9aa0f08e68de7d465658e598912cf
     id: builtins.str,
     *,
     rule_type: builtins.str,
+    delegation_record: typing.Optional[builtins.str] = None,
     domain_name: typing.Optional[builtins.str] = None,
     name: typing.Optional[builtins.str] = None,
     resolver_endpoint_id: typing.Optional[builtins.str] = None,
@@ -4865,6 +4906,12 @@ def _typecheckingstub__13530a5c4f7ce175ae03b85dc7d4550ae7a3cb68cb2be12c89a167e8d
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__b1126d07ce449d0d6220e3fbf183f2d786e81574a4f131914dfe0914a55bb851(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__3e83136a81b10aed2481c602cdca3f63e1c2bcaed82fe69b1ab2413af7c0b7c0(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -4959,6 +5006,7 @@ def _typecheckingstub__3b7cd1048ae30851b3480dc04a365c7bd487212f9328f80bc61e1bae1
 def _typecheckingstub__fdcaea1870aaf2dc13fe56b2d15a89d6adba2ad5884071fc618c9e4bb2c3ddec(
     *,
     rule_type: builtins.str,
+    delegation_record: typing.Optional[builtins.str] = None,
     domain_name: typing.Optional[builtins.str] = None,
     name: typing.Optional[builtins.str] = None,
     resolver_endpoint_id: typing.Optional[builtins.str] = None,

aws_cdk/aws_s3/__init__.py

@@ -152,6 +152,22 @@ bucket.grant_read_write(my_lambda)
 Will give the Lambda's execution role permissions to read and write
 from the bucket.
 
+### Understanding "grant" Methods
+
+The S3 construct library provides several grant methods for the `Bucket` resource, but two of them have a special behavior. This two accept an `objectsKeyPattern` parameter to restrict granted permissions to specific resources:
+
+* `grantRead`
+* `grantReadWrite`
+
+When examining the synthesized policy, you'll notice it includes both your specified object key patterns and the bucket itself.
+This is by design. Some permissions (like `s3:ListBucket`) apply at the bucket level, while others (like `s3:GetObject`) apply to specific objects.
+
+Specifically, the [`s3:ListBucket` action operates on bucket resources](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html#amazons3-bucket)
+and requires the bucket ARN to work properly. This might be seen as a bug, giving the impression that more permissions were granted than the ones you intended, but the reality is that the policy does not ignore your `objectsKeyPattern` - object-specific actions like `s3:GetObject`
+will still be limited to the resources defined in your pattern.
+
+If you need to restrict the `s3:ListBucket` action to specific paths, you can add a `Condition` to your policy that limits the `objectsKeyPattern` to specific folders. For more details and examples, see the [AWS documentation on bucket policies](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-folders).
+
 ## AWS Foundational Security Best Practices
 
 ### Enforcing SSL
@@ -8431,7 +8447,7 @@ class CfnBucket(
             :param encryption_configuration: Specifies encryption-related information.
             :param metrics: A container specifying replication metrics-related settings enabling replication metrics and events.
             :param replication_time: A container specifying S3 Replication Time Control (S3 RTC), including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. Must be specified together with a ``Metrics`` block.
-            :param storage_class: The storage class to use when replicating objects, such as S3 Standard or reduced redundancy. By default, Amazon S3 uses the storage class of the source object to create the object replica. For valid values, see the ``StorageClass`` element of the `PUT Bucket replication <https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html>`_ action in the *Amazon S3 API Reference* .
+            :param storage_class: The storage class to use when replicating objects, such as S3 Standard or reduced redundancy. By default, Amazon S3 uses the storage class of the source object to create the object replica. For valid values, see the ``StorageClass`` element of the `PUT Bucket replication <https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html>`_ action in the *Amazon S3 API Reference* . ``FSX_OPENZFS`` is not an accepted value when replicating objects.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationdestination.html
             :exampleMetadata: fixture=_generated
@@ -8574,6 +8590,8 @@ class CfnBucket(
 
             For valid values, see the ``StorageClass`` element of the `PUT Bucket replication <https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html>`_ action in the *Amazon S3 API Reference* .
 
+            ``FSX_OPENZFS`` is not an accepted value when replicating objects.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationdestination.html#cfn-s3-bucket-replicationdestination-storageclass
             '''
             result = self._values.get("storage_class")

aws_cdk/aws_s3tables/__init__.py

@@ -76,6 +76,192 @@ from .. import (
 )
 
 
+@jsii.implements(_IInspectable_c2943556)
+class CfnNamespace(
+    _CfnResource_9df397a6,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_s3tables.CfnNamespace",
+):
+    '''Creates a namespace.
+
+    A namespace is a logical grouping of tables within your table bucket, which you can use to organize tables. For more information, see `Create a namespace <https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-namespace-create.html>`_ in the *Amazon Simple Storage Service User Guide* .
+
+    - **Permissions** - You must have the ``s3tables:CreateNamespace`` permission to use this operation.
+
+    :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3tables-namespace.html
+    :cloudformationResource: AWS::S3Tables::Namespace
+    :exampleMetadata: fixture=_generated
+
+    Example::
+
+        # The code below shows an example of how to instantiate this type.
+        # The values are placeholders you should change.
+        from aws_cdk import aws_s3tables as s3tables
+        
+        cfn_namespace = s3tables.CfnNamespace(self, "MyCfnNamespace",
+            namespace="namespace",
+            table_bucket_arn="tableBucketArn"
+        )
+    '''
+
+    def __init__(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        namespace: builtins.str,
+        table_bucket_arn: builtins.str,
+    ) -> None:
+        '''
+        :param scope: Scope in which this resource is defined.
+        :param id: Construct identifier for this resource (unique in its scope).
+        :param namespace: The name of the namespace.
+        :param table_bucket_arn: The Amazon Resource Name (ARN) of the specified table bucket.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__fd79dcff4893fe1cd3464c1f48689d2a01ad4a5eed6acfd35e21266683ab1f1c)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        props = CfnNamespaceProps(
+            namespace=namespace, table_bucket_arn=table_bucket_arn
+        )
+
+        jsii.create(self.__class__, self, [scope, id, props])
+
+    @jsii.member(jsii_name="inspect")
+    def inspect(self, inspector: _TreeInspector_488e0dd5) -> None:
+        '''Examines the CloudFormation resource and discloses attributes.
+
+        :param inspector: tree inspector to collect and process attributes.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__0dae368df5e118b03066ac5fbad3765e81aa23b31a7288aa2bb824379578614f)
+            check_type(argname="argument inspector", value=inspector, expected_type=type_hints["inspector"])
+        return typing.cast(None, jsii.invoke(self, "inspect", [inspector]))
+
+    @jsii.member(jsii_name="renderProperties")
+    def _render_properties(
+        self,
+        props: typing.Mapping[builtins.str, typing.Any],
+    ) -> typing.Mapping[builtins.str, typing.Any]:
+        '''
+        :param props: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__2c772aad560ab6b4e840f54665ca3a18a9fcbf362512eb78423617db138b70b0)
+            check_type(argname="argument props", value=props, expected_type=type_hints["props"])
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.invoke(self, "renderProperties", [props]))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="CFN_RESOURCE_TYPE_NAME")
+    def CFN_RESOURCE_TYPE_NAME(cls) -> builtins.str:
+        '''The CloudFormation resource type name for this resource class.'''
+        return typing.cast(builtins.str, jsii.sget(cls, "CFN_RESOURCE_TYPE_NAME"))
+
+    @builtins.property
+    @jsii.member(jsii_name="cfnProperties")
+    def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
+
+    @builtins.property
+    @jsii.member(jsii_name="namespace")
+    def namespace(self) -> builtins.str:
+        '''The name of the namespace.'''
+        return typing.cast(builtins.str, jsii.get(self, "namespace"))
+
+    @namespace.setter
+    def namespace(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__083038783d9a592008992f105965913f4b10d8bc23252afb9a929c22e7cebd06)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "namespace", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="tableBucketArn")
+    def table_bucket_arn(self) -> builtins.str:
+        '''The Amazon Resource Name (ARN) of the specified table bucket.'''
+        return typing.cast(builtins.str, jsii.get(self, "tableBucketArn"))
+
+    @table_bucket_arn.setter
+    def table_bucket_arn(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__8560b7f29623bc1f753b1cf34442c874c6958096b39accf37244c9341879fd81)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "tableBucketArn", value) # pyright: ignore[reportArgumentType]
+
+
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_s3tables.CfnNamespaceProps",
+    jsii_struct_bases=[],
+    name_mapping={"namespace": "namespace", "table_bucket_arn": "tableBucketArn"},
+)
+class CfnNamespaceProps:
+    def __init__(
+        self,
+        *,
+        namespace: builtins.str,
+        table_bucket_arn: builtins.str,
+    ) -> None:
+        '''Properties for defining a ``CfnNamespace``.
+
+        :param namespace: The name of the namespace.
+        :param table_bucket_arn: The Amazon Resource Name (ARN) of the specified table bucket.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3tables-namespace.html
+        :exampleMetadata: fixture=_generated
+
+        Example::
+
+            # The code below shows an example of how to instantiate this type.
+            # The values are placeholders you should change.
+            from aws_cdk import aws_s3tables as s3tables
+            
+            cfn_namespace_props = s3tables.CfnNamespaceProps(
+                namespace="namespace",
+                table_bucket_arn="tableBucketArn"
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__5fdadc8758c9f96fac22200567c0d51cfd3e36c943cb9fa46e50cbf9abf25faf)
+            check_type(argname="argument namespace", value=namespace, expected_type=type_hints["namespace"])
+            check_type(argname="argument table_bucket_arn", value=table_bucket_arn, expected_type=type_hints["table_bucket_arn"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "namespace": namespace,
+            "table_bucket_arn": table_bucket_arn,
+        }
+
+    @builtins.property
+    def namespace(self) -> builtins.str:
+        '''The name of the namespace.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3tables-namespace.html#cfn-s3tables-namespace-namespace
+        '''
+        result = self._values.get("namespace")
+        assert result is not None, "Required property 'namespace' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def table_bucket_arn(self) -> builtins.str:
+        '''The Amazon Resource Name (ARN) of the specified table bucket.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3tables-namespace.html#cfn-s3tables-namespace-tablebucketarn
+        '''
+        result = self._values.get("table_bucket_arn")
+        assert result is not None, "Required property 'table_bucket_arn' is missing"
+        return typing.cast(builtins.str, result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "CfnNamespaceProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
 @jsii.implements(_IInspectable_c2943556)
 class CfnTableBucket(
     _CfnResource_9df397a6,
@@ -706,6 +892,8 @@ class CfnTableBucketProps:
 
 
 __all__ = [
+    "CfnNamespace",
+    "CfnNamespaceProps",
     "CfnTableBucket",
     "CfnTableBucketPolicy",
     "CfnTableBucketPolicyProps",
@@ -714,6 +902,48 @@ __all__ = [
 
 publication.publish()
 
+def _typecheckingstub__fd79dcff4893fe1cd3464c1f48689d2a01ad4a5eed6acfd35e21266683ab1f1c(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    namespace: builtins.str,
+    table_bucket_arn: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__0dae368df5e118b03066ac5fbad3765e81aa23b31a7288aa2bb824379578614f(
+    inspector: _TreeInspector_488e0dd5,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__2c772aad560ab6b4e840f54665ca3a18a9fcbf362512eb78423617db138b70b0(
+    props: typing.Mapping[builtins.str, typing.Any],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__083038783d9a592008992f105965913f4b10d8bc23252afb9a929c22e7cebd06(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__8560b7f29623bc1f753b1cf34442c874c6958096b39accf37244c9341879fd81(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__5fdadc8758c9f96fac22200567c0d51cfd3e36c943cb9fa46e50cbf9abf25faf(
+    *,
+    namespace: builtins.str,
+    table_bucket_arn: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__de433918cd34eecbcaab0e81b6a287f71a48dd308c2f4d42e07a0e19ce5af0e2(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,

aws_cdk/aws_sagemaker/__init__.py

@@ -7763,7 +7763,7 @@ class CfnDomain(
             :param execution_role_identity_config: The configuration for attaching a SageMaker AI user profile name to the execution role as a `sts:SourceIdentity key <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html>`_ .
             :param r_studio_server_pro_domain_settings: A collection of settings that configure the ``RStudioServerPro`` Domain-level app.
             :param security_group_ids: The security groups for the Amazon Virtual Private Cloud that the ``Domain`` uses for communication between Domain-level apps and user apps.
-            :param unified_studio_settings: A collection of settings that apply to an Amazon SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.
+            :param unified_studio_settings: The settings that apply to an SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-domainsettings.html
             :exampleMetadata: fixture=_generated
@@ -7868,7 +7868,7 @@ class CfnDomain(
         def unified_studio_settings(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDomain.UnifiedStudioSettingsProperty"]]:
-            '''A collection of settings that apply to an Amazon SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.
+            '''The settings that apply to an SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-domainsettings.html#cfn-sagemaker-domain-domainsettings-unifiedstudiosettings
             '''
@@ -9216,7 +9216,7 @@ class CfnDomain(
             project_s3_path: typing.Optional[builtins.str] = None,
             studio_web_portal_access: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''A collection of settings that apply to an Amazon SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.
+            '''The settings that apply to an Amazon SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.
 
             :param domain_account_id: The ID of the AWS account that has the Amazon SageMaker Unified Studio domain. The default value, if you don't specify an ID, is the ID of the account that has the Amazon SageMaker AI domain.
             :param domain_id: The ID of the Amazon SageMaker Unified Studio domain associated with this domain.
@@ -9224,7 +9224,7 @@ class CfnDomain(
             :param environment_id: The ID of the environment that Amazon SageMaker Unified Studio associates with the domain.
             :param project_id: The ID of the Amazon SageMaker Unified Studio project that corresponds to the domain.
             :param project_s3_path: The location where Amazon S3 stores temporary execution data and other artifacts for the project that corresponds to the domain.
-            :param studio_web_portal_access: Sets whether you can access the domain in Amazon SageMaker Studio:. ENABLED You can access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it in both studio interfaces. DISABLED You can't access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it only in that studio interface.
+            :param studio_web_portal_access: Sets whether you can access the domain in Amazon SageMaker Studio:. - **ENABLED** - You can access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it in both studio interfaces. - **DISABLED** - You can't access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it only in that studio interface. To migrate a domain to Amazon SageMaker Unified Studio, you specify the UnifiedStudioSettings data type when you use the UpdateDomain action.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-unifiedstudiosettings.html
             :exampleMetadata: fixture=_generated
@@ -9332,10 +9332,10 @@ class CfnDomain(
         def studio_web_portal_access(self) -> typing.Optional[builtins.str]:
             '''Sets whether you can access the domain in Amazon SageMaker Studio:.
 
-            ENABLED
-            You can access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it in both studio interfaces.
-            DISABLED
-            You can't access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it only in that studio interface.
+            - **ENABLED** - You can access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it in both studio interfaces.
+            - **DISABLED** - You can't access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it only in that studio interface.
+
+            To migrate a domain to Amazon SageMaker Unified Studio, you specify the UnifiedStudioSettings data type when you use the UpdateDomain action.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-unifiedstudiosettings.html#cfn-sagemaker-domain-unifiedstudiosettings-studiowebportalaccess
             '''
@@ -21309,7 +21309,7 @@ class CfnModel(
             Your input bucket must be in the same AWS region as your training job.
 
             :param compression_type: 
-            :param s3_data_type: If you choose ``S3Prefix`` , ``S3Uri`` identifies a key name prefix. SageMaker uses all objects that match the specified key name prefix for model training. If you choose ``ManifestFile`` , ``S3Uri`` identifies an object that is a manifest file containing a list of object keys that you want SageMaker to use for model training. If you choose ``AugmentedManifestFile`` , ``S3Uri`` identifies an object that is an augmented manifest file in JSON lines format. This file contains the data you want to use for model training. ``AugmentedManifestFile`` can only be used if the Channel's input mode is ``Pipe`` .
+            :param s3_data_type: If you choose ``S3Prefix`` , ``S3Uri`` identifies a key name prefix. SageMaker uses all objects that match the specified key name prefix for model training. If you choose ``ManifestFile`` , ``S3Uri`` identifies an object that is a manifest file containing a list of object keys that you want SageMaker to use for model training. If you choose ``AugmentedManifestFile`` , ``S3Uri`` identifies an object that is an augmented manifest file in JSON lines format. This file contains the data you want to use for model training. ``AugmentedManifestFile`` can only be used if the Channel's input mode is ``Pipe`` . If you choose ``Converse`` , ``S3Uri`` identifies an Amazon S3 location that contains data formatted according to Converse format. This format structures conversational messages with specific roles and content types used for training and fine-tuning foundational models.
             :param s3_uri: Depending on the value specified for the ``S3DataType`` , identifies either a key name prefix or a manifest. For example: - A key name prefix might look like this: ``s3://bucketname/exampleprefix/`` - A manifest might look like this: ``s3://bucketname/example.manifest`` A manifest is an S3 object which is a JSON file consisting of an array of elements. The first element is a prefix which is followed by one or more suffixes. SageMaker appends the suffix elements to the prefix to get a full set of ``S3Uri`` . Note that the prefix must be a valid non-empty ``S3Uri`` that precludes users from specifying a manifest whose individual ``S3Uri`` is sourced from different S3 buckets. The following code example shows a valid manifest format: ``[ {"prefix": "s3://customer_bucket/some/prefix/"},`` ``"relative/path/to/custdata-1",`` ``"relative/path/custdata-2",`` ``...`` ``"relative/path/custdata-N"`` ``]`` This JSON is equivalent to the following ``S3Uri`` list: ``s3://customer_bucket/some/prefix/relative/path/to/custdata-1`` ``s3://customer_bucket/some/prefix/relative/path/custdata-2`` ``...`` ``s3://customer_bucket/some/prefix/relative/path/custdata-N`` The complete set of ``S3Uri`` in this manifest is the input data for the channel for this data source. The object that each ``S3Uri`` points to must be readable by the IAM role that SageMaker uses to perform tasks on your behalf. Your input bucket must be located in same AWS region as your training job.
             :param hub_access_config: The configuration for a private hub model reference that points to a SageMaker JumpStart public hub model.
             :param model_access_config: 
@@ -21373,6 +21373,8 @@ class CfnModel(
 
             If you choose ``AugmentedManifestFile`` , ``S3Uri`` identifies an object that is an augmented manifest file in JSON lines format. This file contains the data you want to use for model training. ``AugmentedManifestFile`` can only be used if the Channel's input mode is ``Pipe`` .
 
+            If you choose ``Converse`` , ``S3Uri`` identifies an Amazon S3 location that contains data formatted according to Converse format. This format structures conversational messages with specific roles and content types used for training and fine-tuning foundational models.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-model-s3datasource.html#cfn-sagemaker-model-s3datasource-s3datatype
             '''
             result = self._values.get("s3_data_type")
@@ -33164,7 +33166,7 @@ class CfnModelPackage(
 
             Your input bucket must be in the same AWS region as your training job.
 
-            :param s3_data_type: If you choose ``S3Prefix`` , ``S3Uri`` identifies a key name prefix. SageMaker uses all objects that match the specified key name prefix for model training. If you choose ``ManifestFile`` , ``S3Uri`` identifies an object that is a manifest file containing a list of object keys that you want SageMaker to use for model training. If you choose ``AugmentedManifestFile`` , ``S3Uri`` identifies an object that is an augmented manifest file in JSON lines format. This file contains the data you want to use for model training. ``AugmentedManifestFile`` can only be used if the Channel's input mode is ``Pipe`` .
+            :param s3_data_type: If you choose ``S3Prefix`` , ``S3Uri`` identifies a key name prefix. SageMaker uses all objects that match the specified key name prefix for model training. If you choose ``ManifestFile`` , ``S3Uri`` identifies an object that is a manifest file containing a list of object keys that you want SageMaker to use for model training. If you choose ``AugmentedManifestFile`` , ``S3Uri`` identifies an object that is an augmented manifest file in JSON lines format. This file contains the data you want to use for model training. ``AugmentedManifestFile`` can only be used if the Channel's input mode is ``Pipe`` . If you choose ``Converse`` , ``S3Uri`` identifies an Amazon S3 location that contains data formatted according to Converse format. This format structures conversational messages with specific roles and content types used for training and fine-tuning foundational models.
             :param s3_uri: Depending on the value specified for the ``S3DataType`` , identifies either a key name prefix or a manifest. For example: - A key name prefix might look like this: ``s3://bucketname/exampleprefix/`` - A manifest might look like this: ``s3://bucketname/example.manifest`` A manifest is an S3 object which is a JSON file consisting of an array of elements. The first element is a prefix which is followed by one or more suffixes. SageMaker appends the suffix elements to the prefix to get a full set of ``S3Uri`` . Note that the prefix must be a valid non-empty ``S3Uri`` that precludes users from specifying a manifest whose individual ``S3Uri`` is sourced from different S3 buckets. The following code example shows a valid manifest format: ``[ {"prefix": "s3://customer_bucket/some/prefix/"},`` ``"relative/path/to/custdata-1",`` ``"relative/path/custdata-2",`` ``...`` ``"relative/path/custdata-N"`` ``]`` This JSON is equivalent to the following ``S3Uri`` list: ``s3://customer_bucket/some/prefix/relative/path/to/custdata-1`` ``s3://customer_bucket/some/prefix/relative/path/custdata-2`` ``...`` ``s3://customer_bucket/some/prefix/relative/path/custdata-N`` The complete set of ``S3Uri`` in this manifest is the input data for the channel for this data source. The object that each ``S3Uri`` points to must be readable by the IAM role that SageMaker uses to perform tasks on your behalf. Your input bucket must be located in same AWS region as your training job.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-modelpackage-s3datasource.html
@@ -33200,6 +33202,8 @@ class CfnModelPackage(
 
             If you choose ``AugmentedManifestFile`` , ``S3Uri`` identifies an object that is an augmented manifest file in JSON lines format. This file contains the data you want to use for model training. ``AugmentedManifestFile`` can only be used if the Channel's input mode is ``Pipe`` .
 
+            If you choose ``Converse`` , ``S3Uri`` identifies an Amazon S3 location that contains data formatted according to Converse format. This format structures conversational messages with specific roles and content types used for training and fine-tuning foundational models.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-modelpackage-s3datasource.html#cfn-sagemaker-modelpackage-s3datasource-s3datatype
             '''
             result = self._values.get("s3_data_type")