aws-cdk-lib 2.96.2__py3-none-any.whl → 2.97.1__py3-none-any.whl

aws_cdk/aws_iam/__init__.py

@@ -2350,7 +2350,8 @@ class CfnManagedPolicy(
     @builtins.property
     @jsii.member(jsii_name="attrAttachmentCount")
     def attr_attachment_count(self) -> jsii.Number:
-        '''
+        '''The number of entities (users, groups, and roles) that the policy is attached to.
+
         :cloudformationAttribute: AttachmentCount
         '''
         return typing.cast(jsii.Number, jsii.get(self, "attrAttachmentCount"))
@@ -2358,7 +2359,8 @@ class CfnManagedPolicy(
     @builtins.property
     @jsii.member(jsii_name="attrCreateDate")
     def attr_create_date(self) -> builtins.str:
-        '''
+        '''The date and time, in ISO 8601 date-time format, when the policy was created.
+
         :cloudformationAttribute: CreateDate
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrCreateDate"))
@@ -2366,23 +2368,17 @@ class CfnManagedPolicy(
     @builtins.property
     @jsii.member(jsii_name="attrDefaultVersionId")
     def attr_default_version_id(self) -> builtins.str:
-        '''
+        '''The identifier for the version of the policy that is set as the default version.
+
         :cloudformationAttribute: DefaultVersionId
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrDefaultVersionId"))
 
-    @builtins.property
-    @jsii.member(jsii_name="attrId")
-    def attr_id(self) -> builtins.str:
-        '''
-        :cloudformationAttribute: Id
-        '''
-        return typing.cast(builtins.str, jsii.get(self, "attrId"))
-
     @builtins.property
     @jsii.member(jsii_name="attrIsAttachable")
     def attr_is_attachable(self) -> _IResolvable_da3f097b:
-        '''
+        '''Specifies whether the policy can be attached to an IAM user, group, or role.
+
         :cloudformationAttribute: IsAttachable
         '''
         return typing.cast(_IResolvable_da3f097b, jsii.get(self, "attrIsAttachable"))
@@ -2390,7 +2386,8 @@ class CfnManagedPolicy(
     @builtins.property
     @jsii.member(jsii_name="attrPermissionsBoundaryUsageCount")
     def attr_permissions_boundary_usage_count(self) -> jsii.Number:
-        '''
+        '''The number of entities (users and roles) for which the policy is used to set the permissions boundary.
+
         :cloudformationAttribute: PermissionsBoundaryUsageCount
         '''
         return typing.cast(jsii.Number, jsii.get(self, "attrPermissionsBoundaryUsageCount"))
@@ -2398,7 +2395,8 @@ class CfnManagedPolicy(
     @builtins.property
     @jsii.member(jsii_name="attrPolicyArn")
     def attr_policy_arn(self) -> builtins.str:
-        '''
+        '''Amazon Resource Name (ARN) of the managed policy.
+
         :cloudformationAttribute: PolicyArn
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrPolicyArn"))
@@ -2406,7 +2404,8 @@ class CfnManagedPolicy(
     @builtins.property
     @jsii.member(jsii_name="attrPolicyId")
     def attr_policy_id(self) -> builtins.str:
-        '''
+        '''The stable and unique string identifying the policy.
+
         :cloudformationAttribute: PolicyId
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrPolicyId"))
@@ -2414,7 +2413,8 @@ class CfnManagedPolicy(
     @builtins.property
     @jsii.member(jsii_name="attrUpdateDate")
     def attr_update_date(self) -> builtins.str:
-        '''
+        '''The date and time, in ISO 8601 date-time format, when the policy was last updated.
+
         :cloudformationAttribute: UpdateDate
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrUpdateDate"))
@@ -3424,7 +3424,7 @@ class CfnRole(
         :param description: A description of the role that you provide.
         :param managed_policy_arns: A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role. For more information about ARNs, see `Amazon Resource Names (ARNs) and AWS Service Namespaces <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html>`_ in the *AWS General Reference* .
         :param max_session_duration: The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours. Anyone who assumes the role from the AWS CLI or API can use the ``DurationSeconds`` API parameter or the ``duration-seconds`` AWS CLI parameter to request a longer session. The ``MaxSessionDuration`` setting determines the maximum duration that can be requested using the ``DurationSeconds`` parameter. If users don't specify a value for the ``DurationSeconds`` parameter, their security credentials are valid for one hour by default. This applies when you use the ``AssumeRole*`` API operations or the ``assume-role*`` AWS CLI operations but does not apply when you use those operations to create a console URL. For more information, see `Using IAM roles <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html>`_ in the *IAM User Guide* .
-        :param path: The path to the role. For more information about paths, see `IAM Identifiers <https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html>`_ in the *IAM User Guide* . This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its `regex pattern <https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex>`_ ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( ``\\u0021`` ) through the DEL character ( ``\\u007F`` ), including most punctuation characters, digits, and upper and lowercased letters.
+        :param path: The path to the role. For more information about paths, see `IAM Identifiers <https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html>`_ in the *IAM User Guide* . This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its `regex pattern <https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex>`_ ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( ``\\u0021`` ) through the DEL character ( ``\\u007F`` ), including most punctuation characters, digits, and upper and lowercased letters. Default: - "/"
         :param permissions_boundary: The ARN of the policy used to set the permissions boundary for the role. For more information about permissions boundaries, see `Permissions boundaries for IAM identities <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html>`_ in the *IAM User Guide* .
         :param policies: Adds or updates an inline policy document that is embedded in the specified IAM role. When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to `Using Roles to Delegate Permissions and Federate Identities <https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html>`_ . A role can also have an attached managed policy. For information about policies, see `Managed Policies and Inline Policies <https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html>`_ in the *IAM User Guide* . For information about limits on the number of inline policies that you can embed with a role, see `Limitations on IAM Entities <https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html>`_ in the *IAM User Guide* . .. epigraph:: If an external policy (such as ``AWS::IAM::Policy`` or ``AWS::IAM::ManagedPolicy`` ) has a ``Ref`` to a role and if a resource (such as ``AWS::ECS::Service`` ) also has a ``Ref`` to the same role, add a ``DependsOn`` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an ``AWS::ECS::Service`` resource, the ``DependsOn`` attribute ensures that AWS CloudFormation deletes the ``AWS::ECS::Service`` resource before deleting its role's policy.
         :param role_name: A name for the IAM role, up to 64 characters in length. For valid values, see the ``RoleName`` parameter for the ```CreateRole`` <https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html>`_ action in the *IAM User Guide* . This parameter allows (per its `regex pattern <https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex>`_ ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1". If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the role name. If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see `Acknowledging IAM Resources in AWS CloudFormation Templates <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities>`_ . .. epigraph:: Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}`` .
@@ -4003,7 +4003,7 @@ class CfnRoleProps:
         :param description: A description of the role that you provide.
         :param managed_policy_arns: A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role. For more information about ARNs, see `Amazon Resource Names (ARNs) and AWS Service Namespaces <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html>`_ in the *AWS General Reference* .
         :param max_session_duration: The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours. Anyone who assumes the role from the AWS CLI or API can use the ``DurationSeconds`` API parameter or the ``duration-seconds`` AWS CLI parameter to request a longer session. The ``MaxSessionDuration`` setting determines the maximum duration that can be requested using the ``DurationSeconds`` parameter. If users don't specify a value for the ``DurationSeconds`` parameter, their security credentials are valid for one hour by default. This applies when you use the ``AssumeRole*`` API operations or the ``assume-role*`` AWS CLI operations but does not apply when you use those operations to create a console URL. For more information, see `Using IAM roles <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html>`_ in the *IAM User Guide* .
-        :param path: The path to the role. For more information about paths, see `IAM Identifiers <https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html>`_ in the *IAM User Guide* . This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its `regex pattern <https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex>`_ ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( ``\\u0021`` ) through the DEL character ( ``\\u007F`` ), including most punctuation characters, digits, and upper and lowercased letters.
+        :param path: The path to the role. For more information about paths, see `IAM Identifiers <https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html>`_ in the *IAM User Guide* . This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its `regex pattern <https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex>`_ ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( ``\\u0021`` ) through the DEL character ( ``\\u007F`` ), including most punctuation characters, digits, and upper and lowercased letters. Default: - "/"
         :param permissions_boundary: The ARN of the policy used to set the permissions boundary for the role. For more information about permissions boundaries, see `Permissions boundaries for IAM identities <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html>`_ in the *IAM User Guide* .
         :param policies: Adds or updates an inline policy document that is embedded in the specified IAM role. When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to `Using Roles to Delegate Permissions and Federate Identities <https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html>`_ . A role can also have an attached managed policy. For information about policies, see `Managed Policies and Inline Policies <https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html>`_ in the *IAM User Guide* . For information about limits on the number of inline policies that you can embed with a role, see `Limitations on IAM Entities <https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html>`_ in the *IAM User Guide* . .. epigraph:: If an external policy (such as ``AWS::IAM::Policy`` or ``AWS::IAM::ManagedPolicy`` ) has a ``Ref`` to a role and if a resource (such as ``AWS::ECS::Service`` ) also has a ``Ref`` to the same role, add a ``DependsOn`` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an ``AWS::ECS::Service`` resource, the ``DependsOn`` attribute ensures that AWS CloudFormation deletes the ``AWS::ECS::Service`` resource before deleting its role's policy.
         :param role_name: A name for the IAM role, up to 64 characters in length. For valid values, see the ``RoleName`` parameter for the ```CreateRole`` <https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html>`_ action in the *IAM User Guide* . This parameter allows (per its `regex pattern <https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex>`_ ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1". If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the role name. If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see `Acknowledging IAM Resources in AWS CloudFormation Templates <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities>`_ . .. epigraph:: Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}`` .
@@ -4125,6 +4125,8 @@ class CfnRoleProps:
 
         This parameter allows (through its `regex pattern <https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex>`_ ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( ``\\u0021`` ) through the DEL character ( ``\\u007F`` ), including most punctuation characters, digits, and upper and lowercased letters.
 
+        :default: - "/"
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-path
         '''
         result = self._values.get("path")

aws_cdk/aws_iotwireless/__init__.py

@@ -72,10 +72,10 @@ class CfnDestination(
             expression="expression",
             expression_type="expressionType",
             name="name",
-            role_arn="roleArn",
         
             # the properties below are optional
             description="description",
+            role_arn="roleArn",
             tags=[CfnTag(
                 key="key",
                 value="value"
@@ -91,8 +91,8 @@ class CfnDestination(
         expression: builtins.str,
         expression_type: builtins.str,
         name: builtins.str,
-        role_arn: builtins.str,
         description: typing.Optional[builtins.str] = None,
+        role_arn: typing.Optional[builtins.str] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''
@@ -101,8 +101,8 @@ class CfnDestination(
         :param expression: The rule name to send messages to.
         :param expression_type: The type of value in ``Expression`` .
         :param name: The name of the new resource.
-        :param role_arn: The ARN of the IAM Role that authorizes the destination.
         :param description: The description of the new resource. Maximum length is 2048 characters.
+        :param role_arn: The ARN of the IAM Role that authorizes the destination.
         :param tags: The tags are an array of key-value pairs to attach to the specified resource. Tags can have a minimum of 0 and a maximum of 50 items.
         '''
         if __debug__:
@@ -113,8 +113,8 @@ class CfnDestination(
             expression=expression,
             expression_type=expression_type,
             name=name,
-            role_arn=role_arn,
             description=description,
+            role_arn=role_arn,
             tags=tags,
         )
 
@@ -209,19 +209,6 @@ class CfnDestination(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "name", value)
 
-    @builtins.property
-    @jsii.member(jsii_name="roleArn")
-    def role_arn(self) -> builtins.str:
-        '''The ARN of the IAM Role that authorizes the destination.'''
-        return typing.cast(builtins.str, jsii.get(self, "roleArn"))
-
-    @role_arn.setter
-    def role_arn(self, value: builtins.str) -> None:
-        if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__7b60aa4ef5f47c4662f7208269db494d81166701afac30be03ebe87711d08ef4)
-            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "roleArn", value)
-
     @builtins.property
     @jsii.member(jsii_name="description")
     def description(self) -> typing.Optional[builtins.str]:
@@ -235,6 +222,19 @@ class CfnDestination(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "description", value)
 
+    @builtins.property
+    @jsii.member(jsii_name="roleArn")
+    def role_arn(self) -> typing.Optional[builtins.str]:
+        '''The ARN of the IAM Role that authorizes the destination.'''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "roleArn"))
+
+    @role_arn.setter
+    def role_arn(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__7b60aa4ef5f47c4662f7208269db494d81166701afac30be03ebe87711d08ef4)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "roleArn", value)
+
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
     def tags_raw(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
@@ -256,8 +256,8 @@ class CfnDestination(
         "expression": "expression",
         "expression_type": "expressionType",
         "name": "name",
-        "role_arn": "roleArn",
         "description": "description",
+        "role_arn": "roleArn",
         "tags": "tags",
     },
 )
@@ -268,8 +268,8 @@ class CfnDestinationProps:
         expression: builtins.str,
         expression_type: builtins.str,
         name: builtins.str,
-        role_arn: builtins.str,
         description: typing.Optional[builtins.str] = None,
+        role_arn: typing.Optional[builtins.str] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''Properties for defining a ``CfnDestination``.
@@ -277,8 +277,8 @@ class CfnDestinationProps:
         :param expression: The rule name to send messages to.
         :param expression_type: The type of value in ``Expression`` .
         :param name: The name of the new resource.
-        :param role_arn: The ARN of the IAM Role that authorizes the destination.
         :param description: The description of the new resource. Maximum length is 2048 characters.
+        :param role_arn: The ARN of the IAM Role that authorizes the destination.
         :param tags: The tags are an array of key-value pairs to attach to the specified resource. Tags can have a minimum of 0 and a maximum of 50 items.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iotwireless-destination.html
@@ -294,10 +294,10 @@ class CfnDestinationProps:
                 expression="expression",
                 expression_type="expressionType",
                 name="name",
-                role_arn="roleArn",
             
                 # the properties below are optional
                 description="description",
+                role_arn="roleArn",
                 tags=[CfnTag(
                     key="key",
                     value="value"
@@ -309,17 +309,18 @@ class CfnDestinationProps:
             check_type(argname="argument expression", value=expression, expected_type=type_hints["expression"])
             check_type(argname="argument expression_type", value=expression_type, expected_type=type_hints["expression_type"])
             check_type(argname="argument name", value=name, expected_type=type_hints["name"])
-            check_type(argname="argument role_arn", value=role_arn, expected_type=type_hints["role_arn"])
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
+            check_type(argname="argument role_arn", value=role_arn, expected_type=type_hints["role_arn"])
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "expression": expression,
             "expression_type": expression_type,
             "name": name,
-            "role_arn": role_arn,
         }
         if description is not None:
             self._values["description"] = description
+        if role_arn is not None:
+            self._values["role_arn"] = role_arn
         if tags is not None:
             self._values["tags"] = tags
 
@@ -353,16 +354,6 @@ class CfnDestinationProps:
         assert result is not None, "Required property 'name' is missing"
         return typing.cast(builtins.str, result)
 
-    @builtins.property
-    def role_arn(self) -> builtins.str:
-        '''The ARN of the IAM Role that authorizes the destination.
-
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iotwireless-destination.html#cfn-iotwireless-destination-rolearn
-        '''
-        result = self._values.get("role_arn")
-        assert result is not None, "Required property 'role_arn' is missing"
-        return typing.cast(builtins.str, result)
-
     @builtins.property
     def description(self) -> typing.Optional[builtins.str]:
         '''The description of the new resource.
@@ -374,6 +365,15 @@ class CfnDestinationProps:
         result = self._values.get("description")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def role_arn(self) -> typing.Optional[builtins.str]:
+        '''The ARN of the IAM Role that authorizes the destination.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iotwireless-destination.html#cfn-iotwireless-destination-rolearn
+        '''
+        result = self._values.get("role_arn")
+        return typing.cast(typing.Optional[builtins.str], result)
+
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
         '''The tags are an array of key-value pairs to attach to the specified resource.
@@ -3422,22 +3422,6 @@ class CfnServiceProfile(
         '''
         return typing.cast(_IResolvable_da3f097b, jsii.get(self, "attrLoRaWanNwkGeoLoc"))
 
-    @builtins.property
-    @jsii.member(jsii_name="attrLoRaWanPrAllowed")
-    def attr_lo_ra_wan_pr_allowed(self) -> _IResolvable_da3f097b:
-        '''
-        :cloudformationAttribute: LoRaWAN.PrAllowed
-        '''
-        return typing.cast(_IResolvable_da3f097b, jsii.get(self, "attrLoRaWanPrAllowed"))
-
-    @builtins.property
-    @jsii.member(jsii_name="attrLoRaWanRaAllowed")
-    def attr_lo_ra_wan_ra_allowed(self) -> _IResolvable_da3f097b:
-        '''
-        :cloudformationAttribute: LoRaWAN.RaAllowed
-        '''
-        return typing.cast(_IResolvable_da3f097b, jsii.get(self, "attrLoRaWanRaAllowed"))
-
     @builtins.property
     @jsii.member(jsii_name="attrLoRaWanReportDevStatusBattery")
     def attr_lo_ra_wan_report_dev_status_battery(self) -> _IResolvable_da3f097b:
@@ -7023,8 +7007,8 @@ def _typecheckingstub__f61ecfaf93e3a5ee3c176667153d7633c25d7bc246a1af5b680196650
     expression: builtins.str,
     expression_type: builtins.str,
     name: builtins.str,
-    role_arn: builtins.str,
     description: typing.Optional[builtins.str] = None,
+    role_arn: typing.Optional[builtins.str] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""
@@ -7060,13 +7044,13 @@ def _typecheckingstub__e4a7e2be1c3626a0831a317f8384bfaac10f081d96e1d52fdf7e7d168
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__7b60aa4ef5f47c4662f7208269db494d81166701afac30be03ebe87711d08ef4(
-    value: builtins.str,
+def _typecheckingstub__54343b07a7027d746812e326d1dd346e2f583fb1042ea98ffa3720e14655d56f(
+    value: typing.Optional[builtins.str],
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__54343b07a7027d746812e326d1dd346e2f583fb1042ea98ffa3720e14655d56f(
+def _typecheckingstub__7b60aa4ef5f47c4662f7208269db494d81166701afac30be03ebe87711d08ef4(
     value: typing.Optional[builtins.str],
 ) -> None:
     """Type checking stubs"""
@@ -7083,8 +7067,8 @@ def _typecheckingstub__f7257e0c4b674f84972a8cd47754e3ce09588804469529ea8a4efd68a
     expression: builtins.str,
     expression_type: builtins.str,
     name: builtins.str,
-    role_arn: builtins.str,
     description: typing.Optional[builtins.str] = None,
+    role_arn: typing.Optional[builtins.str] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
     """Type checking stubs"""

aws_cdk/aws_lakeformation/__init__.py

@@ -644,12 +644,12 @@ class CfnDataLakeSettings(
         :param id: Construct identifier for this resource (unique in its scope).
         :param admins: A list of AWS Lake Formation principals.
         :param allow_external_data_filtering: Whether to allow Amazon EMR clusters or other third-party query engines to access data managed by Lake Formation . If set to true, you allow Amazon EMR clusters or other third-party engines to access data in Amazon S3 locations that are registered with Lake Formation . If false or null, no third-party query engines will be able to access data in Amazon S3 locations that are registered with Lake Formation. For more information, see `External data filtering setting <https://docs.aws.amazon.com/lake-formation/latest/dg/initial-LF-setup.html#external-data-filter>`_ .
-        :param allow_full_table_external_data_access: 
+        :param allow_full_table_external_data_access: Specifies whether query engines and applications can get credentials without IAM session tags if the user has full table access. It provides query engines and applications performance benefits as well as simplifies data access. Amazon EMR on Amazon EC2 is able to leverage this setting. For more information, see ` <https://docs.aws.amazon.com/lake-formation/latest/dg/using-cred-vending.html>`_
         :param authorized_session_tag_value_list: Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it. Lake Formation will publish the acceptable key-value pair, for example key = "LakeFormationTrustedCaller" and value = "TRUE" and the third party integrator must properly tag the temporary security credentials that will be used to call Lake Formation 's administrative API operations.
         :param create_database_default_permissions: Specifies whether access control on a newly created database is managed by Lake Formation permissions or exclusively by IAM permissions. A null value indicates that the access is controlled by Lake Formation permissions. ``ALL`` permissions assigned to ``IAM_ALLOWED_PRINCIPALS`` group indicates that the user's IAM permissions determine the access to the database. This is referred to as the setting "Use only IAM access control," and is to support backward compatibility with the AWS Glue permission model implemented by IAM permissions. The only permitted values are an empty array or an array that contains a single JSON object that grants ``ALL`` to ``IAM_ALLOWED_PRINCIPALS`` . For more information, see `Changing the default security settings for your data lake <https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html>`_ .
         :param create_table_default_permissions: Specifies whether access control on a newly created table is managed by Lake Formation permissions or exclusively by IAM permissions. A null value indicates that the access is controlled by Lake Formation permissions. ``ALL`` permissions assigned to ``IAM_ALLOWED_PRINCIPALS`` group indicate that the user's IAM permissions determine the access to the table. This is referred to as the setting "Use only IAM access control," and is to support the backward compatibility with the AWS Glue permission model implemented by IAM permissions. The only permitted values are an empty array or an array that contains a single JSON object that grants ``ALL`` permissions to ``IAM_ALLOWED_PRINCIPALS`` . For more information, see `Changing the default security settings for your data lake <https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html>`_ .
         :param external_data_filtering_allow_list: A list of the account IDs of AWS accounts with Amazon EMR clusters or third-party engines that are allwed to perform data filtering.
-        :param mutation_type: 
+        :param mutation_type: Specifies whether the data lake settings are updated by adding new values to the current settings ( ``APPEND`` ) or by replacing the current settings with new settings ( ``REPLACE`` ). .. epigraph:: If you choose ``REPLACE`` , your current data lake settings will be replaced with the new values in your template.
         :param parameters: A key-value map that provides an additional configuration on your data lake. ``CrossAccountVersion`` is the key you can configure in the ``Parameters`` field. Accepted values for the ``CrossAccountVersion`` key are 1, 2, and 3.
         :param trusted_resource_owners: An array of UTF-8 strings. A list of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). The user ARNs can be logged in the resource owner's CloudTrail log. You may want to specify this property when you are in a high-trust boundary, such as the same team or company.
         '''
@@ -756,6 +756,7 @@ class CfnDataLakeSettings(
     def allow_full_table_external_data_access(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
+        '''Specifies whether query engines and applications can get credentials without IAM session tags if the user has full table access.'''
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "allowFullTableExternalDataAccess"))
 
     @allow_full_table_external_data_access.setter
@@ -843,6 +844,7 @@ class CfnDataLakeSettings(
     @builtins.property
     @jsii.member(jsii_name="mutationType")
     def mutation_type(self) -> typing.Optional[builtins.str]:
+        '''Specifies whether the data lake settings are updated by adding new values to the current settings ( ``APPEND`` ) or by replacing the current settings with new settings ( ``REPLACE`` ).'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "mutationType"))
 
     @mutation_type.setter
@@ -1188,12 +1190,12 @@ class CfnDataLakeSettingsProps:
 
         :param admins: A list of AWS Lake Formation principals.
         :param allow_external_data_filtering: Whether to allow Amazon EMR clusters or other third-party query engines to access data managed by Lake Formation . If set to true, you allow Amazon EMR clusters or other third-party engines to access data in Amazon S3 locations that are registered with Lake Formation . If false or null, no third-party query engines will be able to access data in Amazon S3 locations that are registered with Lake Formation. For more information, see `External data filtering setting <https://docs.aws.amazon.com/lake-formation/latest/dg/initial-LF-setup.html#external-data-filter>`_ .
-        :param allow_full_table_external_data_access: 
+        :param allow_full_table_external_data_access: Specifies whether query engines and applications can get credentials without IAM session tags if the user has full table access. It provides query engines and applications performance benefits as well as simplifies data access. Amazon EMR on Amazon EC2 is able to leverage this setting. For more information, see ` <https://docs.aws.amazon.com/lake-formation/latest/dg/using-cred-vending.html>`_
         :param authorized_session_tag_value_list: Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it. Lake Formation will publish the acceptable key-value pair, for example key = "LakeFormationTrustedCaller" and value = "TRUE" and the third party integrator must properly tag the temporary security credentials that will be used to call Lake Formation 's administrative API operations.
         :param create_database_default_permissions: Specifies whether access control on a newly created database is managed by Lake Formation permissions or exclusively by IAM permissions. A null value indicates that the access is controlled by Lake Formation permissions. ``ALL`` permissions assigned to ``IAM_ALLOWED_PRINCIPALS`` group indicates that the user's IAM permissions determine the access to the database. This is referred to as the setting "Use only IAM access control," and is to support backward compatibility with the AWS Glue permission model implemented by IAM permissions. The only permitted values are an empty array or an array that contains a single JSON object that grants ``ALL`` to ``IAM_ALLOWED_PRINCIPALS`` . For more information, see `Changing the default security settings for your data lake <https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html>`_ .
         :param create_table_default_permissions: Specifies whether access control on a newly created table is managed by Lake Formation permissions or exclusively by IAM permissions. A null value indicates that the access is controlled by Lake Formation permissions. ``ALL`` permissions assigned to ``IAM_ALLOWED_PRINCIPALS`` group indicate that the user's IAM permissions determine the access to the table. This is referred to as the setting "Use only IAM access control," and is to support the backward compatibility with the AWS Glue permission model implemented by IAM permissions. The only permitted values are an empty array or an array that contains a single JSON object that grants ``ALL`` permissions to ``IAM_ALLOWED_PRINCIPALS`` . For more information, see `Changing the default security settings for your data lake <https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html>`_ .
         :param external_data_filtering_allow_list: A list of the account IDs of AWS accounts with Amazon EMR clusters or third-party engines that are allwed to perform data filtering.
-        :param mutation_type: 
+        :param mutation_type: Specifies whether the data lake settings are updated by adding new values to the current settings ( ``APPEND`` ) or by replacing the current settings with new settings ( ``REPLACE`` ). .. epigraph:: If you choose ``REPLACE`` , your current data lake settings will be replaced with the new values in your template.
         :param parameters: A key-value map that provides an additional configuration on your data lake. ``CrossAccountVersion`` is the key you can configure in the ``Parameters`` field. Accepted values for the ``CrossAccountVersion`` key are 1, 2, and 3.
         :param trusted_resource_owners: An array of UTF-8 strings. A list of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). The user ARNs can be logged in the resource owner's CloudTrail log. You may want to specify this property when you are in a high-trust boundary, such as the same team or company.
 
@@ -1301,7 +1303,12 @@ class CfnDataLakeSettingsProps:
     def allow_full_table_external_data_access(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''
+        '''Specifies whether query engines and applications can get credentials without IAM session tags if the user has full table access.
+
+        It provides query engines and applications performance benefits as well as simplifies data access. Amazon EMR on Amazon EC2 is able to leverage this setting.
+
+        For more information, see ` <https://docs.aws.amazon.com/lake-formation/latest/dg/using-cred-vending.html>`_
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lakeformation-datalakesettings.html#cfn-lakeformation-datalakesettings-allowfulltableexternaldataaccess
         '''
         result = self._values.get("allow_full_table_external_data_access")
@@ -1367,7 +1374,12 @@ class CfnDataLakeSettingsProps:
 
     @builtins.property
     def mutation_type(self) -> typing.Optional[builtins.str]:
-        '''
+        '''Specifies whether the data lake settings are updated by adding new values to the current settings ( ``APPEND`` ) or by replacing the current settings with new settings ( ``REPLACE`` ).
+
+        .. epigraph::
+
+           If you choose ``REPLACE`` , your current data lake settings will be replaced with the new values in your template.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lakeformation-datalakesettings.html#cfn-lakeformation-datalakesettings-mutationtype
         '''
         result = self._values.get("mutation_type")

aws_cdk/aws_lambda/__init__.py

@@ -6446,7 +6446,7 @@ class CfnFunction(
         ) -> None:
             '''The `deployment package <https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html>`_ for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template.
 
-            Changes to a deployment package in Amazon S3 are not detected automatically during stack updates. To update the function code, change the object key or version in the template.
+            Changes to a deployment package in Amazon S3 or a container image in ECR are not detected automatically during stack updates. To update the function code, change the object key or version in the template.
 
             :param image_uri: URI of a `container image <https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html>`_ in the Amazon ECR registry.
             :param s3_bucket: An Amazon S3 bucket in the same AWS Region as your function. The bucket can be in a different AWS account .