aws-cdk-lib 2.211.0__py3-none-any.whl → 2.212.0__py3-none-any.whl

aws_cdk/aws_synthetics/__init__.py

@@ -1474,6 +1474,12 @@ class CfnCanary(
                 handler="handler",
         
                 # the properties below are optional
+                dependencies=[synthetics.CfnCanary.DependencyProperty(
+                    reference="reference",
+        
+                    # the properties below are optional
+                    type="type"
+                )],
                 s3_bucket="s3Bucket",
                 s3_key="s3Key",
                 s3_object_version="s3ObjectVersion",
@@ -2120,6 +2126,7 @@ class CfnCanary(
         jsii_struct_bases=[],
         name_mapping={
             "handler": "handler",
+            "dependencies": "dependencies",
             "s3_bucket": "s3Bucket",
             "s3_key": "s3Key",
             "s3_object_version": "s3ObjectVersion",
@@ -2132,6 +2139,7 @@ class CfnCanary(
             self,
             *,
             handler: builtins.str,
+            dependencies: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnCanary.DependencyProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
             s3_bucket: typing.Optional[builtins.str] = None,
             s3_key: typing.Optional[builtins.str] = None,
             s3_object_version: typing.Optional[builtins.str] = None,
@@ -2143,6 +2151,7 @@ class CfnCanary(
             This structure contains the Lambda handler with the location where the canary should start running the script. If the script is stored in an S3 bucket, the bucket name, key, and version are also included. If the script is passed into the canary directly, the script code is contained in the value of ``Script`` .
 
             :param handler: The entry point to use for the source code when running the canary. For canaries that use the ``syn-python-selenium-1.0`` runtime or a ``syn-nodejs.puppeteer`` runtime earlier than ``syn-nodejs.puppeteer-3.4`` , the handler must be specified as ``*fileName* .handler`` . For ``syn-python-selenium-1.1`` , ``syn-nodejs.puppeteer-3.4`` , and later runtimes, the handler can be specified as ``*fileName* . *functionName*`` , or you can specify a folder where canary scripts reside as ``*folder* / *fileName* . *functionName*`` .
+            :param dependencies: List of Lambda layers to attach to the canary.
             :param s3_bucket: If your canary script is located in S3, specify the bucket name here. The bucket must already exist.
             :param s3_key: The Amazon S3 key of your script. For more information, see `Working with Amazon S3 Objects <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingObjects.html>`_ .
             :param s3_object_version: The Amazon S3 version ID of your script.
@@ -2162,6 +2171,12 @@ class CfnCanary(
                     handler="handler",
                 
                     # the properties below are optional
+                    dependencies=[synthetics.CfnCanary.DependencyProperty(
+                        reference="reference",
+                
+                        # the properties below are optional
+                        type="type"
+                    )],
                     s3_bucket="s3Bucket",
                     s3_key="s3Key",
                     s3_object_version="s3ObjectVersion",
@@ -2172,6 +2187,7 @@ class CfnCanary(
             if __debug__:
                 type_hints = typing.get_type_hints(_typecheckingstub__3d403372a613babc1ab10717d050ec9a7f4055961f3545f2d0600d89c7b3dcc3)
                 check_type(argname="argument handler", value=handler, expected_type=type_hints["handler"])
+                check_type(argname="argument dependencies", value=dependencies, expected_type=type_hints["dependencies"])
                 check_type(argname="argument s3_bucket", value=s3_bucket, expected_type=type_hints["s3_bucket"])
                 check_type(argname="argument s3_key", value=s3_key, expected_type=type_hints["s3_key"])
                 check_type(argname="argument s3_object_version", value=s3_object_version, expected_type=type_hints["s3_object_version"])
@@ -2180,6 +2196,8 @@ class CfnCanary(
             self._values: typing.Dict[builtins.str, typing.Any] = {
                 "handler": handler,
             }
+            if dependencies is not None:
+                self._values["dependencies"] = dependencies
             if s3_bucket is not None:
                 self._values["s3_bucket"] = s3_bucket
             if s3_key is not None:
@@ -2203,6 +2221,17 @@ class CfnCanary(
             assert result is not None, "Required property 'handler' is missing"
             return typing.cast(builtins.str, result)
 
+        @builtins.property
+        def dependencies(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnCanary.DependencyProperty"]]]]:
+            '''List of Lambda layers to attach to the canary.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-synthetics-canary-code.html#cfn-synthetics-canary-code-dependencies
+            '''
+            result = self._values.get("dependencies")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnCanary.DependencyProperty"]]]], result)
+
         @builtins.property
         def s3_bucket(self) -> typing.Optional[builtins.str]:
             '''If your canary script is located in S3, specify the bucket name here.
@@ -2265,6 +2294,78 @@ class CfnCanary(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_synthetics.CfnCanary.DependencyProperty",
+        jsii_struct_bases=[],
+        name_mapping={"reference": "reference", "type": "type"},
+    )
+    class DependencyProperty:
+        def __init__(
+            self,
+            *,
+            reference: builtins.str,
+            type: typing.Optional[builtins.str] = None,
+        ) -> None:
+            '''
+            :param reference: ARN of the Lambda layer.
+            :param type: Type of dependency.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-synthetics-canary-dependency.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_synthetics as synthetics
+                
+                dependency_property = synthetics.CfnCanary.DependencyProperty(
+                    reference="reference",
+                
+                    # the properties below are optional
+                    type="type"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__02338e317b0b84f714774aabea98599cd96fe9cff23790733ad426e75f9984f4)
+                check_type(argname="argument reference", value=reference, expected_type=type_hints["reference"])
+                check_type(argname="argument type", value=type, expected_type=type_hints["type"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "reference": reference,
+            }
+            if type is not None:
+                self._values["type"] = type
+
+        @builtins.property
+        def reference(self) -> builtins.str:
+            '''ARN of the Lambda layer.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-synthetics-canary-dependency.html#cfn-synthetics-canary-dependency-reference
+            '''
+            result = self._values.get("reference")
+            assert result is not None, "Required property 'reference' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def type(self) -> typing.Optional[builtins.str]:
+            '''Type of dependency.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-synthetics-canary-dependency.html#cfn-synthetics-canary-dependency-type
+            '''
+            result = self._values.get("type")
+            return typing.cast(typing.Optional[builtins.str], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "DependencyProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_synthetics.CfnCanary.RetryConfigProperty",
         jsii_struct_bases=[],
@@ -2935,6 +3036,12 @@ class CfnCanaryProps:
                     handler="handler",
             
                     # the properties below are optional
+                    dependencies=[synthetics.CfnCanary.DependencyProperty(
+                        reference="reference",
+            
+                        # the properties below are optional
+                        type="type"
+                    )],
                     s3_bucket="s3Bucket",
                     s3_key="s3Key",
                     s3_object_version="s3ObjectVersion",
@@ -5173,6 +5280,7 @@ def _typecheckingstub__8d401a2416919aef18322e23fb875fc37ad8f90f34f8f5708a245f22f
 def _typecheckingstub__3d403372a613babc1ab10717d050ec9a7f4055961f3545f2d0600d89c7b3dcc3(
     *,
     handler: builtins.str,
+    dependencies: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnCanary.DependencyProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
     s3_bucket: typing.Optional[builtins.str] = None,
     s3_key: typing.Optional[builtins.str] = None,
     s3_object_version: typing.Optional[builtins.str] = None,
@@ -5182,6 +5290,14 @@ def _typecheckingstub__3d403372a613babc1ab10717d050ec9a7f4055961f3545f2d0600d89c
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__02338e317b0b84f714774aabea98599cd96fe9cff23790733ad426e75f9984f4(
+    *,
+    reference: builtins.str,
+    type: typing.Optional[builtins.str] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__e7a2c989ca2c701e49af0e8032c8c49bb52546c68c9e6359df8e7a9f2c4cf9a1(
     *,
     max_retries: jsii.Number,

aws_cdk/cx_api/__init__.py

@@ -765,6 +765,28 @@ When this feature flag is disabled, EgressOnlyGateway resource is created for al
   }
 }
 ```
+
+* `@aws-cdk/aws-signer:signingProfileNamePassedToCfn`
+
+When this feature flag is enabled, the `signingProfileName` property is passed to the L1 `CfnSigningProfile` construct,
+which ensures that the AWS Signer profile is created with the specified name.
+
+When this feature flag is disabled, the `signingProfileName` is not passed to CloudFormation, maintaining backward
+compatibility with existing deployments where CloudFormation auto-generated profile names.
+
+This feature flag is needed because enabling it can cause existing signing profiles to be
+replaced during deployment if a `signingProfileName` was specified but not previously used
+in the CloudFormation template.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-signer:signingProfileNamePassedToCfn": true
+  }
+}
+```
 '''
 from pkgutil import extend_path
 __path__ = extend_path(__path__, __name__)

{aws_cdk_lib-2.211.0.dist-info → aws_cdk_lib-2.212.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aws-cdk-lib
-Version: 2.211.0
+Version: 2.212.0
 Summary: Version 2 of the AWS Cloud Development Kit library
 Home-page: https://github.com/aws/aws-cdk
 Author: Amazon Web Services
@@ -22,7 +22,7 @@ License-File: LICENSE
 License-File: NOTICE
 Requires-Dist: aws-cdk.asset-awscli-v1 ==2.2.242
 Requires-Dist: aws-cdk.asset-node-proxy-agent-v6 <3.0.0,>=2.1.0
-Requires-Dist: aws-cdk.cloud-assembly-schema <49.0.0,>=48.2.0
+Requires-Dist: aws-cdk.cloud-assembly-schema <49.0.0,>=48.3.0
 Requires-Dist: constructs <11.0.0,>=10.0.0
 Requires-Dist: jsii <2.0.0,>=1.113.0
 Requires-Dist: publication >=0.0.3
@@ -184,6 +184,76 @@ MyStack(app, "MyStack",
 For more information on bootstrapping accounts and customizing synthesis,
 see [Bootstrapping in the CDK Developer Guide](https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html).
 
+### STS Role Options
+
+You can configure STS options that instruct the CDK CLI on which configuration should it use when assuming
+the various roles that are involved in a deployment operation.
+
+Refer to [the bootstrapping guide](https://docs.aws.amazon.com/cdk/v2/guide/bootstrapping-env.html#bootstrapping-env-roles) for further context.
+
+These options are available via the `DefaultStackSynthesizer` properties:
+
+```python
+class MyStack(Stack):
+    def __init__(self, scope, id, *, description=None, env=None, stackName=None, tags=None, notificationArns=None, synthesizer=None, terminationProtection=None, analyticsReporting=None, crossRegionReferences=None, permissionsBoundary=None, suppressTemplateIndentation=None, propertyInjectors=None):
+        super().__init__(scope, id,
+            (SpreadAssignment ...props
+              description=description, env=env, stackName=stackName, tags=tags, notificationArns=notificationArns, synthesizer=synthesizer, terminationProtection=terminationProtection, analyticsReporting=analyticsReporting, crossRegionReferences=crossRegionReferences, permissionsBoundary=permissionsBoundary, suppressTemplateIndentation=suppressTemplateIndentation, propertyInjectors=propertyInjectors),
+            synthesizer=DefaultStackSynthesizer(
+                deploy_role_external_id="",
+                deploy_role_additional_options={},
+                file_asset_publishing_external_id="",
+                file_asset_publishing_role_additional_options={},
+                image_asset_publishing_external_id="",
+                image_asset_publishing_role_additional_options={},
+                lookup_role_external_id="",
+                lookup_role_additional_options={}
+            )
+        )
+```
+
+> Note that the `*additionalOptions` property does not allow passing `ExternalId` or `RoleArn`, as these options
+> have dedicated properties that configure them.
+
+#### Session Tags
+
+STS session tags are used to implement [Attribute-Based Access Control](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html) (ABAC).
+
+See [IAM tutorial: Define permissions to access AWS resources based on tags](https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html).
+
+You can pass session tags for each [role created during bootstrap](https://docs.aws.amazon.com/cdk/v2/guide/bootstrapping-env.html#bootstrapping-env-roles) via the `*additionalOptions` property:
+
+```python
+class MyStack(Stack):
+    def __init__(self, parent, id, *, description=None, env=None, stackName=None, tags=None, notificationArns=None, synthesizer=None, terminationProtection=None, analyticsReporting=None, crossRegionReferences=None, permissionsBoundary=None, suppressTemplateIndentation=None, propertyInjectors=None):
+        super().__init__(parent, id,
+            (SpreadAssignment ...props
+              description=description, env=env, stackName=stackName, tags=tags, notificationArns=notificationArns, synthesizer=synthesizer, terminationProtection=terminationProtection, analyticsReporting=analyticsReporting, crossRegionReferences=crossRegionReferences, permissionsBoundary=permissionsBoundary, suppressTemplateIndentation=suppressTemplateIndentation, propertyInjectors=propertyInjectors),
+            synthesizer=DefaultStackSynthesizer(
+                deploy_role_additional_options={
+                    "Tags": [{"Key": "Department", "Value": "Engineering"}]
+                },
+                file_asset_publishing_role_additional_options={
+                    "Tags": [{"Key": "Department", "Value": "Engineering"}]
+                },
+                image_asset_publishing_role_additional_options={
+                    "Tags": [{"Key": "Department", "Value": "Engineering"}]
+                },
+                lookup_role_additional_options={
+                    "Tags": [{"Key": "Department", "Value": "Engineering"}]
+                }
+            )
+        )
+```
+
+This will cause the CDK CLI to include session tags when assuming each of these roles during deployment.
+Note that the trust policy of the role must contain permissions for the `sts:TagSession` action.
+
+Refer to the [IAM user guide on session tags](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_permissions-required).
+
+* If you are using a custom bootstrap template, make sure the template includes these permissions.
+* If you are using the default bootstrap template from a CDK version lower than XXXX, you will need to rebootstrap your enviroment (once).
+
 ## Nested Stacks
 
 [Nested stacks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html) are stacks created as part of other stacks. You create a nested stack within another stack by using the `NestedStack` construct.
@@ -550,6 +620,8 @@ CustomResource(self, "MyMagicalResource",
     resource_type="Custom::MyCustomResource",  # must start with 'Custom::'
 
     # the resource properties
+    # properties like serviceToken or serviceTimeout are ported into properties automatically
+    # try not to use key names similar to these or there will be a risk of overwriting those values
     properties={
         "Property1": "foo",
         "Property2": "bar"
@@ -558,7 +630,10 @@ CustomResource(self, "MyMagicalResource",
     # the ARN of the provider (SNS/Lambda) which handles
     # CREATE, UPDATE or DELETE events for this resource type
     # see next section for details
-    service_token="ARN"
+    service_token="ARN",
+
+    # the maximum time, in seconds, that can elapse before a custom resource operation times out.
+    service_timeout=Duration.seconds(60)
 )
 ```
 
@@ -588,7 +663,7 @@ Legend:
 * **Language**: which programming languages can be used to implement handlers.
 * **Footprint**: how many resources are used by the provider framework itself.
 
-**A NOTE ABOUT SINGLETONS**
+#### A note about singletons
 
 When defining resources for a custom resource provider, you will likely want to
 define them as a *stack singleton* so that only a single instance of the
@@ -853,6 +928,18 @@ CfnOutput(self, "OutputName",
 )
 ```
 
+You can also use the `exportValue` method to export values as stack outputs:
+
+```python
+# stack: Stack
+
+
+stack.export_value(my_bucket.bucket_name,
+    name="TheAwesomeBucket",
+    description="The name of an S3 bucket"
+)
+```
+
 ### Parameters
 
 CloudFormation templates support the use of [Parameters](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html) to
@@ -1134,6 +1221,74 @@ references is done using the `CfnDynamicReference` class:
 CfnDynamicReference(CfnDynamicReferenceService.SECRETS_MANAGER, "secret-id:secret-string:json-key:version-stage:version-id")
 ```
 
+## RemovalPolicies
+
+The `RemovalPolicies` class provides a convenient way to manage removal policies for AWS CDK resources within a construct scope. It allows you to apply removal policies to multiple resources at once, with options to include or exclude specific resource types.
+
+```python
+# scope: Construct
+# parent: Construct
+# bucket: s3.CfnBucket
+
+
+# Apply DESTROY policy to all resources in a scope
+RemovalPolicies.of(scope).destroy()
+
+# Apply RETAIN policy to all resources in a scope
+RemovalPolicies.of(scope).retain()
+
+# Apply SNAPSHOT policy to all resources in a scope
+RemovalPolicies.of(scope).snapshot()
+
+# Apply RETAIN_ON_UPDATE_OR_DELETE policy to all resources in a scope
+RemovalPolicies.of(scope).retain_on_update_or_delete()
+
+# Apply RETAIN policy only to specific resource types
+RemovalPolicies.of(parent).retain(
+    apply_to_resource_types=["AWS::DynamoDB::Table", bucket.cfn_resource_type, rds.CfnDBInstance.CFN_RESOURCE_TYPE_NAME
+    ]
+)
+
+# Apply SNAPSHOT policy excluding specific resource types
+RemovalPolicies.of(scope).snapshot(
+    exclude_resource_types=["AWS::Test::Resource"]
+)
+```
+
+### RemovalPolicies vs MissingRemovalPolicies
+
+CDK provides two different classes for managing removal policies:
+
+* RemovalPolicies: Always applies the specified removal policy, overriding any existing policies.
+* MissingRemovalPolicies: Applies the removal policy only to resources that don't already have a policy set.
+
+```python
+# Override any existing policies
+RemovalPolicies.of(scope).retain()
+
+# Only apply to resources without existing policies
+MissingRemovalPolicies.of(scope).retain()
+```
+
+### Aspect Priority
+
+Both RemovalPolicies and MissingRemovalPolicies are implemented as [Aspects](#aspects). You can control the order in which they're applied using the priority parameter:
+
+```python
+# stack: Stack
+
+
+# Apply in a specific order based on priority
+RemovalPolicies.of(stack).retain(priority=100)
+RemovalPolicies.of(stack).destroy(priority=200)
+```
+
+For RemovalPolicies, the policies are applied in order of aspect execution, with the last applied policy overriding previous ones. The priority only affects the order in which aspects are applied during synthesis.
+
+#### Note
+
+When using MissingRemovalPolicies with priority, a warning will be issued as this can lead to unexpected behavior. This is because MissingRemovalPolicies only applies to resources without existing policies, making priority less relevant.
+
 ### Template Options & Transform
 
 CloudFormation templates support a number of options, including which Macros or
@@ -1223,6 +1378,27 @@ stack = Stack(app, "StackName",
 )
 ```
 
+### Receiving CloudFormation Stack Events
+
+You can add one or more SNS Topic ARNs to any Stack:
+
+```python
+stack = Stack(app, "StackName",
+    notification_arns=["arn:aws:sns:us-east-1:123456789012:Topic"]
+)
+```
+
+Stack events will be sent to any SNS Topics in this list. These ARNs are added to those specified using
+the `--notification-arns` command line option.
+
+Note that in order to do delete notification ARNs entirely, you must pass an empty array ([]) instead of omitting it.
+If you omit the property, no action on existing ARNs will take place.
+
+> [!NOTE]
+> Adding the `notificationArns` property (or using the `--notification-arns` CLI options) will **override**
+> any existing ARNs configured on the stack. If you have an external system managing notification ARNs,
+> either migrate to use this mechanism, or avoid specfying notification ARNs with the CDK.
+
 ### CfnJson
 
 `CfnJson` allows you to postpone the resolution of a JSON blob from
@@ -1325,7 +1501,7 @@ App(
 cdk synth --context @aws-cdk/core:newStyleStackSynthesis=true
 ```
 
-*cdk.json*
+#### `cdk.json`
 
 ```json
 {
@@ -1335,7 +1511,7 @@ cdk synth --context @aws-cdk/core:newStyleStackSynthesis=true
 }
 ```
 
-*cdk.context.json*
+#### `cdk.context.json`
 
 ```json
 {
@@ -1343,7 +1519,7 @@ cdk synth --context @aws-cdk/core:newStyleStackSynthesis=true
 }
 ```
 
-*~/.cdk.json*
+#### `~/.cdk.json`
 
 ```json
 {
@@ -1382,7 +1558,7 @@ generated CloudFormation templates against your policies immediately after
 synthesis. If there are any violations, the synthesis will fail and a report
 will be printed to the console or to a file (see below).
 
-> **Note**
+> [!NOTE]
 > This feature is considered experimental, and both the plugin API and the
 > format of the validation report are subject to change in the future.
 
@@ -1420,7 +1596,7 @@ validation.
 > etc. It's your responsibility as the consumer of a plugin to verify that it is
 > secure to use.
 
-By default, the report will be printed in a human readable format. If you want a
+By default, the report will be printed in a human-readable format. If you want a
 report in JSON format, enable it using the `@aws-cdk/core:validationReportJson`
 context passing it directly to the application:
 
@@ -1434,6 +1610,18 @@ Alternatively, you can set this context key-value pair using the `cdk.json` or
 `cdk.context.json` files in your project directory (see
 [Runtime context](https://docs.aws.amazon.com/cdk/v2/guide/context.html)).
 
+It is also possible to enable both JSON and human-readable formats by setting
+`@aws-cdk/core:validationReportPrettyPrint` context key explicitly:
+
+```python
+app = App(
+    context={
+        "@aws-cdk/core:validationReportJson": True,
+        "@aws-cdk/core:validationReportPrettyPrint": True
+    }
+)
+```
+
 If you choose the JSON format, the CDK will print the policy validation report
 to a file called `policy-validation-report.json` in the cloud assembly
 directory. For the default, human-readable format, the report will be printed to
@@ -1528,6 +1716,138 @@ warning by the `id`.
 Annotations.of(self).acknowledge_warning("IAM:Group:MaxPoliciesExceeded", "Account has quota increased to 20")
 ```
 
+### Acknowledging Infos
+
+Informational messages can also be emitted and acknowledged. Use `addInfoV2()`
+to add an info message that can later be suppressed with `acknowledgeInfo()`.
+Unlike warnings, info messages are not affected by the `--strict` mode and will never cause synthesis to fail.
+
+```python
+Annotations.of(self).add_info_v2("my-lib:Construct.someInfo", "Some message explaining the info")
+Annotations.of(self).acknowledge_info("my-lib:Construct.someInfo", "This info can be ignored")
+```
+
+## Aspects
+
+[Aspects](https://docs.aws.amazon.com/cdk/v2/guide/aspects.html) is a feature in CDK that allows you to apply operations or transformations across all
+constructs in a construct tree. Common use cases include tagging resources, enforcing encryption on S3 Buckets, or applying specific security or
+compliance rules to all resources in a stack.
+
+Conceptually, there are two types of Aspects:
+
+* **Read-only aspects** scan the construct tree but do not make changes to the tree. Common use cases of read-only aspects include performing validations
+  (for example, enforcing that all S3 Buckets have versioning enabled) and logging (for example, collecting information about all deployed resources for
+  audits or compliance).
+* **Mutating aspects** either (1.) add new nodes or (2.) mutate existing nodes of the tree in-place. One commonly used mutating Aspect is adding Tags to
+  resources. An example of an Aspect that adds a node is one that automatically adds a security group to every EC2 instance in the construct tree if
+  no default is specified.
+
+Here is a simple example of creating and applying an Aspect on a Stack to enable versioning on all S3 Buckets:
+
+```python
+@jsii.implements(IAspect)
+class EnableBucketVersioning:
+    def visit(self, node):
+        if node instanceof s3.CfnBucket:
+            node.versioning_configuration = s3.CfnBucket.VersioningConfigurationProperty(
+                status="Enabled"
+            )
+
+app = App()
+stack = MyStack(app, "MyStack")
+
+# Apply the aspect to enable versioning on all S3 Buckets
+Aspects.of(stack).add(EnableBucketVersioning())
+```
+
+### Aspect Stabilization
+
+The modern behavior is that Aspects automatically run on newly added nodes to the construct tree. This is controlled by the
+flag `@aws-cdk/core:aspectStabilization`, which is default for new projects (since version 2.172.0).
+
+The old behavior of Aspects (without stabilization) was that Aspect invocation runs once on the entire construct
+tree. This meant that nested Aspects (Aspects that create new Aspects) are not invoked and nodes created by Aspects at a higher level of the construct tree are not visited.
+
+To enable the stabilization behavior for older versions, use this feature by putting the following into your `cdk.context.json`:
+
+```json
+{
+  "@aws-cdk/core:aspectStabilization": true
+}
+```
+
+### Aspect Priorities
+
+Users can specify the order in which Aspects are applied on a construct by using the optional priority parameter when applying an Aspect. Priority
+values must be non-negative integers, where a higher number means the Aspect will be applied later, and a lower number means it will be applied sooner.
+
+By default, newly created nodes always inherit aspects. Priorities are mainly for ordering between mutating aspects on the construct tree.
+
+CDK provides standard priority values for mutating and readonly aspects to help ensure consistency across different construct libraries.
+Note that Aspects that have same priority value are not guaranteed to be executed
+in a consistent order.
+
+```python
+#
+# Default Priority values for Aspects.
+#
+class AspectPriority:
+```
+
+If no priority is provided, the default value will be 500. This ensures that aspects without a specified priority run after mutating aspects but before
+any readonly aspects.
+
+Correctly applying Aspects with priority values ensures that mutating aspects (such as adding tags or resources) run before validation aspects. This allows users to avoid misconfigurations and ensure that the final
+construct tree is fully validated before being synthesized.
+
+### Applying Aspects with Priority
+
+```python
+@jsii.implements(IAspect)
+class MutatingAspect:
+    def visit(self, node):
+        pass
+
+@jsii.implements(IAspect)
+class ValidationAspect:
+    def visit(self, node):
+        pass
+
+stack = Stack()
+
+Aspects.of(stack).add(MutatingAspect(), priority=AspectPriority.MUTATING) # Run first (mutating aspects)
+Aspects.of(stack).add(ValidationAspect(), priority=AspectPriority.READONLY)
+```
+
+### Inspecting applied aspects and changing priorities
+
+We also give customers the ability to view all of their applied aspects and override the priority on these aspects.
+The `AspectApplication` class represents an Aspect that is applied to a node of the construct tree with a priority.
+
+Users can access AspectApplications on a node by calling `applied` from the Aspects class as follows:
+
+```python
+# root: Construct
+
+app = App()
+stack = MyStack(app, "MyStack")
+
+Aspects.of(stack).add(MyAspect())
+
+aspect_applications = Aspects.of(root).applied
+
+for aspect_application in aspect_applications:
+    # The aspect we are applying
+    print(aspect_application.aspect)
+    # The construct we are applying the aspect to
+    print(aspect_application.construct)
+    # The priority it was applied with
+    print(aspect_application.priority)
+
+    # Change the priority
+    aspect_application.priority = 700
+```
+
 ## Blueprint Property Injection
 
 The goal of Blueprint Property Injection is to provide builders an automatic way to set default property values.