aws-cdk-lib 2.207.0__py3-none-any.whl → 2.209.0__py3-none-any.whl

aws_cdk/aws_ssm/__init__.py

@@ -5245,6 +5245,7 @@ class CfnPatchBaseline(
             approved_patches=["approvedPatches"],
             approved_patches_compliance_level="approvedPatchesComplianceLevel",
             approved_patches_enable_non_security=False,
+            available_security_updates_compliance_status="availableSecurityUpdatesComplianceStatus",
             default_baseline=False,
             description="description",
             global_filters=ssm.CfnPatchBaseline.PatchFilterGroupProperty(
@@ -5279,6 +5280,7 @@ class CfnPatchBaseline(
         approved_patches: typing.Optional[typing.Sequence[builtins.str]] = None,
         approved_patches_compliance_level: typing.Optional[builtins.str] = None,
         approved_patches_enable_non_security: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+        available_security_updates_compliance_status: typing.Optional[builtins.str] = None,
         default_baseline: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         description: typing.Optional[builtins.str] = None,
         global_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnPatchBaseline.PatchFilterGroupProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -5297,6 +5299,7 @@ class CfnPatchBaseline(
         :param approved_patches: A list of explicitly approved patches for the baseline. For information about accepted formats for lists of approved patches and rejected patches, see `Package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
         :param approved_patches_compliance_level: Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is ``UNSPECIFIED`` . Default: - "UNSPECIFIED"
         :param approved_patches_enable_non_security: Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is ``false`` . Applies to Linux managed nodes only. Default: - false
+        :param available_security_updates_compliance_status: The compliance status for vendor recommended security updates that are not approved by this patch baseline.
         :param default_baseline: Indicates whether this is the default baseline. AWS Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system. Default: - false
         :param description: A description of the patch baseline.
         :param global_filters: A set of global filters used to include patches in the baseline. .. epigraph:: The ``GlobalFilters`` parameter can be configured only by using the AWS CLI or an AWS SDK. It can't be configured from the Patch Manager console, and its value isn't displayed in the console.
@@ -5317,6 +5320,7 @@ class CfnPatchBaseline(
             approved_patches=approved_patches,
             approved_patches_compliance_level=approved_patches_compliance_level,
             approved_patches_enable_non_security=approved_patches_enable_non_security,
+            available_security_updates_compliance_status=available_security_updates_compliance_status,
             default_baseline=default_baseline,
             description=description,
             global_filters=global_filters,
@@ -5461,6 +5465,24 @@ class CfnPatchBaseline(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "approvedPatchesEnableNonSecurity", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="availableSecurityUpdatesComplianceStatus")
+    def available_security_updates_compliance_status(
+        self,
+    ) -> typing.Optional[builtins.str]:
+        '''The compliance status for vendor recommended security updates that are not approved by this patch baseline.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "availableSecurityUpdatesComplianceStatus"))
+
+    @available_security_updates_compliance_status.setter
+    def available_security_updates_compliance_status(
+        self,
+        value: typing.Optional[builtins.str],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__b3d22bb7723ec324262f77916922eeca45b414ed52032b18a9facc597e01c7c3)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "availableSecurityUpdatesComplianceStatus", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="defaultBaseline")
     def default_baseline(
@@ -6085,6 +6107,7 @@ class CfnPatchBaseline(
         "approved_patches": "approvedPatches",
         "approved_patches_compliance_level": "approvedPatchesComplianceLevel",
         "approved_patches_enable_non_security": "approvedPatchesEnableNonSecurity",
+        "available_security_updates_compliance_status": "availableSecurityUpdatesComplianceStatus",
         "default_baseline": "defaultBaseline",
         "description": "description",
         "global_filters": "globalFilters",
@@ -6105,6 +6128,7 @@ class CfnPatchBaselineProps:
         approved_patches: typing.Optional[typing.Sequence[builtins.str]] = None,
         approved_patches_compliance_level: typing.Optional[builtins.str] = None,
         approved_patches_enable_non_security: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+        available_security_updates_compliance_status: typing.Optional[builtins.str] = None,
         default_baseline: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
         description: typing.Optional[builtins.str] = None,
         global_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnPatchBaseline.PatchFilterGroupProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -6122,6 +6146,7 @@ class CfnPatchBaselineProps:
         :param approved_patches: A list of explicitly approved patches for the baseline. For information about accepted formats for lists of approved patches and rejected patches, see `Package name formats for approved and rejected patch lists <https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html>`_ in the *AWS Systems Manager User Guide* .
         :param approved_patches_compliance_level: Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is ``UNSPECIFIED`` . Default: - "UNSPECIFIED"
         :param approved_patches_enable_non_security: Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is ``false`` . Applies to Linux managed nodes only. Default: - false
+        :param available_security_updates_compliance_status: The compliance status for vendor recommended security updates that are not approved by this patch baseline.
         :param default_baseline: Indicates whether this is the default baseline. AWS Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system. Default: - false
         :param description: A description of the patch baseline.
         :param global_filters: A set of global filters used to include patches in the baseline. .. epigraph:: The ``GlobalFilters`` parameter can be configured only by using the AWS CLI or an AWS SDK. It can't be configured from the Patch Manager console, and its value isn't displayed in the console.
@@ -6162,6 +6187,7 @@ class CfnPatchBaselineProps:
                 approved_patches=["approvedPatches"],
                 approved_patches_compliance_level="approvedPatchesComplianceLevel",
                 approved_patches_enable_non_security=False,
+                available_security_updates_compliance_status="availableSecurityUpdatesComplianceStatus",
                 default_baseline=False,
                 description="description",
                 global_filters=ssm.CfnPatchBaseline.PatchFilterGroupProperty(
@@ -6192,6 +6218,7 @@ class CfnPatchBaselineProps:
             check_type(argname="argument approved_patches", value=approved_patches, expected_type=type_hints["approved_patches"])
             check_type(argname="argument approved_patches_compliance_level", value=approved_patches_compliance_level, expected_type=type_hints["approved_patches_compliance_level"])
             check_type(argname="argument approved_patches_enable_non_security", value=approved_patches_enable_non_security, expected_type=type_hints["approved_patches_enable_non_security"])
+            check_type(argname="argument available_security_updates_compliance_status", value=available_security_updates_compliance_status, expected_type=type_hints["available_security_updates_compliance_status"])
             check_type(argname="argument default_baseline", value=default_baseline, expected_type=type_hints["default_baseline"])
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
             check_type(argname="argument global_filters", value=global_filters, expected_type=type_hints["global_filters"])
@@ -6212,6 +6239,8 @@ class CfnPatchBaselineProps:
             self._values["approved_patches_compliance_level"] = approved_patches_compliance_level
         if approved_patches_enable_non_security is not None:
             self._values["approved_patches_enable_non_security"] = approved_patches_enable_non_security
+        if available_security_updates_compliance_status is not None:
+            self._values["available_security_updates_compliance_status"] = available_security_updates_compliance_status
         if default_baseline is not None:
             self._values["default_baseline"] = default_baseline
         if description is not None:
@@ -6291,6 +6320,17 @@ class CfnPatchBaselineProps:
         result = self._values.get("approved_patches_enable_non_security")
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
 
+    @builtins.property
+    def available_security_updates_compliance_status(
+        self,
+    ) -> typing.Optional[builtins.str]:
+        '''The compliance status for vendor recommended security updates that are not approved by this patch baseline.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-availablesecurityupdatescompliancestatus
+        '''
+        result = self._values.get("available_security_updates_compliance_status")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def default_baseline(
         self,
@@ -10266,6 +10306,7 @@ def _typecheckingstub__5b87565e6649bbe5a503013adf6ae874b3dc918c05cd6b120b99a77e8
     approved_patches: typing.Optional[typing.Sequence[builtins.str]] = None,
     approved_patches_compliance_level: typing.Optional[builtins.str] = None,
     approved_patches_enable_non_security: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+    available_security_updates_compliance_status: typing.Optional[builtins.str] = None,
     default_baseline: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     description: typing.Optional[builtins.str] = None,
     global_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnPatchBaseline.PatchFilterGroupProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -10321,6 +10362,12 @@ def _typecheckingstub__596ca4adbe9b66ae96ac84884c609e25720aab40b7f9d665e6ea16808
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__b3d22bb7723ec324262f77916922eeca45b414ed52032b18a9facc597e01c7c3(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__a82f38addd776fccd7d2225bc356d9a6e4dc42b938cbf56c083c34cd4994c239(
     value: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]],
 ) -> None:
@@ -10424,6 +10471,7 @@ def _typecheckingstub__ff6666a30d275f2a85d64de631c940fb83198b8b5a376b87a3a684f4a
     approved_patches: typing.Optional[typing.Sequence[builtins.str]] = None,
     approved_patches_compliance_level: typing.Optional[builtins.str] = None,
     approved_patches_enable_non_security: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
+    available_security_updates_compliance_status: typing.Optional[builtins.str] = None,
     default_baseline: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     description: typing.Optional[builtins.str] = None,
     global_filters: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnPatchBaseline.PatchFilterGroupProperty, typing.Dict[builtins.str, typing.Any]]]] = None,

aws_cdk/aws_transfer/__init__.py

@@ -2374,6 +2374,7 @@ class CfnServer(
                 url="url"
             ),
             identity_provider_type="identityProviderType",
+            ip_address_type="ipAddressType",
             logging_role="loggingRole",
             post_authentication_login_banner="postAuthenticationLoginBanner",
             pre_authentication_login_banner="preAuthenticationLoginBanner",
@@ -2417,6 +2418,7 @@ class CfnServer(
         endpoint_type: typing.Optional[builtins.str] = None,
         identity_provider_details: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnServer.IdentityProviderDetailsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         identity_provider_type: typing.Optional[builtins.str] = None,
+        ip_address_type: typing.Optional[builtins.str] = None,
         logging_role: typing.Optional[builtins.str] = None,
         post_authentication_login_banner: typing.Optional[builtins.str] = None,
         pre_authentication_login_banner: typing.Optional[builtins.str] = None,
@@ -2437,6 +2439,7 @@ class CfnServer(
         :param endpoint_type: The type of endpoint that you want your server to use. You can choose to make your server's endpoint publicly accessible (PUBLIC) or host it inside your VPC. With an endpoint that is hosted in a VPC, you can restrict access to your server and resources only within your VPC or choose to make it internet facing by attaching Elastic IP addresses directly to it. .. epigraph:: After May 19, 2021, you won't be able to create a server using ``EndpointType=VPC_ENDPOINT`` in your AWS account if your account hasn't already done so before May 19, 2021. If you have already created servers with ``EndpointType=VPC_ENDPOINT`` in your AWS account on or before May 19, 2021, you will not be affected. After this date, use ``EndpointType`` = ``VPC`` . For more information, see `Discontinuing the use of VPC_ENDPOINT <https://docs.aws.amazon.com//transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint>`_ . It is recommended that you use ``VPC`` as the ``EndpointType`` . With this endpoint type, you have the option to directly associate up to three Elastic IPv4 addresses (BYO IP included) with your server's endpoint and use VPC security groups to restrict traffic by the client's public IP address. This is not possible with ``EndpointType`` set to ``VPC_ENDPOINT`` .
         :param identity_provider_details: Required when ``IdentityProviderType`` is set to ``AWS_DIRECTORY_SERVICE`` , ``AWS _LAMBDA`` or ``API_GATEWAY`` . Accepts an array containing all of the information required to use a directory in ``AWS_DIRECTORY_SERVICE`` or invoke a customer-supplied authentication API, including the API Gateway URL. Cannot be specified when ``IdentityProviderType`` is set to ``SERVICE_MANAGED`` .
         :param identity_provider_type: The mode of authentication for a server. The default value is ``SERVICE_MANAGED`` , which allows you to store and access user credentials within the AWS Transfer Family service. Use ``AWS_DIRECTORY_SERVICE`` to provide access to Active Directory groups in AWS Directory Service for Microsoft Active Directory or Microsoft Active Directory in your on-premises environment or in AWS using AD Connector. This option also requires you to provide a Directory ID by using the ``IdentityProviderDetails`` parameter. Use the ``API_GATEWAY`` value to integrate with an identity provider of your choosing. The ``API_GATEWAY`` setting requires you to provide an Amazon API Gateway endpoint URL to call for authentication by using the ``IdentityProviderDetails`` parameter. Use the ``AWS_LAMBDA`` value to directly use an AWS Lambda function as your identity provider. If you choose this value, you must specify the ARN for the Lambda function in the ``Function`` parameter for the ``IdentityProviderDetails`` data type.
+        :param ip_address_type: Specifies whether to use IPv4 only, or to use dual-stack (IPv4 and IPv6) for your AWS Transfer Family endpoint. The default value is ``IPV4`` . .. epigraph:: The ``IpAddressType`` parameter has the following limitations: - It cannot be changed while the server is online. You must stop the server before modifying this parameter. - It cannot be updated to ``DUALSTACK`` if the server has ``AddressAllocationIds`` specified. > When using ``DUALSTACK`` as the ``IpAddressType`` , you cannot set the ``AddressAllocationIds`` parameter for the `EndpointDetails <https://docs.aws.amazon.com/transfer/latest/APIReference/API_EndpointDetails.html>`_ for the server.
         :param logging_role: The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS events. When set, you can view user activity in your CloudWatch logs.
         :param post_authentication_login_banner: Specifies a string to display when users connect to a server. This string is displayed after the user authenticates. .. epigraph:: The SFTP protocol does not support post-authentication display banners.
         :param pre_authentication_login_banner: Specifies a string to display when users connect to a server. This string is displayed before the user authenticates. For example, the following banner displays details about using the system: ``This system is for the use of authorized users only. Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities on this system monitored and recorded by system personnel.``
@@ -2459,6 +2462,7 @@ class CfnServer(
             endpoint_type=endpoint_type,
             identity_provider_details=identity_provider_details,
             identity_provider_type=identity_provider_type,
+            ip_address_type=ip_address_type,
             logging_role=logging_role,
             post_authentication_login_banner=post_authentication_login_banner,
             pre_authentication_login_banner=pre_authentication_login_banner,
@@ -2646,6 +2650,19 @@ class CfnServer(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "identityProviderType", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="ipAddressType")
+    def ip_address_type(self) -> typing.Optional[builtins.str]:
+        '''Specifies whether to use IPv4 only, or to use dual-stack (IPv4 and IPv6) for your AWS Transfer Family endpoint.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "ipAddressType"))
+
+    @ip_address_type.setter
+    def ip_address_type(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__8cfe7d7f7218e63daf2394f025140f03c85b4b448857853b83b58f4e59a3eee0)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "ipAddressType", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="loggingRole")
     def logging_role(self) -> typing.Optional[builtins.str]:
@@ -3471,6 +3488,7 @@ class CfnServer(
         "endpoint_type": "endpointType",
         "identity_provider_details": "identityProviderDetails",
         "identity_provider_type": "identityProviderType",
+        "ip_address_type": "ipAddressType",
         "logging_role": "loggingRole",
         "post_authentication_login_banner": "postAuthenticationLoginBanner",
         "pre_authentication_login_banner": "preAuthenticationLoginBanner",
@@ -3493,6 +3511,7 @@ class CfnServerProps:
         endpoint_type: typing.Optional[builtins.str] = None,
         identity_provider_details: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnServer.IdentityProviderDetailsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         identity_provider_type: typing.Optional[builtins.str] = None,
+        ip_address_type: typing.Optional[builtins.str] = None,
         logging_role: typing.Optional[builtins.str] = None,
         post_authentication_login_banner: typing.Optional[builtins.str] = None,
         pre_authentication_login_banner: typing.Optional[builtins.str] = None,
@@ -3512,6 +3531,7 @@ class CfnServerProps:
         :param endpoint_type: The type of endpoint that you want your server to use. You can choose to make your server's endpoint publicly accessible (PUBLIC) or host it inside your VPC. With an endpoint that is hosted in a VPC, you can restrict access to your server and resources only within your VPC or choose to make it internet facing by attaching Elastic IP addresses directly to it. .. epigraph:: After May 19, 2021, you won't be able to create a server using ``EndpointType=VPC_ENDPOINT`` in your AWS account if your account hasn't already done so before May 19, 2021. If you have already created servers with ``EndpointType=VPC_ENDPOINT`` in your AWS account on or before May 19, 2021, you will not be affected. After this date, use ``EndpointType`` = ``VPC`` . For more information, see `Discontinuing the use of VPC_ENDPOINT <https://docs.aws.amazon.com//transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint>`_ . It is recommended that you use ``VPC`` as the ``EndpointType`` . With this endpoint type, you have the option to directly associate up to three Elastic IPv4 addresses (BYO IP included) with your server's endpoint and use VPC security groups to restrict traffic by the client's public IP address. This is not possible with ``EndpointType`` set to ``VPC_ENDPOINT`` .
         :param identity_provider_details: Required when ``IdentityProviderType`` is set to ``AWS_DIRECTORY_SERVICE`` , ``AWS _LAMBDA`` or ``API_GATEWAY`` . Accepts an array containing all of the information required to use a directory in ``AWS_DIRECTORY_SERVICE`` or invoke a customer-supplied authentication API, including the API Gateway URL. Cannot be specified when ``IdentityProviderType`` is set to ``SERVICE_MANAGED`` .
         :param identity_provider_type: The mode of authentication for a server. The default value is ``SERVICE_MANAGED`` , which allows you to store and access user credentials within the AWS Transfer Family service. Use ``AWS_DIRECTORY_SERVICE`` to provide access to Active Directory groups in AWS Directory Service for Microsoft Active Directory or Microsoft Active Directory in your on-premises environment or in AWS using AD Connector. This option also requires you to provide a Directory ID by using the ``IdentityProviderDetails`` parameter. Use the ``API_GATEWAY`` value to integrate with an identity provider of your choosing. The ``API_GATEWAY`` setting requires you to provide an Amazon API Gateway endpoint URL to call for authentication by using the ``IdentityProviderDetails`` parameter. Use the ``AWS_LAMBDA`` value to directly use an AWS Lambda function as your identity provider. If you choose this value, you must specify the ARN for the Lambda function in the ``Function`` parameter for the ``IdentityProviderDetails`` data type.
+        :param ip_address_type: Specifies whether to use IPv4 only, or to use dual-stack (IPv4 and IPv6) for your AWS Transfer Family endpoint. The default value is ``IPV4`` . .. epigraph:: The ``IpAddressType`` parameter has the following limitations: - It cannot be changed while the server is online. You must stop the server before modifying this parameter. - It cannot be updated to ``DUALSTACK`` if the server has ``AddressAllocationIds`` specified. > When using ``DUALSTACK`` as the ``IpAddressType`` , you cannot set the ``AddressAllocationIds`` parameter for the `EndpointDetails <https://docs.aws.amazon.com/transfer/latest/APIReference/API_EndpointDetails.html>`_ for the server.
         :param logging_role: The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS events. When set, you can view user activity in your CloudWatch logs.
         :param post_authentication_login_banner: Specifies a string to display when users connect to a server. This string is displayed after the user authenticates. .. epigraph:: The SFTP protocol does not support post-authentication display banners.
         :param pre_authentication_login_banner: Specifies a string to display when users connect to a server. This string is displayed before the user authenticates. For example, the following banner displays details about using the system: ``This system is for the use of authorized users only. Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities on this system monitored and recorded by system personnel.``
@@ -3551,6 +3571,7 @@ class CfnServerProps:
                     url="url"
                 ),
                 identity_provider_type="identityProviderType",
+                ip_address_type="ipAddressType",
                 logging_role="loggingRole",
                 post_authentication_login_banner="postAuthenticationLoginBanner",
                 pre_authentication_login_banner="preAuthenticationLoginBanner",
@@ -3590,6 +3611,7 @@ class CfnServerProps:
             check_type(argname="argument endpoint_type", value=endpoint_type, expected_type=type_hints["endpoint_type"])
             check_type(argname="argument identity_provider_details", value=identity_provider_details, expected_type=type_hints["identity_provider_details"])
             check_type(argname="argument identity_provider_type", value=identity_provider_type, expected_type=type_hints["identity_provider_type"])
+            check_type(argname="argument ip_address_type", value=ip_address_type, expected_type=type_hints["ip_address_type"])
             check_type(argname="argument logging_role", value=logging_role, expected_type=type_hints["logging_role"])
             check_type(argname="argument post_authentication_login_banner", value=post_authentication_login_banner, expected_type=type_hints["post_authentication_login_banner"])
             check_type(argname="argument pre_authentication_login_banner", value=pre_authentication_login_banner, expected_type=type_hints["pre_authentication_login_banner"])
@@ -3613,6 +3635,8 @@ class CfnServerProps:
             self._values["identity_provider_details"] = identity_provider_details
         if identity_provider_type is not None:
             self._values["identity_provider_type"] = identity_provider_type
+        if ip_address_type is not None:
+            self._values["ip_address_type"] = ip_address_type
         if logging_role is not None:
             self._values["logging_role"] = logging_role
         if post_authentication_login_banner is not None:
@@ -3735,6 +3759,23 @@ class CfnServerProps:
         result = self._values.get("identity_provider_type")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def ip_address_type(self) -> typing.Optional[builtins.str]:
+        '''Specifies whether to use IPv4 only, or to use dual-stack (IPv4 and IPv6) for your AWS Transfer Family endpoint.
+
+        The default value is ``IPV4`` .
+        .. epigraph::
+
+           The ``IpAddressType`` parameter has the following limitations:
+
+           - It cannot be changed while the server is online. You must stop the server before modifying this parameter.
+           - It cannot be updated to ``DUALSTACK`` if the server has ``AddressAllocationIds`` specified. > When using ``DUALSTACK`` as the ``IpAddressType`` , you cannot set the ``AddressAllocationIds`` parameter for the `EndpointDetails <https://docs.aws.amazon.com/transfer/latest/APIReference/API_EndpointDetails.html>`_ for the server.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-server.html#cfn-transfer-server-ipaddresstype
+        '''
+        result = self._values.get("ip_address_type")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def logging_role(self) -> typing.Optional[builtins.str]:
         '''The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFS events.
@@ -7259,6 +7300,7 @@ def _typecheckingstub__bf4192baa4fd5a52c9092a6bab5b78398f0e5f14bdad138f58e799069
     endpoint_type: typing.Optional[builtins.str] = None,
     identity_provider_details: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnServer.IdentityProviderDetailsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     identity_provider_type: typing.Optional[builtins.str] = None,
+    ip_address_type: typing.Optional[builtins.str] = None,
     logging_role: typing.Optional[builtins.str] = None,
     post_authentication_login_banner: typing.Optional[builtins.str] = None,
     pre_authentication_login_banner: typing.Optional[builtins.str] = None,
@@ -7321,6 +7363,12 @@ def _typecheckingstub__08a6cb2bcf7a55379e6b89fa02d0735271e11fc131bf9d9b0693cea39
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__8cfe7d7f7218e63daf2394f025140f03c85b4b448857853b83b58f4e59a3eee0(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__85db09859b7fcfcae20f45283fb5e74d7f731e8583b8055856472647123250d9(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -7444,6 +7492,7 @@ def _typecheckingstub__755735299782e941527b817551c61582134dc6f25d12aff5d9120aeeb
     endpoint_type: typing.Optional[builtins.str] = None,
     identity_provider_details: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnServer.IdentityProviderDetailsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     identity_provider_type: typing.Optional[builtins.str] = None,
+    ip_address_type: typing.Optional[builtins.str] = None,
     logging_role: typing.Optional[builtins.str] = None,
     post_authentication_login_banner: typing.Optional[builtins.str] = None,
     pre_authentication_login_banner: typing.Optional[builtins.str] = None,