aws-cdk.cx-api 2.175.1__tar.gz → 2.177.0__tar.gz

{aws_cdk_cx_api-2.175.1 → aws_cdk_cx_api-2.177.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: aws-cdk.cx-api
-Version: 2.175.1
+Version: 2.177.0
 Summary: Cloud executable protocol
 Home-page: https://github.com/aws/aws-cdk
 Author: Amazon Web Services
@@ -23,8 +23,8 @@ Requires-Python: ~=3.8
 Description-Content-Type: text/markdown
 License-File: LICENSE
 License-File: NOTICE
-Requires-Dist: aws-cdk.cloud-assembly-schema<40.0.0,>=39.0.0
-Requires-Dist: jsii<2.0.0,>=1.104.0
+Requires-Dist: aws-cdk.cloud-assembly-schema<40.0.0,>=39.2.0
+Requires-Dist: jsii<2.0.0,>=1.106.0
 Requires-Dist: publication>=0.0.3
 Requires-Dist: typeguard<4.3.0,>=2.13.3
 
@@ -48,7 +48,7 @@ and error indicating that a bucket policy already exists.
 In cases where we know what the required policy is we can go ahead and create the policy so we can
 remain in control of it.
 
-https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3
+[https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3)
 
 *cdk.json*
 
@@ -151,7 +151,7 @@ enabled on the bucket.
 This flag uses a Bucket Policy statement to allow Server Access Log delivery, following best
 practices for S3.
 
-https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html
+[https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html)
 
 ```json
 {
@@ -201,7 +201,7 @@ Enable this feature flag to use the `AmazonEMRServicePolicy_v2` managed policies
 This is a feature flag as the old behavior will be deprecated, but some resources may require manual
 intervention since they might not have the appropriate tags propagated automatically.
 
-https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html
+[https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html)
 
 *cdk.json*
 
@@ -394,7 +394,7 @@ When this featuer flag is enabled, remove the default deployment alarm settings
 When enabled, IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN.
 
 When this feature flag is enabled, the IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN.
-The revision ARN is more specific than the task definition ARN. See https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html
+The revision ARN is more specific than the task definition ARN. See [https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html](https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html)
 for more details.
 
 *cdk.json*
@@ -585,3 +585,42 @@ guarantee the correct execution of the feature in all platforms. See [Github dis
   },
 }
 ```
+
+* `@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault`
+
+When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere,
+For internet facing ALBs with `dualstack-without-public-ipv4` IP address type, the default security group rules
+will allow IPv6 ingress from anywhere (::/0). Previously, the default security group rules would only allow IPv4 ingress.
+
+Using a feature flag to make sure existing customers who might be relying
+on the overly restrictive permissions are not broken.,
+
+If the flag is set to false then the default security group rules will only allow IPv4 ingress.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": true
+  }
+}
+```
+
+* `@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections`
+
+When this feature flag is enabled, the default behaviour of OIDC Provider's custom resource handler will
+default to reject unauthorized connections when downloading CA Certificates.
+
+When this feature flag is disabled, the behaviour will be the same as current and will allow downloading
+thumbprints from unsecure connnections.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": true
+  }
+}
+```

aws_cdk_cx_api-2.175.1/src/aws_cdk.cx_api.egg-info/PKG-INFO → aws_cdk_cx_api-2.177.0/README.md

@@ -1,33 +1,3 @@
-Metadata-Version: 2.1
-Name: aws-cdk.cx-api
-Version: 2.175.1
-Summary: Cloud executable protocol
-Home-page: https://github.com/aws/aws-cdk
-Author: Amazon Web Services
-License: Apache-2.0
-Project-URL: Source, https://github.com/aws/aws-cdk.git
-Classifier: Intended Audience :: Developers
-Classifier: Operating System :: OS Independent
-Classifier: Programming Language :: JavaScript
-Classifier: Programming Language :: Python :: 3 :: Only
-Classifier: Programming Language :: Python :: 3.8
-Classifier: Programming Language :: Python :: 3.9
-Classifier: Programming Language :: Python :: 3.10
-Classifier: Programming Language :: Python :: 3.11
-Classifier: Typing :: Typed
-Classifier: Development Status :: 5 - Production/Stable
-Classifier: License :: OSI Approved
-Classifier: Framework :: AWS CDK
-Classifier: Framework :: AWS CDK :: 2
-Requires-Python: ~=3.8
-Description-Content-Type: text/markdown
-License-File: LICENSE
-License-File: NOTICE
-Requires-Dist: aws-cdk.cloud-assembly-schema<40.0.0,>=39.0.0
-Requires-Dist: jsii<2.0.0,>=1.104.0
-Requires-Dist: publication>=0.0.3
-Requires-Dist: typeguard<4.3.0,>=2.13.3
-
 # Cloud Executable API
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.
@@ -48,7 +18,7 @@ and error indicating that a bucket policy already exists.
 In cases where we know what the required policy is we can go ahead and create the policy so we can
 remain in control of it.
 
-https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3
+[https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3)
 
 *cdk.json*
 
@@ -151,7 +121,7 @@ enabled on the bucket.
 This flag uses a Bucket Policy statement to allow Server Access Log delivery, following best
 practices for S3.
 
-https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html
+[https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html)
 
 ```json
 {
@@ -201,7 +171,7 @@ Enable this feature flag to use the `AmazonEMRServicePolicy_v2` managed policies
 This is a feature flag as the old behavior will be deprecated, but some resources may require manual
 intervention since they might not have the appropriate tags propagated automatically.
 
-https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html
+[https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html)
 
 *cdk.json*
 
@@ -394,7 +364,7 @@ When this featuer flag is enabled, remove the default deployment alarm settings
 When enabled, IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN.
 
 When this feature flag is enabled, the IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN.
-The revision ARN is more specific than the task definition ARN. See https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html
+The revision ARN is more specific than the task definition ARN. See [https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html](https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html)
 for more details.
 
 *cdk.json*
@@ -585,3 +555,42 @@ guarantee the correct execution of the feature in all platforms. See [Github dis
   },
 }
 ```
+
+* `@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault`
+
+When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere,
+For internet facing ALBs with `dualstack-without-public-ipv4` IP address type, the default security group rules
+will allow IPv6 ingress from anywhere (::/0). Previously, the default security group rules would only allow IPv4 ingress.
+
+Using a feature flag to make sure existing customers who might be relying
+on the overly restrictive permissions are not broken.,
+
+If the flag is set to false then the default security group rules will only allow IPv4 ingress.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": true
+  }
+}
+```
+
+* `@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections`
+
+When this feature flag is enabled, the default behaviour of OIDC Provider's custom resource handler will
+default to reject unauthorized connections when downloading CA Certificates.
+
+When this feature flag is disabled, the behaviour will be the same as current and will allow downloading
+thumbprints from unsecure connnections.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": true
+  }
+}
+```

{aws_cdk_cx_api-2.175.1 → aws_cdk_cx_api-2.177.0}/setup.py

@@ -5,7 +5,7 @@ kwargs = json.loads(
     """
 {
     "name": "aws-cdk.cx-api",
-    "version": "2.175.1",
+    "version": "2.177.0",
     "description": "Cloud executable protocol",
     "license": "Apache-2.0",
     "url": "https://github.com/aws/aws-cdk",
@@ -26,7 +26,7 @@ kwargs = json.loads(
     ],
     "package_data": {
         "aws_cdk.cx_api._jsii": [
-            "cx-api@2.175.1.jsii.tgz"
+            "cx-api@2.177.0.jsii.tgz"
         ],
         "aws_cdk.cx_api": [
             "py.typed"
@@ -34,8 +34,8 @@ kwargs = json.loads(
     },
     "python_requires": "~=3.8",
     "install_requires": [
-        "aws-cdk.cloud-assembly-schema>=39.0.0, <40.0.0",
-        "jsii>=1.104.0, <2.0.0",
+        "aws-cdk.cloud-assembly-schema>=39.2.0, <40.0.0",
+        "jsii>=1.106.0, <2.0.0",
         "publication>=0.0.3",
         "typeguard>=2.13.3,<4.3.0"
     ],

{aws_cdk_cx_api-2.175.1 → aws_cdk_cx_api-2.177.0}/src/aws_cdk/cx_api/__init__.py

@@ -19,7 +19,7 @@ and error indicating that a bucket policy already exists.
 In cases where we know what the required policy is we can go ahead and create the policy so we can
 remain in control of it.
 
-https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3
+[https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3)
 
 *cdk.json*
 
@@ -122,7 +122,7 @@ enabled on the bucket.
 This flag uses a Bucket Policy statement to allow Server Access Log delivery, following best
 practices for S3.
 
-https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html
+[https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html)
 
 ```json
 {
@@ -172,7 +172,7 @@ Enable this feature flag to use the `AmazonEMRServicePolicy_v2` managed policies
 This is a feature flag as the old behavior will be deprecated, but some resources may require manual
 intervention since they might not have the appropriate tags propagated automatically.
 
-https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html
+[https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html)
 
 *cdk.json*
 
@@ -365,7 +365,7 @@ When this featuer flag is enabled, remove the default deployment alarm settings
 When enabled, IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN.
 
 When this feature flag is enabled, the IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN.
-The revision ARN is more specific than the task definition ARN. See https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html
+The revision ARN is more specific than the task definition ARN. See [https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html](https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html)
 for more details.
 
 *cdk.json*
@@ -556,6 +556,45 @@ guarantee the correct execution of the feature in all platforms. See [Github dis
   },
 }
 ```
+
+* `@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault`
+
+When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere,
+For internet facing ALBs with `dualstack-without-public-ipv4` IP address type, the default security group rules
+will allow IPv6 ingress from anywhere (::/0). Previously, the default security group rules would only allow IPv4 ingress.
+
+Using a feature flag to make sure existing customers who might be relying
+on the overly restrictive permissions are not broken.,
+
+If the flag is set to false then the default security group rules will only allow IPv4 ingress.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": true
+  }
+}
+```
+
+* `@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections`
+
+When this feature flag is enabled, the default behaviour of OIDC Provider's custom resource handler will
+default to reject unauthorized connections when downloading CA Certificates.
+
+When this feature flag is disabled, the behaviour will be the same as current and will allow downloading
+thumbprints from unsecure connnections.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": true
+  }
+}
+```
 '''
 from pkgutil import extend_path
 __path__ = extend_path(__path__, __name__)
@@ -965,6 +1004,7 @@ class CloudArtifact(metaclass=jsii.JSIIMeta, jsii_type="@aws-cdk/cx-api.CloudArt
         return typing.cast(typing.List["SynthesisMessage"], jsii.get(self, "messages"))
 
 
+@jsii.implements(_aws_cdk_cloud_assembly_schema_cae1d136.ICloudAssembly)
 class CloudAssembly(metaclass=jsii.JSIIMeta, jsii_type="@aws-cdk/cx-api.CloudAssembly"):
     '''Represents a deployable cloud application.
 
@@ -1009,6 +1049,20 @@ class CloudAssembly(metaclass=jsii.JSIIMeta, jsii_type="@aws-cdk/cx-api.CloudAss
 
         jsii.create(self.__class__, self, [directory, load_options])
 
+    @jsii.member(jsii_name="isCloudAssembly")
+    @builtins.classmethod
+    def is_cloud_assembly(cls, x: typing.Any) -> builtins.bool:
+        '''Return whether the given object is a CloudAssembly.
+
+        We do attribute detection since we can't reliably use 'instanceof'.
+
+        :param x: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__896de0ab238f2d25a3c91a759c5498ef6b66f487ca63a69dddf3c7c53b6e77b3)
+            check_type(argname="argument x", value=x, expected_type=type_hints["x"])
+        return typing.cast(builtins.bool, jsii.sinvoke(cls, "isCloudAssembly", [x]))
+
     @jsii.member(jsii_name="getNestedAssembly")
     def get_nested_assembly(self, artifact_id: builtins.str) -> "CloudAssembly":
         '''Returns a nested assembly.
@@ -2405,7 +2459,7 @@ class MetadataEntry(_aws_cdk_cloud_assembly_schema_cae1d136.MetadataEntry):
         self,
         *,
         type: builtins.str,
-        data: typing.Optional[typing.Union[builtins.str, typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FileAssetMetadataEntry, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.ContainerImageAssetMetadataEntry, typing.Dict[builtins.str, typing.Any]], typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.Tag, typing.Dict[builtins.str, typing.Any]]]]] = None,
+        data: typing.Optional[typing.Union[builtins.str, jsii.Number, builtins.bool, typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FileAssetMetadataEntry, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.ContainerImageAssetMetadataEntry, typing.Dict[builtins.str, typing.Any]], typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.Tag, typing.Dict[builtins.str, typing.Any]]]]] = None,
         trace: typing.Optional[typing.Sequence[builtins.str]] = None,
     ) -> None:
         '''(deprecated) Backwards compatibility for when ``MetadataEntry`` was defined here.
@@ -2460,13 +2514,13 @@ class MetadataEntry(_aws_cdk_cloud_assembly_schema_cae1d136.MetadataEntry):
     @builtins.property
     def data(
         self,
-    ) -> typing.Optional[typing.Union[builtins.str, _aws_cdk_cloud_assembly_schema_cae1d136.FileAssetMetadataEntry, _aws_cdk_cloud_assembly_schema_cae1d136.ContainerImageAssetMetadataEntry, typing.List[_aws_cdk_cloud_assembly_schema_cae1d136.Tag]]]:
+    ) -> typing.Optional[typing.Union[builtins.str, jsii.Number, builtins.bool, _aws_cdk_cloud_assembly_schema_cae1d136.FileAssetMetadataEntry, _aws_cdk_cloud_assembly_schema_cae1d136.ContainerImageAssetMetadataEntry, typing.List[_aws_cdk_cloud_assembly_schema_cae1d136.Tag]]]:
         '''The data.
 
         :default: - no data.
         '''
         result = self._values.get("data")
-        return typing.cast(typing.Optional[typing.Union[builtins.str, _aws_cdk_cloud_assembly_schema_cae1d136.FileAssetMetadataEntry, _aws_cdk_cloud_assembly_schema_cae1d136.ContainerImageAssetMetadataEntry, typing.List[_aws_cdk_cloud_assembly_schema_cae1d136.Tag]]], result)
+        return typing.cast(typing.Optional[typing.Union[builtins.str, jsii.Number, builtins.bool, _aws_cdk_cloud_assembly_schema_cae1d136.FileAssetMetadataEntry, _aws_cdk_cloud_assembly_schema_cae1d136.ContainerImageAssetMetadataEntry, typing.List[_aws_cdk_cloud_assembly_schema_cae1d136.Tag]]], result)
 
     @builtins.property
     def trace(self) -> typing.Optional[typing.List[builtins.str]]:
@@ -2499,7 +2553,7 @@ class MetadataEntryResult(_aws_cdk_cloud_assembly_schema_cae1d136.MetadataEntry)
         self,
         *,
         type: builtins.str,
-        data: typing.Optional[typing.Union[builtins.str, typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FileAssetMetadataEntry, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.ContainerImageAssetMetadataEntry, typing.Dict[builtins.str, typing.Any]], typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.Tag, typing.Dict[builtins.str, typing.Any]]]]] = None,
+        data: typing.Optional[typing.Union[builtins.str, jsii.Number, builtins.bool, typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FileAssetMetadataEntry, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.ContainerImageAssetMetadataEntry, typing.Dict[builtins.str, typing.Any]], typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.Tag, typing.Dict[builtins.str, typing.Any]]]]] = None,
         trace: typing.Optional[typing.Sequence[builtins.str]] = None,
         path: builtins.str,
     ) -> None:
@@ -2551,13 +2605,13 @@ class MetadataEntryResult(_aws_cdk_cloud_assembly_schema_cae1d136.MetadataEntry)
     @builtins.property
     def data(
         self,
-    ) -> typing.Optional[typing.Union[builtins.str, _aws_cdk_cloud_assembly_schema_cae1d136.FileAssetMetadataEntry, _aws_cdk_cloud_assembly_schema_cae1d136.ContainerImageAssetMetadataEntry, typing.List[_aws_cdk_cloud_assembly_schema_cae1d136.Tag]]]:
+    ) -> typing.Optional[typing.Union[builtins.str, jsii.Number, builtins.bool, _aws_cdk_cloud_assembly_schema_cae1d136.FileAssetMetadataEntry, _aws_cdk_cloud_assembly_schema_cae1d136.ContainerImageAssetMetadataEntry, typing.List[_aws_cdk_cloud_assembly_schema_cae1d136.Tag]]]:
         '''The data.
 
         :default: - no data.
         '''
         result = self._values.get("data")
-        return typing.cast(typing.Optional[typing.Union[builtins.str, _aws_cdk_cloud_assembly_schema_cae1d136.FileAssetMetadataEntry, _aws_cdk_cloud_assembly_schema_cae1d136.ContainerImageAssetMetadataEntry, typing.List[_aws_cdk_cloud_assembly_schema_cae1d136.Tag]]], result)
+        return typing.cast(typing.Optional[typing.Union[builtins.str, jsii.Number, builtins.bool, _aws_cdk_cloud_assembly_schema_cae1d136.FileAssetMetadataEntry, _aws_cdk_cloud_assembly_schema_cae1d136.ContainerImageAssetMetadataEntry, typing.List[_aws_cdk_cloud_assembly_schema_cae1d136.Tag]]], result)
 
     @builtins.property
     def trace(self) -> typing.Optional[typing.List[builtins.str]]:
@@ -3994,6 +4048,12 @@ def _typecheckingstub__f166d3cdd543050e1f6916d3f8b21148d9dce169d0973ba379565d8cc
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__896de0ab238f2d25a3c91a759c5498ef6b66f487ca63a69dddf3c7c53b6e77b3(
+    x: typing.Any,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__5b18409e446ee0849b8e8bd80b844cb7b7741d0e1ffbece4d0bba5e5384aae08(
     artifact_id: builtins.str,
 ) -> None:
@@ -4182,7 +4242,7 @@ def _typecheckingstub__b54b307c2b08922d6c877b21587304c7faf7770ba07126997e90cdeb3
 def _typecheckingstub__555559c755818fb0c68e54d294338ddd2443772e16a9484abbd3cdbd79b25a32(
     *,
     type: builtins.str,
-    data: typing.Optional[typing.Union[builtins.str, typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FileAssetMetadataEntry, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.ContainerImageAssetMetadataEntry, typing.Dict[builtins.str, typing.Any]], typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.Tag, typing.Dict[builtins.str, typing.Any]]]]] = None,
+    data: typing.Optional[typing.Union[builtins.str, jsii.Number, builtins.bool, typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FileAssetMetadataEntry, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.ContainerImageAssetMetadataEntry, typing.Dict[builtins.str, typing.Any]], typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.Tag, typing.Dict[builtins.str, typing.Any]]]]] = None,
     trace: typing.Optional[typing.Sequence[builtins.str]] = None,
 ) -> None:
     """Type checking stubs"""
@@ -4191,7 +4251,7 @@ def _typecheckingstub__555559c755818fb0c68e54d294338ddd2443772e16a9484abbd3cdbd7
 def _typecheckingstub__de77435a8388b388a3788abe2a0f532fff7b7f8c48d501d071411098e021c1e2(
     *,
     type: builtins.str,
-    data: typing.Optional[typing.Union[builtins.str, typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FileAssetMetadataEntry, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.ContainerImageAssetMetadataEntry, typing.Dict[builtins.str, typing.Any]], typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.Tag, typing.Dict[builtins.str, typing.Any]]]]] = None,
+    data: typing.Optional[typing.Union[builtins.str, jsii.Number, builtins.bool, typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.FileAssetMetadataEntry, typing.Dict[builtins.str, typing.Any]], typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.ContainerImageAssetMetadataEntry, typing.Dict[builtins.str, typing.Any]], typing.Sequence[typing.Union[_aws_cdk_cloud_assembly_schema_cae1d136.Tag, typing.Dict[builtins.str, typing.Any]]]]] = None,
     trace: typing.Optional[typing.Sequence[builtins.str]] = None,
     path: builtins.str,
 ) -> None:

{aws_cdk_cx_api-2.175.1 → aws_cdk_cx_api-2.177.0}/src/aws_cdk/cx_api/_jsii/__init__.py

@@ -31,7 +31,7 @@ def check_type(argname: str, value: object, expected_type: typing.Any) -> typing
 import aws_cdk.cloud_assembly_schema._jsii
 
 __jsii_assembly__ = jsii.JSIIAssembly.load(
-    "@aws-cdk/cx-api", "2.175.1", __name__[0:-6], "cx-api@2.175.1.jsii.tgz"
+    "@aws-cdk/cx-api", "2.177.0", __name__[0:-6], "cx-api@2.177.0.jsii.tgz"
 )
 
 __all__ = [

aws_cdk_cx_api-2.175.1/README.md → aws_cdk_cx_api-2.177.0/src/aws_cdk.cx_api.egg-info/PKG-INFO

@@ -1,3 +1,33 @@
+Metadata-Version: 2.1
+Name: aws-cdk.cx-api
+Version: 2.177.0
+Summary: Cloud executable protocol
+Home-page: https://github.com/aws/aws-cdk
+Author: Amazon Web Services
+License: Apache-2.0
+Project-URL: Source, https://github.com/aws/aws-cdk.git
+Classifier: Intended Audience :: Developers
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: JavaScript
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Typing :: Typed
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: License :: OSI Approved
+Classifier: Framework :: AWS CDK
+Classifier: Framework :: AWS CDK :: 2
+Requires-Python: ~=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+License-File: NOTICE
+Requires-Dist: aws-cdk.cloud-assembly-schema<40.0.0,>=39.2.0
+Requires-Dist: jsii<2.0.0,>=1.106.0
+Requires-Dist: publication>=0.0.3
+Requires-Dist: typeguard<4.3.0,>=2.13.3
+
 # Cloud Executable API
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.
@@ -18,7 +48,7 @@ and error indicating that a bucket policy already exists.
 In cases where we know what the required policy is we can go ahead and create the policy so we can
 remain in control of it.
 
-https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3
+[https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3)
 
 *cdk.json*
 
@@ -121,7 +151,7 @@ enabled on the bucket.
 This flag uses a Bucket Policy statement to allow Server Access Log delivery, following best
 practices for S3.
 
-https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html
+[https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html)
 
 ```json
 {
@@ -171,7 +201,7 @@ Enable this feature flag to use the `AmazonEMRServicePolicy_v2` managed policies
 This is a feature flag as the old behavior will be deprecated, but some resources may require manual
 intervention since they might not have the appropriate tags propagated automatically.
 
-https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html
+[https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html)
 
 *cdk.json*
 
@@ -364,7 +394,7 @@ When this featuer flag is enabled, remove the default deployment alarm settings
 When enabled, IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN.
 
 When this feature flag is enabled, the IAM Policy created to run tasks won't include the task definition ARN, only the revision ARN.
-The revision ARN is more specific than the task definition ARN. See https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html
+The revision ARN is more specific than the task definition ARN. See [https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html](https://docs.aws.amazon.com/step-functions/latest/dg/ecs-iam.html)
 for more details.
 
 *cdk.json*
@@ -555,3 +585,42 @@ guarantee the correct execution of the feature in all platforms. See [Github dis
   },
 }
 ```
+
+* `@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault`
+
+When enabled, the default security group ingress rules will allow IPv6 ingress from anywhere,
+For internet facing ALBs with `dualstack-without-public-ipv4` IP address type, the default security group rules
+will allow IPv6 ingress from anywhere (::/0). Previously, the default security group rules would only allow IPv4 ingress.
+
+Using a feature flag to make sure existing customers who might be relying
+on the overly restrictive permissions are not broken.,
+
+If the flag is set to false then the default security group rules will only allow IPv4 ingress.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-elasticloadbalancingV2:albDualstackWithoutPublicIpv4SecurityGroupRulesDefault": true
+  }
+}
+```
+
+* `@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections`
+
+When this feature flag is enabled, the default behaviour of OIDC Provider's custom resource handler will
+default to reject unauthorized connections when downloading CA Certificates.
+
+When this feature flag is disabled, the behaviour will be the same as current and will allow downloading
+thumbprints from unsecure connnections.
+
+*cdk.json*
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections": true
+  }
+}
+```

{aws_cdk_cx_api-2.175.1 → aws_cdk_cx_api-2.177.0}/src/aws_cdk.cx_api.egg-info/SOURCES.txt

@@ -12,4 +12,4 @@ src/aws_cdk.cx_api.egg-info/top_level.txt
 src/aws_cdk/cx_api/__init__.py
 src/aws_cdk/cx_api/py.typed
 src/aws_cdk/cx_api/_jsii/__init__.py
-src/aws_cdk/cx_api/_jsii/cx-api@2.175.1.jsii.tgz
+src/aws_cdk/cx_api/_jsii/cx-api@2.177.0.jsii.tgz

aws_cdk_cx_api-2.177.0/src/aws_cdk.cx_api.egg-info/requires.txt

@@ -0,0 +1,4 @@
+aws-cdk.cloud-assembly-schema<40.0.0,>=39.2.0
+jsii<2.0.0,>=1.106.0
+publication>=0.0.3
+typeguard<4.3.0,>=2.13.3

aws_cdk_cx_api-2.175.1/src/aws_cdk.cx_api.egg-info/requires.txt

@@ -1,4 +0,0 @@
-aws-cdk.cloud-assembly-schema<40.0.0,>=39.0.0
-jsii<2.0.0,>=1.104.0
-publication>=0.0.3
-typeguard<4.3.0,>=2.13.3