aws-cdk-lib 2.219.0__py3-none-any.whl → 2.220.0__py3-none-any.whl

aws_cdk/aws_ec2/__init__.py

@@ -1422,6 +1422,21 @@ endpoint = vpc.add_client_vpn_endpoint("Endpoint",
 )
 ```
 
+To control whether clients are automatically disconnected when the maximum session duration is reached, use the `disconnectOnSessionTimeout` prop.
+By default (`true`), clients are disconnected and must manually reconnect.
+Set to `false` to allow automatic reconnection attempts:
+
+```python
+endpoint = vpc.add_client_vpn_endpoint("Endpoint",
+    cidr="10.100.0.0/16",
+    server_certificate_arn="arn:aws:acm:us-east-1:123456789012:certificate/server-certificate-id",
+    client_certificate_arn="arn:aws:acm:us-east-1:123456789012:certificate/client-certificate-id",
+    disconnect_on_session_timeout=False
+)
+```
+
+Detail information about maximum VPN session duration timeout can be found in the [AWS documentation](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-max-duration.html).
+
 ## Instances
 
 You can use the `Instance` class to start up a single EC2 instance. For production setups, we recommend
@@ -23814,6 +23829,7 @@ class ClientVpnEndpointAttributes:
         "client_login_banner": "clientLoginBanner",
         "client_route_enforcement_options": "clientRouteEnforcementOptions",
         "description": "description",
+        "disconnect_on_session_timeout": "disconnectOnSessionTimeout",
         "dns_servers": "dnsServers",
         "logging": "logging",
         "log_group": "logGroup",
@@ -23840,6 +23856,7 @@ class ClientVpnEndpointOptions:
         client_login_banner: typing.Optional[builtins.str] = None,
         client_route_enforcement_options: typing.Optional[typing.Union[ClientRouteEnforcementOptions, typing.Dict[builtins.str, typing.Any]]] = None,
         description: typing.Optional[builtins.str] = None,
+        disconnect_on_session_timeout: typing.Optional[builtins.bool] = None,
         dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
         logging: typing.Optional[builtins.bool] = None,
         log_group: typing.Optional[_ILogGroup_3c4fa718] = None,
@@ -23863,6 +23880,7 @@ class ClientVpnEndpointOptions:
         :param client_login_banner: Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters. Default: - no banner is presented to the client
         :param client_route_enforcement_options: Options for Client Route Enforcement. Client Route Enforcement is a feature of Client VPN that helps enforce administrator defined routes on devices connected through the VPN. This feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel. Default: undefined - AWS Client VPN default setting is disable client route enforcement
         :param description: A brief description of the Client VPN endpoint. Default: - no description
+        :param disconnect_on_session_timeout: Indicates whether the client VPN session is disconnected after the maximum ``sessionTimeout`` is reached. If ``true``, users are prompted to reconnect client VPN. If ``false``, client VPN attempts to reconnect automatically. Default: undefined - AWS Client VPN default is true
         :param dns_servers: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. Default: - use the DNS address configured on the device
         :param logging: Whether to enable connections logging. Default: true
         :param log_group: A CloudWatch Logs log group for connection logging. Default: - a new group is created
@@ -23880,16 +23898,13 @@ class ClientVpnEndpointOptions:
 
         Example::
 
-            endpoint = vpc.add_client_vpn_endpoint("Endpoint",
+            vpc.add_client_vpn_endpoint("Endpoint",
                 cidr="10.100.0.0/16",
                 server_certificate_arn="arn:aws:acm:us-east-1:123456789012:certificate/server-certificate-id",
-                user_based_authentication=ec2.ClientVpnUserBasedAuthentication.federated(saml_provider),
-                authorize_all_users_to_vpc_cidr=False
-            )
-            
-            endpoint.add_authorization_rule("Rule",
-                cidr="10.0.10.0/32",
-                group_id="group-id"
+                # Mutual authentication
+                client_certificate_arn="arn:aws:acm:us-east-1:123456789012:certificate/client-certificate-id",
+                # User-based authentication
+                user_based_authentication=ec2.ClientVpnUserBasedAuthentication.federated(saml_provider)
             )
         '''
         if isinstance(client_route_enforcement_options, dict):
@@ -23906,6 +23921,7 @@ class ClientVpnEndpointOptions:
             check_type(argname="argument client_login_banner", value=client_login_banner, expected_type=type_hints["client_login_banner"])
             check_type(argname="argument client_route_enforcement_options", value=client_route_enforcement_options, expected_type=type_hints["client_route_enforcement_options"])
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
+            check_type(argname="argument disconnect_on_session_timeout", value=disconnect_on_session_timeout, expected_type=type_hints["disconnect_on_session_timeout"])
             check_type(argname="argument dns_servers", value=dns_servers, expected_type=type_hints["dns_servers"])
             check_type(argname="argument logging", value=logging, expected_type=type_hints["logging"])
             check_type(argname="argument log_group", value=log_group, expected_type=type_hints["log_group"])
@@ -23934,6 +23950,8 @@ class ClientVpnEndpointOptions:
             self._values["client_route_enforcement_options"] = client_route_enforcement_options
         if description is not None:
             self._values["description"] = description
+        if disconnect_on_session_timeout is not None:
+            self._values["disconnect_on_session_timeout"] = disconnect_on_session_timeout
         if dns_servers is not None:
             self._values["dns_servers"] = dns_servers
         if logging is not None:
@@ -24054,6 +24072,20 @@ class ClientVpnEndpointOptions:
         result = self._values.get("description")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def disconnect_on_session_timeout(self) -> typing.Optional[builtins.bool]:
+        '''Indicates whether the client VPN session is disconnected after the maximum ``sessionTimeout`` is reached.
+
+        If ``true``, users are prompted to reconnect client VPN.
+        If ``false``, client VPN attempts to reconnect automatically.
+
+        :default: undefined - AWS Client VPN default is true
+
+        :see: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-max-duration.html
+        '''
+        result = self._values.get("disconnect_on_session_timeout")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     @builtins.property
     def dns_servers(self) -> typing.Optional[typing.List[builtins.str]]:
         '''Information about the DNS servers to be used for DNS resolution.
@@ -24194,6 +24226,7 @@ class ClientVpnEndpointOptions:
         "client_login_banner": "clientLoginBanner",
         "client_route_enforcement_options": "clientRouteEnforcementOptions",
         "description": "description",
+        "disconnect_on_session_timeout": "disconnectOnSessionTimeout",
         "dns_servers": "dnsServers",
         "logging": "logging",
         "log_group": "logGroup",
@@ -24221,6 +24254,7 @@ class ClientVpnEndpointProps(ClientVpnEndpointOptions):
         client_login_banner: typing.Optional[builtins.str] = None,
         client_route_enforcement_options: typing.Optional[typing.Union[ClientRouteEnforcementOptions, typing.Dict[builtins.str, typing.Any]]] = None,
         description: typing.Optional[builtins.str] = None,
+        disconnect_on_session_timeout: typing.Optional[builtins.bool] = None,
         dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
         logging: typing.Optional[builtins.bool] = None,
         log_group: typing.Optional[_ILogGroup_3c4fa718] = None,
@@ -24245,6 +24279,7 @@ class ClientVpnEndpointProps(ClientVpnEndpointOptions):
         :param client_login_banner: Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters. Default: - no banner is presented to the client
         :param client_route_enforcement_options: Options for Client Route Enforcement. Client Route Enforcement is a feature of Client VPN that helps enforce administrator defined routes on devices connected through the VPN. This feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel. Default: undefined - AWS Client VPN default setting is disable client route enforcement
         :param description: A brief description of the Client VPN endpoint. Default: - no description
+        :param disconnect_on_session_timeout: Indicates whether the client VPN session is disconnected after the maximum ``sessionTimeout`` is reached. If ``true``, users are prompted to reconnect client VPN. If ``false``, client VPN attempts to reconnect automatically. Default: undefined - AWS Client VPN default is true
         :param dns_servers: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. Default: - use the DNS address configured on the device
         :param logging: Whether to enable connections logging. Default: true
         :param log_group: A CloudWatch Logs log group for connection logging. Default: - a new group is created
@@ -24291,6 +24326,7 @@ class ClientVpnEndpointProps(ClientVpnEndpointOptions):
                     enforced=False
                 ),
                 description="description",
+                disconnect_on_session_timeout=False,
                 dns_servers=["dnsServers"],
                 logging=False,
                 log_group=log_group,
@@ -24326,6 +24362,7 @@ class ClientVpnEndpointProps(ClientVpnEndpointOptions):
             check_type(argname="argument client_login_banner", value=client_login_banner, expected_type=type_hints["client_login_banner"])
             check_type(argname="argument client_route_enforcement_options", value=client_route_enforcement_options, expected_type=type_hints["client_route_enforcement_options"])
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
+            check_type(argname="argument disconnect_on_session_timeout", value=disconnect_on_session_timeout, expected_type=type_hints["disconnect_on_session_timeout"])
             check_type(argname="argument dns_servers", value=dns_servers, expected_type=type_hints["dns_servers"])
             check_type(argname="argument logging", value=logging, expected_type=type_hints["logging"])
             check_type(argname="argument log_group", value=log_group, expected_type=type_hints["log_group"])
@@ -24356,6 +24393,8 @@ class ClientVpnEndpointProps(ClientVpnEndpointOptions):
             self._values["client_route_enforcement_options"] = client_route_enforcement_options
         if description is not None:
             self._values["description"] = description
+        if disconnect_on_session_timeout is not None:
+            self._values["disconnect_on_session_timeout"] = disconnect_on_session_timeout
         if dns_servers is not None:
             self._values["dns_servers"] = dns_servers
         if logging is not None:
@@ -24476,6 +24515,20 @@ class ClientVpnEndpointProps(ClientVpnEndpointOptions):
         result = self._values.get("description")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def disconnect_on_session_timeout(self) -> typing.Optional[builtins.bool]:
+        '''Indicates whether the client VPN session is disconnected after the maximum ``sessionTimeout`` is reached.
+
+        If ``true``, users are prompted to reconnect client VPN.
+        If ``false``, client VPN attempts to reconnect automatically.
+
+        :default: undefined - AWS Client VPN default is true
+
+        :see: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-max-duration.html
+        '''
+        result = self._values.get("disconnect_on_session_timeout")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     @builtins.property
     def dns_servers(self) -> typing.Optional[typing.List[builtins.str]]:
         '''Information about the DNS servers to be used for DNS resolution.
@@ -33726,6 +33779,7 @@ class IVpc(_IResource_c80c4260, IVPCRef, typing_extensions.Protocol):
         client_login_banner: typing.Optional[builtins.str] = None,
         client_route_enforcement_options: typing.Optional[typing.Union[ClientRouteEnforcementOptions, typing.Dict[builtins.str, typing.Any]]] = None,
         description: typing.Optional[builtins.str] = None,
+        disconnect_on_session_timeout: typing.Optional[builtins.bool] = None,
         dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
         logging: typing.Optional[builtins.bool] = None,
         log_group: typing.Optional[_ILogGroup_3c4fa718] = None,
@@ -33750,6 +33804,7 @@ class IVpc(_IResource_c80c4260, IVPCRef, typing_extensions.Protocol):
         :param client_login_banner: Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters. Default: - no banner is presented to the client
         :param client_route_enforcement_options: Options for Client Route Enforcement. Client Route Enforcement is a feature of Client VPN that helps enforce administrator defined routes on devices connected through the VPN. This feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel. Default: undefined - AWS Client VPN default setting is disable client route enforcement
         :param description: A brief description of the Client VPN endpoint. Default: - no description
+        :param disconnect_on_session_timeout: Indicates whether the client VPN session is disconnected after the maximum ``sessionTimeout`` is reached. If ``true``, users are prompted to reconnect client VPN. If ``false``, client VPN attempts to reconnect automatically. Default: undefined - AWS Client VPN default is true
         :param dns_servers: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. Default: - use the DNS address configured on the device
         :param logging: Whether to enable connections logging. Default: true
         :param log_group: A CloudWatch Logs log group for connection logging. Default: - a new group is created
@@ -33977,6 +34032,7 @@ class _IVpcProxy(
         client_login_banner: typing.Optional[builtins.str] = None,
         client_route_enforcement_options: typing.Optional[typing.Union[ClientRouteEnforcementOptions, typing.Dict[builtins.str, typing.Any]]] = None,
         description: typing.Optional[builtins.str] = None,
+        disconnect_on_session_timeout: typing.Optional[builtins.bool] = None,
         dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
         logging: typing.Optional[builtins.bool] = None,
         log_group: typing.Optional[_ILogGroup_3c4fa718] = None,
@@ -34001,6 +34057,7 @@ class _IVpcProxy(
         :param client_login_banner: Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters. Default: - no banner is presented to the client
         :param client_route_enforcement_options: Options for Client Route Enforcement. Client Route Enforcement is a feature of Client VPN that helps enforce administrator defined routes on devices connected through the VPN. This feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel. Default: undefined - AWS Client VPN default setting is disable client route enforcement
         :param description: A brief description of the Client VPN endpoint. Default: - no description
+        :param disconnect_on_session_timeout: Indicates whether the client VPN session is disconnected after the maximum ``sessionTimeout`` is reached. If ``true``, users are prompted to reconnect client VPN. If ``false``, client VPN attempts to reconnect automatically. Default: undefined - AWS Client VPN default is true
         :param dns_servers: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. Default: - use the DNS address configured on the device
         :param logging: Whether to enable connections logging. Default: true
         :param log_group: A CloudWatch Logs log group for connection logging. Default: - a new group is created
@@ -34026,6 +34083,7 @@ class _IVpcProxy(
             client_login_banner=client_login_banner,
             client_route_enforcement_options=client_route_enforcement_options,
             description=description,
+            disconnect_on_session_timeout=disconnect_on_session_timeout,
             dns_servers=dns_servers,
             logging=logging,
             log_group=log_group,
@@ -37179,6 +37237,14 @@ class InstanceClass(enum.Enum):
     '''Compute optimized instances based on Intel Xeon Scalable (Sapphire Rapids) processors, 7th generation C7i-flex instances efficiently use compute resources to deliver a baseline level of performance with the ability to scale up to the full compute performance a majority of the time.'''
     C7I_FLEX = "C7I_FLEX"
     '''Compute optimized instances based on Intel Xeon Scalable (Sapphire Rapids) processors, 7th generation C7i-flex instances efficiently use compute resources to deliver a baseline level of performance with the ability to scale up to the full compute performance a majority of the time.'''
+    COMPUTE8_INTEL = "COMPUTE8_INTEL"
+    '''Compute optimized instances based on custom Intel Xeon 6 processors, available only on AWS, 8th generation.'''
+    C8I = "C8I"
+    '''Compute optimized instances based on custom Intel Xeon 6 processors, available only on AWS, 8th generation.'''
+    COMPUTE8_INTEL_FLEX = "COMPUTE8_INTEL_FLEX"
+    '''Compute optimized instances based on custom Intel Xeon 6 processors, available only on AWS, 8th generation C8i-flex instances efficiently use compute resources to deliver a baseline level of performance with the ability to scale up to the full compute performance a majority of the time.'''
+    C8I_FLEX = "C8I_FLEX"
+    '''Compute optimized instances based on custom Intel Xeon 6 processors, available only on AWS, 8th generation C8i-flex instances efficiently use compute resources to deliver a baseline level of performance with the ability to scale up to the full compute performance a majority of the time.'''
     COMPUTE7_AMD = "COMPUTE7_AMD"
     '''Compute optimized instances based on 4th generation AMD EPYC (codename Genoa), 7th generation.'''
     C7A = "C7A"
@@ -37477,6 +37543,10 @@ class InstanceClass(enum.Enum):
     '''Standard instances based on 4th generation AMD EPYC (codename Genoa), 7th generation.'''
     M7A = "M7A"
     '''Standard instances based on 4th generation AMD EPYC (codename Genoa), 7th generation.'''
+    STANDARD8_AMD = "STANDARD8_AMD"
+    '''Standard instances based on 5th generation AMD EPYC (formerly code named Turin), 8th generation.'''
+    M8A = "M8A"
+    '''Standard instances based on 5th generation AMD EPYC (formerly code named Turin), 8th generation.'''
     HIGH_COMPUTE_MEMORY1 = "HIGH_COMPUTE_MEMORY1"
     '''High memory and compute capacity instances, 1st generation.'''
     Z1D = "Z1D"
@@ -39672,6 +39742,16 @@ class InterfaceVpcEndpointAwsService(
     def BEDROCK_AGENT_RUNTIME(cls) -> "InterfaceVpcEndpointAwsService":
         return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "BEDROCK_AGENT_RUNTIME"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="BEDROCK_AGENTCORE")
+    def BEDROCK_AGENTCORE(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "BEDROCK_AGENTCORE"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="BEDROCK_AGENTCORE_GATEWAY")
+    def BEDROCK_AGENTCORE_GATEWAY(cls) -> "InterfaceVpcEndpointAwsService":
+        return typing.cast("InterfaceVpcEndpointAwsService", jsii.sget(cls, "BEDROCK_AGENTCORE_GATEWAY"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="BEDROCK_DATA_AUTOMATION")
     def BEDROCK_DATA_AUTOMATION(cls) -> "InterfaceVpcEndpointAwsService":
@@ -54786,6 +54866,7 @@ class Vpc(
         client_login_banner: typing.Optional[builtins.str] = None,
         client_route_enforcement_options: typing.Optional[typing.Union[ClientRouteEnforcementOptions, typing.Dict[builtins.str, typing.Any]]] = None,
         description: typing.Optional[builtins.str] = None,
+        disconnect_on_session_timeout: typing.Optional[builtins.bool] = None,
         dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
         logging: typing.Optional[builtins.bool] = None,
         log_group: typing.Optional[_ILogGroup_3c4fa718] = None,
@@ -54810,6 +54891,7 @@ class Vpc(
         :param client_login_banner: Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters. Default: - no banner is presented to the client
         :param client_route_enforcement_options: Options for Client Route Enforcement. Client Route Enforcement is a feature of Client VPN that helps enforce administrator defined routes on devices connected through the VPN. This feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel. Default: undefined - AWS Client VPN default setting is disable client route enforcement
         :param description: A brief description of the Client VPN endpoint. Default: - no description
+        :param disconnect_on_session_timeout: Indicates whether the client VPN session is disconnected after the maximum ``sessionTimeout`` is reached. If ``true``, users are prompted to reconnect client VPN. If ``false``, client VPN attempts to reconnect automatically. Default: undefined - AWS Client VPN default is true
         :param dns_servers: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. Default: - use the DNS address configured on the device
         :param logging: Whether to enable connections logging. Default: true
         :param log_group: A CloudWatch Logs log group for connection logging. Default: - a new group is created
@@ -54835,6 +54917,7 @@ class Vpc(
             client_login_banner=client_login_banner,
             client_route_enforcement_options=client_route_enforcement_options,
             description=description,
+            disconnect_on_session_timeout=disconnect_on_session_timeout,
             dns_servers=dns_servers,
             logging=logging,
             log_group=log_group,
@@ -119229,6 +119312,7 @@ class ClientVpnEndpoint(
         client_login_banner: typing.Optional[builtins.str] = None,
         client_route_enforcement_options: typing.Optional[typing.Union[ClientRouteEnforcementOptions, typing.Dict[builtins.str, typing.Any]]] = None,
         description: typing.Optional[builtins.str] = None,
+        disconnect_on_session_timeout: typing.Optional[builtins.bool] = None,
         dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
         logging: typing.Optional[builtins.bool] = None,
         log_group: typing.Optional[_ILogGroup_3c4fa718] = None,
@@ -119254,6 +119338,7 @@ class ClientVpnEndpoint(
         :param client_login_banner: Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters. Default: - no banner is presented to the client
         :param client_route_enforcement_options: Options for Client Route Enforcement. Client Route Enforcement is a feature of Client VPN that helps enforce administrator defined routes on devices connected through the VPN. This feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel. Default: undefined - AWS Client VPN default setting is disable client route enforcement
         :param description: A brief description of the Client VPN endpoint. Default: - no description
+        :param disconnect_on_session_timeout: Indicates whether the client VPN session is disconnected after the maximum ``sessionTimeout`` is reached. If ``true``, users are prompted to reconnect client VPN. If ``false``, client VPN attempts to reconnect automatically. Default: undefined - AWS Client VPN default is true
         :param dns_servers: Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. Default: - use the DNS address configured on the device
         :param logging: Whether to enable connections logging. Default: true
         :param log_group: A CloudWatch Logs log group for connection logging. Default: - a new group is created
@@ -119281,6 +119366,7 @@ class ClientVpnEndpoint(
             client_login_banner=client_login_banner,
             client_route_enforcement_options=client_route_enforcement_options,
             description=description,
+            disconnect_on_session_timeout=disconnect_on_session_timeout,
             dns_servers=dns_servers,
             logging=logging,
             log_group=log_group,
@@ -122258,6 +122344,7 @@ def _typecheckingstub__73f8593e2e6199f8ae542cff4cbe02f0be09fd9043b8072cbb652d5b0
     client_login_banner: typing.Optional[builtins.str] = None,
     client_route_enforcement_options: typing.Optional[typing.Union[ClientRouteEnforcementOptions, typing.Dict[builtins.str, typing.Any]]] = None,
     description: typing.Optional[builtins.str] = None,
+    disconnect_on_session_timeout: typing.Optional[builtins.bool] = None,
     dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
     logging: typing.Optional[builtins.bool] = None,
     log_group: typing.Optional[_ILogGroup_3c4fa718] = None,
@@ -122284,6 +122371,7 @@ def _typecheckingstub__8e89ba9082e1bc80500c526e8522c5a90e2a91bd17d985f5932611e0b
     client_login_banner: typing.Optional[builtins.str] = None,
     client_route_enforcement_options: typing.Optional[typing.Union[ClientRouteEnforcementOptions, typing.Dict[builtins.str, typing.Any]]] = None,
     description: typing.Optional[builtins.str] = None,
+    disconnect_on_session_timeout: typing.Optional[builtins.bool] = None,
     dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
     logging: typing.Optional[builtins.bool] = None,
     log_group: typing.Optional[_ILogGroup_3c4fa718] = None,
@@ -122798,6 +122886,7 @@ def _typecheckingstub__19cdaa7bec0f733a863944b2be6c76392b1e518714158a913370b8de7
     client_login_banner: typing.Optional[builtins.str] = None,
     client_route_enforcement_options: typing.Optional[typing.Union[ClientRouteEnforcementOptions, typing.Dict[builtins.str, typing.Any]]] = None,
     description: typing.Optional[builtins.str] = None,
+    disconnect_on_session_timeout: typing.Optional[builtins.bool] = None,
     dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
     logging: typing.Optional[builtins.bool] = None,
     log_group: typing.Optional[_ILogGroup_3c4fa718] = None,
@@ -124810,6 +124899,7 @@ def _typecheckingstub__04f8b7e933af74b695401b45c9c6b308e4684ecde3cb9a2a1e358a336
     client_login_banner: typing.Optional[builtins.str] = None,
     client_route_enforcement_options: typing.Optional[typing.Union[ClientRouteEnforcementOptions, typing.Dict[builtins.str, typing.Any]]] = None,
     description: typing.Optional[builtins.str] = None,
+    disconnect_on_session_timeout: typing.Optional[builtins.bool] = None,
     dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
     logging: typing.Optional[builtins.bool] = None,
     log_group: typing.Optional[_ILogGroup_3c4fa718] = None,
@@ -135439,6 +135529,7 @@ def _typecheckingstub__9a2422e1dfabadbd7f572317ed37670a87714b6f36fe9da2a01f1e26e
     client_login_banner: typing.Optional[builtins.str] = None,
     client_route_enforcement_options: typing.Optional[typing.Union[ClientRouteEnforcementOptions, typing.Dict[builtins.str, typing.Any]]] = None,
     description: typing.Optional[builtins.str] = None,
+    disconnect_on_session_timeout: typing.Optional[builtins.bool] = None,
     dns_servers: typing.Optional[typing.Sequence[builtins.str]] = None,
     logging: typing.Optional[builtins.bool] = None,
     log_group: typing.Optional[_ILogGroup_3c4fa718] = None,