aws-cdk-lib 2.97.1__py3-none-any.whl → 2.98.0__py3-none-any.whl

aws_cdk/aws_rolesanywhere/__init__.py

@@ -57,9 +57,14 @@ class CfnCRL(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_rolesanywhere.CfnCRL",
 ):
-    '''Creates a Crl.
+    '''Imports the certificate revocation list (CRL).
+
+    A CRL is a list of certificates that have been revoked by the issuing certificate Authority (CA).In order to be properly imported, a CRL must be in PEM format. IAM Roles Anywhere validates against the CRL before issuing credentials.
+
+    *Required permissions:* ``rolesanywhere:ImportCrl`` .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-crl.html
+    :cloudformationResource: AWS::RolesAnywhere::CRL
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -96,10 +101,10 @@ class CfnCRL(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param crl_data: x509 v3 Certificate Revocation List to revoke auth for corresponding certificates presented in CreateSession operations.
-        :param name: The customer specified name of the resource.
-        :param enabled: The enabled status of the resource.
-        :param tags: A list of Tags.
+        :param crl_data: The x509 v3 specified certificate revocation list (CRL).
+        :param name: The name of the certificate revocation list (CRL).
+        :param enabled: Specifies whether the certificate revocation list (CRL) is enabled.
+        :param tags: A list of tags to attach to the certificate revocation list (CRL).
         :param trust_anchor_arn: The ARN of the TrustAnchor the certificate revocation list (CRL) will provide revocation for.
         '''
         if __debug__:
@@ -169,7 +174,7 @@ class CfnCRL(
     @builtins.property
     @jsii.member(jsii_name="crlData")
     def crl_data(self) -> builtins.str:
-        '''x509 v3 Certificate Revocation List to revoke auth for corresponding certificates presented in CreateSession operations.'''
+        '''The x509 v3 specified certificate revocation list (CRL).'''
         return typing.cast(builtins.str, jsii.get(self, "crlData"))
 
     @crl_data.setter
@@ -182,7 +187,7 @@ class CfnCRL(
     @builtins.property
     @jsii.member(jsii_name="name")
     def name(self) -> builtins.str:
-        '''The customer specified name of the resource.'''
+        '''The name of the certificate revocation list (CRL).'''
         return typing.cast(builtins.str, jsii.get(self, "name"))
 
     @name.setter
@@ -197,7 +202,7 @@ class CfnCRL(
     def enabled(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''The enabled status of the resource.'''
+        '''Specifies whether the certificate revocation list (CRL) is enabled.'''
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "enabled"))
 
     @enabled.setter
@@ -213,7 +218,7 @@ class CfnCRL(
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
     def tags_raw(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''A list of Tags.'''
+        '''A list of tags to attach to the certificate revocation list (CRL).'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tagsRaw"))
 
     @tags_raw.setter
@@ -260,10 +265,10 @@ class CfnCRLProps:
     ) -> None:
         '''Properties for defining a ``CfnCRL``.
 
-        :param crl_data: x509 v3 Certificate Revocation List to revoke auth for corresponding certificates presented in CreateSession operations.
-        :param name: The customer specified name of the resource.
-        :param enabled: The enabled status of the resource.
-        :param tags: A list of Tags.
+        :param crl_data: The x509 v3 specified certificate revocation list (CRL).
+        :param name: The name of the certificate revocation list (CRL).
+        :param enabled: Specifies whether the certificate revocation list (CRL) is enabled.
+        :param tags: A list of tags to attach to the certificate revocation list (CRL).
         :param trust_anchor_arn: The ARN of the TrustAnchor the certificate revocation list (CRL) will provide revocation for.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-crl.html
@@ -308,7 +313,7 @@ class CfnCRLProps:
 
     @builtins.property
     def crl_data(self) -> builtins.str:
-        '''x509 v3 Certificate Revocation List to revoke auth for corresponding certificates presented in CreateSession operations.
+        '''The x509 v3 specified certificate revocation list (CRL).
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-crl.html#cfn-rolesanywhere-crl-crldata
         '''
@@ -318,7 +323,7 @@ class CfnCRLProps:
 
     @builtins.property
     def name(self) -> builtins.str:
-        '''The customer specified name of the resource.
+        '''The name of the certificate revocation list (CRL).
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-crl.html#cfn-rolesanywhere-crl-name
         '''
@@ -330,7 +335,7 @@ class CfnCRLProps:
     def enabled(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''The enabled status of the resource.
+        '''Specifies whether the certificate revocation list (CRL) is enabled.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-crl.html#cfn-rolesanywhere-crl-enabled
         '''
@@ -339,7 +344,7 @@ class CfnCRLProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''A list of Tags.
+        '''A list of tags to attach to the certificate revocation list (CRL).
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-crl.html#cfn-rolesanywhere-crl-tags
         '''
@@ -373,9 +378,14 @@ class CfnProfile(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_rolesanywhere.CfnProfile",
 ):
-    '''Creates a Profile.
+    '''Creates a *profile* , a list of the roles that Roles Anywhere service is trusted to assume.
+
+    You use profiles to intersect permissions with IAM managed policies.
+
+    *Required permissions:* ``rolesanywhere:CreateProfile`` .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html
+    :cloudformationResource: AWS::RolesAnywhere::Profile
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -418,14 +428,14 @@ class CfnProfile(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param name: The customer specified name of the resource.
-        :param role_arns: A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.
-        :param duration_seconds: The number of seconds vended session credentials will be valid for.
-        :param enabled: The enabled status of the resource.
-        :param managed_policy_arns: A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.
-        :param require_instance_properties: Specifies whether instance properties are required in CreateSession requests with this profile.
-        :param session_policy: A session policy that will applied to the trust boundary of the vended session credentials.
-        :param tags: A list of Tags.
+        :param name: The name of the profile.
+        :param role_arns: A list of IAM role ARNs. During ``CreateSession`` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.
+        :param duration_seconds: Sets the maximum number of seconds that vended temporary credentials through `CreateSession <https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html>`_ will be valid for, between 900 and 3600.
+        :param enabled: Indicates whether the profile is enabled.
+        :param managed_policy_arns: A list of managed policy ARNs that apply to the vended session credentials.
+        :param require_instance_properties: Specifies whether instance properties are required in temporary credential requests with this profile.
+        :param session_policy: A session policy that applies to the trust boundary of the vended session credentials.
+        :param tags: The tags to attach to the profile.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__15739ec913066dea67815f6297a7c4e3ed351b4df22323a7b46fa138af1a7af8)
@@ -506,7 +516,7 @@ class CfnProfile(
     @builtins.property
     @jsii.member(jsii_name="name")
     def name(self) -> builtins.str:
-        '''The customer specified name of the resource.'''
+        '''The name of the profile.'''
         return typing.cast(builtins.str, jsii.get(self, "name"))
 
     @name.setter
@@ -519,7 +529,7 @@ class CfnProfile(
     @builtins.property
     @jsii.member(jsii_name="roleArns")
     def role_arns(self) -> typing.List[builtins.str]:
-        '''A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.'''
+        '''A list of IAM role ARNs.'''
         return typing.cast(typing.List[builtins.str], jsii.get(self, "roleArns"))
 
     @role_arns.setter
@@ -532,7 +542,7 @@ class CfnProfile(
     @builtins.property
     @jsii.member(jsii_name="durationSeconds")
     def duration_seconds(self) -> typing.Optional[jsii.Number]:
-        '''The number of seconds vended session credentials will be valid for.'''
+        '''Sets the maximum number of seconds that vended temporary credentials through `CreateSession <https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html>`_ will be valid for, between 900 and 3600.'''
         return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "durationSeconds"))
 
     @duration_seconds.setter
@@ -547,7 +557,7 @@ class CfnProfile(
     def enabled(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''The enabled status of the resource.'''
+        '''Indicates whether the profile is enabled.'''
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "enabled"))
 
     @enabled.setter
@@ -563,7 +573,7 @@ class CfnProfile(
     @builtins.property
     @jsii.member(jsii_name="managedPolicyArns")
     def managed_policy_arns(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''A list of managed policy ARNs.'''
+        '''A list of managed policy ARNs that apply to the vended session credentials.'''
         return typing.cast(typing.Optional[typing.List[builtins.str]], jsii.get(self, "managedPolicyArns"))
 
     @managed_policy_arns.setter
@@ -581,7 +591,7 @@ class CfnProfile(
     def require_instance_properties(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''Specifies whether instance properties are required in CreateSession requests with this profile.'''
+        '''Specifies whether instance properties are required in temporary credential requests with this profile.'''
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "requireInstanceProperties"))
 
     @require_instance_properties.setter
@@ -597,7 +607,7 @@ class CfnProfile(
     @builtins.property
     @jsii.member(jsii_name="sessionPolicy")
     def session_policy(self) -> typing.Optional[builtins.str]:
-        '''A session policy that will applied to the trust boundary of the vended session credentials.'''
+        '''A session policy that applies to the trust boundary of the vended session credentials.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "sessionPolicy"))
 
     @session_policy.setter
@@ -610,7 +620,7 @@ class CfnProfile(
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
     def tags_raw(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''A list of Tags.'''
+        '''The tags to attach to the profile.'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tagsRaw"))
 
     @tags_raw.setter
@@ -650,14 +660,14 @@ class CfnProfileProps:
     ) -> None:
         '''Properties for defining a ``CfnProfile``.
 
-        :param name: The customer specified name of the resource.
-        :param role_arns: A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.
-        :param duration_seconds: The number of seconds vended session credentials will be valid for.
-        :param enabled: The enabled status of the resource.
-        :param managed_policy_arns: A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.
-        :param require_instance_properties: Specifies whether instance properties are required in CreateSession requests with this profile.
-        :param session_policy: A session policy that will applied to the trust boundary of the vended session credentials.
-        :param tags: A list of Tags.
+        :param name: The name of the profile.
+        :param role_arns: A list of IAM role ARNs. During ``CreateSession`` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.
+        :param duration_seconds: Sets the maximum number of seconds that vended temporary credentials through `CreateSession <https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html>`_ will be valid for, between 900 and 3600.
+        :param enabled: Indicates whether the profile is enabled.
+        :param managed_policy_arns: A list of managed policy ARNs that apply to the vended session credentials.
+        :param require_instance_properties: Specifies whether instance properties are required in temporary credential requests with this profile.
+        :param session_policy: A session policy that applies to the trust boundary of the vended session credentials.
+        :param tags: The tags to attach to the profile.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html
         :exampleMetadata: fixture=_generated
@@ -713,7 +723,7 @@ class CfnProfileProps:
 
     @builtins.property
     def name(self) -> builtins.str:
-        '''The customer specified name of the resource.
+        '''The name of the profile.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-name
         '''
@@ -723,7 +733,9 @@ class CfnProfileProps:
 
     @builtins.property
     def role_arns(self) -> typing.List[builtins.str]:
-        '''A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.
+        '''A list of IAM role ARNs.
+
+        During ``CreateSession`` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-rolearns
         '''
@@ -733,7 +745,7 @@ class CfnProfileProps:
 
     @builtins.property
     def duration_seconds(self) -> typing.Optional[jsii.Number]:
-        '''The number of seconds vended session credentials will be valid for.
+        '''Sets the maximum number of seconds that vended temporary credentials through `CreateSession <https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html>`_ will be valid for, between 900 and 3600.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-durationseconds
         '''
@@ -744,7 +756,7 @@ class CfnProfileProps:
     def enabled(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''The enabled status of the resource.
+        '''Indicates whether the profile is enabled.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-enabled
         '''
@@ -753,9 +765,7 @@ class CfnProfileProps:
 
     @builtins.property
     def managed_policy_arns(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''A list of managed policy ARNs.
-
-        Managed policies identified by this list will be applied to the vended session credentials.
+        '''A list of managed policy ARNs that apply to the vended session credentials.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-managedpolicyarns
         '''
@@ -766,7 +776,7 @@ class CfnProfileProps:
     def require_instance_properties(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''Specifies whether instance properties are required in CreateSession requests with this profile.
+        '''Specifies whether instance properties are required in temporary credential requests with this profile.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-requireinstanceproperties
         '''
@@ -775,7 +785,7 @@ class CfnProfileProps:
 
     @builtins.property
     def session_policy(self) -> typing.Optional[builtins.str]:
-        '''A session policy that will applied to the trust boundary of the vended session credentials.
+        '''A session policy that applies to the trust boundary of the vended session credentials.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-sessionpolicy
         '''
@@ -784,7 +794,7 @@ class CfnProfileProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''A list of Tags.
+        '''The tags to attach to the profile.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-profile.html#cfn-rolesanywhere-profile-tags
         '''
@@ -809,9 +819,14 @@ class CfnTrustAnchor(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_rolesanywhere.CfnTrustAnchor",
 ):
-    '''Creates a TrustAnchor.
+    '''Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA).
+
+    You can define a trust anchor as a reference to an AWS Private Certificate Authority ( AWS Private CA ) or by uploading a CA certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary AWS credentials.
+
+    *Required permissions:* ``rolesanywhere:CreateTrustAnchor`` .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rolesanywhere-trustanchor.html
+    :cloudformationResource: AWS::RolesAnywhere::TrustAnchor
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -1137,7 +1152,7 @@ class CfnTrustAnchor(
             acm_pca_arn: typing.Optional[builtins.str] = None,
             x509_certificate_data: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''A union object representing the data field of the TrustAnchor depending on its type.
+            '''The data field of the trust anchor depending on its type.
 
             :param acm_pca_arn: The root certificate of the AWS Private Certificate Authority specified by this ARN is used in trust validation for temporary credential requests. Included for trust anchors of type ``AWS_ACM_PCA`` . .. epigraph:: This field is not supported in your region.
             :param x509_certificate_data: The PEM-encoded data for the certificate anchor. Included for trust anchors of type ``CERTIFICATE_BUNDLE`` .
@@ -1214,10 +1229,10 @@ class CfnTrustAnchor(
             source_data: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnTrustAnchor.SourceDataProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             source_type: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''Object representing the TrustAnchor type and its related certificate data.
+            '''The trust anchor type and its related certificate data.
 
-            :param source_data: A union object representing the data field of the TrustAnchor depending on its type.
-            :param source_type: The type of the TrustAnchor.
+            :param source_data: The data field of the trust anchor depending on its type.
+            :param source_type: The type of the TrustAnchor. .. epigraph:: ``AWS_ACM_PCA`` is not an allowed value in your region.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rolesanywhere-trustanchor-source.html
             :exampleMetadata: fixture=_generated
@@ -1250,7 +1265,7 @@ class CfnTrustAnchor(
         def source_data(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnTrustAnchor.SourceDataProperty"]]:
-            '''A union object representing the data field of the TrustAnchor depending on its type.
+            '''The data field of the trust anchor depending on its type.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rolesanywhere-trustanchor-source.html#cfn-rolesanywhere-trustanchor-source-sourcedata
             '''
@@ -1261,6 +1276,10 @@ class CfnTrustAnchor(
         def source_type(self) -> typing.Optional[builtins.str]:
             '''The type of the TrustAnchor.
 
+            .. epigraph::
+
+               ``AWS_ACM_PCA`` is not an allowed value in your region.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rolesanywhere-trustanchor-source.html#cfn-rolesanywhere-trustanchor-source-sourcetype
             '''
             result = self._values.get("source_type")

aws_cdk/aws_route53/__init__.py

@@ -554,6 +554,7 @@ class CfnCidrCollection(
     '''Creates a CIDR collection in the current AWS account.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53-cidrcollection.html
+    :cloudformationResource: AWS::Route53::CidrCollection
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -839,6 +840,7 @@ class CfnDNSSEC(
     '''The ``AWS::Route53::DNSSEC`` resource is used to enable DNSSEC signing in a hosted zone.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53-dnssec.html
+    :cloudformationResource: AWS::Route53::DNSSEC
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -1002,6 +1004,7 @@ class CfnHealthCheck(
     - You can create a CloudWatch metric, associate an alarm with the metric, and then create a health check that is based on the state of the alarm. For example, you might create a CloudWatch metric that checks the status of the Amazon EC2 ``StatusCheckFailed`` metric, add an alarm to the metric, and then create a health check that is based on the state of the alarm. For information about creating CloudWatch metrics and alarms by using the CloudWatch console, see the `Amazon CloudWatch User Guide <https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatch.html>`_ .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53-healthcheck.html
+    :cloudformationResource: AWS::Route53::HealthCheck
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -1892,6 +1895,7 @@ class CfnHostedZone(
        For more information, see `Access Management <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html>`_ in the *AWS General Reference* .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53-hostedzone.html
+    :cloudformationResource: AWS::Route53::HostedZone
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -2573,6 +2577,7 @@ class CfnKeySigningKey(
     The hosted zone ID is passed as a parameter in the KSK properties. You can specify the properties of this KSK using the ``Name`` , ``Status`` , and ``KeyManagementServiceArn`` properties of the resource.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53-keysigningkey.html
+    :cloudformationResource: AWS::Route53::KeySigningKey
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -2842,6 +2847,7 @@ class CfnRecordSet(
     For more information, see `ChangeResourceRecordSets <https://docs.aws.amazon.com/Route53/latest/APIReference/API_ChangeResourceRecordSets.html>`_ in the *Amazon Route 53 API Reference* .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53-recordset.html
+    :cloudformationResource: AWS::Route53::RecordSet
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -3621,6 +3627,7 @@ class CfnRecordSetGroup(
     '''A complex type that contains an optional comment, the name and ID of the hosted zone that you want to make changes in, and values for the records that you want to create.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53-recordsetgroup.html
+    :cloudformationResource: AWS::Route53::RecordSetGroup
     :exampleMetadata: fixture=_generated
 
     Example::

aws_cdk/aws_route53recoverycontrol/__init__.py

@@ -62,6 +62,7 @@ class CfnCluster(
     A cluster is a set of redundant Regional endpoints that you can run Route 53 ARC API calls against to update or get the state of one or more routing controls.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53recoverycontrol-cluster.html
+    :cloudformationResource: AWS::Route53RecoveryControl::Cluster
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -366,6 +367,7 @@ class CfnControlPanel(
     A control panel represents a group of routing controls that can be changed together in a single transaction. You can use a control panel to centrally view the operational status of applications across your organization, and trigger multi-app failovers in a single transaction, for example, to fail over from one AWS Region (cell) to another.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53recoverycontrol-controlpanel.html
+    :cloudformationResource: AWS::Route53RecoveryControl::ControlPanel
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -636,6 +638,7 @@ class CfnRoutingControl(
     To get or update the state of the routing control, you must specify a cluster endpoint, which is an endpoint URL and an AWS Region. For more information, see `Code examples <https://docs.aws.amazon.com/r53recovery/latest/dg/service_code_examples.html>`_ in the Amazon Route 53 Application Recovery Controller Developer Guide.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53recoverycontrol-routingcontrol.html
+    :cloudformationResource: AWS::Route53RecoveryControl::RoutingControl
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -888,6 +891,7 @@ class CfnSafetyRule(
     For more information, see `Safety rules <https://docs.aws.amazon.com/r53recovery/latest/dg/routing-control.safety-rules.html>`_ in the Amazon Route 53 Application Recovery Controller Developer Guide.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53recoverycontrol-safetyrule.html
+    :cloudformationResource: AWS::Route53RecoveryControl::SafetyRule
     :exampleMetadata: fixture=_generated
 
     Example::

aws_cdk/aws_route53recoveryreadiness/__init__.py

@@ -68,6 +68,7 @@ class CfnCell(
     Route 53 ARC Readiness supports us-east-1 and us-west-2 AWS Regions only.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53recoveryreadiness-cell.html
+    :cloudformationResource: AWS::Route53RecoveryReadiness::Cell
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -317,6 +318,7 @@ class CfnReadinessCheck(
     Route 53 ARC Readiness supports us-east-1 and us-west-2 AWS Regions only.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53recoveryreadiness-readinesscheck.html
+    :cloudformationResource: AWS::Route53RecoveryReadiness::ReadinessCheck
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -561,6 +563,7 @@ class CfnRecoveryGroup(
     Route 53 ARC Readiness supports us-east-1 and us-west-2 AWS Regions only.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53recoveryreadiness-recoverygroup.html
+    :cloudformationResource: AWS::Route53RecoveryReadiness::RecoveryGroup
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -805,6 +808,7 @@ class CfnResourceSet(
     Route 53 ARC Readiness supports us-east-1 and us-west-2 AWS Regions only.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53recoveryreadiness-resourceset.html
+    :cloudformationResource: AWS::Route53RecoveryReadiness::ResourceSet
     :exampleMetadata: fixture=_generated
 
     Example::

aws_cdk/aws_route53resolver/__init__.py

@@ -67,6 +67,7 @@ class CfnFirewallDomainList(
     To retrieve the domains that are defined for this domain list, call `ListFirewallDomains <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListFirewallDomains.html>`_ .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-firewalldomainlist.html
+    :cloudformationResource: AWS::Route53Resolver::FirewallDomainList
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -415,6 +416,7 @@ class CfnFirewallRuleGroup(
     A firewall rule group is a collection of rules that DNS Firewall uses to filter DNS network traffic for a VPC. To retrieve the rules for the rule group, call `ListFirewallRules <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListFirewallRules.html>`_ .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-firewallrulegroup.html
+    :cloudformationResource: AWS::Route53Resolver::FirewallRuleGroup
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -837,6 +839,7 @@ class CfnFirewallRuleGroupAssociation(
     '''An association between a firewall rule group and a VPC, which enables DNS filtering for the VPC.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-firewallrulegroupassociation.html
+    :cloudformationResource: AWS::Route53Resolver::FirewallRuleGroupAssociation
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -1353,6 +1356,7 @@ class CfnOutpostResolver(
     '''Creates a Amazon Route 53 Resolver on an Outpost.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-outpostresolver.html
+    :cloudformationResource: AWS::Route53Resolver::OutpostResolver
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -1714,6 +1718,7 @@ class CfnResolverConfig(
     '''A complex type that contains information about a Resolver configuration for a VPC.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-resolverconfig.html
+    :cloudformationResource: AWS::Route53Resolver::ResolverConfig
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -1929,6 +1934,7 @@ class CfnResolverDNSSECConfig(
     '''The ``AWS::Route53Resolver::ResolverDNSSECConfig`` resource is a complex type that contains information about a configuration for DNSSEC validation.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-resolverdnssecconfig.html
+    :cloudformationResource: AWS::Route53Resolver::ResolverDNSSECConfig
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -2113,6 +2119,7 @@ class CfnResolverEndpoint(
        - When you update a dual-stack IP address, you must update both IP addresses. You can’t update only an IPv4 or IPv6 and keep an existing IP address.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-resolverendpoint.html
+    :cloudformationResource: AWS::Route53Resolver::ResolverEndpoint
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -2710,6 +2717,7 @@ class CfnResolverQueryLoggingConfig(
     '''The AWS::Route53Resolver::ResolverQueryLoggingConfig resource is a complex type that contains settings for one query logging configuration.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-resolverqueryloggingconfig.html
+    :cloudformationResource: AWS::Route53Resolver::ResolverQueryLoggingConfig
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -2904,6 +2912,7 @@ class CfnResolverQueryLoggingConfigAssociation(
     After you create a query logging configuration, Amazon Route 53 begins to publish log data to an Amazon CloudWatch Logs log group.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-resolverqueryloggingconfigassociation.html
+    :cloudformationResource: AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -3219,6 +3228,7 @@ class CfnResolverRule(
     '''For DNS queries that originate in your VPCs, specifies which Resolver endpoint the queries pass through, one domain name that you want to forward to your network, and the IP addresses of the DNS resolvers in your network.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-resolverrule.html
+    :cloudformationResource: AWS::Route53Resolver::ResolverRule
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -3562,6 +3572,7 @@ class CfnResolverRuleAssociation(
     '''In the response to an `AssociateResolverRule <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_AssociateResolverRule.html>`_ , `DisassociateResolverRule <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_DisassociateResolverRule.html>`_ , or `ListResolverRuleAssociations <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRuleAssociations.html>`_ request, provides information about an association between a resolver rule and a VPC. The association determines which DNS queries that originate in the VPC are forwarded to your network.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53resolver-resolverruleassociation.html
+    :cloudformationResource: AWS::Route53Resolver::ResolverRuleAssociation
     :exampleMetadata: fixture=_generated
 
     Example::

aws_cdk/aws_rum/__init__.py

@@ -64,6 +64,7 @@ class CfnAppMonitor(
     After you create an app monitor, sign in to the CloudWatch RUM console to get the JavaScript code snippet to add to your web application. For more information, see `How do I find a code snippet that I've already generated? <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-RUM-find-code-snippet.html>`_
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rum-appmonitor.html
+    :cloudformationResource: AWS::RUM::AppMonitor
     :exampleMetadata: fixture=_generated
 
     Example::

aws_cdk/aws_s3/__init__.py

@@ -2168,6 +2168,7 @@ class CfnAccessPoint(
     '''The AWS::S3::AccessPoint resource is an Amazon S3 resource type that you can use to access buckets.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html
+    :cloudformationResource: AWS::S3::AccessPoint
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -2756,6 +2757,7 @@ class CfnBucket(
        You can only delete empty buckets. Deletion fails for buckets that have contents.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucket.html
+    :cloudformationResource: AWS::S3::Bucket
     :exampleMetadata: infused
 
     Example::
@@ -8871,6 +8873,7 @@ class CfnBucketPolicy(
     - `DeleteBucket <https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html>`_
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-bucketpolicy.html
+    :cloudformationResource: AWS::S3::BucketPolicy
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -9484,6 +9487,7 @@ class CfnMultiRegionAccessPoint(
     To learn more about Multi-Region Access Points, see `Multi-Region Access Points in Amazon S3 <https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiRegionAccessPoints.html>`_ in the in the *Amazon S3 User Guide* .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspoint.html
+    :cloudformationResource: AWS::S3::MultiRegionAccessPoint
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -9863,6 +9867,7 @@ class CfnMultiRegionAccessPointPolicy(
     It is not possible to delete an access policy for a Multi-Region Access Point from the CloudFormation template. When you attempt to delete the policy, CloudFormation updates the policy using ``DeletionPolicy:Retain`` and ``UpdateReplacePolicy:Retain`` . CloudFormation updates the policy to only allow access to the account that created the bucket.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-multiregionaccesspointpolicy.html
+    :cloudformationResource: AWS::S3::MultiRegionAccessPointPolicy
     :exampleMetadata: fixture=_generated
 
     Example::
@@ -10224,6 +10229,7 @@ class CfnStorageLens(
     '''The AWS::S3::StorageLens resource creates an Amazon S3 Storage Lens configuration.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-storagelens.html
+    :cloudformationResource: AWS::S3::StorageLens
     :exampleMetadata: fixture=_generated
 
     Example::