aws-cdk-lib 2.219.0__py3-none-any.whl → 2.221.0__py3-none-any.whl

aws_cdk/aws_efs/__init__.py

@@ -6077,3 +6077,6 @@ def _typecheckingstub__020e1ad6a612ae3b94c3b53afd9ca3e8710c6a621174024a66a4889b0
 ) -> None:
     """Type checking stubs"""
     pass
+
+for cls in [IAccessPoint, IAccessPointRef, IFileSystem, IFileSystemRef, IMountTargetRef]:
+    typing.cast(typing.Any, cls).__protocol_attrs__ = typing.cast(typing.Any, cls).__protocol_attrs__ - set(['__jsii_proxy_class__', '__jsii_type__'])

aws_cdk/aws_eks/__init__.py

@@ -158,6 +158,28 @@ eks.Cluster(self, "HelloEKS",
 )
 ```
 
+You can control what happens to the resources created by the cluster construct when they are no longer managed by CloudFormation by specifying a `removalPolicy`.
+
+This can happen in one of three situations:
+
+* The resource is removed from the template, so CloudFormation stops managing it;
+* A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it;
+* The stack is deleted, so CloudFormation stops managing all resources in it.
+
+This affects the EKS cluster itself, the custom resource that created the cluster, associated IAM roles, node groups, security groups, VPC and any other CloudFormation resources managed by this construct.
+
+```python
+from aws_cdk.lambda_layer_kubectl_v33 import KubectlV33Layer
+import aws_cdk as core
+
+
+eks.Cluster(self, "HelloEKS",
+    version=eks.KubernetesVersion.V1_33,
+    kubectl_layer=KubectlV33Layer(self, "kubectl"),
+    removal_policy=core.RemovalPolicy.RETAIN
+)
+```
+
 You can also use `FargateCluster` to provision a cluster that uses only fargate workers.
 
 ```python
@@ -2136,6 +2158,7 @@ from .. import (
     ITaggable as _ITaggable_36806126,
     ITaggableV2 as _ITaggableV2_4e6798f8,
     NestedStack as _NestedStack_dd393a45,
+    RemovalPolicy as _RemovalPolicy_9f93c814,
     Resource as _Resource_45bc6135,
     Size as _Size_7b441c34,
     TagManager as _TagManager_0a598cb3,
@@ -11632,19 +11655,17 @@ class KubernetesVersion(
 
         from aws_cdk.lambda_layer_kubectl_v33 import KubectlV33Layer
         
-        # or
-        # vpc: ec2.Vpc
-        
         
-        eks.Cluster(self, "MyCluster",
-            kubectl_memory=Size.gibibytes(4),
+        cluster = eks.Cluster(self, "HelloEKS",
             version=eks.KubernetesVersion.V1_33,
+            default_capacity=0,
             kubectl_layer=KubectlV33Layer(self, "kubectl")
         )
-        eks.Cluster.from_cluster_attributes(self, "MyCluster",
-            kubectl_memory=Size.gibibytes(4),
-            vpc=vpc,
-            cluster_name="cluster-name"
+        
+        cluster.add_nodegroup_capacity("custom-node-group",
+            instance_types=[ec2.InstanceType("m5.large")],
+            min_size=4,
+            disk_size=100
         )
     '''
 
@@ -15106,27 +15127,6 @@ class CfnAddon(
 
         jsii.create(self.__class__, self, [scope, id, props])
 
-    @jsii.member(jsii_name="fromAddonArn")
-    @builtins.classmethod
-    def from_addon_arn(
-        cls,
-        scope: _constructs_77d1e7e8.Construct,
-        id: builtins.str,
-        arn: builtins.str,
-    ) -> IAddonRef:
-        '''Creates a new IAddonRef from an ARN.
-
-        :param scope: -
-        :param id: -
-        :param arn: -
-        '''
-        if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__e553dfaf756fa282c5fbeb4ef4b974cf0a47d23084cd717224b1311e0a30eb24)
-            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
-            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
-            check_type(argname="argument arn", value=arn, expected_type=type_hints["arn"])
-        return typing.cast(IAddonRef, jsii.sinvoke(cls, "fromAddonArn", [scope, id, arn]))
-
     @jsii.member(jsii_name="inspect")
     def inspect(self, inspector: _TreeInspector_488e0dd5) -> None:
         '''Examines the CloudFormation resource and discloses attributes.
@@ -17695,27 +17695,6 @@ class CfnFargateProfile(
 
         jsii.create(self.__class__, self, [scope, id, props])
 
-    @jsii.member(jsii_name="fromFargateProfileArn")
-    @builtins.classmethod
-    def from_fargate_profile_arn(
-        cls,
-        scope: _constructs_77d1e7e8.Construct,
-        id: builtins.str,
-        arn: builtins.str,
-    ) -> IFargateProfileRef:
-        '''Creates a new IFargateProfileRef from an ARN.
-
-        :param scope: -
-        :param id: -
-        :param arn: -
-        '''
-        if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__68f38ef5ce6ebc1ca5dcde1b9e529ea13f0b01c2ccaa9863ca69bece85d4f6e6)
-            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
-            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
-            check_type(argname="argument arn", value=arn, expected_type=type_hints["arn"])
-        return typing.cast(IFargateProfileRef, jsii.sinvoke(cls, "fromFargateProfileArn", [scope, id, arn]))
-
     @jsii.member(jsii_name="inspect")
     def inspect(self, inspector: _TreeInspector_488e0dd5) -> None:
         '''Examines the CloudFormation resource and discloses attributes.
@@ -19813,6 +19792,7 @@ class Cluster(
         prune: typing.Optional[builtins.bool] = None,
         remote_node_networks: typing.Optional[typing.Sequence[typing.Union[RemoteNodeNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
         remote_pod_networks: typing.Optional[typing.Sequence[typing.Union[RemotePodNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
+        removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
         secrets_encryption_key: typing.Optional[_IKeyRef_1e82344b] = None,
         service_ipv4_cidr: typing.Optional[builtins.str] = None,
         version: KubernetesVersion,
@@ -19854,6 +19834,7 @@ class Cluster(
         :param prune: Indicates whether Kubernetes resources added through ``addManifest()`` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the ``kubectl apply`` operation with the ``--prune`` switch. Default: true
         :param remote_node_networks: IPv4 CIDR blocks defining the expected address range of hybrid nodes that will join the cluster. Default: - none
         :param remote_pod_networks: IPv4 CIDR blocks for Pods running Kubernetes webhooks on hybrid nodes. Default: - none
+        :param removal_policy: The removal policy applied to all CloudFormation resources created by this construct when they are no longer managed by CloudFormation. This can happen in one of three situations: - The resource is removed from the template, so CloudFormation stops managing it; - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it; - The stack is deleted, so CloudFormation stops managing all resources in it. This affects the EKS cluster itself, associated IAM roles, node groups, security groups, VPC and any other CloudFormation resources managed by this construct. Default: - Resources will be deleted.
         :param secrets_encryption_key: KMS secret for envelope encryption for Kubernetes secrets. Default: - By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys.
         :param service_ipv4_cidr: The CIDR block to assign Kubernetes service IP addresses from. Default: - Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks
         :param version: The Kubernetes version to run in the cluster.
@@ -19896,6 +19877,7 @@ class Cluster(
             prune=prune,
             remote_node_networks=remote_node_networks,
             remote_pod_networks=remote_pod_networks,
+            removal_policy=removal_policy,
             secrets_encryption_key=secrets_encryption_key,
             service_ipv4_cidr=service_ipv4_cidr,
             version=version,
@@ -20843,6 +20825,7 @@ class Cluster(
         "prune": "prune",
         "remote_node_networks": "remoteNodeNetworks",
         "remote_pod_networks": "remotePodNetworks",
+        "removal_policy": "removalPolicy",
         "secrets_encryption_key": "secretsEncryptionKey",
         "service_ipv4_cidr": "serviceIpv4Cidr",
     },
@@ -20878,6 +20861,7 @@ class ClusterOptions(CommonClusterOptions):
         prune: typing.Optional[builtins.bool] = None,
         remote_node_networks: typing.Optional[typing.Sequence[typing.Union[RemoteNodeNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
         remote_pod_networks: typing.Optional[typing.Sequence[typing.Union[RemotePodNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
+        removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
         secrets_encryption_key: typing.Optional[_IKeyRef_1e82344b] = None,
         service_ipv4_cidr: typing.Optional[builtins.str] = None,
     ) -> None:
@@ -20910,6 +20894,7 @@ class ClusterOptions(CommonClusterOptions):
         :param prune: Indicates whether Kubernetes resources added through ``addManifest()`` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the ``kubectl apply`` operation with the ``--prune`` switch. Default: true
         :param remote_node_networks: IPv4 CIDR blocks defining the expected address range of hybrid nodes that will join the cluster. Default: - none
         :param remote_pod_networks: IPv4 CIDR blocks for Pods running Kubernetes webhooks on hybrid nodes. Default: - none
+        :param removal_policy: The removal policy applied to all CloudFormation resources created by this construct when they are no longer managed by CloudFormation. This can happen in one of three situations: - The resource is removed from the template, so CloudFormation stops managing it; - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it; - The stack is deleted, so CloudFormation stops managing all resources in it. This affects the EKS cluster itself, associated IAM roles, node groups, security groups, VPC and any other CloudFormation resources managed by this construct. Default: - Resources will be deleted.
         :param secrets_encryption_key: KMS secret for envelope encryption for Kubernetes secrets. Default: - By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys.
         :param service_ipv4_cidr: The CIDR block to assign Kubernetes service IP addresses from. Default: - Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks
 
@@ -20983,6 +20968,7 @@ class ClusterOptions(CommonClusterOptions):
                 remote_pod_networks=[eks.RemotePodNetwork(
                     cidrs=["cidrs"]
                 )],
+                removal_policy=cdk.RemovalPolicy.DESTROY,
                 role=role,
                 secrets_encryption_key=key_ref,
                 security_group=security_group,
@@ -21029,6 +21015,7 @@ class ClusterOptions(CommonClusterOptions):
             check_type(argname="argument prune", value=prune, expected_type=type_hints["prune"])
             check_type(argname="argument remote_node_networks", value=remote_node_networks, expected_type=type_hints["remote_node_networks"])
             check_type(argname="argument remote_pod_networks", value=remote_pod_networks, expected_type=type_hints["remote_pod_networks"])
+            check_type(argname="argument removal_policy", value=removal_policy, expected_type=type_hints["removal_policy"])
             check_type(argname="argument secrets_encryption_key", value=secrets_encryption_key, expected_type=type_hints["secrets_encryption_key"])
             check_type(argname="argument service_ipv4_cidr", value=service_ipv4_cidr, expected_type=type_hints["service_ipv4_cidr"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
@@ -21085,6 +21072,8 @@ class ClusterOptions(CommonClusterOptions):
             self._values["remote_node_networks"] = remote_node_networks
         if remote_pod_networks is not None:
             self._values["remote_pod_networks"] = remote_pod_networks
+        if removal_policy is not None:
+            self._values["removal_policy"] = removal_policy
         if secrets_encryption_key is not None:
             self._values["secrets_encryption_key"] = secrets_encryption_key
         if service_ipv4_cidr is not None:
@@ -21393,6 +21382,24 @@ class ClusterOptions(CommonClusterOptions):
         result = self._values.get("remote_pod_networks")
         return typing.cast(typing.Optional[typing.List[RemotePodNetwork]], result)
 
+    @builtins.property
+    def removal_policy(self) -> typing.Optional[_RemovalPolicy_9f93c814]:
+        '''The removal policy applied to all CloudFormation resources created by this construct when they are no longer managed by CloudFormation.
+
+        This can happen in one of three situations:
+
+        - The resource is removed from the template, so CloudFormation stops managing it;
+        - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it;
+        - The stack is deleted, so CloudFormation stops managing all resources in it.
+
+        This affects the EKS cluster itself, associated IAM roles, node groups, security groups, VPC
+        and any other CloudFormation resources managed by this construct.
+
+        :default: - Resources will be deleted.
+        '''
+        result = self._values.get("removal_policy")
+        return typing.cast(typing.Optional[_RemovalPolicy_9f93c814], result)
+
     @builtins.property
     def secrets_encryption_key(self) -> typing.Optional[_IKeyRef_1e82344b]:
         '''KMS secret for envelope encryption for Kubernetes secrets.
@@ -21463,6 +21470,7 @@ class ClusterOptions(CommonClusterOptions):
         "prune": "prune",
         "remote_node_networks": "remoteNodeNetworks",
         "remote_pod_networks": "remotePodNetworks",
+        "removal_policy": "removalPolicy",
         "secrets_encryption_key": "secretsEncryptionKey",
         "service_ipv4_cidr": "serviceIpv4Cidr",
         "bootstrap_cluster_creator_admin_permissions": "bootstrapClusterCreatorAdminPermissions",
@@ -21505,6 +21513,7 @@ class ClusterProps(ClusterOptions):
         prune: typing.Optional[builtins.bool] = None,
         remote_node_networks: typing.Optional[typing.Sequence[typing.Union[RemoteNodeNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
         remote_pod_networks: typing.Optional[typing.Sequence[typing.Union[RemotePodNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
+        removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
         secrets_encryption_key: typing.Optional[_IKeyRef_1e82344b] = None,
         service_ipv4_cidr: typing.Optional[builtins.str] = None,
         bootstrap_cluster_creator_admin_permissions: typing.Optional[builtins.bool] = None,
@@ -21544,6 +21553,7 @@ class ClusterProps(ClusterOptions):
         :param prune: Indicates whether Kubernetes resources added through ``addManifest()`` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the ``kubectl apply`` operation with the ``--prune`` switch. Default: true
         :param remote_node_networks: IPv4 CIDR blocks defining the expected address range of hybrid nodes that will join the cluster. Default: - none
         :param remote_pod_networks: IPv4 CIDR blocks for Pods running Kubernetes webhooks on hybrid nodes. Default: - none
+        :param removal_policy: The removal policy applied to all CloudFormation resources created by this construct when they are no longer managed by CloudFormation. This can happen in one of three situations: - The resource is removed from the template, so CloudFormation stops managing it; - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it; - The stack is deleted, so CloudFormation stops managing all resources in it. This affects the EKS cluster itself, associated IAM roles, node groups, security groups, VPC and any other CloudFormation resources managed by this construct. Default: - Resources will be deleted.
         :param secrets_encryption_key: KMS secret for envelope encryption for Kubernetes secrets. Default: - By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys.
         :param service_ipv4_cidr: The CIDR block to assign Kubernetes service IP addresses from. Default: - Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks
         :param bootstrap_cluster_creator_admin_permissions: Whether or not IAM principal of the cluster creator was set as a cluster admin access entry during cluster creation time. Changing this value after the cluster has been created will result in the cluster being replaced. Default: true
@@ -21606,6 +21616,7 @@ class ClusterProps(ClusterOptions):
             check_type(argname="argument prune", value=prune, expected_type=type_hints["prune"])
             check_type(argname="argument remote_node_networks", value=remote_node_networks, expected_type=type_hints["remote_node_networks"])
             check_type(argname="argument remote_pod_networks", value=remote_pod_networks, expected_type=type_hints["remote_pod_networks"])
+            check_type(argname="argument removal_policy", value=removal_policy, expected_type=type_hints["removal_policy"])
             check_type(argname="argument secrets_encryption_key", value=secrets_encryption_key, expected_type=type_hints["secrets_encryption_key"])
             check_type(argname="argument service_ipv4_cidr", value=service_ipv4_cidr, expected_type=type_hints["service_ipv4_cidr"])
             check_type(argname="argument bootstrap_cluster_creator_admin_permissions", value=bootstrap_cluster_creator_admin_permissions, expected_type=type_hints["bootstrap_cluster_creator_admin_permissions"])
@@ -21669,6 +21680,8 @@ class ClusterProps(ClusterOptions):
             self._values["remote_node_networks"] = remote_node_networks
         if remote_pod_networks is not None:
             self._values["remote_pod_networks"] = remote_pod_networks
+        if removal_policy is not None:
+            self._values["removal_policy"] = removal_policy
         if secrets_encryption_key is not None:
             self._values["secrets_encryption_key"] = secrets_encryption_key
         if service_ipv4_cidr is not None:
@@ -21991,6 +22004,24 @@ class ClusterProps(ClusterOptions):
         result = self._values.get("remote_pod_networks")
         return typing.cast(typing.Optional[typing.List[RemotePodNetwork]], result)
 
+    @builtins.property
+    def removal_policy(self) -> typing.Optional[_RemovalPolicy_9f93c814]:
+        '''The removal policy applied to all CloudFormation resources created by this construct when they are no longer managed by CloudFormation.
+
+        This can happen in one of three situations:
+
+        - The resource is removed from the template, so CloudFormation stops managing it;
+        - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it;
+        - The stack is deleted, so CloudFormation stops managing all resources in it.
+
+        This affects the EKS cluster itself, associated IAM roles, node groups, security groups, VPC
+        and any other CloudFormation resources managed by this construct.
+
+        :default: - Resources will be deleted.
+        '''
+        result = self._values.get("removal_policy")
+        return typing.cast(typing.Optional[_RemovalPolicy_9f93c814], result)
+
     @builtins.property
     def secrets_encryption_key(self) -> typing.Optional[_IKeyRef_1e82344b]:
         '''KMS secret for envelope encryption for Kubernetes secrets.
@@ -22160,6 +22191,7 @@ class FargateCluster(
         prune: typing.Optional[builtins.bool] = None,
         remote_node_networks: typing.Optional[typing.Sequence[typing.Union[RemoteNodeNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
         remote_pod_networks: typing.Optional[typing.Sequence[typing.Union[RemotePodNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
+        removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
         secrets_encryption_key: typing.Optional[_IKeyRef_1e82344b] = None,
         service_ipv4_cidr: typing.Optional[builtins.str] = None,
         version: KubernetesVersion,
@@ -22194,6 +22226,7 @@ class FargateCluster(
         :param prune: Indicates whether Kubernetes resources added through ``addManifest()`` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the ``kubectl apply`` operation with the ``--prune`` switch. Default: true
         :param remote_node_networks: IPv4 CIDR blocks defining the expected address range of hybrid nodes that will join the cluster. Default: - none
         :param remote_pod_networks: IPv4 CIDR blocks for Pods running Kubernetes webhooks on hybrid nodes. Default: - none
+        :param removal_policy: The removal policy applied to all CloudFormation resources created by this construct when they are no longer managed by CloudFormation. This can happen in one of three situations: - The resource is removed from the template, so CloudFormation stops managing it; - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it; - The stack is deleted, so CloudFormation stops managing all resources in it. This affects the EKS cluster itself, associated IAM roles, node groups, security groups, VPC and any other CloudFormation resources managed by this construct. Default: - Resources will be deleted.
         :param secrets_encryption_key: KMS secret for envelope encryption for Kubernetes secrets. Default: - By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys.
         :param service_ipv4_cidr: The CIDR block to assign Kubernetes service IP addresses from. Default: - Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks
         :param version: The Kubernetes version to run in the cluster.
@@ -22230,6 +22263,7 @@ class FargateCluster(
             prune=prune,
             remote_node_networks=remote_node_networks,
             remote_pod_networks=remote_pod_networks,
+            removal_policy=removal_policy,
             secrets_encryption_key=secrets_encryption_key,
             service_ipv4_cidr=service_ipv4_cidr,
             version=version,
@@ -22288,6 +22322,7 @@ class FargateCluster(
         "prune": "prune",
         "remote_node_networks": "remoteNodeNetworks",
         "remote_pod_networks": "remotePodNetworks",
+        "removal_policy": "removalPolicy",
         "secrets_encryption_key": "secretsEncryptionKey",
         "service_ipv4_cidr": "serviceIpv4Cidr",
         "default_profile": "defaultProfile",
@@ -22324,6 +22359,7 @@ class FargateClusterProps(ClusterOptions):
         prune: typing.Optional[builtins.bool] = None,
         remote_node_networks: typing.Optional[typing.Sequence[typing.Union[RemoteNodeNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
         remote_pod_networks: typing.Optional[typing.Sequence[typing.Union[RemotePodNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
+        removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
         secrets_encryption_key: typing.Optional[_IKeyRef_1e82344b] = None,
         service_ipv4_cidr: typing.Optional[builtins.str] = None,
         default_profile: typing.Optional[typing.Union[FargateProfileOptions, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -22357,6 +22393,7 @@ class FargateClusterProps(ClusterOptions):
         :param prune: Indicates whether Kubernetes resources added through ``addManifest()`` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the ``kubectl apply`` operation with the ``--prune`` switch. Default: true
         :param remote_node_networks: IPv4 CIDR blocks defining the expected address range of hybrid nodes that will join the cluster. Default: - none
         :param remote_pod_networks: IPv4 CIDR blocks for Pods running Kubernetes webhooks on hybrid nodes. Default: - none
+        :param removal_policy: The removal policy applied to all CloudFormation resources created by this construct when they are no longer managed by CloudFormation. This can happen in one of three situations: - The resource is removed from the template, so CloudFormation stops managing it; - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it; - The stack is deleted, so CloudFormation stops managing all resources in it. This affects the EKS cluster itself, associated IAM roles, node groups, security groups, VPC and any other CloudFormation resources managed by this construct. Default: - Resources will be deleted.
         :param secrets_encryption_key: KMS secret for envelope encryption for Kubernetes secrets. Default: - By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys.
         :param service_ipv4_cidr: The CIDR block to assign Kubernetes service IP addresses from. Default: - Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks
         :param default_profile: Fargate Profile to create along with the cluster. Default: - A profile called "default" with 'default' and 'kube-system' selectors will be created if this is left undefined.
@@ -22406,6 +22443,7 @@ class FargateClusterProps(ClusterOptions):
             check_type(argname="argument prune", value=prune, expected_type=type_hints["prune"])
             check_type(argname="argument remote_node_networks", value=remote_node_networks, expected_type=type_hints["remote_node_networks"])
             check_type(argname="argument remote_pod_networks", value=remote_pod_networks, expected_type=type_hints["remote_pod_networks"])
+            check_type(argname="argument removal_policy", value=removal_policy, expected_type=type_hints["removal_policy"])
             check_type(argname="argument secrets_encryption_key", value=secrets_encryption_key, expected_type=type_hints["secrets_encryption_key"])
             check_type(argname="argument service_ipv4_cidr", value=service_ipv4_cidr, expected_type=type_hints["service_ipv4_cidr"])
             check_type(argname="argument default_profile", value=default_profile, expected_type=type_hints["default_profile"])
@@ -22463,6 +22501,8 @@ class FargateClusterProps(ClusterOptions):
             self._values["remote_node_networks"] = remote_node_networks
         if remote_pod_networks is not None:
             self._values["remote_pod_networks"] = remote_pod_networks
+        if removal_policy is not None:
+            self._values["removal_policy"] = removal_policy
         if secrets_encryption_key is not None:
             self._values["secrets_encryption_key"] = secrets_encryption_key
         if service_ipv4_cidr is not None:
@@ -22773,6 +22813,24 @@ class FargateClusterProps(ClusterOptions):
         result = self._values.get("remote_pod_networks")
         return typing.cast(typing.Optional[typing.List[RemotePodNetwork]], result)
 
+    @builtins.property
+    def removal_policy(self) -> typing.Optional[_RemovalPolicy_9f93c814]:
+        '''The removal policy applied to all CloudFormation resources created by this construct when they are no longer managed by CloudFormation.
+
+        This can happen in one of three situations:
+
+        - The resource is removed from the template, so CloudFormation stops managing it;
+        - A change to the resource is made that requires it to be replaced, so CloudFormation stops managing it;
+        - The stack is deleted, so CloudFormation stops managing all resources in it.
+
+        This affects the EKS cluster itself, associated IAM roles, node groups, security groups, VPC
+        and any other CloudFormation resources managed by this construct.
+
+        :default: - Resources will be deleted.
+        '''
+        result = self._values.get("removal_policy")
+        return typing.cast(typing.Optional[_RemovalPolicy_9f93c814], result)
+
     @builtins.property
     def secrets_encryption_key(self) -> typing.Optional[_IKeyRef_1e82344b]:
         '''KMS secret for envelope encryption for Kubernetes secrets.
@@ -24177,14 +24235,6 @@ def _typecheckingstub__45ff0728c7d6fc5f47c97aa791c327f70a32e19bdf463d94d9351053f
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__e553dfaf756fa282c5fbeb4ef4b974cf0a47d23084cd717224b1311e0a30eb24(
-    scope: _constructs_77d1e7e8.Construct,
-    id: builtins.str,
-    arn: builtins.str,
-) -> None:
-    """Type checking stubs"""
-    pass
-
 def _typecheckingstub__fb634c71637a3029d784eb1cc23e12801a6d069d381448751935635b986d50bc(
     inspector: _TreeInspector_488e0dd5,
 ) -> None:
@@ -24595,14 +24645,6 @@ def _typecheckingstub__d74e3378581d3898ad60f22c46414b34a44ce82bd54d09c56466afda9
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__68f38ef5ce6ebc1ca5dcde1b9e529ea13f0b01c2ccaa9863ca69bece85d4f6e6(
-    scope: _constructs_77d1e7e8.Construct,
-    id: builtins.str,
-    arn: builtins.str,
-) -> None:
-    """Type checking stubs"""
-    pass
-
 def _typecheckingstub__43ebc50d6c5b13856e87922886b34c19885bddbafafc65bf42a5e790bc129b85(
     inspector: _TreeInspector_488e0dd5,
 ) -> None:
@@ -25046,6 +25088,7 @@ def _typecheckingstub__786576ad54eacdb9ab8e92277c0fd07f813bc56d4243937f3b5a85c0c
     prune: typing.Optional[builtins.bool] = None,
     remote_node_networks: typing.Optional[typing.Sequence[typing.Union[RemoteNodeNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
     remote_pod_networks: typing.Optional[typing.Sequence[typing.Union[RemotePodNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
+    removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
     secrets_encryption_key: typing.Optional[_IKeyRef_1e82344b] = None,
     service_ipv4_cidr: typing.Optional[builtins.str] = None,
     version: KubernetesVersion,
@@ -25286,6 +25329,7 @@ def _typecheckingstub__0b45b97fda36b43e872f90f9fe4cde65de855b50b3acfd236c1f400ef
     prune: typing.Optional[builtins.bool] = None,
     remote_node_networks: typing.Optional[typing.Sequence[typing.Union[RemoteNodeNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
     remote_pod_networks: typing.Optional[typing.Sequence[typing.Union[RemotePodNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
+    removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
     secrets_encryption_key: typing.Optional[_IKeyRef_1e82344b] = None,
     service_ipv4_cidr: typing.Optional[builtins.str] = None,
 ) -> None:
@@ -25321,6 +25365,7 @@ def _typecheckingstub__ce7a73a63de29ba5e5b5cd5cabde7aca1c4bc7d119de52fc4c0f11d99
     prune: typing.Optional[builtins.bool] = None,
     remote_node_networks: typing.Optional[typing.Sequence[typing.Union[RemoteNodeNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
     remote_pod_networks: typing.Optional[typing.Sequence[typing.Union[RemotePodNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
+    removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
     secrets_encryption_key: typing.Optional[_IKeyRef_1e82344b] = None,
     service_ipv4_cidr: typing.Optional[builtins.str] = None,
     bootstrap_cluster_creator_admin_permissions: typing.Optional[builtins.bool] = None,
@@ -25358,6 +25403,7 @@ def _typecheckingstub__ae166d791f5d5176f3386726c22bc44afedf5d336437a3513e3740387
     prune: typing.Optional[builtins.bool] = None,
     remote_node_networks: typing.Optional[typing.Sequence[typing.Union[RemoteNodeNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
     remote_pod_networks: typing.Optional[typing.Sequence[typing.Union[RemotePodNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
+    removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
     secrets_encryption_key: typing.Optional[_IKeyRef_1e82344b] = None,
     service_ipv4_cidr: typing.Optional[builtins.str] = None,
     version: KubernetesVersion,
@@ -25401,6 +25447,7 @@ def _typecheckingstub__f11c7f989209f6213cb855d2846bb0b2b79a6a2b85eb0d65939e981df
     prune: typing.Optional[builtins.bool] = None,
     remote_node_networks: typing.Optional[typing.Sequence[typing.Union[RemoteNodeNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
     remote_pod_networks: typing.Optional[typing.Sequence[typing.Union[RemotePodNetwork, typing.Dict[builtins.str, typing.Any]]]] = None,
+    removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
     secrets_encryption_key: typing.Optional[_IKeyRef_1e82344b] = None,
     service_ipv4_cidr: typing.Optional[builtins.str] = None,
     default_profile: typing.Optional[typing.Union[FargateProfileOptions, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -25415,3 +25462,6 @@ def _typecheckingstub__b393c3f294ed9f8582743840eca786b8cd915c5b4df9d362597e69dbe
 ) -> None:
     """Type checking stubs"""
     pass
+
+for cls in [IAccessEntry, IAccessEntryRef, IAccessPolicy, IAddon, IAddonRef, ICluster, IClusterRef, IFargateProfileRef, IIdentityProviderConfigRef, IKubectlProvider, INodegroup, INodegroupRef, IPodIdentityAssociationRef]:
+    typing.cast(typing.Any, cls).__protocol_attrs__ = typing.cast(typing.Any, cls).__protocol_attrs__ - set(['__jsii_proxy_class__', '__jsii_type__'])

aws_cdk/aws_elasticache/__init__.py

@@ -10327,3 +10327,6 @@ def _typecheckingstub__f91d8988fa4ff59ae0f0f6e912aaa87f88df9ee98afddb86934a2611c
 ) -> None:
     """Type checking stubs"""
     pass
+
+for cls in [ICacheClusterRef, IGlobalReplicationGroupRef, IParameterGroupRef, IReplicationGroupRef, ISecurityGroupIngressRef, ISecurityGroupRef, IServerlessCacheRef, ISubnetGroupRef, IUserGroupRef, IUserRef]:
+    typing.cast(typing.Any, cls).__protocol_attrs__ = typing.cast(typing.Any, cls).__protocol_attrs__ - set(['__jsii_proxy_class__', '__jsii_type__'])

aws_cdk/aws_elasticbeanstalk/__init__.py

@@ -3370,3 +3370,6 @@ def _typecheckingstub__20ebf44ad0b64564e5b4154c6f5b2e8a52f2ed1b20db6288a5f6c8278
 ) -> None:
     """Type checking stubs"""
     pass
+
+for cls in [IApplicationRef, IApplicationVersionRef, IConfigurationTemplateRef, IEnvironmentRef]:
+    typing.cast(typing.Any, cls).__protocol_attrs__ = typing.cast(typing.Any, cls).__protocol_attrs__ - set(['__jsii_proxy_class__', '__jsii_type__'])

aws_cdk/aws_elasticloadbalancing/__init__.py

@@ -3129,3 +3129,6 @@ def _typecheckingstub__59a10349817ed5e601360f9aae1ffe6f0222e05d576372a8f753e0362
 ) -> None:
     """Type checking stubs"""
     pass
+
+for cls in [ILoadBalancerRef, ILoadBalancerTarget]:
+    typing.cast(typing.Any, cls).__protocol_attrs__ = typing.cast(typing.Any, cls).__protocol_attrs__ - set(['__jsii_proxy_class__', '__jsii_type__'])