aws-cdk-lib 2.216.0__py3-none-any.whl → 2.218.0__py3-none-any.whl

aws_cdk/aws_cloudformation/__init__.py

@@ -172,7 +172,7 @@ class CfnGuardHookProps:
         :param log_bucket: Specifies the name of an S3 bucket to store the Guard output report. This report contains the results of your Guard rule validations.
         :param options: Specifies the S3 location of your input parameters.
         :param stack_filters: Specifies the stack level filters for the Hook. Example stack level filter in JSON: ``"StackFilters": {"FilteringCriteria": "ALL", "StackNames": {"Exclude": [ "stack-1", "stack-2"]}}`` Example stack level filter in YAML: ``StackFilters: FilteringCriteria: ALL StackNames: Exclude: - stack-1 - stack-2``
-        :param target_filters: Specifies the target filters for the Hook. Example target filter in JSON: ``"TargetFilters": {"Actions": [ "Create", "Update", "Delete" ]}`` Example target filter in YAML: ``TargetFilters: Actions: - CREATE - UPDATE - DELETE``
+        :param target_filters: Specifies the target filters for the Hook. Example target filter in JSON: ``"TargetFilters": {"Actions": [ "CREATE", "UPDATE", "DELETE" ]}`` Example target filter in YAML: ``TargetFilters: Actions: - CREATE - UPDATE - DELETE``
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-guardhook.html
         :exampleMetadata: fixture=_generated
@@ -386,7 +386,7 @@ class CfnGuardHookProps:
 
         Example target filter in JSON:
 
-        ``"TargetFilters": {"Actions": [ "Create", "Update", "Delete" ]}``
+        ``"TargetFilters": {"Actions": [ "CREATE", "UPDATE", "DELETE" ]}``
 
         Example target filter in YAML:
 
@@ -648,7 +648,7 @@ class CfnHookVersionProps:
         '''Properties for defining a ``CfnHookVersion``.
 
         :param schema_handler_package: A URL to the Amazon S3 bucket for the Hook project package that contains the necessary files for the Hook you want to register. For information on generating a schema handler package, see `Modeling custom CloudFormation Hooks <https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-model.html>`_ in the *AWS CloudFormation Hooks User Guide* . .. epigraph:: To register the Hook, you must have ``s3:GetObject`` permissions to access the S3 objects.
-        :param type_name: The unique name for your hook. Specifies a three-part namespace for your hook, with a recommended pattern of ``Organization::Service::Hook`` . .. epigraph:: The following organization namespaces are reserved and can't be used in your hook type names: - ``Alexa`` - ``AMZN`` - ``Amazon`` - ``ASK`` - ``AWS`` - ``Custom`` - ``Dev``
+        :param type_name: The unique name for your Hook. Specifies a three-part namespace for your Hook, with a recommended pattern of ``Organization::Service::Hook`` . .. epigraph:: The following organization namespaces are reserved and can't be used in your Hook type names: - ``Alexa`` - ``AMZN`` - ``Amazon`` - ``ASK`` - ``AWS`` - ``Custom`` - ``Dev``
         :param execution_role_arn: The Amazon Resource Name (ARN) of the task execution role that grants the Hook permission.
         :param logging_config: Contains logging configuration information for an extension.
 
@@ -705,12 +705,12 @@ class CfnHookVersionProps:
 
     @builtins.property
     def type_name(self) -> builtins.str:
-        '''The unique name for your hook.
+        '''The unique name for your Hook.
 
-        Specifies a three-part namespace for your hook, with a recommended pattern of ``Organization::Service::Hook`` .
+        Specifies a three-part namespace for your Hook, with a recommended pattern of ``Organization::Service::Hook`` .
         .. epigraph::
 
-           The following organization namespaces are reserved and can't be used in your hook type names:
+           The following organization namespaces are reserved and can't be used in your Hook type names:
 
            - ``Alexa``
            - ``AMZN``
@@ -2319,7 +2319,7 @@ class CfnTypeActivationProps:
         :param publisher_id: The ID of the extension publisher. Conditional: You must specify ``PublicTypeArn`` , or ``TypeName`` , ``Type`` , and ``PublisherId`` .
         :param type: The extension type. Conditional: You must specify ``PublicTypeArn`` , or ``TypeName`` , ``Type`` , and ``PublisherId`` .
         :param type_name: The name of the extension. Conditional: You must specify ``PublicTypeArn`` , or ``TypeName`` , ``Type`` , and ``PublisherId`` .
-        :param type_name_alias: An alias to assign to the public extension, in this account and Region. If you specify an alias for the extension, CloudFormation treats the alias as the extension type name within this account and Region. You must use the alias to refer to the extension in your templates, API calls, and CloudFormation console. An extension alias must be unique within a given account and Region. You can activate the same public resource multiple times in the same account and Region, using different type name aliases.
+        :param type_name_alias: An alias to assign to the public extension in this account and Region. If you specify an alias for the extension, CloudFormation treats the alias as the extension type name within this account and Region. You must use the alias to refer to the extension in your templates, API calls, and CloudFormation console. An extension alias must be unique within a given account and Region. You can activate the same public resource multiple times in the same account and Region, using different type name aliases.
         :param version_bump: Manually updates a previously-activated type to a new major or minor version, if available. You can also use this parameter to update the value of ``AutoUpdate`` . - ``MAJOR`` : CloudFormation updates the extension to the newest major version, if one is available. - ``MINOR`` : CloudFormation updates the extension to the newest minor version, if one is available.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-typeactivation.html
@@ -2475,7 +2475,7 @@ class CfnTypeActivationProps:
 
     @builtins.property
     def type_name_alias(self) -> typing.Optional[builtins.str]:
-        '''An alias to assign to the public extension, in this account and Region.
+        '''An alias to assign to the public extension in this account and Region.
 
         If you specify an alias for the extension, CloudFormation treats the alias as the extension type name within this account and Region. You must use the alias to refer to the extension in your templates, API calls, and CloudFormation console.
 
@@ -4497,7 +4497,7 @@ class CfnGuardHook(
         :param log_bucket: Specifies the name of an S3 bucket to store the Guard output report. This report contains the results of your Guard rule validations.
         :param options: Specifies the S3 location of your input parameters.
         :param stack_filters: Specifies the stack level filters for the Hook. Example stack level filter in JSON: ``"StackFilters": {"FilteringCriteria": "ALL", "StackNames": {"Exclude": [ "stack-1", "stack-2"]}}`` Example stack level filter in YAML: ``StackFilters: FilteringCriteria: ALL StackNames: Exclude: - stack-1 - stack-2``
-        :param target_filters: Specifies the target filters for the Hook. Example target filter in JSON: ``"TargetFilters": {"Actions": [ "Create", "Update", "Delete" ]}`` Example target filter in YAML: ``TargetFilters: Actions: - CREATE - UPDATE - DELETE``
+        :param target_filters: Specifies the target filters for the Hook. Example target filter in JSON: ``"TargetFilters": {"Actions": [ "CREATE", "UPDATE", "DELETE" ]}`` Example target filter in YAML: ``TargetFilters: Actions: - CREATE - UPDATE - DELETE``
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__03161d7a487fda6efdcca08ffddf765149d688cda393f699958050fcb318e260)
@@ -5696,7 +5696,7 @@ class CfnHookVersion(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param schema_handler_package: A URL to the Amazon S3 bucket for the Hook project package that contains the necessary files for the Hook you want to register. For information on generating a schema handler package, see `Modeling custom CloudFormation Hooks <https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-model.html>`_ in the *AWS CloudFormation Hooks User Guide* . .. epigraph:: To register the Hook, you must have ``s3:GetObject`` permissions to access the S3 objects.
-        :param type_name: The unique name for your hook. Specifies a three-part namespace for your hook, with a recommended pattern of ``Organization::Service::Hook`` . .. epigraph:: The following organization namespaces are reserved and can't be used in your hook type names: - ``Alexa`` - ``AMZN`` - ``Amazon`` - ``ASK`` - ``AWS`` - ``Custom`` - ``Dev``
+        :param type_name: The unique name for your Hook. Specifies a three-part namespace for your Hook, with a recommended pattern of ``Organization::Service::Hook`` . .. epigraph:: The following organization namespaces are reserved and can't be used in your Hook type names: - ``Alexa`` - ``AMZN`` - ``Amazon`` - ``ASK`` - ``AWS`` - ``Custom`` - ``Dev``
         :param execution_role_arn: The Amazon Resource Name (ARN) of the task execution role that grants the Hook permission.
         :param logging_config: Contains logging configuration information for an extension.
         '''
@@ -5818,7 +5818,7 @@ class CfnHookVersion(
     @builtins.property
     @jsii.member(jsii_name="typeName")
     def type_name(self) -> builtins.str:
-        '''The unique name for your hook.'''
+        '''The unique name for your Hook.'''
         return typing.cast(builtins.str, jsii.get(self, "typeName"))
 
     @type_name.setter
@@ -9560,7 +9560,7 @@ class CfnTypeActivation(
         :param publisher_id: The ID of the extension publisher. Conditional: You must specify ``PublicTypeArn`` , or ``TypeName`` , ``Type`` , and ``PublisherId`` .
         :param type: The extension type. Conditional: You must specify ``PublicTypeArn`` , or ``TypeName`` , ``Type`` , and ``PublisherId`` .
         :param type_name: The name of the extension. Conditional: You must specify ``PublicTypeArn`` , or ``TypeName`` , ``Type`` , and ``PublisherId`` .
-        :param type_name_alias: An alias to assign to the public extension, in this account and Region. If you specify an alias for the extension, CloudFormation treats the alias as the extension type name within this account and Region. You must use the alias to refer to the extension in your templates, API calls, and CloudFormation console. An extension alias must be unique within a given account and Region. You can activate the same public resource multiple times in the same account and Region, using different type name aliases.
+        :param type_name_alias: An alias to assign to the public extension in this account and Region. If you specify an alias for the extension, CloudFormation treats the alias as the extension type name within this account and Region. You must use the alias to refer to the extension in your templates, API calls, and CloudFormation console. An extension alias must be unique within a given account and Region. You can activate the same public resource multiple times in the same account and Region, using different type name aliases.
         :param version_bump: Manually updates a previously-activated type to a new major or minor version, if available. You can also use this parameter to update the value of ``AutoUpdate`` . - ``MAJOR`` : CloudFormation updates the extension to the newest major version, if one is available. - ``MINOR`` : CloudFormation updates the extension to the newest minor version, if one is available.
         '''
         if __debug__:
@@ -9615,7 +9615,7 @@ class CfnTypeActivation(
     @builtins.property
     @jsii.member(jsii_name="attrArn")
     def attr_arn(self) -> builtins.str:
-        '''The Amazon Resource Name (ARN) of the activated extension, in this account and Region.
+        '''The Amazon Resource Name (ARN) of the activated extension in this account and Region.
 
         :cloudformationAttribute: Arn
         '''
@@ -9749,7 +9749,7 @@ class CfnTypeActivation(
     @builtins.property
     @jsii.member(jsii_name="typeNameAlias")
     def type_name_alias(self) -> typing.Optional[builtins.str]:
-        '''An alias to assign to the public extension, in this account and Region.'''
+        '''An alias to assign to the public extension in this account and Region.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "typeNameAlias"))
 
     @type_name_alias.setter

aws_cdk/aws_cloudfront/__init__.py

@@ -10290,6 +10290,33 @@ class OriginFailoverConfig:
         )
 
 
+@jsii.enum(jsii_type="aws-cdk-lib.aws_cloudfront.OriginIpAddressType")
+class OriginIpAddressType(enum.Enum):
+    '''The IP address type for the origin.
+
+    Determines whether CloudFront uses IPv4, IPv6, or both when connecting to the origin.
+
+    :exampleMetadata: infused
+
+    Example::
+
+        origin = origins.HttpOrigin("www.example.com",
+            ip_address_type=cloudfront.OriginIpAddressType.IPV6
+        )
+        
+        cloudfront.Distribution(self, "Distribution",
+            default_behavior=cloudfront.BehaviorOptions(origin=origin)
+        )
+    '''
+
+    IPV4 = "IPV4"
+    '''Use only IPv4 addresses.'''
+    IPV6 = "IPV6"
+    '''Use only IPv6 addresses.'''
+    DUALSTACK = "DUALSTACK"
+    '''Use both IPv4 and IPv6 addresses.'''
+
+
 @jsii.data_type(
     jsii_type="aws-cdk-lib.aws_cloudfront.OriginOptions",
     jsii_struct_bases=[],
@@ -17366,6 +17393,27 @@ class CfnDistribution(
 
         jsii.create(self.__class__, self, [scope, id, props])
 
+    @jsii.member(jsii_name="fromDistributionId")
+    @builtins.classmethod
+    def from_distribution_id(
+        cls,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        distribution_id: builtins.str,
+    ) -> IDistributionRef:
+        '''Creates a new IDistributionRef from a distributionId.
+
+        :param scope: -
+        :param id: -
+        :param distribution_id: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__515b2d0306d8b0ddb1748f6ce685671bb2aafd2cd036b754a5a5628d11102d18)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+            check_type(argname="argument distribution_id", value=distribution_id, expected_type=type_hints["distribution_id"])
+        return typing.cast(IDistributionRef, jsii.sinvoke(cls, "fromDistributionId", [scope, id, distribution_id]))
+
     @jsii.member(jsii_name="inspect")
     def inspect(self, inspector: _TreeInspector_488e0dd5) -> None:
         '''Examines the CloudFormation resource and discloses attributes.
@@ -21872,7 +21920,7 @@ class CfnDistribution(
             - To accept HTTPS connections from only viewers that support SNI, set ``SSLSupportMethod`` to ``sni-only`` . This is recommended. Most browsers and clients support SNI. (In CloudFormation, the field name is ``SslSupportMethod`` . Note the different capitalization.)
             - To accept HTTPS connections from all viewers, including those that don't support SNI, set ``SSLSupportMethod`` to ``vip`` . This is not recommended, and results in additional monthly charges from CloudFront. (In CloudFormation, the field name is ``SslSupportMethod`` . Note the different capitalization.)
             - The minimum SSL/TLS protocol version that the distribution can use to communicate with viewers. To specify a minimum version, choose a value for ``MinimumProtocolVersion`` . For more information, see `Security Policy <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy>`_ in the *Amazon CloudFront Developer Guide* .
-            - The location of the SSL/TLS certificate, `AWS Certificate Manager (ACM) <https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html>`_ (recommended) or `AWS Identity and Access Management (IAM) <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html>`_ . You specify the location by setting a value in one of the following fields (not both):
+            - The location of the SSL/TLS certificate, `Certificate Manager (ACM) <https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html>`_ (recommended) or `AWS Identity and Access Management (IAM) <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html>`_ . You specify the location by setting a value in one of the following fields (not both):
             - ``ACMCertificateArn`` (In CloudFormation, this field name is ``AcmCertificateArn`` . Note the different capitalization.)
             - ``IAMCertificateId`` (In CloudFormation, this field name is ``IamCertificateId`` . Note the different capitalization.)
 
@@ -21880,7 +21928,7 @@ class CfnDistribution(
 
             For more information, see `Using HTTPS with CloudFront <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https.html>`_ and `Using Alternate Domain Names and HTTPS <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-alternate-domain-names.html>`_ in the *Amazon CloudFront Developer Guide* .
 
-            :param acm_certificate_arn: .. epigraph:: In CloudFormation, this field name is ``AcmCertificateArn`` . Note the different capitalization. If the distribution uses ``Aliases`` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in `AWS Certificate Manager (ACM) <https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html>`_ , provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region ( ``us-east-1`` ). If you specify an ACM certificate ARN, you must also specify values for ``MinimumProtocolVersion`` and ``SSLSupportMethod`` . (In CloudFormation, the field name is ``SslSupportMethod`` . Note the different capitalization.)
+            :param acm_certificate_arn: .. epigraph:: In CloudFormation, this field name is ``AcmCertificateArn`` . Note the different capitalization. If the distribution uses ``Aliases`` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in `Certificate Manager (ACM) <https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html>`_ , provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region ( ``us-east-1`` ). If you specify an ACM certificate ARN, you must also specify values for ``MinimumProtocolVersion`` and ``SSLSupportMethod`` . (In CloudFormation, the field name is ``SslSupportMethod`` . Note the different capitalization.)
             :param cloud_front_default_certificate: If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net`` , set this field to ``true`` . If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), omit this field and specify values for the following fields: - ``AcmCertificateArn`` or ``IamCertificateId`` (specify a value for one, not both) - ``MinimumProtocolVersion`` - ``SslSupportMethod``
             :param iam_certificate_id: .. epigraph:: This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see `Unsupported features for SaaS Manager for Amazon CloudFront <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas>`_ in the *Amazon CloudFront Developer Guide* . > In CloudFormation, this field name is ``IamCertificateId`` . Note the different capitalization. If the distribution uses ``Aliases`` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in `AWS Identity and Access Management (IAM) <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html>`_ , provide the ID of the IAM certificate. If you specify an IAM certificate ID, you must also specify values for ``MinimumProtocolVersion`` and ``SSLSupportMethod`` . (In CloudFormation, the field name is ``SslSupportMethod`` . Note the different capitalization.)
             :param minimum_protocol_version: If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), specify the security policy that you want CloudFront to use for HTTPS connections with viewers. The security policy determines two settings: - The minimum SSL/TLS protocol that CloudFront can use to communicate with viewers. - The ciphers that CloudFront can use to encrypt the content that it returns to viewers. For more information, see `Security Policy <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy>`_ and `Supported Protocols and Ciphers Between Viewers and CloudFront <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers>`_ in the *Amazon CloudFront Developer Guide* . .. epigraph:: On the CloudFront console, this setting is called *Security Policy* . When you're using SNI only (you set ``SSLSupportMethod`` to ``sni-only`` ), you must specify ``TLSv1`` or higher. (In CloudFormation, the field name is ``SslSupportMethod`` . Note the different capitalization.) If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net`` (you set ``CloudFrontDefaultCertificate`` to ``true`` ), CloudFront automatically sets the security policy to ``TLSv1`` regardless of the value that you set here.
@@ -21928,7 +21976,7 @@ class CfnDistribution(
 
    In CloudFormation, this field name is ``AcmCertificateArn`` . Note the different capitalization.
 
-            If the distribution uses ``Aliases`` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in `AWS Certificate Manager (ACM) <https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html>`_ , provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region ( ``us-east-1`` ).
+            If the distribution uses ``Aliases`` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in `Certificate Manager (ACM) <https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html>`_ , provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region ( ``us-east-1`` ).
 
             If you specify an ACM certificate ARN, you must also specify values for ``MinimumProtocolVersion`` and ``SSLSupportMethod`` . (In CloudFormation, the field name is ``SslSupportMethod`` . Note the different capitalization.)
 
@@ -22525,7 +22573,7 @@ class CfnDistributionTenant(
     )
     class CertificateProperty:
         def __init__(self, *, arn: typing.Optional[builtins.str] = None) -> None:
-            '''The AWS Certificate Manager (ACM) certificate associated with your distribution.
+            '''The Certificate Manager (ACM) certificate associated with your distribution.
 
             :param arn: The Amazon Resource Name (ARN) of the ACM certificate.
 
@@ -22590,7 +22638,7 @@ class CfnDistributionTenant(
 
             For each distribution tenant, you can specify the geographic restrictions, and the Amazon Resource Names (ARNs) for the ACM certificate and AWS WAF web ACL. These are specific values that you can override or disable from the multi-tenant distribution that was used to create the distribution tenant.
 
-            :param certificate: The AWS Certificate Manager (ACM) certificate.
+            :param certificate: The Certificate Manager (ACM) certificate.
             :param geo_restrictions: The geographic restrictions.
             :param web_acl: The AWS WAF web ACL.
 
@@ -22634,7 +22682,7 @@ class CfnDistributionTenant(
         def certificate(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDistributionTenant.CertificateProperty"]]:
-            '''The AWS Certificate Manager (ACM) certificate.
+            '''The Certificate Manager (ACM) certificate.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributiontenant-customizations.html#cfn-cloudfront-distributiontenant-customizations-certificate
             '''
@@ -22837,7 +22885,7 @@ class CfnDistributionTenant(
         ) -> None:
             '''An object that represents the request for the Amazon CloudFront managed ACM certificate.
 
-            :param certificate_transparency_logging_preference: You can opt out of certificate transparency logging by specifying the ``disabled`` option. Opt in by specifying ``enabled`` . For more information, see `Certificate Transparency Logging <https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency>`_ in the *AWS Certificate Manager User Guide* .
+            :param certificate_transparency_logging_preference: You can opt out of certificate transparency logging by specifying the ``disabled`` option. Opt in by specifying ``enabled`` . For more information, see `Certificate Transparency Logging <https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency>`_ in the *Certificate Manager User Guide* .
             :param primary_domain_name: The primary domain name associated with the CloudFront managed ACM certificate.
             :param validation_token_host: Specify how the HTTP validation token will be served when requesting the CloudFront managed ACM certificate. - For ``cloudfront`` , CloudFront will automatically serve the validation token. Choose this mode if you can point the domain's DNS to CloudFront immediately. - For ``self-hosted`` , you serve the validation token from your existing infrastructure. Choose this mode when you need to maintain current traffic flow while your certificate is being issued. You can place the validation token at the well-known path on your existing web server, wait for ACM to validate and issue the certificate, and then update your DNS to point to CloudFront.
 
@@ -22875,7 +22923,7 @@ class CfnDistributionTenant(
         ) -> typing.Optional[builtins.str]:
             '''You can opt out of certificate transparency logging by specifying the ``disabled`` option.
 
-            Opt in by specifying ``enabled`` . For more information, see `Certificate Transparency Logging <https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency>`_ in the *AWS Certificate Manager User Guide* .
+            Opt in by specifying ``enabled`` . For more information, see `Certificate Transparency Logging <https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency>`_ in the *Certificate Manager User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributiontenant-managedcertificaterequest.html#cfn-cloudfront-distributiontenant-managedcertificaterequest-certificatetransparencyloggingpreference
             '''
@@ -25046,6 +25094,8 @@ class CfnPublicKey(
 ):
     '''A public key that you can use with `signed URLs and signed cookies <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html>`_ , or with `field-level encryption <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html>`_ .
 
+    CloudFront supports signed URLs and signed cookies with RSA 2048 or ECDSA 256 key signatures. Field-level encryption is only compatible with RSA 2048 key signatures.
+
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-publickey.html
     :cloudformationResource: AWS::CloudFront::PublicKey
     :exampleMetadata: fixture=_generated
@@ -25186,6 +25236,8 @@ class CfnPublicKey(
         ) -> None:
             '''Configuration information about a public key that you can use with `signed URLs and signed cookies <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html>`_ , or with `field-level encryption <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html>`_ .
 
+            CloudFront supports signed URLs and signed cookies with RSA 2048 or ECDSA 256 key signatures. Field-level encryption is only compatible with RSA 2048 key signatures.
+
             :param caller_reference: A string included in the request to help make sure that the request can't be replayed.
             :param encoded_key: The public key that you can use with `signed URLs and signed cookies <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html>`_ , or with `field-level encryption <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html>`_ .
             :param name: A name to help identify the public key.
@@ -31906,6 +31958,7 @@ __all__ = [
     "OriginBindConfig",
     "OriginBindOptions",
     "OriginFailoverConfig",
+    "OriginIpAddressType",
     "OriginOptions",
     "OriginProps",
     "OriginProtocolPolicy",
@@ -33393,6 +33446,14 @@ def _typecheckingstub__81eda5f01ae8971b275cf76ed8b337277ad192ff5b49de8c33ebe25fd
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__515b2d0306d8b0ddb1748f6ce685671bb2aafd2cd036b754a5a5628d11102d18(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    distribution_id: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__40ba9750b9508c380e2724727094e58eb27b5c37b6b692cd0ef7c46535b474ea(
     inspector: _TreeInspector_488e0dd5,
 ) -> None: