jjrawlins-cdk-ami-builder 0.0.79__py3-none-any.whl

jjrawlins_cdk_ami_builder/__init__.py

@@ -0,0 +1,3526 @@
+r'''
+# ImagePipeline Construct for AWS CDK
+
+## Overview
+
+The `ImagePipeline` construct is a versatile and powerful component of the AWS Cloud Development Kit (CDK) designed for
+creating and managing AWS Image Builder pipelines. This construct simplifies the process of setting up automated
+pipelines for building and maintaining Amazon Machine Images (AMIs). It provides extensive customization options,
+enabling users to tailor the pipeline to specific needs, including vulnerability scanning, cross-account distribution,
+and more.
+
+## Benefits
+
+1. **Customizable Image Building**: Offers a wide range of parameters to customize the AMI, including VPC settings,
+   security groups, instance types, and more.
+2. **Automated Pipeline Management**: Automates the pipeline creation and execution process, reducing manual effort and
+   potential errors.
+3. **Cross-Account AMI Distribution**: Facilitates the copying of AMIs to multiple AWS accounts, enhancing resource
+   sharing and collaboration.
+4. **Vulnerability Scanning Integration**: Supports integration with AWS Inspector for continuous vulnerability
+   scanning, ensuring security compliance.
+5. **User-Friendly**: Designed with user experience in mind, making it easy to integrate into AWS CDK projects.
+6. **Scalability and Flexibility**: Scales according to your needs and provides flexibility in configuring various
+   aspects of the image building process.
+
+## Prerequisites
+
+* AWS account and AWS CLI configured.
+* Familiarity with AWS CDK and TypeScript.
+* Node.js and npm installed.
+
+## Installation
+
+Ensure that you have the AWS CDK installed. If not, you can install it using npm:
+
+```bash
+npm install -g aws-cdk
+```
+
+Next, add the `ImagePipeline` construct to your CDK project:
+
+```bash
+npm install '@jjrawlins/cdk-ami-builder' --save
+```
+
+## Usage Example
+
+Below is an example of how to use the `ImagePipeline` construct in your CDK application.
+
+### Importing the Construct
+
+First, import the `ImagePipeline` construct into your CDK application:
+
+```python
+import { ImagePipeline } from '@jjrawlins/cdk-ami-builder';
+```
+
+### Using the Construct
+
+Here's an example of how to use the `ImagePipeline` construct:
+
+```python
+const vpc = new Vpc(this, 'Vpc', {
+    ipAddresses: IpAddresses.cidr(props.vpcCidr as string),
+    maxAzs: 2,
+    subnetConfiguration: [
+        {
+            name: 'Public',
+            subnetType: SubnetType.PUBLIC,
+            cidrMask: 24,
+        },
+        {
+            name: 'Private',
+            subnetType: SubnetType.PRIVATE_WITH_EGRESS,
+            cidrMask: 24,
+        },
+    ],
+    natGateways: 1,
+});
+
+const image = ec2.MachineImage.lookup({
+    name: 'ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*',
+    owners: ['099720109477'],
+});
+
+const version = process.env.IMAGE_VERSION_NUMBER ?? '0.0.8';
+
+const imagePipeline = new ImagePipeline(this, 'ImagePipeline', {
+    parentImage: image.getImage(this).imageId,
+    vpc: vpc,
+    imageRecipeVersion: version,
+    components: [
+        {
+            name: 'Install-Monitoring',
+            platform: 'Linux',
+            componentDocument: {
+                phases: [{
+                    name: 'build',
+                    steps: [
+                        {
+                            name: 'Install-CloudWatch-Agent',
+                            action: 'ExecuteBash',
+                            inputs: {
+                                commands: [
+                                    'apt-get update',
+                                    'DEBIAN_FRONTEND=noninteractive apt-get install -y g++ make cmake unzip libcur14-openssl-dev',
+                                    'DEBIAN_FRONTEND=noninteractive apt-get install -y curl sudo jq bash zip unzip iptables software-properties-common ca-certificates',
+                                    'curl -sfLo /tmp/amazon-cloudwatch-agent.deb https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb',
+                                    'dpkg -i -E /tmp/amazon-cloudwatch-agent.deb',
+                                    'rm /tmp/amazon-cloudwatch-agent.deb',
+                                ],
+                            },
+                        },
+                    ],
+                }],
+            },
+        },
+    ],
+});
+
+new CfnOutput(this, `ImageId-${this.stackName}`, {
+    value: imagePipeline.imageId,  // Only valid if autoBuild=true
+    description: 'The AMI ID of the image created by the pipeline',
+});
+```
+
+This example demonstrates creating a new VPC and setting up an Image Pipeline within it. You can customize the `
+
+ImagePipeline` properties according to your requirements.
+
+### Customization Options
+
+* `vpc`: Specify the VPC where the Image Pipeline will be deployed.
+* `parentImage`: Define the base AMI for the image recipe.
+* `components`: List custom components for the AMI, such as software installations and configurations.
+* Additional properties like `imageRecipeVersion`, `platform`, `enableVulnScans`, etc., allow further customization.
+
+### Outputs
+
+The construct provides outputs like `imagePipelineArn` and `imageId`, which can be used in other parts of your AWS
+infrastructure setup.
+
+## Best Practices
+
+1. **Parameter Validation**: Ensure that all inputs to the construct are validated.
+2. **Security**: Follow best practices for security group and IAM role configurations.
+3. **Resource Naming**: Use meaningful names for resources for better manageability.
+4. **Error Handling**: Implement error handling for pipeline execution and custom resources.
+
+## Support and Contribution
+
+For support, please contact the package maintainer or open an issue in the repository. Contributions to the package are
+welcome. Please follow the contribution guidelines in the repository.
+
+---
+
+
+This README provides a basic guide to getting started with the `ImagePipeline` construct. For more advanced usage and
+customization, refer to the detailed documentation in the package.
+
+![User](https://lh3.googleusercontent.com/a/AEdFTp6yNsN1-EC5-OZ2vss91NDDYmHKgEHn8xwdd6eS=s96-c)
+'''
+from pkgutil import extend_path
+__path__ = extend_path(__path__, __name__)
+
+import abc
+import builtins
+import datetime
+import enum
+import typing
+
+import jsii
+import publication
+import typing_extensions
+
+import typeguard
+from importlib.metadata import version as _metadata_package_version
+TYPEGUARD_MAJOR_VERSION = int(_metadata_package_version('typeguard').split('.')[0])
+
+def check_type(argname: str, value: object, expected_type: typing.Any) -> typing.Any:
+    if TYPEGUARD_MAJOR_VERSION <= 2:
+        return typeguard.check_type(argname=argname, value=value, expected_type=expected_type) # type:ignore
+    else:
+        if isinstance(value, jsii._reference_map.InterfaceDynamicProxy): # pyright: ignore [reportAttributeAccessIssue]
+           pass
+        else:
+            if TYPEGUARD_MAJOR_VERSION == 3:
+                typeguard.config.collection_check_strategy = typeguard.CollectionCheckStrategy.ALL_ITEMS # type:ignore
+                typeguard.check_type(value=value, expected_type=expected_type) # type:ignore
+            else:
+                typeguard.check_type(value=value, expected_type=expected_type, collection_check_strategy=typeguard.CollectionCheckStrategy.ALL_ITEMS) # type:ignore
+
+from ._jsii import *
+
+import aws_cdk as _aws_cdk_ceddda9d
+import aws_cdk.aws_codeguruprofiler as _aws_cdk_aws_codeguruprofiler_ceddda9d
+import aws_cdk.aws_ec2 as _aws_cdk_aws_ec2_ceddda9d
+import aws_cdk.aws_iam as _aws_cdk_aws_iam_ceddda9d
+import aws_cdk.aws_imagebuilder as _aws_cdk_aws_imagebuilder_ceddda9d
+import aws_cdk.aws_kms as _aws_cdk_aws_kms_ceddda9d
+import aws_cdk.aws_lambda as _aws_cdk_aws_lambda_ceddda9d
+import aws_cdk.aws_logs as _aws_cdk_aws_logs_ceddda9d
+import aws_cdk.aws_sns as _aws_cdk_aws_sns_ceddda9d
+import aws_cdk.aws_sqs as _aws_cdk_aws_sqs_ceddda9d
+import constructs as _constructs_77d1e7e8
+
+
+class CheckStateMachineStatusFunction(
+    _aws_cdk_aws_lambda_ceddda9d.Function,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="@jjrawlins/cdk-ami-builder.CheckStateMachineStatusFunction",
+):
+    '''An AWS Lambda function which executes src/Lambdas/CheckStateMachineStatus/CheckStateMachineStatus.'''
+
+    def __init__(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        adot_instrumentation: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.AdotInstrumentationConfig, typing.Dict[builtins.str, typing.Any]]] = None,
+        allow_all_outbound: typing.Optional[builtins.bool] = None,
+        allow_public_subnet: typing.Optional[builtins.bool] = None,
+        architecture: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Architecture] = None,
+        code_signing_config: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ICodeSigningConfig] = None,
+        current_version_options: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.VersionOptions, typing.Dict[builtins.str, typing.Any]]] = None,
+        dead_letter_queue: typing.Optional[_aws_cdk_aws_sqs_ceddda9d.IQueue] = None,
+        dead_letter_queue_enabled: typing.Optional[builtins.bool] = None,
+        dead_letter_topic: typing.Optional[_aws_cdk_aws_sns_ceddda9d.ITopic] = None,
+        description: typing.Optional[builtins.str] = None,
+        environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+        environment_encryption: typing.Optional[_aws_cdk_aws_kms_ceddda9d.IKey] = None,
+        ephemeral_storage_size: typing.Optional[_aws_cdk_ceddda9d.Size] = None,
+        events: typing.Optional[typing.Sequence[_aws_cdk_aws_lambda_ceddda9d.IEventSource]] = None,
+        filesystem: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.FileSystem] = None,
+        function_name: typing.Optional[builtins.str] = None,
+        initial_policy: typing.Optional[typing.Sequence[_aws_cdk_aws_iam_ceddda9d.PolicyStatement]] = None,
+        insights_version: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.LambdaInsightsVersion] = None,
+        layers: typing.Optional[typing.Sequence[_aws_cdk_aws_lambda_ceddda9d.ILayerVersion]] = None,
+        log_retention: typing.Optional[_aws_cdk_aws_logs_ceddda9d.RetentionDays] = None,
+        log_retention_retry_options: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.LogRetentionRetryOptions, typing.Dict[builtins.str, typing.Any]]] = None,
+        log_retention_role: typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole] = None,
+        memory_size: typing.Optional[jsii.Number] = None,
+        params_and_secrets: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ParamsAndSecretsLayerVersion] = None,
+        profiling: typing.Optional[builtins.bool] = None,
+        profiling_group: typing.Optional[_aws_cdk_aws_codeguruprofiler_ceddda9d.IProfilingGroup] = None,
+        reserved_concurrent_executions: typing.Optional[jsii.Number] = None,
+        role: typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole] = None,
+        runtime_management_mode: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.RuntimeManagementMode] = None,
+        security_groups: typing.Optional[typing.Sequence[_aws_cdk_aws_ec2_ceddda9d.ISecurityGroup]] = None,
+        timeout: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+        tracing: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Tracing] = None,
+        vpc: typing.Optional[_aws_cdk_aws_ec2_ceddda9d.IVpc] = None,
+        vpc_subnets: typing.Optional[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]] = None,
+        max_event_age: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+        on_failure: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination] = None,
+        on_success: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination] = None,
+        retry_attempts: typing.Optional[jsii.Number] = None,
+    ) -> None:
+        '''
+        :param scope: -
+        :param id: -
+        :param adot_instrumentation: Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation. Default: - No ADOT instrumentation
+        :param allow_all_outbound: Whether to allow the Lambda to send all network traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets. Default: true
+        :param allow_public_subnet: Lambda Functions in a public subnet can NOT access the internet. Use this property to acknowledge this limitation and still place the function in a public subnet. Default: false
+        :param architecture: The system architectures compatible with this lambda function. Default: Architecture.X86_64
+        :param code_signing_config: Code signing config associated with this function. Default: - Not Sign the Code
+        :param current_version_options: Options for the ``lambda.Version`` resource automatically created by the ``fn.currentVersion`` method. Default: - default options as described in ``VersionOptions``
+        :param dead_letter_queue: The SQS queue to use if DLQ is enabled. If SNS topic is desired, specify ``deadLetterTopic`` property instead. Default: - SQS queue with 14 day retention period if ``deadLetterQueueEnabled`` is ``true``
+        :param dead_letter_queue_enabled: Enabled DLQ. If ``deadLetterQueue`` is undefined, an SQS queue with default options will be defined for your Function. Default: - false unless ``deadLetterQueue`` is set, which implies DLQ is enabled.
+        :param dead_letter_topic: The SNS topic to use as a DLQ. Note that if ``deadLetterQueueEnabled`` is set to ``true``, an SQS queue will be created rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly. Default: - no SNS topic
+        :param description: A description of the function. Default: - No description.
+        :param environment: Key-value pairs that Lambda caches and makes available for your Lambda functions. Use environment variables to apply configuration changes, such as test and production environment configurations, without changing your Lambda function source code. Default: - No environment variables.
+        :param environment_encryption: The AWS KMS key that's used to encrypt your function's environment variables. Default: - AWS Lambda creates and uses an AWS managed customer master key (CMK).
+        :param ephemeral_storage_size: The size of the function’s /tmp directory in MiB. Default: 512 MiB
+        :param events: Event sources for this function. You can also add event sources using ``addEventSource``. Default: - No event sources.
+        :param filesystem: The filesystem configuration for the lambda function. Default: - will not mount any filesystem
+        :param function_name: A name for the function. Default: - AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type.
+        :param initial_policy: Initial policy statements to add to the created Lambda Role. You can call ``addToRolePolicy`` to the created lambda to add statements post creation. Default: - No policy statements are added to the created Lambda role.
+        :param insights_version: Specify the version of CloudWatch Lambda insights to use for monitoring. Default: - No Lambda Insights
+        :param layers: A list of layers to add to the function's execution environment. You can configure your Lambda function to pull in additional code during initialization in the form of layers. Layers are packages of libraries or other dependencies that can be used by multiple functions. Default: - No layers.
+        :param log_retention: The number of days log events are kept in CloudWatch Logs. When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to ``INFINITE``. Default: logs.RetentionDays.INFINITE
+        :param log_retention_retry_options: When log retention is specified, a custom resource attempts to create the CloudWatch log group. These options control the retry policy when interacting with CloudWatch APIs. Default: - Default AWS SDK retry options.
+        :param log_retention_role: The IAM role for the Lambda function associated with the custom resource that sets the retention policy. Default: - A new role is created.
+        :param memory_size: The amount of memory, in MB, that is allocated to your Lambda function. Lambda uses this value to proportionally allocate the amount of CPU power. For more information, see Resource Model in the AWS Lambda Developer Guide. Default: 128
+        :param params_and_secrets: Specify the configuration of Parameters and Secrets Extension. Default: - No Parameters and Secrets Extension
+        :param profiling: Enable profiling. Default: - No profiling.
+        :param profiling_group: Profiling Group. Default: - A new profiling group will be created if ``profiling`` is set.
+        :param reserved_concurrent_executions: The maximum of concurrent executions you want to reserve for the function. Default: - No specific limit - account limit.
+        :param role: Lambda execution role. This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal. The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself. The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole". Default: - A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling ``addToRolePolicy``.
+        :param runtime_management_mode: Sets the runtime management configuration for a function's version. Default: Auto
+        :param security_groups: The list of security groups to associate with the Lambda's network interfaces. Only used if 'vpc' is supplied. Default: - If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.
+        :param timeout: The function execution time (in seconds) after which Lambda terminates the function. Because the execution time affects cost, set this value based on the function's expected execution time. Default: Duration.seconds(3)
+        :param tracing: Enable AWS X-Ray Tracing for Lambda Function. Default: Tracing.Disabled
+        :param vpc: VPC network to place Lambda network interfaces. Specify this if the Lambda function needs to access resources in a VPC. This is required when ``vpcSubnets`` is specified. Default: - Function is not placed within a VPC.
+        :param vpc_subnets: Where to place the network interfaces within the VPC. This requires ``vpc`` to be specified in order for interfaces to actually be placed in the subnets. If ``vpc`` is not specify, this will raise an error. Note: Internet access for Lambda Functions requires a NAT Gateway, so picking public subnets is not allowed (unless ``allowPublicSubnet`` is set to ``true``). Default: - the Vpc default strategy if not specified
+        :param max_event_age: The maximum age of a request that Lambda sends to a function for processing. Minimum: 60 seconds Maximum: 6 hours Default: Duration.hours(6)
+        :param on_failure: The destination for failed invocations. Default: - no destination
+        :param on_success: The destination for successful invocations. Default: - no destination
+        :param retry_attempts: The maximum number of times to retry when the function returns an error. Minimum: 0 Maximum: 2 Default: 2
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__80a7e839717caae4ae025b044129f52691774b5a0c3597bea181450461089015)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        props = CheckStateMachineStatusFunctionProps(
+            adot_instrumentation=adot_instrumentation,
+            allow_all_outbound=allow_all_outbound,
+            allow_public_subnet=allow_public_subnet,
+            architecture=architecture,
+            code_signing_config=code_signing_config,
+            current_version_options=current_version_options,
+            dead_letter_queue=dead_letter_queue,
+            dead_letter_queue_enabled=dead_letter_queue_enabled,
+            dead_letter_topic=dead_letter_topic,
+            description=description,
+            environment=environment,
+            environment_encryption=environment_encryption,
+            ephemeral_storage_size=ephemeral_storage_size,
+            events=events,
+            filesystem=filesystem,
+            function_name=function_name,
+            initial_policy=initial_policy,
+            insights_version=insights_version,
+            layers=layers,
+            log_retention=log_retention,
+            log_retention_retry_options=log_retention_retry_options,
+            log_retention_role=log_retention_role,
+            memory_size=memory_size,
+            params_and_secrets=params_and_secrets,
+            profiling=profiling,
+            profiling_group=profiling_group,
+            reserved_concurrent_executions=reserved_concurrent_executions,
+            role=role,
+            runtime_management_mode=runtime_management_mode,
+            security_groups=security_groups,
+            timeout=timeout,
+            tracing=tracing,
+            vpc=vpc,
+            vpc_subnets=vpc_subnets,
+            max_event_age=max_event_age,
+            on_failure=on_failure,
+            on_success=on_success,
+            retry_attempts=retry_attempts,
+        )
+
+        jsii.create(self.__class__, self, [scope, id, props])
+
+
+@jsii.data_type(
+    jsii_type="@jjrawlins/cdk-ami-builder.CheckStateMachineStatusFunctionProps",
+    jsii_struct_bases=[_aws_cdk_aws_lambda_ceddda9d.FunctionOptions],
+    name_mapping={
+        "max_event_age": "maxEventAge",
+        "on_failure": "onFailure",
+        "on_success": "onSuccess",
+        "retry_attempts": "retryAttempts",
+        "adot_instrumentation": "adotInstrumentation",
+        "allow_all_outbound": "allowAllOutbound",
+        "allow_public_subnet": "allowPublicSubnet",
+        "architecture": "architecture",
+        "code_signing_config": "codeSigningConfig",
+        "current_version_options": "currentVersionOptions",
+        "dead_letter_queue": "deadLetterQueue",
+        "dead_letter_queue_enabled": "deadLetterQueueEnabled",
+        "dead_letter_topic": "deadLetterTopic",
+        "description": "description",
+        "environment": "environment",
+        "environment_encryption": "environmentEncryption",
+        "ephemeral_storage_size": "ephemeralStorageSize",
+        "events": "events",
+        "filesystem": "filesystem",
+        "function_name": "functionName",
+        "initial_policy": "initialPolicy",
+        "insights_version": "insightsVersion",
+        "layers": "layers",
+        "log_retention": "logRetention",
+        "log_retention_retry_options": "logRetentionRetryOptions",
+        "log_retention_role": "logRetentionRole",
+        "memory_size": "memorySize",
+        "params_and_secrets": "paramsAndSecrets",
+        "profiling": "profiling",
+        "profiling_group": "profilingGroup",
+        "reserved_concurrent_executions": "reservedConcurrentExecutions",
+        "role": "role",
+        "runtime_management_mode": "runtimeManagementMode",
+        "security_groups": "securityGroups",
+        "timeout": "timeout",
+        "tracing": "tracing",
+        "vpc": "vpc",
+        "vpc_subnets": "vpcSubnets",
+    },
+)
+class CheckStateMachineStatusFunctionProps(
+    _aws_cdk_aws_lambda_ceddda9d.FunctionOptions,
+):
+    def __init__(
+        self,
+        *,
+        max_event_age: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+        on_failure: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination] = None,
+        on_success: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination] = None,
+        retry_attempts: typing.Optional[jsii.Number] = None,
+        adot_instrumentation: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.AdotInstrumentationConfig, typing.Dict[builtins.str, typing.Any]]] = None,
+        allow_all_outbound: typing.Optional[builtins.bool] = None,
+        allow_public_subnet: typing.Optional[builtins.bool] = None,
+        architecture: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Architecture] = None,
+        code_signing_config: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ICodeSigningConfig] = None,
+        current_version_options: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.VersionOptions, typing.Dict[builtins.str, typing.Any]]] = None,
+        dead_letter_queue: typing.Optional[_aws_cdk_aws_sqs_ceddda9d.IQueue] = None,
+        dead_letter_queue_enabled: typing.Optional[builtins.bool] = None,
+        dead_letter_topic: typing.Optional[_aws_cdk_aws_sns_ceddda9d.ITopic] = None,
+        description: typing.Optional[builtins.str] = None,
+        environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+        environment_encryption: typing.Optional[_aws_cdk_aws_kms_ceddda9d.IKey] = None,
+        ephemeral_storage_size: typing.Optional[_aws_cdk_ceddda9d.Size] = None,
+        events: typing.Optional[typing.Sequence[_aws_cdk_aws_lambda_ceddda9d.IEventSource]] = None,
+        filesystem: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.FileSystem] = None,
+        function_name: typing.Optional[builtins.str] = None,
+        initial_policy: typing.Optional[typing.Sequence[_aws_cdk_aws_iam_ceddda9d.PolicyStatement]] = None,
+        insights_version: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.LambdaInsightsVersion] = None,
+        layers: typing.Optional[typing.Sequence[_aws_cdk_aws_lambda_ceddda9d.ILayerVersion]] = None,
+        log_retention: typing.Optional[_aws_cdk_aws_logs_ceddda9d.RetentionDays] = None,
+        log_retention_retry_options: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.LogRetentionRetryOptions, typing.Dict[builtins.str, typing.Any]]] = None,
+        log_retention_role: typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole] = None,
+        memory_size: typing.Optional[jsii.Number] = None,
+        params_and_secrets: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ParamsAndSecretsLayerVersion] = None,
+        profiling: typing.Optional[builtins.bool] = None,
+        profiling_group: typing.Optional[_aws_cdk_aws_codeguruprofiler_ceddda9d.IProfilingGroup] = None,
+        reserved_concurrent_executions: typing.Optional[jsii.Number] = None,
+        role: typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole] = None,
+        runtime_management_mode: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.RuntimeManagementMode] = None,
+        security_groups: typing.Optional[typing.Sequence[_aws_cdk_aws_ec2_ceddda9d.ISecurityGroup]] = None,
+        timeout: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+        tracing: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Tracing] = None,
+        vpc: typing.Optional[_aws_cdk_aws_ec2_ceddda9d.IVpc] = None,
+        vpc_subnets: typing.Optional[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]] = None,
+    ) -> None:
+        '''Props for CheckStateMachineStatusFunction.
+
+        :param max_event_age: The maximum age of a request that Lambda sends to a function for processing. Minimum: 60 seconds Maximum: 6 hours Default: Duration.hours(6)
+        :param on_failure: The destination for failed invocations. Default: - no destination
+        :param on_success: The destination for successful invocations. Default: - no destination
+        :param retry_attempts: The maximum number of times to retry when the function returns an error. Minimum: 0 Maximum: 2 Default: 2
+        :param adot_instrumentation: Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation. Default: - No ADOT instrumentation
+        :param allow_all_outbound: Whether to allow the Lambda to send all network traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets. Default: true
+        :param allow_public_subnet: Lambda Functions in a public subnet can NOT access the internet. Use this property to acknowledge this limitation and still place the function in a public subnet. Default: false
+        :param architecture: The system architectures compatible with this lambda function. Default: Architecture.X86_64
+        :param code_signing_config: Code signing config associated with this function. Default: - Not Sign the Code
+        :param current_version_options: Options for the ``lambda.Version`` resource automatically created by the ``fn.currentVersion`` method. Default: - default options as described in ``VersionOptions``
+        :param dead_letter_queue: The SQS queue to use if DLQ is enabled. If SNS topic is desired, specify ``deadLetterTopic`` property instead. Default: - SQS queue with 14 day retention period if ``deadLetterQueueEnabled`` is ``true``
+        :param dead_letter_queue_enabled: Enabled DLQ. If ``deadLetterQueue`` is undefined, an SQS queue with default options will be defined for your Function. Default: - false unless ``deadLetterQueue`` is set, which implies DLQ is enabled.
+        :param dead_letter_topic: The SNS topic to use as a DLQ. Note that if ``deadLetterQueueEnabled`` is set to ``true``, an SQS queue will be created rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly. Default: - no SNS topic
+        :param description: A description of the function. Default: - No description.
+        :param environment: Key-value pairs that Lambda caches and makes available for your Lambda functions. Use environment variables to apply configuration changes, such as test and production environment configurations, without changing your Lambda function source code. Default: - No environment variables.
+        :param environment_encryption: The AWS KMS key that's used to encrypt your function's environment variables. Default: - AWS Lambda creates and uses an AWS managed customer master key (CMK).
+        :param ephemeral_storage_size: The size of the function’s /tmp directory in MiB. Default: 512 MiB
+        :param events: Event sources for this function. You can also add event sources using ``addEventSource``. Default: - No event sources.
+        :param filesystem: The filesystem configuration for the lambda function. Default: - will not mount any filesystem
+        :param function_name: A name for the function. Default: - AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type.
+        :param initial_policy: Initial policy statements to add to the created Lambda Role. You can call ``addToRolePolicy`` to the created lambda to add statements post creation. Default: - No policy statements are added to the created Lambda role.
+        :param insights_version: Specify the version of CloudWatch Lambda insights to use for monitoring. Default: - No Lambda Insights
+        :param layers: A list of layers to add to the function's execution environment. You can configure your Lambda function to pull in additional code during initialization in the form of layers. Layers are packages of libraries or other dependencies that can be used by multiple functions. Default: - No layers.
+        :param log_retention: The number of days log events are kept in CloudWatch Logs. When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to ``INFINITE``. Default: logs.RetentionDays.INFINITE
+        :param log_retention_retry_options: When log retention is specified, a custom resource attempts to create the CloudWatch log group. These options control the retry policy when interacting with CloudWatch APIs. Default: - Default AWS SDK retry options.
+        :param log_retention_role: The IAM role for the Lambda function associated with the custom resource that sets the retention policy. Default: - A new role is created.
+        :param memory_size: The amount of memory, in MB, that is allocated to your Lambda function. Lambda uses this value to proportionally allocate the amount of CPU power. For more information, see Resource Model in the AWS Lambda Developer Guide. Default: 128
+        :param params_and_secrets: Specify the configuration of Parameters and Secrets Extension. Default: - No Parameters and Secrets Extension
+        :param profiling: Enable profiling. Default: - No profiling.
+        :param profiling_group: Profiling Group. Default: - A new profiling group will be created if ``profiling`` is set.
+        :param reserved_concurrent_executions: The maximum of concurrent executions you want to reserve for the function. Default: - No specific limit - account limit.
+        :param role: Lambda execution role. This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal. The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself. The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole". Default: - A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling ``addToRolePolicy``.
+        :param runtime_management_mode: Sets the runtime management configuration for a function's version. Default: Auto
+        :param security_groups: The list of security groups to associate with the Lambda's network interfaces. Only used if 'vpc' is supplied. Default: - If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.
+        :param timeout: The function execution time (in seconds) after which Lambda terminates the function. Because the execution time affects cost, set this value based on the function's expected execution time. Default: Duration.seconds(3)
+        :param tracing: Enable AWS X-Ray Tracing for Lambda Function. Default: Tracing.Disabled
+        :param vpc: VPC network to place Lambda network interfaces. Specify this if the Lambda function needs to access resources in a VPC. This is required when ``vpcSubnets`` is specified. Default: - Function is not placed within a VPC.
+        :param vpc_subnets: Where to place the network interfaces within the VPC. This requires ``vpc`` to be specified in order for interfaces to actually be placed in the subnets. If ``vpc`` is not specify, this will raise an error. Note: Internet access for Lambda Functions requires a NAT Gateway, so picking public subnets is not allowed (unless ``allowPublicSubnet`` is set to ``true``). Default: - the Vpc default strategy if not specified
+        '''
+        if isinstance(adot_instrumentation, dict):
+            adot_instrumentation = _aws_cdk_aws_lambda_ceddda9d.AdotInstrumentationConfig(**adot_instrumentation)
+        if isinstance(current_version_options, dict):
+            current_version_options = _aws_cdk_aws_lambda_ceddda9d.VersionOptions(**current_version_options)
+        if isinstance(log_retention_retry_options, dict):
+            log_retention_retry_options = _aws_cdk_aws_lambda_ceddda9d.LogRetentionRetryOptions(**log_retention_retry_options)
+        if isinstance(vpc_subnets, dict):
+            vpc_subnets = _aws_cdk_aws_ec2_ceddda9d.SubnetSelection(**vpc_subnets)
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__7ad187f6fa75af251088f0d01089ce5af9c6e78ba8a6e1736dfdb9666988616b)
+            check_type(argname="argument max_event_age", value=max_event_age, expected_type=type_hints["max_event_age"])
+            check_type(argname="argument on_failure", value=on_failure, expected_type=type_hints["on_failure"])
+            check_type(argname="argument on_success", value=on_success, expected_type=type_hints["on_success"])
+            check_type(argname="argument retry_attempts", value=retry_attempts, expected_type=type_hints["retry_attempts"])
+            check_type(argname="argument adot_instrumentation", value=adot_instrumentation, expected_type=type_hints["adot_instrumentation"])
+            check_type(argname="argument allow_all_outbound", value=allow_all_outbound, expected_type=type_hints["allow_all_outbound"])
+            check_type(argname="argument allow_public_subnet", value=allow_public_subnet, expected_type=type_hints["allow_public_subnet"])
+            check_type(argname="argument architecture", value=architecture, expected_type=type_hints["architecture"])
+            check_type(argname="argument code_signing_config", value=code_signing_config, expected_type=type_hints["code_signing_config"])
+            check_type(argname="argument current_version_options", value=current_version_options, expected_type=type_hints["current_version_options"])
+            check_type(argname="argument dead_letter_queue", value=dead_letter_queue, expected_type=type_hints["dead_letter_queue"])
+            check_type(argname="argument dead_letter_queue_enabled", value=dead_letter_queue_enabled, expected_type=type_hints["dead_letter_queue_enabled"])
+            check_type(argname="argument dead_letter_topic", value=dead_letter_topic, expected_type=type_hints["dead_letter_topic"])
+            check_type(argname="argument description", value=description, expected_type=type_hints["description"])
+            check_type(argname="argument environment", value=environment, expected_type=type_hints["environment"])
+            check_type(argname="argument environment_encryption", value=environment_encryption, expected_type=type_hints["environment_encryption"])
+            check_type(argname="argument ephemeral_storage_size", value=ephemeral_storage_size, expected_type=type_hints["ephemeral_storage_size"])
+            check_type(argname="argument events", value=events, expected_type=type_hints["events"])
+            check_type(argname="argument filesystem", value=filesystem, expected_type=type_hints["filesystem"])
+            check_type(argname="argument function_name", value=function_name, expected_type=type_hints["function_name"])
+            check_type(argname="argument initial_policy", value=initial_policy, expected_type=type_hints["initial_policy"])
+            check_type(argname="argument insights_version", value=insights_version, expected_type=type_hints["insights_version"])
+            check_type(argname="argument layers", value=layers, expected_type=type_hints["layers"])
+            check_type(argname="argument log_retention", value=log_retention, expected_type=type_hints["log_retention"])
+            check_type(argname="argument log_retention_retry_options", value=log_retention_retry_options, expected_type=type_hints["log_retention_retry_options"])
+            check_type(argname="argument log_retention_role", value=log_retention_role, expected_type=type_hints["log_retention_role"])
+            check_type(argname="argument memory_size", value=memory_size, expected_type=type_hints["memory_size"])
+            check_type(argname="argument params_and_secrets", value=params_and_secrets, expected_type=type_hints["params_and_secrets"])
+            check_type(argname="argument profiling", value=profiling, expected_type=type_hints["profiling"])
+            check_type(argname="argument profiling_group", value=profiling_group, expected_type=type_hints["profiling_group"])
+            check_type(argname="argument reserved_concurrent_executions", value=reserved_concurrent_executions, expected_type=type_hints["reserved_concurrent_executions"])
+            check_type(argname="argument role", value=role, expected_type=type_hints["role"])
+            check_type(argname="argument runtime_management_mode", value=runtime_management_mode, expected_type=type_hints["runtime_management_mode"])
+            check_type(argname="argument security_groups", value=security_groups, expected_type=type_hints["security_groups"])
+            check_type(argname="argument timeout", value=timeout, expected_type=type_hints["timeout"])
+            check_type(argname="argument tracing", value=tracing, expected_type=type_hints["tracing"])
+            check_type(argname="argument vpc", value=vpc, expected_type=type_hints["vpc"])
+            check_type(argname="argument vpc_subnets", value=vpc_subnets, expected_type=type_hints["vpc_subnets"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {}
+        if max_event_age is not None:
+            self._values["max_event_age"] = max_event_age
+        if on_failure is not None:
+            self._values["on_failure"] = on_failure
+        if on_success is not None:
+            self._values["on_success"] = on_success
+        if retry_attempts is not None:
+            self._values["retry_attempts"] = retry_attempts
+        if adot_instrumentation is not None:
+            self._values["adot_instrumentation"] = adot_instrumentation
+        if allow_all_outbound is not None:
+            self._values["allow_all_outbound"] = allow_all_outbound
+        if allow_public_subnet is not None:
+            self._values["allow_public_subnet"] = allow_public_subnet
+        if architecture is not None:
+            self._values["architecture"] = architecture
+        if code_signing_config is not None:
+            self._values["code_signing_config"] = code_signing_config
+        if current_version_options is not None:
+            self._values["current_version_options"] = current_version_options
+        if dead_letter_queue is not None:
+            self._values["dead_letter_queue"] = dead_letter_queue
+        if dead_letter_queue_enabled is not None:
+            self._values["dead_letter_queue_enabled"] = dead_letter_queue_enabled
+        if dead_letter_topic is not None:
+            self._values["dead_letter_topic"] = dead_letter_topic
+        if description is not None:
+            self._values["description"] = description
+        if environment is not None:
+            self._values["environment"] = environment
+        if environment_encryption is not None:
+            self._values["environment_encryption"] = environment_encryption
+        if ephemeral_storage_size is not None:
+            self._values["ephemeral_storage_size"] = ephemeral_storage_size
+        if events is not None:
+            self._values["events"] = events
+        if filesystem is not None:
+            self._values["filesystem"] = filesystem
+        if function_name is not None:
+            self._values["function_name"] = function_name
+        if initial_policy is not None:
+            self._values["initial_policy"] = initial_policy
+        if insights_version is not None:
+            self._values["insights_version"] = insights_version
+        if layers is not None:
+            self._values["layers"] = layers
+        if log_retention is not None:
+            self._values["log_retention"] = log_retention
+        if log_retention_retry_options is not None:
+            self._values["log_retention_retry_options"] = log_retention_retry_options
+        if log_retention_role is not None:
+            self._values["log_retention_role"] = log_retention_role
+        if memory_size is not None:
+            self._values["memory_size"] = memory_size
+        if params_and_secrets is not None:
+            self._values["params_and_secrets"] = params_and_secrets
+        if profiling is not None:
+            self._values["profiling"] = profiling
+        if profiling_group is not None:
+            self._values["profiling_group"] = profiling_group
+        if reserved_concurrent_executions is not None:
+            self._values["reserved_concurrent_executions"] = reserved_concurrent_executions
+        if role is not None:
+            self._values["role"] = role
+        if runtime_management_mode is not None:
+            self._values["runtime_management_mode"] = runtime_management_mode
+        if security_groups is not None:
+            self._values["security_groups"] = security_groups
+        if timeout is not None:
+            self._values["timeout"] = timeout
+        if tracing is not None:
+            self._values["tracing"] = tracing
+        if vpc is not None:
+            self._values["vpc"] = vpc
+        if vpc_subnets is not None:
+            self._values["vpc_subnets"] = vpc_subnets
+
+    @builtins.property
+    def max_event_age(self) -> typing.Optional[_aws_cdk_ceddda9d.Duration]:
+        '''The maximum age of a request that Lambda sends to a function for processing.
+
+        Minimum: 60 seconds
+        Maximum: 6 hours
+
+        :default: Duration.hours(6)
+        '''
+        result = self._values.get("max_event_age")
+        return typing.cast(typing.Optional[_aws_cdk_ceddda9d.Duration], result)
+
+    @builtins.property
+    def on_failure(self) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination]:
+        '''The destination for failed invocations.
+
+        :default: - no destination
+        '''
+        result = self._values.get("on_failure")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination], result)
+
+    @builtins.property
+    def on_success(self) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination]:
+        '''The destination for successful invocations.
+
+        :default: - no destination
+        '''
+        result = self._values.get("on_success")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination], result)
+
+    @builtins.property
+    def retry_attempts(self) -> typing.Optional[jsii.Number]:
+        '''The maximum number of times to retry when the function returns an error.
+
+        Minimum: 0
+        Maximum: 2
+
+        :default: 2
+        '''
+        result = self._values.get("retry_attempts")
+        return typing.cast(typing.Optional[jsii.Number], result)
+
+    @builtins.property
+    def adot_instrumentation(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.AdotInstrumentationConfig]:
+        '''Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.
+
+        :default: - No ADOT instrumentation
+
+        :see: https://aws-otel.github.io/docs/getting-started/lambda
+        '''
+        result = self._values.get("adot_instrumentation")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.AdotInstrumentationConfig], result)
+
+    @builtins.property
+    def allow_all_outbound(self) -> typing.Optional[builtins.bool]:
+        '''Whether to allow the Lambda to send all network traffic.
+
+        If set to false, you must individually add traffic rules to allow the
+        Lambda to connect to network targets.
+
+        :default: true
+        '''
+        result = self._values.get("allow_all_outbound")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    @builtins.property
+    def allow_public_subnet(self) -> typing.Optional[builtins.bool]:
+        '''Lambda Functions in a public subnet can NOT access the internet.
+
+        Use this property to acknowledge this limitation and still place the function in a public subnet.
+
+        :default: false
+
+        :see: https://stackoverflow.com/questions/52992085/why-cant-an-aws-lambda-function-inside-a-public-subnet-in-a-vpc-connect-to-the/52994841#52994841
+        '''
+        result = self._values.get("allow_public_subnet")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    @builtins.property
+    def architecture(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Architecture]:
+        '''The system architectures compatible with this lambda function.
+
+        :default: Architecture.X86_64
+        '''
+        result = self._values.get("architecture")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Architecture], result)
+
+    @builtins.property
+    def code_signing_config(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ICodeSigningConfig]:
+        '''Code signing config associated with this function.
+
+        :default: - Not Sign the Code
+        '''
+        result = self._values.get("code_signing_config")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ICodeSigningConfig], result)
+
+    @builtins.property
+    def current_version_options(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.VersionOptions]:
+        '''Options for the ``lambda.Version`` resource automatically created by the ``fn.currentVersion`` method.
+
+        :default: - default options as described in ``VersionOptions``
+        '''
+        result = self._values.get("current_version_options")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.VersionOptions], result)
+
+    @builtins.property
+    def dead_letter_queue(self) -> typing.Optional[_aws_cdk_aws_sqs_ceddda9d.IQueue]:
+        '''The SQS queue to use if DLQ is enabled.
+
+        If SNS topic is desired, specify ``deadLetterTopic`` property instead.
+
+        :default: - SQS queue with 14 day retention period if ``deadLetterQueueEnabled`` is ``true``
+        '''
+        result = self._values.get("dead_letter_queue")
+        return typing.cast(typing.Optional[_aws_cdk_aws_sqs_ceddda9d.IQueue], result)
+
+    @builtins.property
+    def dead_letter_queue_enabled(self) -> typing.Optional[builtins.bool]:
+        '''Enabled DLQ.
+
+        If ``deadLetterQueue`` is undefined,
+        an SQS queue with default options will be defined for your Function.
+
+        :default: - false unless ``deadLetterQueue`` is set, which implies DLQ is enabled.
+        '''
+        result = self._values.get("dead_letter_queue_enabled")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    @builtins.property
+    def dead_letter_topic(self) -> typing.Optional[_aws_cdk_aws_sns_ceddda9d.ITopic]:
+        '''The SNS topic to use as a DLQ.
+
+        Note that if ``deadLetterQueueEnabled`` is set to ``true``, an SQS queue will be created
+        rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly.
+
+        :default: - no SNS topic
+        '''
+        result = self._values.get("dead_letter_topic")
+        return typing.cast(typing.Optional[_aws_cdk_aws_sns_ceddda9d.ITopic], result)
+
+    @builtins.property
+    def description(self) -> typing.Optional[builtins.str]:
+        '''A description of the function.
+
+        :default: - No description.
+        '''
+        result = self._values.get("description")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def environment(
+        self,
+    ) -> typing.Optional[typing.Mapping[builtins.str, builtins.str]]:
+        '''Key-value pairs that Lambda caches and makes available for your Lambda functions.
+
+        Use environment variables to apply configuration changes, such
+        as test and production environment configurations, without changing your
+        Lambda function source code.
+
+        :default: - No environment variables.
+        '''
+        result = self._values.get("environment")
+        return typing.cast(typing.Optional[typing.Mapping[builtins.str, builtins.str]], result)
+
+    @builtins.property
+    def environment_encryption(self) -> typing.Optional[_aws_cdk_aws_kms_ceddda9d.IKey]:
+        '''The AWS KMS key that's used to encrypt your function's environment variables.
+
+        :default: - AWS Lambda creates and uses an AWS managed customer master key (CMK).
+        '''
+        result = self._values.get("environment_encryption")
+        return typing.cast(typing.Optional[_aws_cdk_aws_kms_ceddda9d.IKey], result)
+
+    @builtins.property
+    def ephemeral_storage_size(self) -> typing.Optional[_aws_cdk_ceddda9d.Size]:
+        '''The size of the function’s /tmp directory in MiB.
+
+        :default: 512 MiB
+        '''
+        result = self._values.get("ephemeral_storage_size")
+        return typing.cast(typing.Optional[_aws_cdk_ceddda9d.Size], result)
+
+    @builtins.property
+    def events(
+        self,
+    ) -> typing.Optional[typing.List[_aws_cdk_aws_lambda_ceddda9d.IEventSource]]:
+        '''Event sources for this function.
+
+        You can also add event sources using ``addEventSource``.
+
+        :default: - No event sources.
+        '''
+        result = self._values.get("events")
+        return typing.cast(typing.Optional[typing.List[_aws_cdk_aws_lambda_ceddda9d.IEventSource]], result)
+
+    @builtins.property
+    def filesystem(self) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.FileSystem]:
+        '''The filesystem configuration for the lambda function.
+
+        :default: - will not mount any filesystem
+        '''
+        result = self._values.get("filesystem")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.FileSystem], result)
+
+    @builtins.property
+    def function_name(self) -> typing.Optional[builtins.str]:
+        '''A name for the function.
+
+        :default:
+
+        - AWS CloudFormation generates a unique physical ID and uses that
+        ID for the function's name. For more information, see Name Type.
+        '''
+        result = self._values.get("function_name")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def initial_policy(
+        self,
+    ) -> typing.Optional[typing.List[_aws_cdk_aws_iam_ceddda9d.PolicyStatement]]:
+        '''Initial policy statements to add to the created Lambda Role.
+
+        You can call ``addToRolePolicy`` to the created lambda to add statements post creation.
+
+        :default: - No policy statements are added to the created Lambda role.
+        '''
+        result = self._values.get("initial_policy")
+        return typing.cast(typing.Optional[typing.List[_aws_cdk_aws_iam_ceddda9d.PolicyStatement]], result)
+
+    @builtins.property
+    def insights_version(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.LambdaInsightsVersion]:
+        '''Specify the version of CloudWatch Lambda insights to use for monitoring.
+
+        :default: - No Lambda Insights
+
+        :see: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-Getting-Started-docker.html
+        '''
+        result = self._values.get("insights_version")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.LambdaInsightsVersion], result)
+
+    @builtins.property
+    def layers(
+        self,
+    ) -> typing.Optional[typing.List[_aws_cdk_aws_lambda_ceddda9d.ILayerVersion]]:
+        '''A list of layers to add to the function's execution environment.
+
+        You can configure your Lambda function to pull in
+        additional code during initialization in the form of layers. Layers are packages of libraries or other dependencies
+        that can be used by multiple functions.
+
+        :default: - No layers.
+        '''
+        result = self._values.get("layers")
+        return typing.cast(typing.Optional[typing.List[_aws_cdk_aws_lambda_ceddda9d.ILayerVersion]], result)
+
+    @builtins.property
+    def log_retention(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_logs_ceddda9d.RetentionDays]:
+        '''The number of days log events are kept in CloudWatch Logs.
+
+        When updating
+        this property, unsetting it doesn't remove the log retention policy. To
+        remove the retention policy, set the value to ``INFINITE``.
+
+        :default: logs.RetentionDays.INFINITE
+        '''
+        result = self._values.get("log_retention")
+        return typing.cast(typing.Optional[_aws_cdk_aws_logs_ceddda9d.RetentionDays], result)
+
+    @builtins.property
+    def log_retention_retry_options(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.LogRetentionRetryOptions]:
+        '''When log retention is specified, a custom resource attempts to create the CloudWatch log group.
+
+        These options control the retry policy when interacting with CloudWatch APIs.
+
+        :default: - Default AWS SDK retry options.
+        '''
+        result = self._values.get("log_retention_retry_options")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.LogRetentionRetryOptions], result)
+
+    @builtins.property
+    def log_retention_role(self) -> typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole]:
+        '''The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
+
+        :default: - A new role is created.
+        '''
+        result = self._values.get("log_retention_role")
+        return typing.cast(typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole], result)
+
+    @builtins.property
+    def memory_size(self) -> typing.Optional[jsii.Number]:
+        '''The amount of memory, in MB, that is allocated to your Lambda function.
+
+        Lambda uses this value to proportionally allocate the amount of CPU
+        power. For more information, see Resource Model in the AWS Lambda
+        Developer Guide.
+
+        :default: 128
+        '''
+        result = self._values.get("memory_size")
+        return typing.cast(typing.Optional[jsii.Number], result)
+
+    @builtins.property
+    def params_and_secrets(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ParamsAndSecretsLayerVersion]:
+        '''Specify the configuration of Parameters and Secrets Extension.
+
+        :default: - No Parameters and Secrets Extension
+
+        :see: https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html
+        '''
+        result = self._values.get("params_and_secrets")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ParamsAndSecretsLayerVersion], result)
+
+    @builtins.property
+    def profiling(self) -> typing.Optional[builtins.bool]:
+        '''Enable profiling.
+
+        :default: - No profiling.
+
+        :see: https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html
+        '''
+        result = self._values.get("profiling")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    @builtins.property
+    def profiling_group(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_codeguruprofiler_ceddda9d.IProfilingGroup]:
+        '''Profiling Group.
+
+        :default: - A new profiling group will be created if ``profiling`` is set.
+
+        :see: https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html
+        '''
+        result = self._values.get("profiling_group")
+        return typing.cast(typing.Optional[_aws_cdk_aws_codeguruprofiler_ceddda9d.IProfilingGroup], result)
+
+    @builtins.property
+    def reserved_concurrent_executions(self) -> typing.Optional[jsii.Number]:
+        '''The maximum of concurrent executions you want to reserve for the function.
+
+        :default: - No specific limit - account limit.
+
+        :see: https://docs.aws.amazon.com/lambda/latest/dg/concurrent-executions.html
+        '''
+        result = self._values.get("reserved_concurrent_executions")
+        return typing.cast(typing.Optional[jsii.Number], result)
+
+    @builtins.property
+    def role(self) -> typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole]:
+        '''Lambda execution role.
+
+        This is the role that will be assumed by the function upon execution.
+        It controls the permissions that the function will have. The Role must
+        be assumable by the 'lambda.amazonaws.com' service principal.
+
+        The default Role automatically has permissions granted for Lambda execution. If you
+        provide a Role, you must add the relevant AWS managed policies yourself.
+
+        The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and
+        "service-role/AWSLambdaVPCAccessExecutionRole".
+
+        :default:
+
+        - A unique role will be generated for this lambda function.
+        Both supplied and generated roles can always be changed by calling ``addToRolePolicy``.
+        '''
+        result = self._values.get("role")
+        return typing.cast(typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole], result)
+
+    @builtins.property
+    def runtime_management_mode(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.RuntimeManagementMode]:
+        '''Sets the runtime management configuration for a function's version.
+
+        :default: Auto
+        '''
+        result = self._values.get("runtime_management_mode")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.RuntimeManagementMode], result)
+
+    @builtins.property
+    def security_groups(
+        self,
+    ) -> typing.Optional[typing.List[_aws_cdk_aws_ec2_ceddda9d.ISecurityGroup]]:
+        '''The list of security groups to associate with the Lambda's network interfaces.
+
+        Only used if 'vpc' is supplied.
+
+        :default:
+
+        - If the function is placed within a VPC and a security group is
+        not specified, either by this or securityGroup prop, a dedicated security
+        group will be created for this function.
+        '''
+        result = self._values.get("security_groups")
+        return typing.cast(typing.Optional[typing.List[_aws_cdk_aws_ec2_ceddda9d.ISecurityGroup]], result)
+
+    @builtins.property
+    def timeout(self) -> typing.Optional[_aws_cdk_ceddda9d.Duration]:
+        '''The function execution time (in seconds) after which Lambda terminates the function.
+
+        Because the execution time affects cost, set this value
+        based on the function's expected execution time.
+
+        :default: Duration.seconds(3)
+        '''
+        result = self._values.get("timeout")
+        return typing.cast(typing.Optional[_aws_cdk_ceddda9d.Duration], result)
+
+    @builtins.property
+    def tracing(self) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Tracing]:
+        '''Enable AWS X-Ray Tracing for Lambda Function.
+
+        :default: Tracing.Disabled
+        '''
+        result = self._values.get("tracing")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Tracing], result)
+
+    @builtins.property
+    def vpc(self) -> typing.Optional[_aws_cdk_aws_ec2_ceddda9d.IVpc]:
+        '''VPC network to place Lambda network interfaces.
+
+        Specify this if the Lambda function needs to access resources in a VPC.
+        This is required when ``vpcSubnets`` is specified.
+
+        :default: - Function is not placed within a VPC.
+        '''
+        result = self._values.get("vpc")
+        return typing.cast(typing.Optional[_aws_cdk_aws_ec2_ceddda9d.IVpc], result)
+
+    @builtins.property
+    def vpc_subnets(self) -> typing.Optional[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection]:
+        '''Where to place the network interfaces within the VPC.
+
+        This requires ``vpc`` to be specified in order for interfaces to actually be
+        placed in the subnets. If ``vpc`` is not specify, this will raise an error.
+
+        Note: Internet access for Lambda Functions requires a NAT Gateway, so picking
+        public subnets is not allowed (unless ``allowPublicSubnet`` is set to ``true``).
+
+        :default: - the Vpc default strategy if not specified
+        '''
+        result = self._values.get("vpc_subnets")
+        return typing.cast(typing.Optional[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection], result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "CheckStateMachineStatusFunctionProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
+@jsii.interface(jsii_type="@jjrawlins/cdk-ami-builder.IActionCommands")
+class IActionCommands(typing_extensions.Protocol):
+    '''Build commands for the component.'''
+
+    @builtins.property
+    @jsii.member(jsii_name="commands")
+    def commands(self) -> typing.List[builtins.str]:
+        ...
+
+    @commands.setter
+    def commands(self, value: typing.List[builtins.str]) -> None:
+        ...
+
+
+class _IActionCommandsProxy:
+    '''Build commands for the component.'''
+
+    __jsii_type__: typing.ClassVar[str] = "@jjrawlins/cdk-ami-builder.IActionCommands"
+
+    @builtins.property
+    @jsii.member(jsii_name="commands")
+    def commands(self) -> typing.List[builtins.str]:
+        return typing.cast(typing.List[builtins.str], jsii.get(self, "commands"))
+
+    @commands.setter
+    def commands(self, value: typing.List[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__10f5fea34bd77d6054ed796f746dbb227d06d5b5d758e1eb35055430d0518bdf)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "commands", value) # pyright: ignore[reportArgumentType]
+
+# Adding a "__jsii_proxy_class__(): typing.Type" function to the interface
+typing.cast(typing.Any, IActionCommands).__jsii_proxy_class__ = lambda : _IActionCommandsProxy
+
+
+@jsii.interface(jsii_type="@jjrawlins/cdk-ami-builder.IComponentDocument")
+class IComponentDocument(typing_extensions.Protocol):
+    '''Component data.'''
+
+    @builtins.property
+    @jsii.member(jsii_name="phases")
+    def phases(self) -> typing.List["IPhases"]:
+        ...
+
+    @phases.setter
+    def phases(self, value: typing.List["IPhases"]) -> None:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="description")
+    def description(self) -> typing.Optional[builtins.str]:
+        ...
+
+    @description.setter
+    def description(self, value: typing.Optional[builtins.str]) -> None:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="name")
+    def name(self) -> typing.Optional[builtins.str]:
+        ...
+
+    @name.setter
+    def name(self, value: typing.Optional[builtins.str]) -> None:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="schemaVersion")
+    def schema_version(self) -> typing.Optional[builtins.str]:
+        ...
+
+    @schema_version.setter
+    def schema_version(self, value: typing.Optional[builtins.str]) -> None:
+        ...
+
+
+class _IComponentDocumentProxy:
+    '''Component data.'''
+
+    __jsii_type__: typing.ClassVar[str] = "@jjrawlins/cdk-ami-builder.IComponentDocument"
+
+    @builtins.property
+    @jsii.member(jsii_name="phases")
+    def phases(self) -> typing.List["IPhases"]:
+        return typing.cast(typing.List["IPhases"], jsii.get(self, "phases"))
+
+    @phases.setter
+    def phases(self, value: typing.List["IPhases"]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__624a7bb48f946403e3ab1b4ae0dbb8031caf7b944311ff9c993a6126ef5e3287)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "phases", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="description")
+    def description(self) -> typing.Optional[builtins.str]:
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "description"))
+
+    @description.setter
+    def description(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__de97257fb85051b7e1a2f01dbece22036f46f0b683a3d5e9a4169541ec11b5e1)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "description", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="name")
+    def name(self) -> typing.Optional[builtins.str]:
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "name"))
+
+    @name.setter
+    def name(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__70cb5dabf5f8f2356d27488542eac48b55efd3d699b5e052701945bf99619aca)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "name", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="schemaVersion")
+    def schema_version(self) -> typing.Optional[builtins.str]:
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "schemaVersion"))
+
+    @schema_version.setter
+    def schema_version(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__efffe851a3d571fabc89bb8f1e37d1a4ec032e1342122b5ab489204a1e44f6b8)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "schemaVersion", value) # pyright: ignore[reportArgumentType]
+
+# Adding a "__jsii_proxy_class__(): typing.Type" function to the interface
+typing.cast(typing.Any, IComponentDocument).__jsii_proxy_class__ = lambda : _IComponentDocumentProxy
+
+
+@jsii.interface(jsii_type="@jjrawlins/cdk-ami-builder.IComponentProps")
+class IComponentProps(typing_extensions.Protocol):
+    '''Component props.'''
+
+    @builtins.property
+    @jsii.member(jsii_name="componentDocument")
+    def component_document(self) -> IComponentDocument:
+        ...
+
+    @component_document.setter
+    def component_document(self, value: IComponentDocument) -> None:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="componentVersion")
+    def component_version(self) -> typing.Optional[builtins.str]:
+        ...
+
+    @component_version.setter
+    def component_version(self, value: typing.Optional[builtins.str]) -> None:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="description")
+    def description(self) -> typing.Optional[builtins.str]:
+        ...
+
+    @description.setter
+    def description(self, value: typing.Optional[builtins.str]) -> None:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="name")
+    def name(self) -> typing.Optional[builtins.str]:
+        ...
+
+    @name.setter
+    def name(self, value: typing.Optional[builtins.str]) -> None:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="parameters")
+    def parameters(
+        self,
+    ) -> typing.Optional[typing.Mapping[builtins.str, "IInputParameter"]]:
+        ...
+
+    @parameters.setter
+    def parameters(
+        self,
+        value: typing.Optional[typing.Mapping[builtins.str, "IInputParameter"]],
+    ) -> None:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="platform")
+    def platform(self) -> typing.Optional[builtins.str]:
+        ...
+
+    @platform.setter
+    def platform(self, value: typing.Optional[builtins.str]) -> None:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="schemaVersion")
+    def schema_version(self) -> typing.Optional[builtins.str]:
+        ...
+
+    @schema_version.setter
+    def schema_version(self, value: typing.Optional[builtins.str]) -> None:
+        ...
+
+
+class _IComponentPropsProxy:
+    '''Component props.'''
+
+    __jsii_type__: typing.ClassVar[str] = "@jjrawlins/cdk-ami-builder.IComponentProps"
+
+    @builtins.property
+    @jsii.member(jsii_name="componentDocument")
+    def component_document(self) -> IComponentDocument:
+        return typing.cast(IComponentDocument, jsii.get(self, "componentDocument"))
+
+    @component_document.setter
+    def component_document(self, value: IComponentDocument) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__b0ad2caab3355f4838637405d4f26c75ee1cce783903c32551e643abe82659e8)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "componentDocument", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="componentVersion")
+    def component_version(self) -> typing.Optional[builtins.str]:
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "componentVersion"))
+
+    @component_version.setter
+    def component_version(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__0bce0f8dc96228f8efb876e5919d9c2c1ee92c26a24d14eca94a50a06cd4926f)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "componentVersion", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="description")
+    def description(self) -> typing.Optional[builtins.str]:
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "description"))
+
+    @description.setter
+    def description(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__c0c7dec14ffd9bf1a1a114795b123ba90e9b80ca69c21fdaa3f475ddf85d78b1)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "description", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="name")
+    def name(self) -> typing.Optional[builtins.str]:
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "name"))
+
+    @name.setter
+    def name(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__72232f5835e0beda072a77bad77970be5491d2709e66ba2ca97fd7bc9db71006)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "name", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="parameters")
+    def parameters(
+        self,
+    ) -> typing.Optional[typing.Mapping[builtins.str, "IInputParameter"]]:
+        return typing.cast(typing.Optional[typing.Mapping[builtins.str, "IInputParameter"]], jsii.get(self, "parameters"))
+
+    @parameters.setter
+    def parameters(
+        self,
+        value: typing.Optional[typing.Mapping[builtins.str, "IInputParameter"]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__86f16715a17e21602912ba9d4533eca197b8693c30d16442cfab62b7ea33370d)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "parameters", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="platform")
+    def platform(self) -> typing.Optional[builtins.str]:
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "platform"))
+
+    @platform.setter
+    def platform(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__a23ae80ba76ecddd4143609bb122f336b79f3ab095cc2c2c5d4d1385ef62693a)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "platform", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="schemaVersion")
+    def schema_version(self) -> typing.Optional[builtins.str]:
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "schemaVersion"))
+
+    @schema_version.setter
+    def schema_version(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__9973b3d6b077a057d59e04c03013dce9d7ed43148817bf0433987b401da20438)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "schemaVersion", value) # pyright: ignore[reportArgumentType]
+
+# Adding a "__jsii_proxy_class__(): typing.Type" function to the interface
+typing.cast(typing.Any, IComponentProps).__jsii_proxy_class__ = lambda : _IComponentPropsProxy
+
+
+@jsii.interface(jsii_type="@jjrawlins/cdk-ami-builder.IEbsParameters")
+class IEbsParameters(typing_extensions.Protocol):
+    @builtins.property
+    @jsii.member(jsii_name="volumeSize")
+    def volume_size(self) -> jsii.Number:
+        '''Size of the volume in GiB.'''
+        ...
+
+    @volume_size.setter
+    def volume_size(self, value: jsii.Number) -> None:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="deleteOnTermination")
+    def delete_on_termination(self) -> typing.Optional[builtins.bool]:
+        '''Whether the volume is deleted when the instance is terminated.
+
+        :default: true
+        '''
+        ...
+
+    @delete_on_termination.setter
+    def delete_on_termination(self, value: typing.Optional[builtins.bool]) -> None:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="encrypted")
+    def encrypted(self) -> typing.Optional[builtins.bool]:
+        '''Whether the volume is encrypted.
+
+        :default: true
+        '''
+        ...
+
+    @encrypted.setter
+    def encrypted(self, value: typing.Optional[builtins.bool]) -> None:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="kmsKeyId")
+    def kms_key_id(self) -> typing.Optional[builtins.str]:
+        '''KMS Key Alias for the volume If not specified, the default AMI encryption key alias will be used Custom KMS Keys Alias need to exist in the other accounts for distribution to work correctly.
+
+        :default: alias/aws/ebs
+        '''
+        ...
+
+    @kms_key_id.setter
+    def kms_key_id(self, value: typing.Optional[builtins.str]) -> None:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="volumeType")
+    def volume_type(self) -> typing.Optional[builtins.str]:
+        '''Type of the volume.
+
+        :default: gp2
+        '''
+        ...
+
+    @volume_type.setter
+    def volume_type(self, value: typing.Optional[builtins.str]) -> None:
+        ...
+
+
+class _IEbsParametersProxy:
+    __jsii_type__: typing.ClassVar[str] = "@jjrawlins/cdk-ami-builder.IEbsParameters"
+
+    @builtins.property
+    @jsii.member(jsii_name="volumeSize")
+    def volume_size(self) -> jsii.Number:
+        '''Size of the volume in GiB.'''
+        return typing.cast(jsii.Number, jsii.get(self, "volumeSize"))
+
+    @volume_size.setter
+    def volume_size(self, value: jsii.Number) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__0e5d81c411808594f27bf71993213cf332e7b7bc72d420381bada3679eeea8ec)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "volumeSize", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="deleteOnTermination")
+    def delete_on_termination(self) -> typing.Optional[builtins.bool]:
+        '''Whether the volume is deleted when the instance is terminated.
+
+        :default: true
+        '''
+        return typing.cast(typing.Optional[builtins.bool], jsii.get(self, "deleteOnTermination"))
+
+    @delete_on_termination.setter
+    def delete_on_termination(self, value: typing.Optional[builtins.bool]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__b540c011e8f4a3a07534f2b6ce7d7f97f2c406cb2e6c3fe31235455d998f6241)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "deleteOnTermination", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="encrypted")
+    def encrypted(self) -> typing.Optional[builtins.bool]:
+        '''Whether the volume is encrypted.
+
+        :default: true
+        '''
+        return typing.cast(typing.Optional[builtins.bool], jsii.get(self, "encrypted"))
+
+    @encrypted.setter
+    def encrypted(self, value: typing.Optional[builtins.bool]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__7e13b146751f14eee56e18d77364984f0f27022180ae37bc0ded34faef00f0c4)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "encrypted", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="kmsKeyId")
+    def kms_key_id(self) -> typing.Optional[builtins.str]:
+        '''KMS Key Alias for the volume If not specified, the default AMI encryption key alias will be used Custom KMS Keys Alias need to exist in the other accounts for distribution to work correctly.
+
+        :default: alias/aws/ebs
+        '''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "kmsKeyId"))
+
+    @kms_key_id.setter
+    def kms_key_id(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__c302f146869b52368ce6de4d6f01976b8eca3e9d54f8efbbffe44cf8b19d0869)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "kmsKeyId", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="volumeType")
+    def volume_type(self) -> typing.Optional[builtins.str]:
+        '''Type of the volume.
+
+        :default: gp2
+        '''
+        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "volumeType"))
+
+    @volume_type.setter
+    def volume_type(self, value: typing.Optional[builtins.str]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__e81a510a2a024c038328cbad4402309e14a7833b607324f360373866e250b3f7)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "volumeType", value) # pyright: ignore[reportArgumentType]
+
+# Adding a "__jsii_proxy_class__(): typing.Type" function to the interface
+typing.cast(typing.Any, IEbsParameters).__jsii_proxy_class__ = lambda : _IEbsParametersProxy
+
+
+@jsii.interface(jsii_type="@jjrawlins/cdk-ami-builder.IInputParameter")
+class IInputParameter(typing_extensions.Protocol):
+    @builtins.property
+    @jsii.member(jsii_name="default")
+    def default(self) -> builtins.str:
+        ...
+
+    @default.setter
+    def default(self, value: builtins.str) -> None:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="description")
+    def description(self) -> builtins.str:
+        ...
+
+    @description.setter
+    def description(self, value: builtins.str) -> None:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="type")
+    def type(self) -> builtins.str:
+        ...
+
+    @type.setter
+    def type(self, value: builtins.str) -> None:
+        ...
+
+
+class _IInputParameterProxy:
+    __jsii_type__: typing.ClassVar[str] = "@jjrawlins/cdk-ami-builder.IInputParameter"
+
+    @builtins.property
+    @jsii.member(jsii_name="default")
+    def default(self) -> builtins.str:
+        return typing.cast(builtins.str, jsii.get(self, "default"))
+
+    @default.setter
+    def default(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__aaf310c2928dde39cb8af7991b84c39540130f8d881fe6005d7eab25d2d118c0)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "default", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="description")
+    def description(self) -> builtins.str:
+        return typing.cast(builtins.str, jsii.get(self, "description"))
+
+    @description.setter
+    def description(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__4560f5bbdf32517a539c1af9e6599ca9195835a850a0f07ddfc0dcdf3641b1f7)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "description", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="type")
+    def type(self) -> builtins.str:
+        return typing.cast(builtins.str, jsii.get(self, "type"))
+
+    @type.setter
+    def type(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__8fb09906d4a1b21165f080811572771be07edead36213cbdddbcae3f59ca4fe7)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "type", value) # pyright: ignore[reportArgumentType]
+
+# Adding a "__jsii_proxy_class__(): typing.Type" function to the interface
+typing.cast(typing.Any, IInputParameter).__jsii_proxy_class__ = lambda : _IInputParameterProxy
+
+
+@jsii.interface(jsii_type="@jjrawlins/cdk-ami-builder.IPhases")
+class IPhases(typing_extensions.Protocol):
+    '''Phases for the component.'''
+
+    @builtins.property
+    @jsii.member(jsii_name="name")
+    def name(self) -> builtins.str:
+        ...
+
+    @name.setter
+    def name(self, value: builtins.str) -> None:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="steps")
+    def steps(self) -> typing.List["IStepCommands"]:
+        ...
+
+    @steps.setter
+    def steps(self, value: typing.List["IStepCommands"]) -> None:
+        ...
+
+
+class _IPhasesProxy:
+    '''Phases for the component.'''
+
+    __jsii_type__: typing.ClassVar[str] = "@jjrawlins/cdk-ami-builder.IPhases"
+
+    @builtins.property
+    @jsii.member(jsii_name="name")
+    def name(self) -> builtins.str:
+        return typing.cast(builtins.str, jsii.get(self, "name"))
+
+    @name.setter
+    def name(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__44eb356dcf22fafae58586b67e463188c1ceb5872e7d4700b983131d9fa722c2)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "name", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="steps")
+    def steps(self) -> typing.List["IStepCommands"]:
+        return typing.cast(typing.List["IStepCommands"], jsii.get(self, "steps"))
+
+    @steps.setter
+    def steps(self, value: typing.List["IStepCommands"]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__df462b42f744b117b0586075ca023a73546818bc12bda3af473d5cded5a14453)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "steps", value) # pyright: ignore[reportArgumentType]
+
+# Adding a "__jsii_proxy_class__(): typing.Type" function to the interface
+typing.cast(typing.Any, IPhases).__jsii_proxy_class__ = lambda : _IPhasesProxy
+
+
+@jsii.interface(jsii_type="@jjrawlins/cdk-ami-builder.IStepCommands")
+class IStepCommands(typing_extensions.Protocol):
+    @builtins.property
+    @jsii.member(jsii_name="action")
+    def action(self) -> builtins.str:
+        ...
+
+    @action.setter
+    def action(self, value: builtins.str) -> None:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="name")
+    def name(self) -> builtins.str:
+        ...
+
+    @name.setter
+    def name(self, value: builtins.str) -> None:
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="inputs")
+    def inputs(self) -> typing.Optional[IActionCommands]:
+        ...
+
+    @inputs.setter
+    def inputs(self, value: typing.Optional[IActionCommands]) -> None:
+        ...
+
+
+class _IStepCommandsProxy:
+    __jsii_type__: typing.ClassVar[str] = "@jjrawlins/cdk-ami-builder.IStepCommands"
+
+    @builtins.property
+    @jsii.member(jsii_name="action")
+    def action(self) -> builtins.str:
+        return typing.cast(builtins.str, jsii.get(self, "action"))
+
+    @action.setter
+    def action(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__d2a55181a699ecdb46fd277bb5d051f1e9f4433e27639332395478ed06c7bada)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "action", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="name")
+    def name(self) -> builtins.str:
+        return typing.cast(builtins.str, jsii.get(self, "name"))
+
+    @name.setter
+    def name(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__c7fd2c10de441da316399b8d67ef9fe6302063110bab78de675bf72c8d330cd5)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "name", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="inputs")
+    def inputs(self) -> typing.Optional[IActionCommands]:
+        return typing.cast(typing.Optional[IActionCommands], jsii.get(self, "inputs"))
+
+    @inputs.setter
+    def inputs(self, value: typing.Optional[IActionCommands]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__31f544d77b7639a100d3ef21a2dccb6780ad4865ad30dc0927169fa6f58ba844)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "inputs", value) # pyright: ignore[reportArgumentType]
+
+# Adding a "__jsii_proxy_class__(): typing.Type" function to the interface
+typing.cast(typing.Any, IStepCommands).__jsii_proxy_class__ = lambda : _IStepCommandsProxy
+
+
+class ImagePipeline(
+    _constructs_77d1e7e8.Construct,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="@jjrawlins/cdk-ami-builder.ImagePipeline",
+):
+    def __init__(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        components: typing.Sequence[IComponentProps],
+        parent_image: builtins.str,
+        vpc: _aws_cdk_aws_ec2_ceddda9d.Vpc,
+        additional_policies: typing.Optional[typing.Sequence[_aws_cdk_aws_iam_ceddda9d.ManagedPolicy]] = None,
+        debug_image_pipeline: typing.Optional[builtins.bool] = None,
+        distribution_account_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+        distribution_kms_key_alias: typing.Optional[builtins.str] = None,
+        distribution_regions: typing.Optional[typing.Sequence[builtins.str]] = None,
+        ebs_volume_configurations: typing.Optional[typing.Sequence[typing.Union["VolumeProps", typing.Dict[builtins.str, typing.Any]]]] = None,
+        email: typing.Optional[builtins.str] = None,
+        enable_vuln_scans: typing.Optional[builtins.bool] = None,
+        image_recipe_version: typing.Optional[builtins.str] = None,
+        instance_types: typing.Optional[typing.Sequence[builtins.str]] = None,
+        platform: typing.Optional[builtins.str] = None,
+        profile_name: typing.Optional[builtins.str] = None,
+        security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+        security_groups: typing.Optional[typing.Sequence[builtins.str]] = None,
+        subnet_id: typing.Optional[builtins.str] = None,
+        user_data_script: typing.Optional[builtins.str] = None,
+        vuln_scans_repo_name: typing.Optional[builtins.str] = None,
+        vuln_scans_repo_tags: typing.Optional[typing.Sequence[builtins.str]] = None,
+    ) -> None:
+        '''
+        :param scope: -
+        :param id: -
+        :param components: List of component props.
+        :param parent_image: The source (parent) image that the image recipe uses as its base environment. The value can be the parent image ARN or an Image Builder AMI ID
+        :param vpc: Vpc to use for the Image Builder Pipeline.
+        :param additional_policies: Additional policies to add to the instance profile associated with the Instance Configurations.
+        :param debug_image_pipeline: Flag indicating whether the debug image pipeline is enabled or not. This variable is optional. Default value is false. Functionally, this will flag to return as finished immediately after first check to see if the image pipeline has finished. This is useful for debugging the image pipeline. However, there will be no AMI value returned.
+        :param distribution_account_ids: This variable represents an array of shared account IDs. It is optional and readonly. If it is provided, this AMI will be visible to the accounts in the array. In order to share the AMI with other accounts, you must specify a KMS key ID for the EBS volume configuration as AWS does not allow sharing AMIs encrypted with the default AMI encryption key.
+        :param distribution_kms_key_alias: The alias of the KMS key used for encryption and decryption of content in the distribution. This property is optional and readonly. The default encryption key is not compatible with cross-account AMI sharing. If you specify distributionAccountIds, you must specify a non-default encryption key using this property. Otherwise, Image Builder will throw an error. Keep in mind that the KMS key in the distribution account must allow the EC2ImageBuilderDistributionCrossAccountRole role to use the key.
+        :param distribution_regions: 
+        :param ebs_volume_configurations: Subnet ID for the Infrastructure Configuration.
+        :param email: Email used to receive Image Builder Pipeline Notifications via SNS.
+        :param enable_vuln_scans: Set to true if you want to enable continuous vulnerability scans through AWS Inpector.
+        :param image_recipe_version: Image recipe version (Default: 0.0.1).
+        :param instance_types: List of instance types used in the Instance Configuration (Default: [ 't3.medium', 'm5.large', 'm5.xlarge' ]).
+        :param platform: Platform type Linux or Windows (Default: Linux).
+        :param profile_name: Name of the instance profile that will be associated with the Instance Configuration.
+        :param security_group_ids: List of security group IDs for the Infrastructure Configuration.
+        :param security_groups: 
+        :param subnet_id: 
+        :param user_data_script: UserData script that will override default one (if specified). Default: - none
+        :param vuln_scans_repo_name: Store vulnerability scans through AWS Inspector in ECR using this repo name (if option is enabled).
+        :param vuln_scans_repo_tags: Store vulnerability scans through AWS Inspector in ECR using these image tags (if option is enabled).
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__bf6bd3c038c0cdfd3e7d1a6b8572fb503cc2e9cedcc165c10c8c3747c9bd5e18)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        props = ImagePipelineProps(
+            components=components,
+            parent_image=parent_image,
+            vpc=vpc,
+            additional_policies=additional_policies,
+            debug_image_pipeline=debug_image_pipeline,
+            distribution_account_ids=distribution_account_ids,
+            distribution_kms_key_alias=distribution_kms_key_alias,
+            distribution_regions=distribution_regions,
+            ebs_volume_configurations=ebs_volume_configurations,
+            email=email,
+            enable_vuln_scans=enable_vuln_scans,
+            image_recipe_version=image_recipe_version,
+            instance_types=instance_types,
+            platform=platform,
+            profile_name=profile_name,
+            security_group_ids=security_group_ids,
+            security_groups=security_groups,
+            subnet_id=subnet_id,
+            user_data_script=user_data_script,
+            vuln_scans_repo_name=vuln_scans_repo_name,
+            vuln_scans_repo_tags=vuln_scans_repo_tags,
+        )
+
+        jsii.create(self.__class__, self, [scope, id, props])
+
+    @builtins.property
+    @jsii.member(jsii_name="imageId")
+    def image_id(self) -> builtins.str:
+        return typing.cast(builtins.str, jsii.get(self, "imageId"))
+
+    @image_id.setter
+    def image_id(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__3caaa0e87efd31863d50ae14b716d1c26963b70e3c7cb6faf0382a7a992902db)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "imageId", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="imagePipelineArn")
+    def image_pipeline_arn(self) -> builtins.str:
+        return typing.cast(builtins.str, jsii.get(self, "imagePipelineArn"))
+
+    @image_pipeline_arn.setter
+    def image_pipeline_arn(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__8f26b6fa7ec32bfa71a51e8decd4140be699fde137d1b00acb1efb9403c33617)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "imagePipelineArn", value) # pyright: ignore[reportArgumentType]
+
+    @builtins.property
+    @jsii.member(jsii_name="imageRecipeComponents")
+    def image_recipe_components(
+        self,
+    ) -> typing.List[_aws_cdk_aws_imagebuilder_ceddda9d.CfnImageRecipe.ComponentConfigurationProperty]:
+        return typing.cast(typing.List[_aws_cdk_aws_imagebuilder_ceddda9d.CfnImageRecipe.ComponentConfigurationProperty], jsii.get(self, "imageRecipeComponents"))
+
+    @image_recipe_components.setter
+    def image_recipe_components(
+        self,
+        value: typing.List[_aws_cdk_aws_imagebuilder_ceddda9d.CfnImageRecipe.ComponentConfigurationProperty],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__eeb1c8226fc2b10c398b3b6c92875d7937e349500e49aef10cfda8c99a39abca)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "imageRecipeComponents", value) # pyright: ignore[reportArgumentType]
+
+
+@jsii.data_type(
+    jsii_type="@jjrawlins/cdk-ami-builder.ImagePipelineProps",
+    jsii_struct_bases=[],
+    name_mapping={
+        "components": "components",
+        "parent_image": "parentImage",
+        "vpc": "vpc",
+        "additional_policies": "additionalPolicies",
+        "debug_image_pipeline": "debugImagePipeline",
+        "distribution_account_ids": "distributionAccountIds",
+        "distribution_kms_key_alias": "distributionKmsKeyAlias",
+        "distribution_regions": "distributionRegions",
+        "ebs_volume_configurations": "ebsVolumeConfigurations",
+        "email": "email",
+        "enable_vuln_scans": "enableVulnScans",
+        "image_recipe_version": "imageRecipeVersion",
+        "instance_types": "instanceTypes",
+        "platform": "platform",
+        "profile_name": "profileName",
+        "security_group_ids": "securityGroupIds",
+        "security_groups": "securityGroups",
+        "subnet_id": "subnetId",
+        "user_data_script": "userDataScript",
+        "vuln_scans_repo_name": "vulnScansRepoName",
+        "vuln_scans_repo_tags": "vulnScansRepoTags",
+    },
+)
+class ImagePipelineProps:
+    def __init__(
+        self,
+        *,
+        components: typing.Sequence[IComponentProps],
+        parent_image: builtins.str,
+        vpc: _aws_cdk_aws_ec2_ceddda9d.Vpc,
+        additional_policies: typing.Optional[typing.Sequence[_aws_cdk_aws_iam_ceddda9d.ManagedPolicy]] = None,
+        debug_image_pipeline: typing.Optional[builtins.bool] = None,
+        distribution_account_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+        distribution_kms_key_alias: typing.Optional[builtins.str] = None,
+        distribution_regions: typing.Optional[typing.Sequence[builtins.str]] = None,
+        ebs_volume_configurations: typing.Optional[typing.Sequence[typing.Union["VolumeProps", typing.Dict[builtins.str, typing.Any]]]] = None,
+        email: typing.Optional[builtins.str] = None,
+        enable_vuln_scans: typing.Optional[builtins.bool] = None,
+        image_recipe_version: typing.Optional[builtins.str] = None,
+        instance_types: typing.Optional[typing.Sequence[builtins.str]] = None,
+        platform: typing.Optional[builtins.str] = None,
+        profile_name: typing.Optional[builtins.str] = None,
+        security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+        security_groups: typing.Optional[typing.Sequence[builtins.str]] = None,
+        subnet_id: typing.Optional[builtins.str] = None,
+        user_data_script: typing.Optional[builtins.str] = None,
+        vuln_scans_repo_name: typing.Optional[builtins.str] = None,
+        vuln_scans_repo_tags: typing.Optional[typing.Sequence[builtins.str]] = None,
+    ) -> None:
+        '''
+        :param components: List of component props.
+        :param parent_image: The source (parent) image that the image recipe uses as its base environment. The value can be the parent image ARN or an Image Builder AMI ID
+        :param vpc: Vpc to use for the Image Builder Pipeline.
+        :param additional_policies: Additional policies to add to the instance profile associated with the Instance Configurations.
+        :param debug_image_pipeline: Flag indicating whether the debug image pipeline is enabled or not. This variable is optional. Default value is false. Functionally, this will flag to return as finished immediately after first check to see if the image pipeline has finished. This is useful for debugging the image pipeline. However, there will be no AMI value returned.
+        :param distribution_account_ids: This variable represents an array of shared account IDs. It is optional and readonly. If it is provided, this AMI will be visible to the accounts in the array. In order to share the AMI with other accounts, you must specify a KMS key ID for the EBS volume configuration as AWS does not allow sharing AMIs encrypted with the default AMI encryption key.
+        :param distribution_kms_key_alias: The alias of the KMS key used for encryption and decryption of content in the distribution. This property is optional and readonly. The default encryption key is not compatible with cross-account AMI sharing. If you specify distributionAccountIds, you must specify a non-default encryption key using this property. Otherwise, Image Builder will throw an error. Keep in mind that the KMS key in the distribution account must allow the EC2ImageBuilderDistributionCrossAccountRole role to use the key.
+        :param distribution_regions: 
+        :param ebs_volume_configurations: Subnet ID for the Infrastructure Configuration.
+        :param email: Email used to receive Image Builder Pipeline Notifications via SNS.
+        :param enable_vuln_scans: Set to true if you want to enable continuous vulnerability scans through AWS Inpector.
+        :param image_recipe_version: Image recipe version (Default: 0.0.1).
+        :param instance_types: List of instance types used in the Instance Configuration (Default: [ 't3.medium', 'm5.large', 'm5.xlarge' ]).
+        :param platform: Platform type Linux or Windows (Default: Linux).
+        :param profile_name: Name of the instance profile that will be associated with the Instance Configuration.
+        :param security_group_ids: List of security group IDs for the Infrastructure Configuration.
+        :param security_groups: 
+        :param subnet_id: 
+        :param user_data_script: UserData script that will override default one (if specified). Default: - none
+        :param vuln_scans_repo_name: Store vulnerability scans through AWS Inspector in ECR using this repo name (if option is enabled).
+        :param vuln_scans_repo_tags: Store vulnerability scans through AWS Inspector in ECR using these image tags (if option is enabled).
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__f604923f8f82998f5caecff757715f94c0405ceeb95a6c1b00fa96d9d35d16d6)
+            check_type(argname="argument components", value=components, expected_type=type_hints["components"])
+            check_type(argname="argument parent_image", value=parent_image, expected_type=type_hints["parent_image"])
+            check_type(argname="argument vpc", value=vpc, expected_type=type_hints["vpc"])
+            check_type(argname="argument additional_policies", value=additional_policies, expected_type=type_hints["additional_policies"])
+            check_type(argname="argument debug_image_pipeline", value=debug_image_pipeline, expected_type=type_hints["debug_image_pipeline"])
+            check_type(argname="argument distribution_account_ids", value=distribution_account_ids, expected_type=type_hints["distribution_account_ids"])
+            check_type(argname="argument distribution_kms_key_alias", value=distribution_kms_key_alias, expected_type=type_hints["distribution_kms_key_alias"])
+            check_type(argname="argument distribution_regions", value=distribution_regions, expected_type=type_hints["distribution_regions"])
+            check_type(argname="argument ebs_volume_configurations", value=ebs_volume_configurations, expected_type=type_hints["ebs_volume_configurations"])
+            check_type(argname="argument email", value=email, expected_type=type_hints["email"])
+            check_type(argname="argument enable_vuln_scans", value=enable_vuln_scans, expected_type=type_hints["enable_vuln_scans"])
+            check_type(argname="argument image_recipe_version", value=image_recipe_version, expected_type=type_hints["image_recipe_version"])
+            check_type(argname="argument instance_types", value=instance_types, expected_type=type_hints["instance_types"])
+            check_type(argname="argument platform", value=platform, expected_type=type_hints["platform"])
+            check_type(argname="argument profile_name", value=profile_name, expected_type=type_hints["profile_name"])
+            check_type(argname="argument security_group_ids", value=security_group_ids, expected_type=type_hints["security_group_ids"])
+            check_type(argname="argument security_groups", value=security_groups, expected_type=type_hints["security_groups"])
+            check_type(argname="argument subnet_id", value=subnet_id, expected_type=type_hints["subnet_id"])
+            check_type(argname="argument user_data_script", value=user_data_script, expected_type=type_hints["user_data_script"])
+            check_type(argname="argument vuln_scans_repo_name", value=vuln_scans_repo_name, expected_type=type_hints["vuln_scans_repo_name"])
+            check_type(argname="argument vuln_scans_repo_tags", value=vuln_scans_repo_tags, expected_type=type_hints["vuln_scans_repo_tags"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "components": components,
+            "parent_image": parent_image,
+            "vpc": vpc,
+        }
+        if additional_policies is not None:
+            self._values["additional_policies"] = additional_policies
+        if debug_image_pipeline is not None:
+            self._values["debug_image_pipeline"] = debug_image_pipeline
+        if distribution_account_ids is not None:
+            self._values["distribution_account_ids"] = distribution_account_ids
+        if distribution_kms_key_alias is not None:
+            self._values["distribution_kms_key_alias"] = distribution_kms_key_alias
+        if distribution_regions is not None:
+            self._values["distribution_regions"] = distribution_regions
+        if ebs_volume_configurations is not None:
+            self._values["ebs_volume_configurations"] = ebs_volume_configurations
+        if email is not None:
+            self._values["email"] = email
+        if enable_vuln_scans is not None:
+            self._values["enable_vuln_scans"] = enable_vuln_scans
+        if image_recipe_version is not None:
+            self._values["image_recipe_version"] = image_recipe_version
+        if instance_types is not None:
+            self._values["instance_types"] = instance_types
+        if platform is not None:
+            self._values["platform"] = platform
+        if profile_name is not None:
+            self._values["profile_name"] = profile_name
+        if security_group_ids is not None:
+            self._values["security_group_ids"] = security_group_ids
+        if security_groups is not None:
+            self._values["security_groups"] = security_groups
+        if subnet_id is not None:
+            self._values["subnet_id"] = subnet_id
+        if user_data_script is not None:
+            self._values["user_data_script"] = user_data_script
+        if vuln_scans_repo_name is not None:
+            self._values["vuln_scans_repo_name"] = vuln_scans_repo_name
+        if vuln_scans_repo_tags is not None:
+            self._values["vuln_scans_repo_tags"] = vuln_scans_repo_tags
+
+    @builtins.property
+    def components(self) -> typing.List[IComponentProps]:
+        '''List of component props.'''
+        result = self._values.get("components")
+        assert result is not None, "Required property 'components' is missing"
+        return typing.cast(typing.List[IComponentProps], result)
+
+    @builtins.property
+    def parent_image(self) -> builtins.str:
+        '''The source (parent) image that the image recipe uses as its base environment.
+
+        The value can be the parent image ARN or an Image Builder AMI ID
+        '''
+        result = self._values.get("parent_image")
+        assert result is not None, "Required property 'parent_image' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def vpc(self) -> _aws_cdk_aws_ec2_ceddda9d.Vpc:
+        '''Vpc to use for the Image Builder Pipeline.'''
+        result = self._values.get("vpc")
+        assert result is not None, "Required property 'vpc' is missing"
+        return typing.cast(_aws_cdk_aws_ec2_ceddda9d.Vpc, result)
+
+    @builtins.property
+    def additional_policies(
+        self,
+    ) -> typing.Optional[typing.List[_aws_cdk_aws_iam_ceddda9d.ManagedPolicy]]:
+        '''Additional policies to add to the instance profile associated with the Instance Configurations.'''
+        result = self._values.get("additional_policies")
+        return typing.cast(typing.Optional[typing.List[_aws_cdk_aws_iam_ceddda9d.ManagedPolicy]], result)
+
+    @builtins.property
+    def debug_image_pipeline(self) -> typing.Optional[builtins.bool]:
+        '''Flag indicating whether the debug image pipeline is enabled or not.
+
+        This variable is optional. Default value is false.
+        Functionally, this will flag to return as finished immediately after first check to see if the image pipeline has finished.
+        This is useful for debugging the image pipeline.  However, there will be no AMI value returned.
+
+        :readonly: true
+        :type: {boolean}
+        '''
+        result = self._values.get("debug_image_pipeline")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    @builtins.property
+    def distribution_account_ids(self) -> typing.Optional[typing.List[builtins.str]]:
+        '''This variable represents an array of shared account IDs.
+
+        It is optional and readonly.
+        If it is provided, this AMI will be visible to the accounts in the array.
+        In order to share the AMI with other accounts, you must specify a KMS key ID for the EBS volume configuration as AWS does not allow sharing AMIs encrypted with the default AMI encryption key.
+
+        :readonly: true
+        :type: {Array}
+        '''
+        result = self._values.get("distribution_account_ids")
+        return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
+    @builtins.property
+    def distribution_kms_key_alias(self) -> typing.Optional[builtins.str]:
+        '''The alias of the KMS key used for encryption and decryption of content in the distribution.
+
+        This property is optional and readonly.
+        The default encryption key is not compatible with cross-account AMI sharing.
+        If you specify distributionAccountIds, you must specify a non-default encryption key using this property. Otherwise, Image Builder will throw an error.
+        Keep in mind that the KMS key in the distribution account must allow the EC2ImageBuilderDistributionCrossAccountRole role to use the key.
+
+        :readonly: true
+        :type: {string}
+        '''
+        result = self._values.get("distribution_kms_key_alias")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def distribution_regions(self) -> typing.Optional[typing.List[builtins.str]]:
+        result = self._values.get("distribution_regions")
+        return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
+    @builtins.property
+    def ebs_volume_configurations(self) -> typing.Optional[typing.List["VolumeProps"]]:
+        '''Subnet ID for the Infrastructure Configuration.'''
+        result = self._values.get("ebs_volume_configurations")
+        return typing.cast(typing.Optional[typing.List["VolumeProps"]], result)
+
+    @builtins.property
+    def email(self) -> typing.Optional[builtins.str]:
+        '''Email used to receive Image Builder Pipeline Notifications via SNS.'''
+        result = self._values.get("email")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def enable_vuln_scans(self) -> typing.Optional[builtins.bool]:
+        '''Set to true if you want to enable continuous vulnerability scans through AWS Inpector.'''
+        result = self._values.get("enable_vuln_scans")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    @builtins.property
+    def image_recipe_version(self) -> typing.Optional[builtins.str]:
+        '''Image recipe version (Default: 0.0.1).'''
+        result = self._values.get("image_recipe_version")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def instance_types(self) -> typing.Optional[typing.List[builtins.str]]:
+        '''List of instance types used in the Instance Configuration (Default: [ 't3.medium', 'm5.large', 'm5.xlarge' ]).'''
+        result = self._values.get("instance_types")
+        return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
+    @builtins.property
+    def platform(self) -> typing.Optional[builtins.str]:
+        '''Platform type Linux or Windows (Default: Linux).'''
+        result = self._values.get("platform")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def profile_name(self) -> typing.Optional[builtins.str]:
+        '''Name of the instance profile that will be associated with the Instance Configuration.'''
+        result = self._values.get("profile_name")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def security_group_ids(self) -> typing.Optional[typing.List[builtins.str]]:
+        '''List of security group IDs for the Infrastructure Configuration.'''
+        result = self._values.get("security_group_ids")
+        return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
+    @builtins.property
+    def security_groups(self) -> typing.Optional[typing.List[builtins.str]]:
+        result = self._values.get("security_groups")
+        return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
+    @builtins.property
+    def subnet_id(self) -> typing.Optional[builtins.str]:
+        result = self._values.get("subnet_id")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def user_data_script(self) -> typing.Optional[builtins.str]:
+        '''UserData script that will override default one (if specified).
+
+        :default: - none
+        '''
+        result = self._values.get("user_data_script")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def vuln_scans_repo_name(self) -> typing.Optional[builtins.str]:
+        '''Store vulnerability scans through AWS Inspector in ECR using this repo name (if option is enabled).'''
+        result = self._values.get("vuln_scans_repo_name")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def vuln_scans_repo_tags(self) -> typing.Optional[typing.List[builtins.str]]:
+        '''Store vulnerability scans through AWS Inspector in ECR using these image tags (if option is enabled).'''
+        result = self._values.get("vuln_scans_repo_tags")
+        return typing.cast(typing.Optional[typing.List[builtins.str]], result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "ImagePipelineProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
+class StartStateMachineFunction(
+    _aws_cdk_aws_lambda_ceddda9d.Function,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="@jjrawlins/cdk-ami-builder.StartStateMachineFunction",
+):
+    '''An AWS Lambda function which executes src/Lambdas/StartStateMachine/StartStateMachine.'''
+
+    def __init__(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        adot_instrumentation: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.AdotInstrumentationConfig, typing.Dict[builtins.str, typing.Any]]] = None,
+        allow_all_outbound: typing.Optional[builtins.bool] = None,
+        allow_public_subnet: typing.Optional[builtins.bool] = None,
+        architecture: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Architecture] = None,
+        code_signing_config: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ICodeSigningConfig] = None,
+        current_version_options: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.VersionOptions, typing.Dict[builtins.str, typing.Any]]] = None,
+        dead_letter_queue: typing.Optional[_aws_cdk_aws_sqs_ceddda9d.IQueue] = None,
+        dead_letter_queue_enabled: typing.Optional[builtins.bool] = None,
+        dead_letter_topic: typing.Optional[_aws_cdk_aws_sns_ceddda9d.ITopic] = None,
+        description: typing.Optional[builtins.str] = None,
+        environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+        environment_encryption: typing.Optional[_aws_cdk_aws_kms_ceddda9d.IKey] = None,
+        ephemeral_storage_size: typing.Optional[_aws_cdk_ceddda9d.Size] = None,
+        events: typing.Optional[typing.Sequence[_aws_cdk_aws_lambda_ceddda9d.IEventSource]] = None,
+        filesystem: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.FileSystem] = None,
+        function_name: typing.Optional[builtins.str] = None,
+        initial_policy: typing.Optional[typing.Sequence[_aws_cdk_aws_iam_ceddda9d.PolicyStatement]] = None,
+        insights_version: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.LambdaInsightsVersion] = None,
+        layers: typing.Optional[typing.Sequence[_aws_cdk_aws_lambda_ceddda9d.ILayerVersion]] = None,
+        log_retention: typing.Optional[_aws_cdk_aws_logs_ceddda9d.RetentionDays] = None,
+        log_retention_retry_options: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.LogRetentionRetryOptions, typing.Dict[builtins.str, typing.Any]]] = None,
+        log_retention_role: typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole] = None,
+        memory_size: typing.Optional[jsii.Number] = None,
+        params_and_secrets: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ParamsAndSecretsLayerVersion] = None,
+        profiling: typing.Optional[builtins.bool] = None,
+        profiling_group: typing.Optional[_aws_cdk_aws_codeguruprofiler_ceddda9d.IProfilingGroup] = None,
+        reserved_concurrent_executions: typing.Optional[jsii.Number] = None,
+        role: typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole] = None,
+        runtime_management_mode: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.RuntimeManagementMode] = None,
+        security_groups: typing.Optional[typing.Sequence[_aws_cdk_aws_ec2_ceddda9d.ISecurityGroup]] = None,
+        timeout: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+        tracing: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Tracing] = None,
+        vpc: typing.Optional[_aws_cdk_aws_ec2_ceddda9d.IVpc] = None,
+        vpc_subnets: typing.Optional[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]] = None,
+        max_event_age: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+        on_failure: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination] = None,
+        on_success: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination] = None,
+        retry_attempts: typing.Optional[jsii.Number] = None,
+    ) -> None:
+        '''
+        :param scope: -
+        :param id: -
+        :param adot_instrumentation: Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation. Default: - No ADOT instrumentation
+        :param allow_all_outbound: Whether to allow the Lambda to send all network traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets. Default: true
+        :param allow_public_subnet: Lambda Functions in a public subnet can NOT access the internet. Use this property to acknowledge this limitation and still place the function in a public subnet. Default: false
+        :param architecture: The system architectures compatible with this lambda function. Default: Architecture.X86_64
+        :param code_signing_config: Code signing config associated with this function. Default: - Not Sign the Code
+        :param current_version_options: Options for the ``lambda.Version`` resource automatically created by the ``fn.currentVersion`` method. Default: - default options as described in ``VersionOptions``
+        :param dead_letter_queue: The SQS queue to use if DLQ is enabled. If SNS topic is desired, specify ``deadLetterTopic`` property instead. Default: - SQS queue with 14 day retention period if ``deadLetterQueueEnabled`` is ``true``
+        :param dead_letter_queue_enabled: Enabled DLQ. If ``deadLetterQueue`` is undefined, an SQS queue with default options will be defined for your Function. Default: - false unless ``deadLetterQueue`` is set, which implies DLQ is enabled.
+        :param dead_letter_topic: The SNS topic to use as a DLQ. Note that if ``deadLetterQueueEnabled`` is set to ``true``, an SQS queue will be created rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly. Default: - no SNS topic
+        :param description: A description of the function. Default: - No description.
+        :param environment: Key-value pairs that Lambda caches and makes available for your Lambda functions. Use environment variables to apply configuration changes, such as test and production environment configurations, without changing your Lambda function source code. Default: - No environment variables.
+        :param environment_encryption: The AWS KMS key that's used to encrypt your function's environment variables. Default: - AWS Lambda creates and uses an AWS managed customer master key (CMK).
+        :param ephemeral_storage_size: The size of the function’s /tmp directory in MiB. Default: 512 MiB
+        :param events: Event sources for this function. You can also add event sources using ``addEventSource``. Default: - No event sources.
+        :param filesystem: The filesystem configuration for the lambda function. Default: - will not mount any filesystem
+        :param function_name: A name for the function. Default: - AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type.
+        :param initial_policy: Initial policy statements to add to the created Lambda Role. You can call ``addToRolePolicy`` to the created lambda to add statements post creation. Default: - No policy statements are added to the created Lambda role.
+        :param insights_version: Specify the version of CloudWatch Lambda insights to use for monitoring. Default: - No Lambda Insights
+        :param layers: A list of layers to add to the function's execution environment. You can configure your Lambda function to pull in additional code during initialization in the form of layers. Layers are packages of libraries or other dependencies that can be used by multiple functions. Default: - No layers.
+        :param log_retention: The number of days log events are kept in CloudWatch Logs. When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to ``INFINITE``. Default: logs.RetentionDays.INFINITE
+        :param log_retention_retry_options: When log retention is specified, a custom resource attempts to create the CloudWatch log group. These options control the retry policy when interacting with CloudWatch APIs. Default: - Default AWS SDK retry options.
+        :param log_retention_role: The IAM role for the Lambda function associated with the custom resource that sets the retention policy. Default: - A new role is created.
+        :param memory_size: The amount of memory, in MB, that is allocated to your Lambda function. Lambda uses this value to proportionally allocate the amount of CPU power. For more information, see Resource Model in the AWS Lambda Developer Guide. Default: 128
+        :param params_and_secrets: Specify the configuration of Parameters and Secrets Extension. Default: - No Parameters and Secrets Extension
+        :param profiling: Enable profiling. Default: - No profiling.
+        :param profiling_group: Profiling Group. Default: - A new profiling group will be created if ``profiling`` is set.
+        :param reserved_concurrent_executions: The maximum of concurrent executions you want to reserve for the function. Default: - No specific limit - account limit.
+        :param role: Lambda execution role. This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal. The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself. The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole". Default: - A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling ``addToRolePolicy``.
+        :param runtime_management_mode: Sets the runtime management configuration for a function's version. Default: Auto
+        :param security_groups: The list of security groups to associate with the Lambda's network interfaces. Only used if 'vpc' is supplied. Default: - If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.
+        :param timeout: The function execution time (in seconds) after which Lambda terminates the function. Because the execution time affects cost, set this value based on the function's expected execution time. Default: Duration.seconds(3)
+        :param tracing: Enable AWS X-Ray Tracing for Lambda Function. Default: Tracing.Disabled
+        :param vpc: VPC network to place Lambda network interfaces. Specify this if the Lambda function needs to access resources in a VPC. This is required when ``vpcSubnets`` is specified. Default: - Function is not placed within a VPC.
+        :param vpc_subnets: Where to place the network interfaces within the VPC. This requires ``vpc`` to be specified in order for interfaces to actually be placed in the subnets. If ``vpc`` is not specify, this will raise an error. Note: Internet access for Lambda Functions requires a NAT Gateway, so picking public subnets is not allowed (unless ``allowPublicSubnet`` is set to ``true``). Default: - the Vpc default strategy if not specified
+        :param max_event_age: The maximum age of a request that Lambda sends to a function for processing. Minimum: 60 seconds Maximum: 6 hours Default: Duration.hours(6)
+        :param on_failure: The destination for failed invocations. Default: - no destination
+        :param on_success: The destination for successful invocations. Default: - no destination
+        :param retry_attempts: The maximum number of times to retry when the function returns an error. Minimum: 0 Maximum: 2 Default: 2
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__e2190d2a548e965066a88afc4c9200b01b6ec131b60f821166bf35aedc4ef922)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        props = StartStateMachineFunctionProps(
+            adot_instrumentation=adot_instrumentation,
+            allow_all_outbound=allow_all_outbound,
+            allow_public_subnet=allow_public_subnet,
+            architecture=architecture,
+            code_signing_config=code_signing_config,
+            current_version_options=current_version_options,
+            dead_letter_queue=dead_letter_queue,
+            dead_letter_queue_enabled=dead_letter_queue_enabled,
+            dead_letter_topic=dead_letter_topic,
+            description=description,
+            environment=environment,
+            environment_encryption=environment_encryption,
+            ephemeral_storage_size=ephemeral_storage_size,
+            events=events,
+            filesystem=filesystem,
+            function_name=function_name,
+            initial_policy=initial_policy,
+            insights_version=insights_version,
+            layers=layers,
+            log_retention=log_retention,
+            log_retention_retry_options=log_retention_retry_options,
+            log_retention_role=log_retention_role,
+            memory_size=memory_size,
+            params_and_secrets=params_and_secrets,
+            profiling=profiling,
+            profiling_group=profiling_group,
+            reserved_concurrent_executions=reserved_concurrent_executions,
+            role=role,
+            runtime_management_mode=runtime_management_mode,
+            security_groups=security_groups,
+            timeout=timeout,
+            tracing=tracing,
+            vpc=vpc,
+            vpc_subnets=vpc_subnets,
+            max_event_age=max_event_age,
+            on_failure=on_failure,
+            on_success=on_success,
+            retry_attempts=retry_attempts,
+        )
+
+        jsii.create(self.__class__, self, [scope, id, props])
+
+
+@jsii.data_type(
+    jsii_type="@jjrawlins/cdk-ami-builder.StartStateMachineFunctionProps",
+    jsii_struct_bases=[_aws_cdk_aws_lambda_ceddda9d.FunctionOptions],
+    name_mapping={
+        "max_event_age": "maxEventAge",
+        "on_failure": "onFailure",
+        "on_success": "onSuccess",
+        "retry_attempts": "retryAttempts",
+        "adot_instrumentation": "adotInstrumentation",
+        "allow_all_outbound": "allowAllOutbound",
+        "allow_public_subnet": "allowPublicSubnet",
+        "architecture": "architecture",
+        "code_signing_config": "codeSigningConfig",
+        "current_version_options": "currentVersionOptions",
+        "dead_letter_queue": "deadLetterQueue",
+        "dead_letter_queue_enabled": "deadLetterQueueEnabled",
+        "dead_letter_topic": "deadLetterTopic",
+        "description": "description",
+        "environment": "environment",
+        "environment_encryption": "environmentEncryption",
+        "ephemeral_storage_size": "ephemeralStorageSize",
+        "events": "events",
+        "filesystem": "filesystem",
+        "function_name": "functionName",
+        "initial_policy": "initialPolicy",
+        "insights_version": "insightsVersion",
+        "layers": "layers",
+        "log_retention": "logRetention",
+        "log_retention_retry_options": "logRetentionRetryOptions",
+        "log_retention_role": "logRetentionRole",
+        "memory_size": "memorySize",
+        "params_and_secrets": "paramsAndSecrets",
+        "profiling": "profiling",
+        "profiling_group": "profilingGroup",
+        "reserved_concurrent_executions": "reservedConcurrentExecutions",
+        "role": "role",
+        "runtime_management_mode": "runtimeManagementMode",
+        "security_groups": "securityGroups",
+        "timeout": "timeout",
+        "tracing": "tracing",
+        "vpc": "vpc",
+        "vpc_subnets": "vpcSubnets",
+    },
+)
+class StartStateMachineFunctionProps(_aws_cdk_aws_lambda_ceddda9d.FunctionOptions):
+    def __init__(
+        self,
+        *,
+        max_event_age: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+        on_failure: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination] = None,
+        on_success: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination] = None,
+        retry_attempts: typing.Optional[jsii.Number] = None,
+        adot_instrumentation: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.AdotInstrumentationConfig, typing.Dict[builtins.str, typing.Any]]] = None,
+        allow_all_outbound: typing.Optional[builtins.bool] = None,
+        allow_public_subnet: typing.Optional[builtins.bool] = None,
+        architecture: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Architecture] = None,
+        code_signing_config: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ICodeSigningConfig] = None,
+        current_version_options: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.VersionOptions, typing.Dict[builtins.str, typing.Any]]] = None,
+        dead_letter_queue: typing.Optional[_aws_cdk_aws_sqs_ceddda9d.IQueue] = None,
+        dead_letter_queue_enabled: typing.Optional[builtins.bool] = None,
+        dead_letter_topic: typing.Optional[_aws_cdk_aws_sns_ceddda9d.ITopic] = None,
+        description: typing.Optional[builtins.str] = None,
+        environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+        environment_encryption: typing.Optional[_aws_cdk_aws_kms_ceddda9d.IKey] = None,
+        ephemeral_storage_size: typing.Optional[_aws_cdk_ceddda9d.Size] = None,
+        events: typing.Optional[typing.Sequence[_aws_cdk_aws_lambda_ceddda9d.IEventSource]] = None,
+        filesystem: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.FileSystem] = None,
+        function_name: typing.Optional[builtins.str] = None,
+        initial_policy: typing.Optional[typing.Sequence[_aws_cdk_aws_iam_ceddda9d.PolicyStatement]] = None,
+        insights_version: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.LambdaInsightsVersion] = None,
+        layers: typing.Optional[typing.Sequence[_aws_cdk_aws_lambda_ceddda9d.ILayerVersion]] = None,
+        log_retention: typing.Optional[_aws_cdk_aws_logs_ceddda9d.RetentionDays] = None,
+        log_retention_retry_options: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.LogRetentionRetryOptions, typing.Dict[builtins.str, typing.Any]]] = None,
+        log_retention_role: typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole] = None,
+        memory_size: typing.Optional[jsii.Number] = None,
+        params_and_secrets: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ParamsAndSecretsLayerVersion] = None,
+        profiling: typing.Optional[builtins.bool] = None,
+        profiling_group: typing.Optional[_aws_cdk_aws_codeguruprofiler_ceddda9d.IProfilingGroup] = None,
+        reserved_concurrent_executions: typing.Optional[jsii.Number] = None,
+        role: typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole] = None,
+        runtime_management_mode: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.RuntimeManagementMode] = None,
+        security_groups: typing.Optional[typing.Sequence[_aws_cdk_aws_ec2_ceddda9d.ISecurityGroup]] = None,
+        timeout: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+        tracing: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Tracing] = None,
+        vpc: typing.Optional[_aws_cdk_aws_ec2_ceddda9d.IVpc] = None,
+        vpc_subnets: typing.Optional[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]] = None,
+    ) -> None:
+        '''Props for StartStateMachineFunction.
+
+        :param max_event_age: The maximum age of a request that Lambda sends to a function for processing. Minimum: 60 seconds Maximum: 6 hours Default: Duration.hours(6)
+        :param on_failure: The destination for failed invocations. Default: - no destination
+        :param on_success: The destination for successful invocations. Default: - no destination
+        :param retry_attempts: The maximum number of times to retry when the function returns an error. Minimum: 0 Maximum: 2 Default: 2
+        :param adot_instrumentation: Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation. Default: - No ADOT instrumentation
+        :param allow_all_outbound: Whether to allow the Lambda to send all network traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets. Default: true
+        :param allow_public_subnet: Lambda Functions in a public subnet can NOT access the internet. Use this property to acknowledge this limitation and still place the function in a public subnet. Default: false
+        :param architecture: The system architectures compatible with this lambda function. Default: Architecture.X86_64
+        :param code_signing_config: Code signing config associated with this function. Default: - Not Sign the Code
+        :param current_version_options: Options for the ``lambda.Version`` resource automatically created by the ``fn.currentVersion`` method. Default: - default options as described in ``VersionOptions``
+        :param dead_letter_queue: The SQS queue to use if DLQ is enabled. If SNS topic is desired, specify ``deadLetterTopic`` property instead. Default: - SQS queue with 14 day retention period if ``deadLetterQueueEnabled`` is ``true``
+        :param dead_letter_queue_enabled: Enabled DLQ. If ``deadLetterQueue`` is undefined, an SQS queue with default options will be defined for your Function. Default: - false unless ``deadLetterQueue`` is set, which implies DLQ is enabled.
+        :param dead_letter_topic: The SNS topic to use as a DLQ. Note that if ``deadLetterQueueEnabled`` is set to ``true``, an SQS queue will be created rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly. Default: - no SNS topic
+        :param description: A description of the function. Default: - No description.
+        :param environment: Key-value pairs that Lambda caches and makes available for your Lambda functions. Use environment variables to apply configuration changes, such as test and production environment configurations, without changing your Lambda function source code. Default: - No environment variables.
+        :param environment_encryption: The AWS KMS key that's used to encrypt your function's environment variables. Default: - AWS Lambda creates and uses an AWS managed customer master key (CMK).
+        :param ephemeral_storage_size: The size of the function’s /tmp directory in MiB. Default: 512 MiB
+        :param events: Event sources for this function. You can also add event sources using ``addEventSource``. Default: - No event sources.
+        :param filesystem: The filesystem configuration for the lambda function. Default: - will not mount any filesystem
+        :param function_name: A name for the function. Default: - AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type.
+        :param initial_policy: Initial policy statements to add to the created Lambda Role. You can call ``addToRolePolicy`` to the created lambda to add statements post creation. Default: - No policy statements are added to the created Lambda role.
+        :param insights_version: Specify the version of CloudWatch Lambda insights to use for monitoring. Default: - No Lambda Insights
+        :param layers: A list of layers to add to the function's execution environment. You can configure your Lambda function to pull in additional code during initialization in the form of layers. Layers are packages of libraries or other dependencies that can be used by multiple functions. Default: - No layers.
+        :param log_retention: The number of days log events are kept in CloudWatch Logs. When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to ``INFINITE``. Default: logs.RetentionDays.INFINITE
+        :param log_retention_retry_options: When log retention is specified, a custom resource attempts to create the CloudWatch log group. These options control the retry policy when interacting with CloudWatch APIs. Default: - Default AWS SDK retry options.
+        :param log_retention_role: The IAM role for the Lambda function associated with the custom resource that sets the retention policy. Default: - A new role is created.
+        :param memory_size: The amount of memory, in MB, that is allocated to your Lambda function. Lambda uses this value to proportionally allocate the amount of CPU power. For more information, see Resource Model in the AWS Lambda Developer Guide. Default: 128
+        :param params_and_secrets: Specify the configuration of Parameters and Secrets Extension. Default: - No Parameters and Secrets Extension
+        :param profiling: Enable profiling. Default: - No profiling.
+        :param profiling_group: Profiling Group. Default: - A new profiling group will be created if ``profiling`` is set.
+        :param reserved_concurrent_executions: The maximum of concurrent executions you want to reserve for the function. Default: - No specific limit - account limit.
+        :param role: Lambda execution role. This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal. The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself. The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole". Default: - A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling ``addToRolePolicy``.
+        :param runtime_management_mode: Sets the runtime management configuration for a function's version. Default: Auto
+        :param security_groups: The list of security groups to associate with the Lambda's network interfaces. Only used if 'vpc' is supplied. Default: - If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.
+        :param timeout: The function execution time (in seconds) after which Lambda terminates the function. Because the execution time affects cost, set this value based on the function's expected execution time. Default: Duration.seconds(3)
+        :param tracing: Enable AWS X-Ray Tracing for Lambda Function. Default: Tracing.Disabled
+        :param vpc: VPC network to place Lambda network interfaces. Specify this if the Lambda function needs to access resources in a VPC. This is required when ``vpcSubnets`` is specified. Default: - Function is not placed within a VPC.
+        :param vpc_subnets: Where to place the network interfaces within the VPC. This requires ``vpc`` to be specified in order for interfaces to actually be placed in the subnets. If ``vpc`` is not specify, this will raise an error. Note: Internet access for Lambda Functions requires a NAT Gateway, so picking public subnets is not allowed (unless ``allowPublicSubnet`` is set to ``true``). Default: - the Vpc default strategy if not specified
+        '''
+        if isinstance(adot_instrumentation, dict):
+            adot_instrumentation = _aws_cdk_aws_lambda_ceddda9d.AdotInstrumentationConfig(**adot_instrumentation)
+        if isinstance(current_version_options, dict):
+            current_version_options = _aws_cdk_aws_lambda_ceddda9d.VersionOptions(**current_version_options)
+        if isinstance(log_retention_retry_options, dict):
+            log_retention_retry_options = _aws_cdk_aws_lambda_ceddda9d.LogRetentionRetryOptions(**log_retention_retry_options)
+        if isinstance(vpc_subnets, dict):
+            vpc_subnets = _aws_cdk_aws_ec2_ceddda9d.SubnetSelection(**vpc_subnets)
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__eb8aced8ffa672fc77ae37739036b372b4660892fca88a7d548de7d9809b88ab)
+            check_type(argname="argument max_event_age", value=max_event_age, expected_type=type_hints["max_event_age"])
+            check_type(argname="argument on_failure", value=on_failure, expected_type=type_hints["on_failure"])
+            check_type(argname="argument on_success", value=on_success, expected_type=type_hints["on_success"])
+            check_type(argname="argument retry_attempts", value=retry_attempts, expected_type=type_hints["retry_attempts"])
+            check_type(argname="argument adot_instrumentation", value=adot_instrumentation, expected_type=type_hints["adot_instrumentation"])
+            check_type(argname="argument allow_all_outbound", value=allow_all_outbound, expected_type=type_hints["allow_all_outbound"])
+            check_type(argname="argument allow_public_subnet", value=allow_public_subnet, expected_type=type_hints["allow_public_subnet"])
+            check_type(argname="argument architecture", value=architecture, expected_type=type_hints["architecture"])
+            check_type(argname="argument code_signing_config", value=code_signing_config, expected_type=type_hints["code_signing_config"])
+            check_type(argname="argument current_version_options", value=current_version_options, expected_type=type_hints["current_version_options"])
+            check_type(argname="argument dead_letter_queue", value=dead_letter_queue, expected_type=type_hints["dead_letter_queue"])
+            check_type(argname="argument dead_letter_queue_enabled", value=dead_letter_queue_enabled, expected_type=type_hints["dead_letter_queue_enabled"])
+            check_type(argname="argument dead_letter_topic", value=dead_letter_topic, expected_type=type_hints["dead_letter_topic"])
+            check_type(argname="argument description", value=description, expected_type=type_hints["description"])
+            check_type(argname="argument environment", value=environment, expected_type=type_hints["environment"])
+            check_type(argname="argument environment_encryption", value=environment_encryption, expected_type=type_hints["environment_encryption"])
+            check_type(argname="argument ephemeral_storage_size", value=ephemeral_storage_size, expected_type=type_hints["ephemeral_storage_size"])
+            check_type(argname="argument events", value=events, expected_type=type_hints["events"])
+            check_type(argname="argument filesystem", value=filesystem, expected_type=type_hints["filesystem"])
+            check_type(argname="argument function_name", value=function_name, expected_type=type_hints["function_name"])
+            check_type(argname="argument initial_policy", value=initial_policy, expected_type=type_hints["initial_policy"])
+            check_type(argname="argument insights_version", value=insights_version, expected_type=type_hints["insights_version"])
+            check_type(argname="argument layers", value=layers, expected_type=type_hints["layers"])
+            check_type(argname="argument log_retention", value=log_retention, expected_type=type_hints["log_retention"])
+            check_type(argname="argument log_retention_retry_options", value=log_retention_retry_options, expected_type=type_hints["log_retention_retry_options"])
+            check_type(argname="argument log_retention_role", value=log_retention_role, expected_type=type_hints["log_retention_role"])
+            check_type(argname="argument memory_size", value=memory_size, expected_type=type_hints["memory_size"])
+            check_type(argname="argument params_and_secrets", value=params_and_secrets, expected_type=type_hints["params_and_secrets"])
+            check_type(argname="argument profiling", value=profiling, expected_type=type_hints["profiling"])
+            check_type(argname="argument profiling_group", value=profiling_group, expected_type=type_hints["profiling_group"])
+            check_type(argname="argument reserved_concurrent_executions", value=reserved_concurrent_executions, expected_type=type_hints["reserved_concurrent_executions"])
+            check_type(argname="argument role", value=role, expected_type=type_hints["role"])
+            check_type(argname="argument runtime_management_mode", value=runtime_management_mode, expected_type=type_hints["runtime_management_mode"])
+            check_type(argname="argument security_groups", value=security_groups, expected_type=type_hints["security_groups"])
+            check_type(argname="argument timeout", value=timeout, expected_type=type_hints["timeout"])
+            check_type(argname="argument tracing", value=tracing, expected_type=type_hints["tracing"])
+            check_type(argname="argument vpc", value=vpc, expected_type=type_hints["vpc"])
+            check_type(argname="argument vpc_subnets", value=vpc_subnets, expected_type=type_hints["vpc_subnets"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {}
+        if max_event_age is not None:
+            self._values["max_event_age"] = max_event_age
+        if on_failure is not None:
+            self._values["on_failure"] = on_failure
+        if on_success is not None:
+            self._values["on_success"] = on_success
+        if retry_attempts is not None:
+            self._values["retry_attempts"] = retry_attempts
+        if adot_instrumentation is not None:
+            self._values["adot_instrumentation"] = adot_instrumentation
+        if allow_all_outbound is not None:
+            self._values["allow_all_outbound"] = allow_all_outbound
+        if allow_public_subnet is not None:
+            self._values["allow_public_subnet"] = allow_public_subnet
+        if architecture is not None:
+            self._values["architecture"] = architecture
+        if code_signing_config is not None:
+            self._values["code_signing_config"] = code_signing_config
+        if current_version_options is not None:
+            self._values["current_version_options"] = current_version_options
+        if dead_letter_queue is not None:
+            self._values["dead_letter_queue"] = dead_letter_queue
+        if dead_letter_queue_enabled is not None:
+            self._values["dead_letter_queue_enabled"] = dead_letter_queue_enabled
+        if dead_letter_topic is not None:
+            self._values["dead_letter_topic"] = dead_letter_topic
+        if description is not None:
+            self._values["description"] = description
+        if environment is not None:
+            self._values["environment"] = environment
+        if environment_encryption is not None:
+            self._values["environment_encryption"] = environment_encryption
+        if ephemeral_storage_size is not None:
+            self._values["ephemeral_storage_size"] = ephemeral_storage_size
+        if events is not None:
+            self._values["events"] = events
+        if filesystem is not None:
+            self._values["filesystem"] = filesystem
+        if function_name is not None:
+            self._values["function_name"] = function_name
+        if initial_policy is not None:
+            self._values["initial_policy"] = initial_policy
+        if insights_version is not None:
+            self._values["insights_version"] = insights_version
+        if layers is not None:
+            self._values["layers"] = layers
+        if log_retention is not None:
+            self._values["log_retention"] = log_retention
+        if log_retention_retry_options is not None:
+            self._values["log_retention_retry_options"] = log_retention_retry_options
+        if log_retention_role is not None:
+            self._values["log_retention_role"] = log_retention_role
+        if memory_size is not None:
+            self._values["memory_size"] = memory_size
+        if params_and_secrets is not None:
+            self._values["params_and_secrets"] = params_and_secrets
+        if profiling is not None:
+            self._values["profiling"] = profiling
+        if profiling_group is not None:
+            self._values["profiling_group"] = profiling_group
+        if reserved_concurrent_executions is not None:
+            self._values["reserved_concurrent_executions"] = reserved_concurrent_executions
+        if role is not None:
+            self._values["role"] = role
+        if runtime_management_mode is not None:
+            self._values["runtime_management_mode"] = runtime_management_mode
+        if security_groups is not None:
+            self._values["security_groups"] = security_groups
+        if timeout is not None:
+            self._values["timeout"] = timeout
+        if tracing is not None:
+            self._values["tracing"] = tracing
+        if vpc is not None:
+            self._values["vpc"] = vpc
+        if vpc_subnets is not None:
+            self._values["vpc_subnets"] = vpc_subnets
+
+    @builtins.property
+    def max_event_age(self) -> typing.Optional[_aws_cdk_ceddda9d.Duration]:
+        '''The maximum age of a request that Lambda sends to a function for processing.
+
+        Minimum: 60 seconds
+        Maximum: 6 hours
+
+        :default: Duration.hours(6)
+        '''
+        result = self._values.get("max_event_age")
+        return typing.cast(typing.Optional[_aws_cdk_ceddda9d.Duration], result)
+
+    @builtins.property
+    def on_failure(self) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination]:
+        '''The destination for failed invocations.
+
+        :default: - no destination
+        '''
+        result = self._values.get("on_failure")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination], result)
+
+    @builtins.property
+    def on_success(self) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination]:
+        '''The destination for successful invocations.
+
+        :default: - no destination
+        '''
+        result = self._values.get("on_success")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination], result)
+
+    @builtins.property
+    def retry_attempts(self) -> typing.Optional[jsii.Number]:
+        '''The maximum number of times to retry when the function returns an error.
+
+        Minimum: 0
+        Maximum: 2
+
+        :default: 2
+        '''
+        result = self._values.get("retry_attempts")
+        return typing.cast(typing.Optional[jsii.Number], result)
+
+    @builtins.property
+    def adot_instrumentation(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.AdotInstrumentationConfig]:
+        '''Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.
+
+        :default: - No ADOT instrumentation
+
+        :see: https://aws-otel.github.io/docs/getting-started/lambda
+        '''
+        result = self._values.get("adot_instrumentation")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.AdotInstrumentationConfig], result)
+
+    @builtins.property
+    def allow_all_outbound(self) -> typing.Optional[builtins.bool]:
+        '''Whether to allow the Lambda to send all network traffic.
+
+        If set to false, you must individually add traffic rules to allow the
+        Lambda to connect to network targets.
+
+        :default: true
+        '''
+        result = self._values.get("allow_all_outbound")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    @builtins.property
+    def allow_public_subnet(self) -> typing.Optional[builtins.bool]:
+        '''Lambda Functions in a public subnet can NOT access the internet.
+
+        Use this property to acknowledge this limitation and still place the function in a public subnet.
+
+        :default: false
+
+        :see: https://stackoverflow.com/questions/52992085/why-cant-an-aws-lambda-function-inside-a-public-subnet-in-a-vpc-connect-to-the/52994841#52994841
+        '''
+        result = self._values.get("allow_public_subnet")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    @builtins.property
+    def architecture(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Architecture]:
+        '''The system architectures compatible with this lambda function.
+
+        :default: Architecture.X86_64
+        '''
+        result = self._values.get("architecture")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Architecture], result)
+
+    @builtins.property
+    def code_signing_config(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ICodeSigningConfig]:
+        '''Code signing config associated with this function.
+
+        :default: - Not Sign the Code
+        '''
+        result = self._values.get("code_signing_config")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ICodeSigningConfig], result)
+
+    @builtins.property
+    def current_version_options(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.VersionOptions]:
+        '''Options for the ``lambda.Version`` resource automatically created by the ``fn.currentVersion`` method.
+
+        :default: - default options as described in ``VersionOptions``
+        '''
+        result = self._values.get("current_version_options")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.VersionOptions], result)
+
+    @builtins.property
+    def dead_letter_queue(self) -> typing.Optional[_aws_cdk_aws_sqs_ceddda9d.IQueue]:
+        '''The SQS queue to use if DLQ is enabled.
+
+        If SNS topic is desired, specify ``deadLetterTopic`` property instead.
+
+        :default: - SQS queue with 14 day retention period if ``deadLetterQueueEnabled`` is ``true``
+        '''
+        result = self._values.get("dead_letter_queue")
+        return typing.cast(typing.Optional[_aws_cdk_aws_sqs_ceddda9d.IQueue], result)
+
+    @builtins.property
+    def dead_letter_queue_enabled(self) -> typing.Optional[builtins.bool]:
+        '''Enabled DLQ.
+
+        If ``deadLetterQueue`` is undefined,
+        an SQS queue with default options will be defined for your Function.
+
+        :default: - false unless ``deadLetterQueue`` is set, which implies DLQ is enabled.
+        '''
+        result = self._values.get("dead_letter_queue_enabled")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    @builtins.property
+    def dead_letter_topic(self) -> typing.Optional[_aws_cdk_aws_sns_ceddda9d.ITopic]:
+        '''The SNS topic to use as a DLQ.
+
+        Note that if ``deadLetterQueueEnabled`` is set to ``true``, an SQS queue will be created
+        rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly.
+
+        :default: - no SNS topic
+        '''
+        result = self._values.get("dead_letter_topic")
+        return typing.cast(typing.Optional[_aws_cdk_aws_sns_ceddda9d.ITopic], result)
+
+    @builtins.property
+    def description(self) -> typing.Optional[builtins.str]:
+        '''A description of the function.
+
+        :default: - No description.
+        '''
+        result = self._values.get("description")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def environment(
+        self,
+    ) -> typing.Optional[typing.Mapping[builtins.str, builtins.str]]:
+        '''Key-value pairs that Lambda caches and makes available for your Lambda functions.
+
+        Use environment variables to apply configuration changes, such
+        as test and production environment configurations, without changing your
+        Lambda function source code.
+
+        :default: - No environment variables.
+        '''
+        result = self._values.get("environment")
+        return typing.cast(typing.Optional[typing.Mapping[builtins.str, builtins.str]], result)
+
+    @builtins.property
+    def environment_encryption(self) -> typing.Optional[_aws_cdk_aws_kms_ceddda9d.IKey]:
+        '''The AWS KMS key that's used to encrypt your function's environment variables.
+
+        :default: - AWS Lambda creates and uses an AWS managed customer master key (CMK).
+        '''
+        result = self._values.get("environment_encryption")
+        return typing.cast(typing.Optional[_aws_cdk_aws_kms_ceddda9d.IKey], result)
+
+    @builtins.property
+    def ephemeral_storage_size(self) -> typing.Optional[_aws_cdk_ceddda9d.Size]:
+        '''The size of the function’s /tmp directory in MiB.
+
+        :default: 512 MiB
+        '''
+        result = self._values.get("ephemeral_storage_size")
+        return typing.cast(typing.Optional[_aws_cdk_ceddda9d.Size], result)
+
+    @builtins.property
+    def events(
+        self,
+    ) -> typing.Optional[typing.List[_aws_cdk_aws_lambda_ceddda9d.IEventSource]]:
+        '''Event sources for this function.
+
+        You can also add event sources using ``addEventSource``.
+
+        :default: - No event sources.
+        '''
+        result = self._values.get("events")
+        return typing.cast(typing.Optional[typing.List[_aws_cdk_aws_lambda_ceddda9d.IEventSource]], result)
+
+    @builtins.property
+    def filesystem(self) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.FileSystem]:
+        '''The filesystem configuration for the lambda function.
+
+        :default: - will not mount any filesystem
+        '''
+        result = self._values.get("filesystem")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.FileSystem], result)
+
+    @builtins.property
+    def function_name(self) -> typing.Optional[builtins.str]:
+        '''A name for the function.
+
+        :default:
+
+        - AWS CloudFormation generates a unique physical ID and uses that
+        ID for the function's name. For more information, see Name Type.
+        '''
+        result = self._values.get("function_name")
+        return typing.cast(typing.Optional[builtins.str], result)
+
+    @builtins.property
+    def initial_policy(
+        self,
+    ) -> typing.Optional[typing.List[_aws_cdk_aws_iam_ceddda9d.PolicyStatement]]:
+        '''Initial policy statements to add to the created Lambda Role.
+
+        You can call ``addToRolePolicy`` to the created lambda to add statements post creation.
+
+        :default: - No policy statements are added to the created Lambda role.
+        '''
+        result = self._values.get("initial_policy")
+        return typing.cast(typing.Optional[typing.List[_aws_cdk_aws_iam_ceddda9d.PolicyStatement]], result)
+
+    @builtins.property
+    def insights_version(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.LambdaInsightsVersion]:
+        '''Specify the version of CloudWatch Lambda insights to use for monitoring.
+
+        :default: - No Lambda Insights
+
+        :see: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-Getting-Started-docker.html
+        '''
+        result = self._values.get("insights_version")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.LambdaInsightsVersion], result)
+
+    @builtins.property
+    def layers(
+        self,
+    ) -> typing.Optional[typing.List[_aws_cdk_aws_lambda_ceddda9d.ILayerVersion]]:
+        '''A list of layers to add to the function's execution environment.
+
+        You can configure your Lambda function to pull in
+        additional code during initialization in the form of layers. Layers are packages of libraries or other dependencies
+        that can be used by multiple functions.
+
+        :default: - No layers.
+        '''
+        result = self._values.get("layers")
+        return typing.cast(typing.Optional[typing.List[_aws_cdk_aws_lambda_ceddda9d.ILayerVersion]], result)
+
+    @builtins.property
+    def log_retention(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_logs_ceddda9d.RetentionDays]:
+        '''The number of days log events are kept in CloudWatch Logs.
+
+        When updating
+        this property, unsetting it doesn't remove the log retention policy. To
+        remove the retention policy, set the value to ``INFINITE``.
+
+        :default: logs.RetentionDays.INFINITE
+        '''
+        result = self._values.get("log_retention")
+        return typing.cast(typing.Optional[_aws_cdk_aws_logs_ceddda9d.RetentionDays], result)
+
+    @builtins.property
+    def log_retention_retry_options(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.LogRetentionRetryOptions]:
+        '''When log retention is specified, a custom resource attempts to create the CloudWatch log group.
+
+        These options control the retry policy when interacting with CloudWatch APIs.
+
+        :default: - Default AWS SDK retry options.
+        '''
+        result = self._values.get("log_retention_retry_options")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.LogRetentionRetryOptions], result)
+
+    @builtins.property
+    def log_retention_role(self) -> typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole]:
+        '''The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
+
+        :default: - A new role is created.
+        '''
+        result = self._values.get("log_retention_role")
+        return typing.cast(typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole], result)
+
+    @builtins.property
+    def memory_size(self) -> typing.Optional[jsii.Number]:
+        '''The amount of memory, in MB, that is allocated to your Lambda function.
+
+        Lambda uses this value to proportionally allocate the amount of CPU
+        power. For more information, see Resource Model in the AWS Lambda
+        Developer Guide.
+
+        :default: 128
+        '''
+        result = self._values.get("memory_size")
+        return typing.cast(typing.Optional[jsii.Number], result)
+
+    @builtins.property
+    def params_and_secrets(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ParamsAndSecretsLayerVersion]:
+        '''Specify the configuration of Parameters and Secrets Extension.
+
+        :default: - No Parameters and Secrets Extension
+
+        :see: https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html
+        '''
+        result = self._values.get("params_and_secrets")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ParamsAndSecretsLayerVersion], result)
+
+    @builtins.property
+    def profiling(self) -> typing.Optional[builtins.bool]:
+        '''Enable profiling.
+
+        :default: - No profiling.
+
+        :see: https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html
+        '''
+        result = self._values.get("profiling")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    @builtins.property
+    def profiling_group(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_codeguruprofiler_ceddda9d.IProfilingGroup]:
+        '''Profiling Group.
+
+        :default: - A new profiling group will be created if ``profiling`` is set.
+
+        :see: https://docs.aws.amazon.com/codeguru/latest/profiler-ug/setting-up-lambda.html
+        '''
+        result = self._values.get("profiling_group")
+        return typing.cast(typing.Optional[_aws_cdk_aws_codeguruprofiler_ceddda9d.IProfilingGroup], result)
+
+    @builtins.property
+    def reserved_concurrent_executions(self) -> typing.Optional[jsii.Number]:
+        '''The maximum of concurrent executions you want to reserve for the function.
+
+        :default: - No specific limit - account limit.
+
+        :see: https://docs.aws.amazon.com/lambda/latest/dg/concurrent-executions.html
+        '''
+        result = self._values.get("reserved_concurrent_executions")
+        return typing.cast(typing.Optional[jsii.Number], result)
+
+    @builtins.property
+    def role(self) -> typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole]:
+        '''Lambda execution role.
+
+        This is the role that will be assumed by the function upon execution.
+        It controls the permissions that the function will have. The Role must
+        be assumable by the 'lambda.amazonaws.com' service principal.
+
+        The default Role automatically has permissions granted for Lambda execution. If you
+        provide a Role, you must add the relevant AWS managed policies yourself.
+
+        The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and
+        "service-role/AWSLambdaVPCAccessExecutionRole".
+
+        :default:
+
+        - A unique role will be generated for this lambda function.
+        Both supplied and generated roles can always be changed by calling ``addToRolePolicy``.
+        '''
+        result = self._values.get("role")
+        return typing.cast(typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole], result)
+
+    @builtins.property
+    def runtime_management_mode(
+        self,
+    ) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.RuntimeManagementMode]:
+        '''Sets the runtime management configuration for a function's version.
+
+        :default: Auto
+        '''
+        result = self._values.get("runtime_management_mode")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.RuntimeManagementMode], result)
+
+    @builtins.property
+    def security_groups(
+        self,
+    ) -> typing.Optional[typing.List[_aws_cdk_aws_ec2_ceddda9d.ISecurityGroup]]:
+        '''The list of security groups to associate with the Lambda's network interfaces.
+
+        Only used if 'vpc' is supplied.
+
+        :default:
+
+        - If the function is placed within a VPC and a security group is
+        not specified, either by this or securityGroup prop, a dedicated security
+        group will be created for this function.
+        '''
+        result = self._values.get("security_groups")
+        return typing.cast(typing.Optional[typing.List[_aws_cdk_aws_ec2_ceddda9d.ISecurityGroup]], result)
+
+    @builtins.property
+    def timeout(self) -> typing.Optional[_aws_cdk_ceddda9d.Duration]:
+        '''The function execution time (in seconds) after which Lambda terminates the function.
+
+        Because the execution time affects cost, set this value
+        based on the function's expected execution time.
+
+        :default: Duration.seconds(3)
+        '''
+        result = self._values.get("timeout")
+        return typing.cast(typing.Optional[_aws_cdk_ceddda9d.Duration], result)
+
+    @builtins.property
+    def tracing(self) -> typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Tracing]:
+        '''Enable AWS X-Ray Tracing for Lambda Function.
+
+        :default: Tracing.Disabled
+        '''
+        result = self._values.get("tracing")
+        return typing.cast(typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Tracing], result)
+
+    @builtins.property
+    def vpc(self) -> typing.Optional[_aws_cdk_aws_ec2_ceddda9d.IVpc]:
+        '''VPC network to place Lambda network interfaces.
+
+        Specify this if the Lambda function needs to access resources in a VPC.
+        This is required when ``vpcSubnets`` is specified.
+
+        :default: - Function is not placed within a VPC.
+        '''
+        result = self._values.get("vpc")
+        return typing.cast(typing.Optional[_aws_cdk_aws_ec2_ceddda9d.IVpc], result)
+
+    @builtins.property
+    def vpc_subnets(self) -> typing.Optional[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection]:
+        '''Where to place the network interfaces within the VPC.
+
+        This requires ``vpc`` to be specified in order for interfaces to actually be
+        placed in the subnets. If ``vpc`` is not specify, this will raise an error.
+
+        Note: Internet access for Lambda Functions requires a NAT Gateway, so picking
+        public subnets is not allowed (unless ``allowPublicSubnet`` is set to ``true``).
+
+        :default: - the Vpc default strategy if not specified
+        '''
+        result = self._values.get("vpc_subnets")
+        return typing.cast(typing.Optional[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection], result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "StartStateMachineFunctionProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
+@jsii.data_type(
+    jsii_type="@jjrawlins/cdk-ami-builder.VolumeProps",
+    jsii_struct_bases=[],
+    name_mapping={"device_name": "deviceName", "ebs": "ebs"},
+)
+class VolumeProps:
+    def __init__(self, *, device_name: builtins.str, ebs: IEbsParameters) -> None:
+        '''
+        :param device_name: Name of the volume.
+        :param ebs: EBS Block Store Parameters. By default, the 'kmsKeyId' of EBS volume is set to 'amiEncryptionKey.keyId', and 'encrypted' is set to 'true'. If you wish to use a different KMS Key, you may do so. However, please make sure that the necessary permissions and compliance requirements for the KMS Key are already set up.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__9d1da9ea32dfd5f2b80899e3b65cfd331e8667db730686426f0ff1a173e565e6)
+            check_type(argname="argument device_name", value=device_name, expected_type=type_hints["device_name"])
+            check_type(argname="argument ebs", value=ebs, expected_type=type_hints["ebs"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {
+            "device_name": device_name,
+            "ebs": ebs,
+        }
+
+    @builtins.property
+    def device_name(self) -> builtins.str:
+        '''Name of the volume.'''
+        result = self._values.get("device_name")
+        assert result is not None, "Required property 'device_name' is missing"
+        return typing.cast(builtins.str, result)
+
+    @builtins.property
+    def ebs(self) -> IEbsParameters:
+        '''EBS Block Store Parameters.
+
+        By default, the 'kmsKeyId' of EBS volume is set to 'amiEncryptionKey.keyId',
+        and 'encrypted' is set to 'true'. If you wish to use a different KMS Key,
+        you may do so. However, please make sure that the necessary permissions
+        and compliance requirements for the KMS Key are already set up.
+        '''
+        result = self._values.get("ebs")
+        assert result is not None, "Required property 'ebs' is missing"
+        return typing.cast(IEbsParameters, result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "VolumeProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
+__all__ = [
+    "CheckStateMachineStatusFunction",
+    "CheckStateMachineStatusFunctionProps",
+    "IActionCommands",
+    "IComponentDocument",
+    "IComponentProps",
+    "IEbsParameters",
+    "IInputParameter",
+    "IPhases",
+    "IStepCommands",
+    "ImagePipeline",
+    "ImagePipelineProps",
+    "StartStateMachineFunction",
+    "StartStateMachineFunctionProps",
+    "VolumeProps",
+]
+
+publication.publish()
+
+def _typecheckingstub__80a7e839717caae4ae025b044129f52691774b5a0c3597bea181450461089015(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    adot_instrumentation: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.AdotInstrumentationConfig, typing.Dict[builtins.str, typing.Any]]] = None,
+    allow_all_outbound: typing.Optional[builtins.bool] = None,
+    allow_public_subnet: typing.Optional[builtins.bool] = None,
+    architecture: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Architecture] = None,
+    code_signing_config: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ICodeSigningConfig] = None,
+    current_version_options: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.VersionOptions, typing.Dict[builtins.str, typing.Any]]] = None,
+    dead_letter_queue: typing.Optional[_aws_cdk_aws_sqs_ceddda9d.IQueue] = None,
+    dead_letter_queue_enabled: typing.Optional[builtins.bool] = None,
+    dead_letter_topic: typing.Optional[_aws_cdk_aws_sns_ceddda9d.ITopic] = None,
+    description: typing.Optional[builtins.str] = None,
+    environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+    environment_encryption: typing.Optional[_aws_cdk_aws_kms_ceddda9d.IKey] = None,
+    ephemeral_storage_size: typing.Optional[_aws_cdk_ceddda9d.Size] = None,
+    events: typing.Optional[typing.Sequence[_aws_cdk_aws_lambda_ceddda9d.IEventSource]] = None,
+    filesystem: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.FileSystem] = None,
+    function_name: typing.Optional[builtins.str] = None,
+    initial_policy: typing.Optional[typing.Sequence[_aws_cdk_aws_iam_ceddda9d.PolicyStatement]] = None,
+    insights_version: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.LambdaInsightsVersion] = None,
+    layers: typing.Optional[typing.Sequence[_aws_cdk_aws_lambda_ceddda9d.ILayerVersion]] = None,
+    log_retention: typing.Optional[_aws_cdk_aws_logs_ceddda9d.RetentionDays] = None,
+    log_retention_retry_options: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.LogRetentionRetryOptions, typing.Dict[builtins.str, typing.Any]]] = None,
+    log_retention_role: typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole] = None,
+    memory_size: typing.Optional[jsii.Number] = None,
+    params_and_secrets: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ParamsAndSecretsLayerVersion] = None,
+    profiling: typing.Optional[builtins.bool] = None,
+    profiling_group: typing.Optional[_aws_cdk_aws_codeguruprofiler_ceddda9d.IProfilingGroup] = None,
+    reserved_concurrent_executions: typing.Optional[jsii.Number] = None,
+    role: typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole] = None,
+    runtime_management_mode: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.RuntimeManagementMode] = None,
+    security_groups: typing.Optional[typing.Sequence[_aws_cdk_aws_ec2_ceddda9d.ISecurityGroup]] = None,
+    timeout: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+    tracing: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Tracing] = None,
+    vpc: typing.Optional[_aws_cdk_aws_ec2_ceddda9d.IVpc] = None,
+    vpc_subnets: typing.Optional[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]] = None,
+    max_event_age: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+    on_failure: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination] = None,
+    on_success: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination] = None,
+    retry_attempts: typing.Optional[jsii.Number] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__7ad187f6fa75af251088f0d01089ce5af9c6e78ba8a6e1736dfdb9666988616b(
+    *,
+    max_event_age: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+    on_failure: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination] = None,
+    on_success: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination] = None,
+    retry_attempts: typing.Optional[jsii.Number] = None,
+    adot_instrumentation: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.AdotInstrumentationConfig, typing.Dict[builtins.str, typing.Any]]] = None,
+    allow_all_outbound: typing.Optional[builtins.bool] = None,
+    allow_public_subnet: typing.Optional[builtins.bool] = None,
+    architecture: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Architecture] = None,
+    code_signing_config: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ICodeSigningConfig] = None,
+    current_version_options: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.VersionOptions, typing.Dict[builtins.str, typing.Any]]] = None,
+    dead_letter_queue: typing.Optional[_aws_cdk_aws_sqs_ceddda9d.IQueue] = None,
+    dead_letter_queue_enabled: typing.Optional[builtins.bool] = None,
+    dead_letter_topic: typing.Optional[_aws_cdk_aws_sns_ceddda9d.ITopic] = None,
+    description: typing.Optional[builtins.str] = None,
+    environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+    environment_encryption: typing.Optional[_aws_cdk_aws_kms_ceddda9d.IKey] = None,
+    ephemeral_storage_size: typing.Optional[_aws_cdk_ceddda9d.Size] = None,
+    events: typing.Optional[typing.Sequence[_aws_cdk_aws_lambda_ceddda9d.IEventSource]] = None,
+    filesystem: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.FileSystem] = None,
+    function_name: typing.Optional[builtins.str] = None,
+    initial_policy: typing.Optional[typing.Sequence[_aws_cdk_aws_iam_ceddda9d.PolicyStatement]] = None,
+    insights_version: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.LambdaInsightsVersion] = None,
+    layers: typing.Optional[typing.Sequence[_aws_cdk_aws_lambda_ceddda9d.ILayerVersion]] = None,
+    log_retention: typing.Optional[_aws_cdk_aws_logs_ceddda9d.RetentionDays] = None,
+    log_retention_retry_options: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.LogRetentionRetryOptions, typing.Dict[builtins.str, typing.Any]]] = None,
+    log_retention_role: typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole] = None,
+    memory_size: typing.Optional[jsii.Number] = None,
+    params_and_secrets: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ParamsAndSecretsLayerVersion] = None,
+    profiling: typing.Optional[builtins.bool] = None,
+    profiling_group: typing.Optional[_aws_cdk_aws_codeguruprofiler_ceddda9d.IProfilingGroup] = None,
+    reserved_concurrent_executions: typing.Optional[jsii.Number] = None,
+    role: typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole] = None,
+    runtime_management_mode: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.RuntimeManagementMode] = None,
+    security_groups: typing.Optional[typing.Sequence[_aws_cdk_aws_ec2_ceddda9d.ISecurityGroup]] = None,
+    timeout: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+    tracing: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Tracing] = None,
+    vpc: typing.Optional[_aws_cdk_aws_ec2_ceddda9d.IVpc] = None,
+    vpc_subnets: typing.Optional[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__10f5fea34bd77d6054ed796f746dbb227d06d5b5d758e1eb35055430d0518bdf(
+    value: typing.List[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__624a7bb48f946403e3ab1b4ae0dbb8031caf7b944311ff9c993a6126ef5e3287(
+    value: typing.List[IPhases],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__de97257fb85051b7e1a2f01dbece22036f46f0b683a3d5e9a4169541ec11b5e1(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__70cb5dabf5f8f2356d27488542eac48b55efd3d699b5e052701945bf99619aca(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__efffe851a3d571fabc89bb8f1e37d1a4ec032e1342122b5ab489204a1e44f6b8(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__b0ad2caab3355f4838637405d4f26c75ee1cce783903c32551e643abe82659e8(
+    value: IComponentDocument,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__0bce0f8dc96228f8efb876e5919d9c2c1ee92c26a24d14eca94a50a06cd4926f(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__c0c7dec14ffd9bf1a1a114795b123ba90e9b80ca69c21fdaa3f475ddf85d78b1(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__72232f5835e0beda072a77bad77970be5491d2709e66ba2ca97fd7bc9db71006(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__86f16715a17e21602912ba9d4533eca197b8693c30d16442cfab62b7ea33370d(
+    value: typing.Optional[typing.Mapping[builtins.str, IInputParameter]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__a23ae80ba76ecddd4143609bb122f336b79f3ab095cc2c2c5d4d1385ef62693a(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__9973b3d6b077a057d59e04c03013dce9d7ed43148817bf0433987b401da20438(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__0e5d81c411808594f27bf71993213cf332e7b7bc72d420381bada3679eeea8ec(
+    value: jsii.Number,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__b540c011e8f4a3a07534f2b6ce7d7f97f2c406cb2e6c3fe31235455d998f6241(
+    value: typing.Optional[builtins.bool],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__7e13b146751f14eee56e18d77364984f0f27022180ae37bc0ded34faef00f0c4(
+    value: typing.Optional[builtins.bool],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__c302f146869b52368ce6de4d6f01976b8eca3e9d54f8efbbffe44cf8b19d0869(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__e81a510a2a024c038328cbad4402309e14a7833b607324f360373866e250b3f7(
+    value: typing.Optional[builtins.str],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__aaf310c2928dde39cb8af7991b84c39540130f8d881fe6005d7eab25d2d118c0(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__4560f5bbdf32517a539c1af9e6599ca9195835a850a0f07ddfc0dcdf3641b1f7(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__8fb09906d4a1b21165f080811572771be07edead36213cbdddbcae3f59ca4fe7(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__44eb356dcf22fafae58586b67e463188c1ceb5872e7d4700b983131d9fa722c2(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__df462b42f744b117b0586075ca023a73546818bc12bda3af473d5cded5a14453(
+    value: typing.List[IStepCommands],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__d2a55181a699ecdb46fd277bb5d051f1e9f4433e27639332395478ed06c7bada(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__c7fd2c10de441da316399b8d67ef9fe6302063110bab78de675bf72c8d330cd5(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__31f544d77b7639a100d3ef21a2dccb6780ad4865ad30dc0927169fa6f58ba844(
+    value: typing.Optional[IActionCommands],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__bf6bd3c038c0cdfd3e7d1a6b8572fb503cc2e9cedcc165c10c8c3747c9bd5e18(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    components: typing.Sequence[IComponentProps],
+    parent_image: builtins.str,
+    vpc: _aws_cdk_aws_ec2_ceddda9d.Vpc,
+    additional_policies: typing.Optional[typing.Sequence[_aws_cdk_aws_iam_ceddda9d.ManagedPolicy]] = None,
+    debug_image_pipeline: typing.Optional[builtins.bool] = None,
+    distribution_account_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+    distribution_kms_key_alias: typing.Optional[builtins.str] = None,
+    distribution_regions: typing.Optional[typing.Sequence[builtins.str]] = None,
+    ebs_volume_configurations: typing.Optional[typing.Sequence[typing.Union[VolumeProps, typing.Dict[builtins.str, typing.Any]]]] = None,
+    email: typing.Optional[builtins.str] = None,
+    enable_vuln_scans: typing.Optional[builtins.bool] = None,
+    image_recipe_version: typing.Optional[builtins.str] = None,
+    instance_types: typing.Optional[typing.Sequence[builtins.str]] = None,
+    platform: typing.Optional[builtins.str] = None,
+    profile_name: typing.Optional[builtins.str] = None,
+    security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+    security_groups: typing.Optional[typing.Sequence[builtins.str]] = None,
+    subnet_id: typing.Optional[builtins.str] = None,
+    user_data_script: typing.Optional[builtins.str] = None,
+    vuln_scans_repo_name: typing.Optional[builtins.str] = None,
+    vuln_scans_repo_tags: typing.Optional[typing.Sequence[builtins.str]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__3caaa0e87efd31863d50ae14b716d1c26963b70e3c7cb6faf0382a7a992902db(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__8f26b6fa7ec32bfa71a51e8decd4140be699fde137d1b00acb1efb9403c33617(
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__eeb1c8226fc2b10c398b3b6c92875d7937e349500e49aef10cfda8c99a39abca(
+    value: typing.List[_aws_cdk_aws_imagebuilder_ceddda9d.CfnImageRecipe.ComponentConfigurationProperty],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__f604923f8f82998f5caecff757715f94c0405ceeb95a6c1b00fa96d9d35d16d6(
+    *,
+    components: typing.Sequence[IComponentProps],
+    parent_image: builtins.str,
+    vpc: _aws_cdk_aws_ec2_ceddda9d.Vpc,
+    additional_policies: typing.Optional[typing.Sequence[_aws_cdk_aws_iam_ceddda9d.ManagedPolicy]] = None,
+    debug_image_pipeline: typing.Optional[builtins.bool] = None,
+    distribution_account_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+    distribution_kms_key_alias: typing.Optional[builtins.str] = None,
+    distribution_regions: typing.Optional[typing.Sequence[builtins.str]] = None,
+    ebs_volume_configurations: typing.Optional[typing.Sequence[typing.Union[VolumeProps, typing.Dict[builtins.str, typing.Any]]]] = None,
+    email: typing.Optional[builtins.str] = None,
+    enable_vuln_scans: typing.Optional[builtins.bool] = None,
+    image_recipe_version: typing.Optional[builtins.str] = None,
+    instance_types: typing.Optional[typing.Sequence[builtins.str]] = None,
+    platform: typing.Optional[builtins.str] = None,
+    profile_name: typing.Optional[builtins.str] = None,
+    security_group_ids: typing.Optional[typing.Sequence[builtins.str]] = None,
+    security_groups: typing.Optional[typing.Sequence[builtins.str]] = None,
+    subnet_id: typing.Optional[builtins.str] = None,
+    user_data_script: typing.Optional[builtins.str] = None,
+    vuln_scans_repo_name: typing.Optional[builtins.str] = None,
+    vuln_scans_repo_tags: typing.Optional[typing.Sequence[builtins.str]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__e2190d2a548e965066a88afc4c9200b01b6ec131b60f821166bf35aedc4ef922(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    adot_instrumentation: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.AdotInstrumentationConfig, typing.Dict[builtins.str, typing.Any]]] = None,
+    allow_all_outbound: typing.Optional[builtins.bool] = None,
+    allow_public_subnet: typing.Optional[builtins.bool] = None,
+    architecture: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Architecture] = None,
+    code_signing_config: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ICodeSigningConfig] = None,
+    current_version_options: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.VersionOptions, typing.Dict[builtins.str, typing.Any]]] = None,
+    dead_letter_queue: typing.Optional[_aws_cdk_aws_sqs_ceddda9d.IQueue] = None,
+    dead_letter_queue_enabled: typing.Optional[builtins.bool] = None,
+    dead_letter_topic: typing.Optional[_aws_cdk_aws_sns_ceddda9d.ITopic] = None,
+    description: typing.Optional[builtins.str] = None,
+    environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+    environment_encryption: typing.Optional[_aws_cdk_aws_kms_ceddda9d.IKey] = None,
+    ephemeral_storage_size: typing.Optional[_aws_cdk_ceddda9d.Size] = None,
+    events: typing.Optional[typing.Sequence[_aws_cdk_aws_lambda_ceddda9d.IEventSource]] = None,
+    filesystem: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.FileSystem] = None,
+    function_name: typing.Optional[builtins.str] = None,
+    initial_policy: typing.Optional[typing.Sequence[_aws_cdk_aws_iam_ceddda9d.PolicyStatement]] = None,
+    insights_version: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.LambdaInsightsVersion] = None,
+    layers: typing.Optional[typing.Sequence[_aws_cdk_aws_lambda_ceddda9d.ILayerVersion]] = None,
+    log_retention: typing.Optional[_aws_cdk_aws_logs_ceddda9d.RetentionDays] = None,
+    log_retention_retry_options: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.LogRetentionRetryOptions, typing.Dict[builtins.str, typing.Any]]] = None,
+    log_retention_role: typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole] = None,
+    memory_size: typing.Optional[jsii.Number] = None,
+    params_and_secrets: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ParamsAndSecretsLayerVersion] = None,
+    profiling: typing.Optional[builtins.bool] = None,
+    profiling_group: typing.Optional[_aws_cdk_aws_codeguruprofiler_ceddda9d.IProfilingGroup] = None,
+    reserved_concurrent_executions: typing.Optional[jsii.Number] = None,
+    role: typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole] = None,
+    runtime_management_mode: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.RuntimeManagementMode] = None,
+    security_groups: typing.Optional[typing.Sequence[_aws_cdk_aws_ec2_ceddda9d.ISecurityGroup]] = None,
+    timeout: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+    tracing: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Tracing] = None,
+    vpc: typing.Optional[_aws_cdk_aws_ec2_ceddda9d.IVpc] = None,
+    vpc_subnets: typing.Optional[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]] = None,
+    max_event_age: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+    on_failure: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination] = None,
+    on_success: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination] = None,
+    retry_attempts: typing.Optional[jsii.Number] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__eb8aced8ffa672fc77ae37739036b372b4660892fca88a7d548de7d9809b88ab(
+    *,
+    max_event_age: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+    on_failure: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination] = None,
+    on_success: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.IDestination] = None,
+    retry_attempts: typing.Optional[jsii.Number] = None,
+    adot_instrumentation: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.AdotInstrumentationConfig, typing.Dict[builtins.str, typing.Any]]] = None,
+    allow_all_outbound: typing.Optional[builtins.bool] = None,
+    allow_public_subnet: typing.Optional[builtins.bool] = None,
+    architecture: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Architecture] = None,
+    code_signing_config: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ICodeSigningConfig] = None,
+    current_version_options: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.VersionOptions, typing.Dict[builtins.str, typing.Any]]] = None,
+    dead_letter_queue: typing.Optional[_aws_cdk_aws_sqs_ceddda9d.IQueue] = None,
+    dead_letter_queue_enabled: typing.Optional[builtins.bool] = None,
+    dead_letter_topic: typing.Optional[_aws_cdk_aws_sns_ceddda9d.ITopic] = None,
+    description: typing.Optional[builtins.str] = None,
+    environment: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+    environment_encryption: typing.Optional[_aws_cdk_aws_kms_ceddda9d.IKey] = None,
+    ephemeral_storage_size: typing.Optional[_aws_cdk_ceddda9d.Size] = None,
+    events: typing.Optional[typing.Sequence[_aws_cdk_aws_lambda_ceddda9d.IEventSource]] = None,
+    filesystem: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.FileSystem] = None,
+    function_name: typing.Optional[builtins.str] = None,
+    initial_policy: typing.Optional[typing.Sequence[_aws_cdk_aws_iam_ceddda9d.PolicyStatement]] = None,
+    insights_version: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.LambdaInsightsVersion] = None,
+    layers: typing.Optional[typing.Sequence[_aws_cdk_aws_lambda_ceddda9d.ILayerVersion]] = None,
+    log_retention: typing.Optional[_aws_cdk_aws_logs_ceddda9d.RetentionDays] = None,
+    log_retention_retry_options: typing.Optional[typing.Union[_aws_cdk_aws_lambda_ceddda9d.LogRetentionRetryOptions, typing.Dict[builtins.str, typing.Any]]] = None,
+    log_retention_role: typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole] = None,
+    memory_size: typing.Optional[jsii.Number] = None,
+    params_and_secrets: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.ParamsAndSecretsLayerVersion] = None,
+    profiling: typing.Optional[builtins.bool] = None,
+    profiling_group: typing.Optional[_aws_cdk_aws_codeguruprofiler_ceddda9d.IProfilingGroup] = None,
+    reserved_concurrent_executions: typing.Optional[jsii.Number] = None,
+    role: typing.Optional[_aws_cdk_aws_iam_ceddda9d.IRole] = None,
+    runtime_management_mode: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.RuntimeManagementMode] = None,
+    security_groups: typing.Optional[typing.Sequence[_aws_cdk_aws_ec2_ceddda9d.ISecurityGroup]] = None,
+    timeout: typing.Optional[_aws_cdk_ceddda9d.Duration] = None,
+    tracing: typing.Optional[_aws_cdk_aws_lambda_ceddda9d.Tracing] = None,
+    vpc: typing.Optional[_aws_cdk_aws_ec2_ceddda9d.IVpc] = None,
+    vpc_subnets: typing.Optional[typing.Union[_aws_cdk_aws_ec2_ceddda9d.SubnetSelection, typing.Dict[builtins.str, typing.Any]]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__9d1da9ea32dfd5f2b80899e3b65cfd331e8667db730686426f0ff1a173e565e6(
+    *,
+    device_name: builtins.str,
+    ebs: IEbsParameters,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+for cls in [IActionCommands, IComponentDocument, IComponentProps, IEbsParameters, IInputParameter, IPhases, IStepCommands]:
+    typing.cast(typing.Any, cls).__protocol_attrs__ = typing.cast(typing.Any, cls).__protocol_attrs__ - set(['__jsii_proxy_class__', '__jsii_type__'])