aws-cdk-lib 2.96.2__py3-none-any.whl → 2.97.1__py3-none-any.whl

aws_cdk/aws_cognito/__init__.py

@@ -10600,7 +10600,7 @@ class CfnUserPoolUser(
         :param force_alias_creation: This parameter is used only if the ``phone_number_verified`` or ``email_verified`` attribute is set to ``True`` . Otherwise, it is ignored. If this parameter is set to ``True`` and the phone number or email address specified in the UserAttributes parameter already exists as an alias with a different user, the API call will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. If this parameter is set to ``False`` , the API throws an ``AliasExistsException`` error if the alias already exists. The default value is ``False`` .
         :param message_action: Set to ``RESEND`` to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to ``SUPPRESS`` to suppress sending the message. You can specify only one value.
         :param user_attributes: The user attributes and attribute values to be set for the user to be created. These are name-value pairs You can create a user without specifying any attributes other than ``Username`` . However, any attributes that you specify as required (in ` <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html>`_ or in the *Attributes* tab of the console) must be supplied either by you (in your call to ``AdminCreateUser`` ) or by the user (when they sign up in response to your welcome message). For custom attributes, you must prepend the ``custom:`` prefix to the attribute name. To send a message inviting the user to sign up, you must specify the user's email address or phone number. This can be done in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools. In your call to ``AdminCreateUser`` , you can set the ``email_verified`` attribute to ``True`` , and you can set the ``phone_number_verified`` attribute to ``True`` . (You can also do this by calling ` <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html>`_ .) - *email* : The email address of the user to whom the message that contains the code and user name will be sent. Required if the ``email_verified`` attribute is set to ``True`` , or if ``"EMAIL"`` is specified in the ``DesiredDeliveryMediums`` parameter. - *phone_number* : The phone number of the user to whom the message that contains the code and user name will be sent. Required if the ``phone_number_verified`` attribute is set to ``True`` , or if ``"SMS"`` is specified in the ``DesiredDeliveryMediums`` parameter.
-        :param username: The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username can't be changed.
+        :param username: The value that you want to set as the username sign-in attribute. The following conditions apply to the username parameter. - The username can't be a duplicate of another username in the same user pool. - You can't change the value of a username after you create it. - You can only provide a value if usernames are a valid sign-in attribute for your user pool. If your user pool only supports phone numbers or email addresses as sign-in attributes, Amazon Cognito automatically generates a username value. For more information, see `Customizing sign-in attributes <https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases>`_ .
         :param validation_data: The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. For example, you might choose to allow or disallow user sign-up based on the user's domain. To configure custom validation, you must create a Pre Sign-up AWS Lambda trigger for the user pool as described in the Amazon Cognito Developer Guide. The Lambda trigger receives the validation data and uses it in the validation process. The user's validation data isn't persisted.
         '''
         if __debug__:
@@ -10757,7 +10757,7 @@ class CfnUserPoolUser(
     @builtins.property
     @jsii.member(jsii_name="username")
     def username(self) -> typing.Optional[builtins.str]:
-        '''The username for the user.'''
+        '''The value that you want to set as the username sign-in attribute.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "username"))
 
     @username.setter
@@ -10891,7 +10891,7 @@ class CfnUserPoolUserProps:
         :param force_alias_creation: This parameter is used only if the ``phone_number_verified`` or ``email_verified`` attribute is set to ``True`` . Otherwise, it is ignored. If this parameter is set to ``True`` and the phone number or email address specified in the UserAttributes parameter already exists as an alias with a different user, the API call will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. If this parameter is set to ``False`` , the API throws an ``AliasExistsException`` error if the alias already exists. The default value is ``False`` .
         :param message_action: Set to ``RESEND`` to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to ``SUPPRESS`` to suppress sending the message. You can specify only one value.
         :param user_attributes: The user attributes and attribute values to be set for the user to be created. These are name-value pairs You can create a user without specifying any attributes other than ``Username`` . However, any attributes that you specify as required (in ` <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html>`_ or in the *Attributes* tab of the console) must be supplied either by you (in your call to ``AdminCreateUser`` ) or by the user (when they sign up in response to your welcome message). For custom attributes, you must prepend the ``custom:`` prefix to the attribute name. To send a message inviting the user to sign up, you must specify the user's email address or phone number. This can be done in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools. In your call to ``AdminCreateUser`` , you can set the ``email_verified`` attribute to ``True`` , and you can set the ``phone_number_verified`` attribute to ``True`` . (You can also do this by calling ` <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html>`_ .) - *email* : The email address of the user to whom the message that contains the code and user name will be sent. Required if the ``email_verified`` attribute is set to ``True`` , or if ``"EMAIL"`` is specified in the ``DesiredDeliveryMediums`` parameter. - *phone_number* : The phone number of the user to whom the message that contains the code and user name will be sent. Required if the ``phone_number_verified`` attribute is set to ``True`` , or if ``"SMS"`` is specified in the ``DesiredDeliveryMediums`` parameter.
-        :param username: The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username can't be changed.
+        :param username: The value that you want to set as the username sign-in attribute. The following conditions apply to the username parameter. - The username can't be a duplicate of another username in the same user pool. - You can't change the value of a username after you create it. - You can only provide a value if usernames are a valid sign-in attribute for your user pool. If your user pool only supports phone numbers or email addresses as sign-in attributes, Amazon Cognito automatically generates a username value. For more information, see `Customizing sign-in attributes <https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases>`_ .
         :param validation_data: The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. For example, you might choose to allow or disallow user sign-up based on the user's domain. To configure custom validation, you must create a Pre Sign-up AWS Lambda trigger for the user pool as described in the Amazon Cognito Developer Guide. The Lambda trigger receives the validation data and uses it in the validation process. The user's validation data isn't persisted.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooluser.html
@@ -11045,9 +11045,13 @@ class CfnUserPoolUserProps:
 
     @builtins.property
     def username(self) -> typing.Optional[builtins.str]:
-        '''The username for the user.
+        '''The value that you want to set as the username sign-in attribute.
 
-        Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username can't be changed.
+        The following conditions apply to the username parameter.
+
+        - The username can't be a duplicate of another username in the same user pool.
+        - You can't change the value of a username after you create it.
+        - You can only provide a value if usernames are a valid sign-in attribute for your user pool. If your user pool only supports phone numbers or email addresses as sign-in attributes, Amazon Cognito automatically generates a username value. For more information, see `Customizing sign-in attributes <https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooluser.html#cfn-cognito-userpooluser-username
         '''
@@ -11091,14 +11095,6 @@ class CfnUserPoolUserToGroupAttachment(
 ):
     '''Adds the specified user to the specified group.
 
-    .. epigraph::
-
-       Amazon Cognito evaluates AWS Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
-
-       **Learn more** - `Signing AWS API Requests <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html>`_
-
-       - `Using the Amazon Cognito user pools API and user pool endpoints <https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html>`_
-
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolusertogroupattachment.html
     :exampleMetadata: fixture=_generated
 

aws_cdk/aws_config/__init__.py

@@ -930,13 +930,11 @@ class CfnConfigRule(
             policy_runtime: typing.Optional[builtins.str] = None,
             policy_text: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''Provides the runtime system, policy definition, and whether debug logging enabled.
-
-            You can specify the following CustomPolicyDetails parameter values only for AWS Config Custom Policy rules.
+            '''Provides the CustomPolicyDetails, the rule owner ( ``AWS`` for managed rules, ``CUSTOM_POLICY`` for Custom Policy rules, and ``CUSTOM_LAMBDA`` for Custom Lambda rules), the rule identifier, and the events that cause the evaluation of your AWS resources.
 
-            :param enable_debug_log_delivery: Logging toggle for custom policy rule.
+            :param enable_debug_log_delivery: The boolean expression for enabling debug logging for your AWS Config Custom Policy rule. The default value is ``false`` .
             :param policy_runtime: The runtime system for your AWS Config Custom Policy rule. Guard is a policy-as-code language that allows you to write policies that are enforced by AWS Config Custom Policy rules. For more information about Guard, see the `Guard GitHub Repository <https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-guard>`_ .
-            :param policy_text: Policy definition containing logic for custom policy rule.
+            :param policy_text: The policy definition containing the logic for your AWS Config Custom Policy rule.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-custompolicydetails.html
             :exampleMetadata: fixture=_generated
@@ -970,7 +968,9 @@ class CfnConfigRule(
         def enable_debug_log_delivery(
             self,
         ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-            '''Logging toggle for custom policy rule.
+            '''The boolean expression for enabling debug logging for your AWS Config Custom Policy rule.
+
+            The default value is ``false`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-custompolicydetails.html#cfn-config-configrule-custompolicydetails-enabledebuglogdelivery
             '''
@@ -990,7 +990,7 @@ class CfnConfigRule(
 
         @builtins.property
         def policy_text(self) -> typing.Optional[builtins.str]:
-            '''Policy definition containing logic for custom policy rule.
+            '''The policy definition containing the logic for your AWS Config Custom Policy rule.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-custompolicydetails.html#cfn-config-configrule-custompolicydetails-policytext
             '''
@@ -1310,7 +1310,7 @@ class CfnConfigRule(
             '''Provides the CustomPolicyDetails, the rule owner ( ``AWS`` for managed rules, ``CUSTOM_POLICY`` for Custom Policy rules, and ``CUSTOM_LAMBDA`` for Custom Lambda rules), the rule identifier, and the events that cause the evaluation of your AWS resources.
 
             :param owner: Indicates whether AWS or the customer owns and manages the AWS Config rule. AWS Config Managed Rules are predefined rules owned by AWS . For more information, see `AWS Config Managed Rules <https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html>`_ in the *AWS Config developer guide* . AWS Config Custom Rules are rules that you can develop either with Guard ( ``CUSTOM_POLICY`` ) or AWS Lambda ( ``CUSTOM_LAMBDA`` ). For more information, see `AWS Config Custom Rules <https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html>`_ in the *AWS Config developer guide* .
-            :param custom_policy_details: Custom policy details when rule is custom owned.
+            :param custom_policy_details: Provides the runtime system, policy definition, and whether debug logging is enabled. Required when owner is set to ``CUSTOM_POLICY`` .
             :param source_details: Provides the source and the message types that cause AWS Config to evaluate your AWS resources against a rule. It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic. If the owner is set to ``CUSTOM_POLICY`` , the only acceptable values for the AWS Config rule trigger message type are ``ConfigurationItemChangeNotification`` and ``OversizedConfigurationItemChangeNotification`` .
             :param source_identifier: For AWS Config Managed rules, a predefined identifier from a list. For example, ``IAM_PASSWORD_POLICY`` is a managed rule. To reference a managed rule, see `List of AWS Config Managed Rules <https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html>`_ . For AWS Config Custom Lambda rules, the identifier is the Amazon Resource Name (ARN) of the rule's AWS Lambda function, such as ``arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name`` . For AWS Config Custom Policy rules, this field will be ignored.
 
@@ -1376,7 +1376,9 @@ class CfnConfigRule(
         def custom_policy_details(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnConfigRule.CustomPolicyDetailsProperty"]]:
-            '''Custom policy details when rule is custom owned.
+            '''Provides the runtime system, policy definition, and whether debug logging is enabled.
+
+            Required when owner is set to ``CUSTOM_POLICY`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source.html#cfn-config-configrule-source-custompolicydetails
             '''
@@ -2414,59 +2416,27 @@ class CfnConfigurationRecorder(
         ) -> None:
             '''Specifies which resource types AWS Config records for configuration changes.
 
-            In the recording group, you specify whether you want to record all supported resource types or to include or exclude specific types of resources.
-
-            - ***Regional resources*** - By default, AWS Config records configuration changes for all current and future supported types of *Regional resources* that AWS Config discovers in the AWS Region where it is running. When AWS Config adds support for a new type of Regional resource, AWS Config starts recording resources of that type automatically.
-
-            Regional resources are tied to a Region and can be used only in that Region. You create them in a specified AWS Region , and then they exist in that Region. To see or interact with those resources, you must direct your operations to that Region. For example, to create an Amazon EC2 instance with the AWS Management Console , you `choose the AWS Region <https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/select-region.html>`_ that you want to create the instance in. If you use the AWS Command Line Interface ( AWS CLI ) to create the instance, then you include the ``--region`` parameter. The AWS SDKs each have their own equivalent mechanism to specify the Region that the operation uses.
-
-            There are several reasons for using Regional resources. One reason is to ensure that the resources, and the service endpoints that you use to access them, are as close to the customer as possible. This improves performance by minimizing latency. Another reason is to provide an isolation boundary. This lets you create independent copies of resources in multiple Regions to distribute the load and improve scalability. At the same time, it isolates the resources from each other to improve availability.
-
-            If you specify a different AWS Region in the console or in an AWS CLI command, then you can no longer see or interact with the resources you could see in the previous Region.
-
-            When you look at the `Amazon Resource Name (ARN) <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html>`_ for a Regional resource, the Region that contains the resource is specified as the fourth field in the ARN. For example, an Amazon EC2 instance is a Regional resource. The following is an example of an ARN for a Amazon Virtual Private Cloud ( Amazon VPC ) that exists in the ``us-east-1`` Region:
-
-            ``arn:aws:ec2:us-east-1:123456789012:instance/i-0a6f30921424d3eee`` .
-
-            - ***Global resources*** - Some AWS services resources are *global resources* , meaning that you can use the resource from **anywhere** . You don't specify an AWS Region in a global service's console. To access a global resource, you don't specify a ``--region`` parameter when using the service's AWS CLI and AWS SDK operations.
+            By default, AWS Config records configuration changes for all current and future supported resource types in the AWS Region where you have enabled AWS Config (excluding the globally recorded IAM resource types: IAM users, groups, roles, and customer managed policies).
 
-            Global resources support cases where it is critical that only one instance of a particular resource can exist at a time. In these scenarios, replication or synchronization between copies in different Regions is not adequate. Having to access a single global endpoint, with the possible increase in latency, is considered acceptable to ensure that any changes are instantaneously visible to consumers of the resource.
+            In the recording group, you specify whether you want to record all supported current and future supported resource types or to include or exclude specific resources types. For a list of supported resource types, see `Supported Resource Types <https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources>`_ in the *AWS Config developer guide* .
 
-            For example, Amazon Aurora global clusters ( ``AWS::RDS::GlobalCluster`` ) are global resources, and therefore not tied to a Region. This means that you can create a global cluster without relying on a regional endpoint. The benefit is that, while the Amazon Relational Database Service ( Amazon RDS ) itself is organized by Regions, the specific Region where a global cluster originates doesn't impact the global cluster. It appears as a single, continuous global cluster across all Regions.
+            If you don't want AWS Config to record all current and future supported resource types, use one of the following recording strategies:
 
-            The `Amazon Resource Name (ARN) <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html>`_ for a global resource doesn't include a Region. The fourth field is empty, such as in the following example of an ARN for a global cluster:
+            - *Record all current and future resource types with exclusions* ( ``EXCLUSION_BY_RESOURCE_TYPES`` ), or
+            - *Record specific resource types* ( ``INCLUSION_BY_RESOURCE_TYPES`` ).
 
-            ``arn:aws:rds::123456789012:global-cluster:test-global-cluster`` .
             .. epigraph::
 
-               Configuration changes for global resources are recorded by AWS Config in two different ways: 1) *regionally recorded* in only in the home Region of the global resource or 2) *globally recorded* in all enabled Regions.
+               *Aurora global clusters are automatically globally recorded unless specifically excluded*
 
-            - ***Regionally recorded*** - Global resources for the following services are only recorded in the home Region of the global resource type: Amazon Elastic Container Registry Public , AWS Global Accelerator , and Amazon Route 53 . For these global resources, the same instance of the resource type can be used in multiple AWS Regions, but the configuration items are only recorded in the home Region for the commercial partition or AWS GovCloud (US-West) for the AWS GovCloud (US) partition.
+               The ``AWS::RDS::GlobalCluster`` resource type will be recorded in all supported AWS Config Regions where the configuration recorder is enabled.
 
-            For a table of the Home Regions for Global Resource Types, see `Selecting Which Resources AWS Config Records <https://docs.aws.amazon.com/config/latest/developerguide/select-resources.html>`_ in the *AWS Config developer guide* .
+               If you do not want to record ``AWS::RDS::GlobalCluster`` in all enabled Regions, use the ``EXCLUSION_BY_RESOURCE_TYPES`` or ``INCLUSION_BY_RESOURCE_TYPES`` recording strategy.
 
-            - ***Globally recorded*** - Globally recorded resource types are recorded in all supported AWS Config Regions where the configuration recorder is enabled. Currently, there are two types of globally recorded resources: Aurora global clusters and IAM resources.
-
-            *Aurora global clusters*
-
-            ``AWS::RDS::GlobalCluster`` is a globally recorded resource type. It is recorded in all supported Amazon RDS Regions where the configuration recorder is enabled.
-
-            *IAM resources*
-
-            The following IAM resource types are also globally recorded: IAM users, groups, roles, and customer managed policies. However, these resource types are only recorded in all supported Amazon RDS Regions where the configuration recorder is enabled and that were supported by AWS Config ; *before* February 2022. This list does not include the following Regions: Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Europe (Spain), Europe (Zurich), Israel (Tel Aviv), and Middle East (UAE).
-            .. epigraph::
-
-               When you select *Include globally recorded resource types* in the AWS Config console, or input ``includeGlobalResourceTypes=true`` using the API or CLI, this option only applies to globally recorded resources. This option does *not* apply to global resources recorded only in a home Region.
-
-            For a list of supported resource types, see `Supported Resource Types <https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources>`_ in the *AWS Config developer guide* .
-            .. epigraph::
-
-               If you don't want AWS Config to record all resources, you can specify which types of resources AWS Config records with the ``resourceTypes`` parameter.
-
-            :param all_supported: Specifies whether AWS Config records configuration changes for all supported regional resource types. If you set this field to ``true`` , when AWS Config adds support for a new type of regional resource, AWS Config starts recording resources of that type automatically. If you set this field to ``true`` , you cannot enumerate specific resource types to record in the ``resourceTypes`` field of `RecordingGroup <https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html>`_ , or to exclude in the ``resourceTypes`` field of `ExclusionByResourceTypes <https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html>`_ .
+            :param all_supported: Specifies whether AWS Config records configuration changes for all supported regionally recorded resource types. If you set this field to ``true`` , when AWS Config adds support for a new regionally recorded resource type, AWS Config starts recording resources of that type automatically. If you set this field to ``true`` , you cannot enumerate specific resource types to record in the ``resourceTypes`` field of `RecordingGroup <https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html>`_ , or to exclude in the ``resourceTypes`` field of `ExclusionByResourceTypes <https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html>`_ . .. epigraph:: *Region Availability* Check `Resource Coverage by Region Availability <https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html>`_ to see if a resource type is supported in the AWS Region where you set up AWS Config .
             :param exclusion_by_resource_types: An object that specifies how AWS Config excludes resource types from being recorded by the configuration recorder. To use this option, you must set the ``useOnly`` field of `AWS::Config::ConfigurationRecorder RecordingStrategy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html>`_ to ``EXCLUSION_BY_RESOURCE_TYPES`` .
-            :param include_global_resource_types: Specifies whether AWS Config records configuration changes for globally recorded resource types ( ``AWS::RDS::GlobalCluster`` and IAM users, groups, roles, and customer managed policies). If you select this option, ``AWS::RDS::GlobalCluster`` will be recorded in all supported AWS Config Regions were the configuration recorder is enabled. IAM users, groups, roles, and customer managed policies will be recorded in all enabled AWS Config regions where AWS Config was available before February 2022. This list does not include the following Regions: - Asia Pacific (Hyderabad) - Asia Pacific (Melbourne) - Europe (Spain) - Europe (Zurich) - Israel (Tel Aviv) - Middle East (UAE) Before you set this field to ``true`` , set the ``allSupported`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ to ``true`` . Optionally, you can set the ``useOnly`` field of `AWS::Config::ConfigurationRecorder RecordingStrategy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html>`_ to ``ALL_SUPPORTED_RESOURCE_TYPES`` . If you set this field to ``true`` , when AWS Config adds support for a new type of global resource in the Region where you set up the configuration recorder, AWS Config starts recording resources of that type automatically. .. epigraph:: If you set this field to ``false`` but list global resource types in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ , AWS Config will still record configuration changes for those specified resource types *regardless* of if you set the ``includeGlobalResourceTypes`` field to false. If you do not want to record configuration changes to global resource types, make sure to not list them in the ``resourceTypes`` field in addition to setting the ``includeGlobalResourceTypes`` field to false.
-            :param recording_strategy: An object that specifies the recording strategy for the configuration recorder. - If you set the ``useOnly`` field of `AWS::Config::ConfigurationRecorder RecordingStrategy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html>`_ to ``ALL_SUPPORTED_RESOURCE_TYPES`` , AWS Config records configuration changes for all supported regional resource types. You also must set the ``allSupported`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ to ``true`` . When AWS Config adds support for a new type of regional resource, AWS Config automatically starts recording resources of that type. - If you set the ``useOnly`` field of `AWS::Config::ConfigurationRecorder RecordingStrategy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html>`_ to ``INCLUSION_BY_RESOURCE_TYPES`` , AWS Config records configuration changes for only the resource types you specify in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ . - If you set the ``useOnly`` field of `AWS::Config::ConfigurationRecorder RecordingStrategy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html>`_ to ``EXCLUSION_BY_RESOURCE_TYPES`` , AWS Config records configuration changes for all supported resource types except the resource types that you specify to exclude from being recorded in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder ExclusionByResourceTypes <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-exclusionbyresourcetypes.html>`_ . .. epigraph:: *Required and optional fields* The ``recordingStrategy`` field is optional when you set the ``allSupported`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ to ``true`` . The ``recordingStrategy`` field is optional when you list resource types in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ . The ``recordingStrategy`` field is required if you list resource types to exclude from recording in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder ExclusionByResourceTypes <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-exclusionbyresourcetypes.html>`_ . > *Overriding fields* If you choose ``EXCLUSION_BY_RESOURCE_TYPES`` for the recording strategy, the ``exclusionByResourceTypes`` field will override other properties in the request. For example, even if you set ``includeGlobalResourceTypes`` to false, global resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the ``resourceTypes`` field of ``exclusionByResourceTypes`` . > *Global resource types and the exclusion recording strategy* By default, if you choose the ``EXCLUSION_BY_RESOURCE_TYPES`` recording strategy, when AWS Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, AWS Config starts recording resources of that type automatically. In addition, unless specifically listed as exclusions, ``AWS::RDS::GlobalCluster`` will be recorded automatically in all supported AWS Config Regions were the configuration recorder is enabled. IAM users, groups, roles, and customer managed policies will be recorded automatically in all enabled AWS Config Regions where AWS Config was available before February 2022. This list does not include the following Regions: - Asia Pacific (Hyderabad) - Asia Pacific (Melbourne) - Europe (Spain) - Europe (Zurich) - Israel (Tel Aviv) - Middle East (UAE)
+            :param include_global_resource_types: A legacy field which *only applies to the globally recorded IAM resource types* : IAM users, groups, roles, and customer managed policies. If you select this option, these resource types will be recorded in all enabled AWS Config regions where AWS Config was available before February 2022. This list does not include the following Regions: - Asia Pacific (Hyderabad) - Asia Pacific (Melbourne) - Europe (Spain) - Europe (Zurich) - Israel (Tel Aviv) - Middle East (UAE) .. epigraph:: *Aurora global clusters are automatically globally recorded unless specifically excluded* The ``AWS::RDS::GlobalCluster`` resource type will be recorded in all supported AWS Config Regions where the configuration recorder is enabled, even if ``includeGlobalResourceTypes`` is not set to ``true`` . ``includeGlobalResourceTypes`` is a legacy field which only applies to IAM users, groups, roles, and customer managed policies. If you do not want to record ``AWS::RDS::GlobalCluster`` in all enabled Regions, use one of the following recording strategies: - *Record all current and future resource types with exclusions* ( ``EXCLUSION_BY_RESOURCE_TYPES`` ), or - *Record specific resource types* ( ``INCLUSION_BY_RESOURCE_TYPES`` ). For more information, see `Selecting Which Resources are Recorded <https://docs.aws.amazon.com/config/latest/developerguide/select-resources.html#select-resources-all>`_ in the *AWS Config developer guide* . > *Required and optional fields* Before you set this field to ``true`` , set the ``allSupported`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ to ``true`` . Optionally, you can set the ``useOnly`` field of `AWS::Config::ConfigurationRecorder RecordingStrategy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html>`_ to ``ALL_SUPPORTED_RESOURCE_TYPES`` . > *Overriding fields* If you set this field to ``false`` but list globally recorded IAM resource types in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ , AWS Config will still record configuration changes for those specified resource types *regardless* of if you set the ``includeGlobalResourceTypes`` field to false. If you do not want to record configuration changes to globally recorded IAM resource types, make sure to not list them in the ``resourceTypes`` field in addition to setting the ``includeGlobalResourceTypes`` field to false.
+            :param recording_strategy: An object that specifies the recording strategy for the configuration recorder. - If you set the ``useOnly`` field of `AWS::Config::ConfigurationRecorder RecordingStrategy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html>`_ to ``ALL_SUPPORTED_RESOURCE_TYPES`` , AWS Config records configuration changes for all supported regionally recorded resource types. You also must set the ``allSupported`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ to ``true`` . When AWS Config adds support for a new regionally recorded resource, AWS Config automatically starts recording resources of that type. - If you set the ``useOnly`` field of `AWS::Config::ConfigurationRecorder RecordingStrategy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html>`_ to ``INCLUSION_BY_RESOURCE_TYPES`` , AWS Config records configuration changes for only the resource types you specify in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ . - If you set the ``useOnly`` field of `AWS::Config::ConfigurationRecorder RecordingStrategy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html>`_ to ``EXCLUSION_BY_RESOURCE_TYPES`` , AWS Config records configuration changes for all supported resource types except the resource types that you specify to exclude from being recorded in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder ExclusionByResourceTypes <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-exclusionbyresourcetypes.html>`_ . .. epigraph:: *Required and optional fields* The ``recordingStrategy`` field is optional when you set the ``allSupported`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ to ``true`` . The ``recordingStrategy`` field is optional when you list resource types in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ . The ``recordingStrategy`` field is required if you list resource types to exclude from recording in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder ExclusionByResourceTypes <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-exclusionbyresourcetypes.html>`_ . > *Overriding fields* If you choose ``EXCLUSION_BY_RESOURCE_TYPES`` for the recording strategy, the ``exclusionByResourceTypes`` field will override other properties in the request. For example, even if you set ``includeGlobalResourceTypes`` to false, global resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the ``resourceTypes`` field of ``exclusionByResourceTypes`` . > *Global resource types and the exclusion recording strategy* By default, if you choose the ``EXCLUSION_BY_RESOURCE_TYPES`` recording strategy, when AWS Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, AWS Config starts recording resources of that type automatically. In addition, unless specifically listed as exclusions, ``AWS::RDS::GlobalCluster`` will be recorded automatically in all supported AWS Config Regions were the configuration recorder is enabled. IAM users, groups, roles, and customer managed policies will be recorded automatically in all enabled AWS Config Regions where AWS Config was available before February 2022. This list does not include the following Regions: - Asia Pacific (Hyderabad) - Asia Pacific (Melbourne) - Europe (Spain) - Europe (Zurich) - Israel (Tel Aviv) - Middle East (UAE)
             :param resource_types: A comma-separated list that specifies which resource types AWS Config records. Optionally, you can set the ``useOnly`` field of `AWS::Config::ConfigurationRecorder RecordingStrategy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html>`_ to ``INCLUSION_BY_RESOURCE_TYPES`` . To record all configuration changes, set the ``allSupported`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ to ``true`` , and either omit this field or don't specify any resource types in this field. If you set the ``allSupported`` field to ``false`` and specify values for ``resourceTypes`` , when AWS Config adds support for a new type of resource, it will not record resources of that type unless you manually add that type to your recording group. For a list of valid ``resourceTypes`` values, see the *Resource Type Value* column in `Supported AWS resource Types <https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources>`_ in the *AWS Config developer guide* . .. epigraph:: *Region Availability* Before specifying a resource type for AWS Config to track, check `Resource Coverage by Region Availability <https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html>`_ to see if the resource type is supported in the AWS Region where you set up AWS Config . If a resource type is supported by AWS Config in at least one Region, you can enable the recording of that resource type in all Regions supported by AWS Config , even if the specified resource type is not supported in the AWS Region where you set up AWS Config .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html
@@ -2513,11 +2483,16 @@ class CfnConfigurationRecorder(
         def all_supported(
             self,
         ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-            '''Specifies whether AWS Config records configuration changes for all supported regional resource types.
+            '''Specifies whether AWS Config records configuration changes for all supported regionally recorded resource types.
 
-            If you set this field to ``true`` , when AWS Config adds support for a new type of regional resource, AWS Config starts recording resources of that type automatically.
+            If you set this field to ``true`` , when AWS Config adds support for a new regionally recorded resource type, AWS Config starts recording resources of that type automatically.
 
             If you set this field to ``true`` , you cannot enumerate specific resource types to record in the ``resourceTypes`` field of `RecordingGroup <https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html>`_ , or to exclude in the ``resourceTypes`` field of `ExclusionByResourceTypes <https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html>`_ .
+            .. epigraph::
+
+               *Region Availability*
+
+               Check `Resource Coverage by Region Availability <https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html>`_ to see if a resource type is supported in the AWS Region where you set up AWS Config .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html#cfn-config-configurationrecorder-recordinggroup-allsupported
             '''
@@ -2541,9 +2516,9 @@ class CfnConfigurationRecorder(
         def include_global_resource_types(
             self,
         ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-            '''Specifies whether AWS Config records configuration changes for globally recorded resource types ( ``AWS::RDS::GlobalCluster`` and IAM users, groups, roles, and customer managed policies).
+            '''A legacy field which *only applies to the globally recorded IAM resource types* : IAM users, groups, roles, and customer managed policies.
 
-            If you select this option, ``AWS::RDS::GlobalCluster`` will be recorded in all supported AWS Config Regions were the configuration recorder is enabled. IAM users, groups, roles, and customer managed policies will be recorded in all enabled AWS Config regions where AWS Config was available before February 2022. This list does not include the following Regions:
+            If you select this option, these resource types will be recorded in all enabled AWS Config regions where AWS Config was available before February 2022. This list does not include the following Regions:
 
             - Asia Pacific (Hyderabad)
             - Asia Pacific (Melbourne)
@@ -2552,14 +2527,24 @@ class CfnConfigurationRecorder(
             - Israel (Tel Aviv)
             - Middle East (UAE)
 
-            Before you set this field to ``true`` , set the ``allSupported`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ to ``true`` . Optionally, you can set the ``useOnly`` field of `AWS::Config::ConfigurationRecorder RecordingStrategy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html>`_ to ``ALL_SUPPORTED_RESOURCE_TYPES`` .
-
-            If you set this field to ``true`` , when AWS Config adds support for a new type of global resource in the Region where you set up the configuration recorder, AWS Config starts recording resources of that type automatically.
             .. epigraph::
 
-               If you set this field to ``false`` but list global resource types in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ , AWS Config will still record configuration changes for those specified resource types *regardless* of if you set the ``includeGlobalResourceTypes`` field to false.
+               *Aurora global clusters are automatically globally recorded unless specifically excluded*
+
+               The ``AWS::RDS::GlobalCluster`` resource type will be recorded in all supported AWS Config Regions where the configuration recorder is enabled, even if ``includeGlobalResourceTypes`` is not set to ``true`` . ``includeGlobalResourceTypes`` is a legacy field which only applies to IAM users, groups, roles, and customer managed policies.
+
+               If you do not want to record ``AWS::RDS::GlobalCluster`` in all enabled Regions, use one of the following recording strategies:
 
-               If you do not want to record configuration changes to global resource types, make sure to not list them in the ``resourceTypes`` field in addition to setting the ``includeGlobalResourceTypes`` field to false.
+               - *Record all current and future resource types with exclusions* ( ``EXCLUSION_BY_RESOURCE_TYPES`` ), or
+               - *Record specific resource types* ( ``INCLUSION_BY_RESOURCE_TYPES`` ).
+
+               For more information, see `Selecting Which Resources are Recorded <https://docs.aws.amazon.com/config/latest/developerguide/select-resources.html#select-resources-all>`_ in the *AWS Config developer guide* . > *Required and optional fields*
+
+               Before you set this field to ``true`` , set the ``allSupported`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ to ``true`` . Optionally, you can set the ``useOnly`` field of `AWS::Config::ConfigurationRecorder RecordingStrategy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html>`_ to ``ALL_SUPPORTED_RESOURCE_TYPES`` . > *Overriding fields*
+
+               If you set this field to ``false`` but list globally recorded IAM resource types in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ , AWS Config will still record configuration changes for those specified resource types *regardless* of if you set the ``includeGlobalResourceTypes`` field to false.
+
+               If you do not want to record configuration changes to globally recorded IAM resource types, make sure to not list them in the ``resourceTypes`` field in addition to setting the ``includeGlobalResourceTypes`` field to false.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html#cfn-config-configurationrecorder-recordinggroup-includeglobalresourcetypes
             '''
@@ -2572,7 +2557,7 @@ class CfnConfigurationRecorder(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnConfigurationRecorder.RecordingStrategyProperty"]]:
             '''An object that specifies the recording strategy for the configuration recorder.
 
-            - If you set the ``useOnly`` field of `AWS::Config::ConfigurationRecorder RecordingStrategy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html>`_ to ``ALL_SUPPORTED_RESOURCE_TYPES`` , AWS Config records configuration changes for all supported regional resource types. You also must set the ``allSupported`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ to ``true`` . When AWS Config adds support for a new type of regional resource, AWS Config automatically starts recording resources of that type.
+            - If you set the ``useOnly`` field of `AWS::Config::ConfigurationRecorder RecordingStrategy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html>`_ to ``ALL_SUPPORTED_RESOURCE_TYPES`` , AWS Config records configuration changes for all supported regionally recorded resource types. You also must set the ``allSupported`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ to ``true`` . When AWS Config adds support for a new regionally recorded resource, AWS Config automatically starts recording resources of that type.
             - If you set the ``useOnly`` field of `AWS::Config::ConfigurationRecorder RecordingStrategy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html>`_ to ``INCLUSION_BY_RESOURCE_TYPES`` , AWS Config records configuration changes for only the resource types you specify in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ .
             - If you set the ``useOnly`` field of `AWS::Config::ConfigurationRecorder RecordingStrategy <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html>`_ to ``EXCLUSION_BY_RESOURCE_TYPES`` , AWS Config records configuration changes for all supported resource types except the resource types that you specify to exclude from being recorded in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder ExclusionByResourceTypes <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-exclusionbyresourcetypes.html>`_ .
 
@@ -2648,7 +2633,7 @@ class CfnConfigurationRecorder(
 
             Valid values include: ``ALL_SUPPORTED_RESOURCE_TYPES`` , ``INCLUSION_BY_RESOURCE_TYPES`` , and ``EXCLUSION_BY_RESOURCE_TYPES`` .
 
-            :param use_only: The recording strategy for the configuration recorder. - If you set this option to ``ALL_SUPPORTED_RESOURCE_TYPES`` , AWS Config records configuration changes for all supported regional resource types. You also must set the ``allSupported`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ to ``true`` . When AWS Config adds support for a new type of regional resource, AWS Config automatically starts recording resources of that type. For a list of supported resource types, see `Supported Resource Types <https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources>`_ in the *AWS Config developer guide* . - If you set this option to ``INCLUSION_BY_RESOURCE_TYPES`` , AWS Config records configuration changes for only the resource types that you specify in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ . - If you set this option to ``EXCLUSION_BY_RESOURCE_TYPES`` , AWS Config records configuration changes for all supported resource types, except the resource types that you specify to exclude from being recorded in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder ExclusionByResourceTypes <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-exclusionbyresourcetypes.html>`_ . .. epigraph:: *Required and optional fields* The ``recordingStrategy`` field is optional when you set the ``allSupported`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ to ``true`` . The ``recordingStrategy`` field is optional when you list resource types in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ . The ``recordingStrategy`` field is required if you list resource types to exclude from recording in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder ExclusionByResourceTypes <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-exclusionbyresourcetypes.html>`_ . > *Overriding fields* If you choose ``EXCLUSION_BY_RESOURCE_TYPES`` for the recording strategy, the ``exclusionByResourceTypes`` field will override other properties in the request. For example, even if you set ``includeGlobalResourceTypes`` to false, global resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the ``resourceTypes`` field of ``exclusionByResourceTypes`` . > *Global resource types and the exclusion recording strategy* By default, if you choose the ``EXCLUSION_BY_RESOURCE_TYPES`` recording strategy, when AWS Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, AWS Config starts recording resources of that type automatically. In addition, unless specifically listed as exclusions, ``AWS::RDS::GlobalCluster`` will be recorded automatically in all supported AWS Config Regions were the configuration recorder is enabled. IAM users, groups, roles, and customer managed policies will be recorded automatically in all enabled AWS Config Regions where AWS Config was available before February 2022. This list does not include the following Regions: - Asia Pacific (Hyderabad) - Asia Pacific (Melbourne) - Europe (Spain) - Europe (Zurich) - Israel (Tel Aviv) - Middle East (UAE)
+            :param use_only: The recording strategy for the configuration recorder. - If you set this option to ``ALL_SUPPORTED_RESOURCE_TYPES`` , AWS Config records configuration changes for all supported regionally recorded resource types. You also must set the ``allSupported`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ to ``true`` . When AWS Config adds support for a new regionally recorded resource, AWS Config automatically starts recording resources of that type. For a list of supported resource types, see `Supported Resource Types <https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources>`_ in the *AWS Config developer guide* . - If you set this option to ``INCLUSION_BY_RESOURCE_TYPES`` , AWS Config records configuration changes for only the resource types that you specify in the ``resourceTypes`` field of [AWS::Config::ConfigurationRecorder RecordingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conew type of regional resourcenfigurationrecorder-recordinggroup.html) . - If you set this option to ``EXCLUSION_BY_RESOURCE_TYPES`` , AWS Config records configuration changes for all supported resource types, except the resource types that you specify to exclude from being recorded in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder ExclusionByResourceTypes <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-exclusionbyresourcetypes.html>`_ . .. epigraph:: *Required and optional fields* The ``recordingStrategy`` field is optional when you set the ``allSupported`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ to ``true`` . The ``recordingStrategy`` field is optional when you list resource types in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ . The ``recordingStrategy`` field is required if you list resource types to exclude from recording in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder ExclusionByResourceTypes <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-exclusionbyresourcetypes.html>`_ . > *Overriding fields* If you choose ``EXCLUSION_BY_RESOURCE_TYPES`` for the recording strategy, the ``exclusionByResourceTypes`` field will override other properties in the request. For example, even if you set ``includeGlobalResourceTypes`` to false, global resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the ``resourceTypes`` field of ``exclusionByResourceTypes`` . > *Global resource types and the exclusion recording strategy* By default, if you choose the ``EXCLUSION_BY_RESOURCE_TYPES`` recording strategy, when AWS Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, AWS Config starts recording resources of that type automatically. In addition, unless specifically listed as exclusions, ``AWS::RDS::GlobalCluster`` will be recorded automatically in all supported AWS Config Regions were the configuration recorder is enabled. IAM users, groups, roles, and customer managed policies will be recorded automatically in all enabled AWS Config Regions where AWS Config was available before February 2022. This list does not include the following Regions: - Asia Pacific (Hyderabad) - Asia Pacific (Melbourne) - Europe (Spain) - Europe (Zurich) - Israel (Tel Aviv) - Middle East (UAE)
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html
             :exampleMetadata: fixture=_generated
@@ -2674,11 +2659,8 @@ class CfnConfigurationRecorder(
         def use_only(self) -> builtins.str:
             '''The recording strategy for the configuration recorder.
 
-            - If you set this option to ``ALL_SUPPORTED_RESOURCE_TYPES`` , AWS Config records configuration changes for all supported regional resource types. You also must set the ``allSupported`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ to ``true`` .
-
-            When AWS Config adds support for a new type of regional resource, AWS Config automatically starts recording resources of that type. For a list of supported resource types, see `Supported Resource Types <https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources>`_ in the *AWS Config developer guide* .
-
-            - If you set this option to ``INCLUSION_BY_RESOURCE_TYPES`` , AWS Config records configuration changes for only the resource types that you specify in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ .
+            - If you set this option to ``ALL_SUPPORTED_RESOURCE_TYPES`` , AWS Config records configuration changes for all supported regionally recorded resource types. You also must set the ``allSupported`` field of `AWS::Config::ConfigurationRecorder RecordingGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html>`_ to ``true`` . When AWS Config adds support for a new regionally recorded resource, AWS Config automatically starts recording resources of that type. For a list of supported resource types, see `Supported Resource Types <https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources>`_ in the *AWS Config developer guide* .
+            - If you set this option to ``INCLUSION_BY_RESOURCE_TYPES`` , AWS Config records configuration changes for only the resource types that you specify in the ``resourceTypes`` field of [AWS::Config::ConfigurationRecorder RecordingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conew type of regional resourcenfigurationrecorder-recordinggroup.html) .
             - If you set this option to ``EXCLUSION_BY_RESOURCE_TYPES`` , AWS Config records configuration changes for all supported resource types, except the resource types that you specify to exclude from being recorded in the ``resourceTypes`` field of `AWS::Config::ConfigurationRecorder ExclusionByResourceTypes <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-exclusionbyresourcetypes.html>`_ .
 
             .. epigraph::
@@ -3147,10 +3129,14 @@ class CfnConformancePack(
             document_name: typing.Optional[builtins.str] = None,
             document_version: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''The TemplateSSMDocumentDetails object contains the name of the SSM document and the version of the SSM document.
+            '''This API allows you to create a conformance pack template with an AWS Systems Manager document (SSM document).
+
+            To deploy a conformance pack using an SSM document, first create an SSM document with conformance pack content, and then provide the ``DocumentName`` in the `PutConformancePack API <https://docs.aws.amazon.com/config/latest/APIReference/API_PutConformancePack.html>`_ . You can also provide the ``DocumentVersion`` .
+
+            The ``TemplateSSMDocumentDetails`` object contains the name of the SSM document and the version of the SSM document.
 
-            :param document_name: 
-            :param document_version: 
+            :param document_name: The name or Amazon Resource Name (ARN) of the SSM document to use to create a conformance pack. If you use the document name, AWS Config checks only your account and AWS Region for the SSM document. If you want to use an SSM document from another Region or account, you must provide the ARN.
+            :param document_version: The version of the SSM document to use to create a conformance pack. By default, AWS Config uses the latest version. .. epigraph:: This field is optional.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conformancepack-templatessmdocumentdetails.html
             :exampleMetadata: fixture=_generated
@@ -3178,7 +3164,10 @@ class CfnConformancePack(
 
         @builtins.property
         def document_name(self) -> typing.Optional[builtins.str]:
-            '''
+            '''The name or Amazon Resource Name (ARN) of the SSM document to use to create a conformance pack.
+
+            If you use the document name, AWS Config checks only your account and AWS Region for the SSM document. If you want to use an SSM document from another Region or account, you must provide the ARN.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conformancepack-templatessmdocumentdetails.html#cfn-config-conformancepack-templatessmdocumentdetails-documentname
             '''
             result = self._values.get("document_name")
@@ -3186,7 +3175,13 @@ class CfnConformancePack(
 
         @builtins.property
         def document_version(self) -> typing.Optional[builtins.str]:
-            '''
+            '''The version of the SSM document to use to create a conformance pack.
+
+            By default, AWS Config uses the latest version.
+            .. epigraph::
+
+               This field is optional.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conformancepack-templatessmdocumentdetails.html#cfn-config-conformancepack-templatessmdocumentdetails-documentversion
             '''
             result = self._values.get("document_version")