aws-cdk-lib 2.215.0__py3-none-any.whl → 2.217.0__py3-none-any.whl

aws_cdk/aws_networkfirewall/__init__.py

@@ -950,7 +950,7 @@ class CfnTLSInspectionConfigurationProps:
     ) -> None:
         '''Properties for defining a ``CfnTLSInspectionConfiguration``.
 
-        :param tls_inspection_configuration: The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see `Inspecting SSL/TLS traffic with TLS inspection configurations <https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html>`_ in the *AWS Network Firewall Developer Guide* .
+        :param tls_inspection_configuration: The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see `Inspecting SSL/TLS traffic with TLS inspection configurations <https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html>`_ in the *AWS Network Firewall Developer Guide* .
         :param tls_inspection_configuration_name: The descriptive name of the TLS inspection configuration. You can't change the name of a TLS inspection configuration after you create it.
         :param description: A description of the TLS inspection configuration.
         :param tags: The key:value pairs to associate with the resource.
@@ -1025,7 +1025,7 @@ class CfnTLSInspectionConfigurationProps:
     ) -> typing.Union[_IResolvable_da3f097b, "CfnTLSInspectionConfiguration.TLSInspectionConfigurationProperty"]:
         '''The object that defines a TLS inspection configuration.
 
-        AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see `Inspecting SSL/TLS traffic with TLS inspection configurations <https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html>`_ in the *AWS Network Firewall Developer Guide* .
+        AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see `Inspecting SSL/TLS traffic with TLS inspection configurations <https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html>`_ in the *AWS Network Firewall Developer Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-tlsinspectionconfiguration.html#cfn-networkfirewall-tlsinspectionconfiguration-tlsinspectionconfiguration
         '''
@@ -6682,7 +6682,7 @@ class CfnTLSInspectionConfiguration(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param tls_inspection_configuration: The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see `Inspecting SSL/TLS traffic with TLS inspection configurations <https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html>`_ in the *AWS Network Firewall Developer Guide* .
+        :param tls_inspection_configuration: The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see `Inspecting SSL/TLS traffic with TLS inspection configurations <https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html>`_ in the *AWS Network Firewall Developer Guide* .
         :param tls_inspection_configuration_name: The descriptive name of the TLS inspection configuration. You can't change the name of a TLS inspection configuration after you create it.
         :param description: A description of the TLS inspection configuration.
         :param tags: The key:value pairs to associate with the resource.
@@ -7063,13 +7063,13 @@ class CfnTLSInspectionConfiguration(
             scopes: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnTLSInspectionConfiguration.ServerCertificateScopeProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
             server_certificates: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnTLSInspectionConfiguration.ServerCertificateProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
         ) -> None:
-            '''Configures the AWS Certificate Manager certificates and scope that Network Firewall uses to decrypt and re-encrypt traffic using a `TLSInspectionConfiguration <https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-networkfirewall-tlsinspectionconfiguration.html>`_ . You can configure ``ServerCertificates`` for inbound SSL/TLS inspection, a ``CertificateAuthorityArn`` for outbound SSL/TLS inspection, or both. For information about working with certificates for TLS inspection, see `Using SSL/TLS server certficiates with TLS inspection configurations <https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html>`_ in the *AWS Network Firewall Developer Guide* .
+            '''Configures the Certificate Manager certificates and scope that Network Firewall uses to decrypt and re-encrypt traffic using a `TLSInspectionConfiguration <https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-networkfirewall-tlsinspectionconfiguration.html>`_ . You can configure ``ServerCertificates`` for inbound SSL/TLS inspection, a ``CertificateAuthorityArn`` for outbound SSL/TLS inspection, or both. For information about working with certificates for TLS inspection, see `Using SSL/TLS server certficiates with TLS inspection configurations <https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html>`_ in the *AWS Network Firewall Developer Guide* .
 
             .. epigraph::
 
                If a server certificate that's associated with your `TLSInspectionConfiguration <https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-networkfirewall-tlsinspectionconfiguration.html>`_ is revoked, deleted, or expired it can result in client-side TLS errors.
 
-            :param certificate_authority_arn: The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within AWS Certificate Manager (ACM) to use for outbound SSL/TLS inspection. The following limitations apply: - You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM. - You can't use certificates issued by AWS Private Certificate Authority . For more information about configuring certificates for outbound inspection, see `Using SSL/TLS certificates with TLS inspection configurations <https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html>`_ in the *AWS Network Firewall Developer Guide* . For information about working with certificates in ACM, see `Importing certificates <https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html>`_ in the *AWS Certificate Manager User Guide* .
+            :param certificate_authority_arn: The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection. The following limitations apply: - You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM. - You can't use certificates issued by AWS Private Certificate Authority . For more information about configuring certificates for outbound inspection, see `Using SSL/TLS certificates with TLS inspection configurations <https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html>`_ in the *AWS Network Firewall Developer Guide* . For information about working with certificates in ACM, see `Importing certificates <https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html>`_ in the *Certificate Manager User Guide* .
             :param check_certificate_revocation_status: When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a ``CertificateAuthorityArn`` in `ServerCertificateConfiguration <https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-networkfirewall-servercertificateconfiguration.html>`_ .
             :param scopes: A list of scopes.
             :param server_certificates: The list of server certificates to use for inbound SSL/TLS inspection.
@@ -7129,7 +7129,7 @@ class CfnTLSInspectionConfiguration(
 
         @builtins.property
         def certificate_authority_arn(self) -> typing.Optional[builtins.str]:
-            '''The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within AWS Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
+            '''The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
 
             The following limitations apply:
 
@@ -7138,7 +7138,7 @@ class CfnTLSInspectionConfiguration(
 
             For more information about configuring certificates for outbound inspection, see `Using SSL/TLS certificates with TLS inspection configurations <https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html>`_ in the *AWS Network Firewall Developer Guide* .
 
-            For information about working with certificates in ACM, see `Importing certificates <https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html>`_ in the *AWS Certificate Manager User Guide* .
+            For information about working with certificates in ACM, see `Importing certificates <https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html>`_ in the *Certificate Manager User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-tlsinspectionconfiguration-servercertificateconfiguration.html#cfn-networkfirewall-tlsinspectionconfiguration-servercertificateconfiguration-certificateauthorityarn
             '''
@@ -7202,9 +7202,9 @@ class CfnTLSInspectionConfiguration(
             *,
             resource_arn: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''Any AWS Certificate Manager (ACM) Secure Sockets Layer/Transport Layer Security (SSL/TLS) server certificate that's associated with a `ServerCertificateConfiguration <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-tlsinspectionconfiguration-servercertificateconfiguration.html>`_ . Used in a `TLSInspectionConfiguration <https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-networkfirewall-tlsinspectionconfiguration.html>`_ for inspection of inbound traffic to your firewall. You must request or import a SSL/TLS certificate into ACM for each domain Network Firewall needs to decrypt and inspect. AWS Network Firewall uses the SSL/TLS certificates to decrypt specified inbound SSL/TLS traffic going to your firewall. For information about working with certificates in AWS Certificate Manager , see `Request a public certificate <https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html>`_ or `Importing certificates <https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html>`_ in the *AWS Certificate Manager User Guide* .
+            '''Any Certificate Manager (ACM) Secure Sockets Layer/Transport Layer Security (SSL/TLS) server certificate that's associated with a `ServerCertificateConfiguration <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-tlsinspectionconfiguration-servercertificateconfiguration.html>`_ . Used in a `TLSInspectionConfiguration <https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-networkfirewall-tlsinspectionconfiguration.html>`_ for inspection of inbound traffic to your firewall. You must request or import a SSL/TLS certificate into ACM for each domain Network Firewall needs to decrypt and inspect. AWS Network Firewall uses the SSL/TLS certificates to decrypt specified inbound SSL/TLS traffic going to your firewall. For information about working with certificates in Certificate Manager , see `Request a public certificate <https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html>`_ or `Importing certificates <https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html>`_ in the *Certificate Manager User Guide* .
 
-            :param resource_arn: The Amazon Resource Name (ARN) of the AWS Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
+            :param resource_arn: The Amazon Resource Name (ARN) of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-tlsinspectionconfiguration-servercertificate.html
             :exampleMetadata: fixture=_generated
@@ -7228,7 +7228,7 @@ class CfnTLSInspectionConfiguration(
 
         @builtins.property
         def resource_arn(self) -> typing.Optional[builtins.str]:
-            '''The Amazon Resource Name (ARN) of the AWS Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
+            '''The Amazon Resource Name (ARN) of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-tlsinspectionconfiguration-servercertificate.html#cfn-networkfirewall-tlsinspectionconfiguration-servercertificate-resourcearn
             '''

aws_cdk/aws_networkmanager/__init__.py

@@ -3986,6 +3986,15 @@ class CfnConnectAttachment(
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrCreatedAt"))
 
+    @builtins.property
+    @jsii.member(jsii_name="attrLastModificationErrors")
+    def attr_last_modification_errors(self) -> typing.List[builtins.str]:
+        '''Errors from the last modification of the attachment.
+
+        :cloudformationAttribute: LastModificationErrors
+        '''
+        return typing.cast(typing.List[builtins.str], jsii.get(self, "attrLastModificationErrors"))
+
     @builtins.property
     @jsii.member(jsii_name="attrOwnerAccountId")
     def attr_owner_account_id(self) -> builtins.str:
@@ -4599,6 +4608,15 @@ class CfnConnectPeer(
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrEdgeLocation"))
 
+    @builtins.property
+    @jsii.member(jsii_name="attrLastModificationErrors")
+    def attr_last_modification_errors(self) -> typing.List[builtins.str]:
+        '''Describes the error associated with the attachment request.
+
+        :cloudformationAttribute: LastModificationErrors
+        '''
+        return typing.cast(typing.List[builtins.str], jsii.get(self, "attrLastModificationErrors"))
+
     @builtins.property
     @jsii.member(jsii_name="attrState")
     def attr_state(self) -> builtins.str:
@@ -6391,6 +6409,15 @@ class CfnDirectConnectGatewayAttachment(
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrCreatedAt"))
 
+    @builtins.property
+    @jsii.member(jsii_name="attrLastModificationErrors")
+    def attr_last_modification_errors(self) -> typing.List[builtins.str]:
+        '''Errors from the last modification of the attachment.
+
+        :cloudformationAttribute: LastModificationErrors
+        '''
+        return typing.cast(typing.List[builtins.str], jsii.get(self, "attrLastModificationErrors"))
+
     @builtins.property
     @jsii.member(jsii_name="attrNetworkFunctionGroupName")
     def attr_network_function_group_name(self) -> builtins.str:
@@ -7854,6 +7881,15 @@ class CfnSiteToSiteVpnAttachment(
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrEdgeLocation"))
 
+    @builtins.property
+    @jsii.member(jsii_name="attrLastModificationErrors")
+    def attr_last_modification_errors(self) -> typing.List[builtins.str]:
+        '''Errors from the last modification of the attachment.
+
+        :cloudformationAttribute: LastModificationErrors
+        '''
+        return typing.cast(typing.List[builtins.str], jsii.get(self, "attrLastModificationErrors"))
+
     @builtins.property
     @jsii.member(jsii_name="attrOwnerAccountId")
     def attr_owner_account_id(self) -> builtins.str:
@@ -8308,6 +8344,15 @@ class CfnTransitGatewayPeering(
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrEdgeLocation"))
 
+    @builtins.property
+    @jsii.member(jsii_name="attrLastModificationErrors")
+    def attr_last_modification_errors(self) -> typing.List[builtins.str]:
+        '''Errors from the last modification of the transit gateway peering.
+
+        :cloudformationAttribute: LastModificationErrors
+        '''
+        return typing.cast(typing.List[builtins.str], jsii.get(self, "attrLastModificationErrors"))
+
     @builtins.property
     @jsii.member(jsii_name="attrOwnerAccountId")
     def attr_owner_account_id(self) -> builtins.str:
@@ -8721,6 +8766,15 @@ class CfnTransitGatewayRouteTableAttachment(
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrEdgeLocation"))
 
+    @builtins.property
+    @jsii.member(jsii_name="attrLastModificationErrors")
+    def attr_last_modification_errors(self) -> typing.List[builtins.str]:
+        '''Errors from the last modification of the attachment.
+
+        :cloudformationAttribute: LastModificationErrors
+        '''
+        return typing.cast(typing.List[builtins.str], jsii.get(self, "attrLastModificationErrors"))
+
     @builtins.property
     @jsii.member(jsii_name="attrOwnerAccountId")
     def attr_owner_account_id(self) -> builtins.str:
@@ -9241,6 +9295,15 @@ class CfnVpcAttachment(
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrEdgeLocation"))
 
+    @builtins.property
+    @jsii.member(jsii_name="attrLastModificationErrors")
+    def attr_last_modification_errors(self) -> typing.List[builtins.str]:
+        '''Errors from the last modification of the attachment.
+
+        :cloudformationAttribute: LastModificationErrors
+        '''
+        return typing.cast(typing.List[builtins.str], jsii.get(self, "attrLastModificationErrors"))
+
     @builtins.property
     @jsii.member(jsii_name="attrNetworkFunctionGroupName")
     def attr_network_function_group_name(self) -> builtins.str: