agent-claw: automated task changes

2026-05-06 18:55:16 -05:00
parent 38905bb1e9
commit 732b00fb66
8494 changed files with 2018127 additions and 4 deletions
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/.jsiirc.json
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/.jsiirc.json
@@ -0,0 +1,13 @@
+{
+  "targets": {
+    "java": {
+      "package": "software.amazon.awscdk.services.servicecatalog"
+    },
+    "dotnet": {
+      "namespace": "Amazon.CDK.AWS.Servicecatalog"
+    },
+    "python": {
+      "module": "aws_cdk.aws_servicecatalog"
+    }
+  }
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/README.md
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/README.md
@@ -0,0 +1,576 @@
+# AWS Service Catalog Construct Library
+
+
+[AWS Service Catalog](https://docs.aws.amazon.com/servicecatalog/latest/dg/what-is-service-catalog.html)
+enables organizations to create and manage catalogs of products for their end users that are approved for use on AWS.
+
+## Table Of Contents
+
+- [Portfolio](#portfolio)
+  - [Granting access to a portfolio](#granting-access-to-a-portfolio)
+  - [Sharing a portfolio with another AWS account](#sharing-a-portfolio-with-another-aws-account)
+- [Product](#product)
+  - [Creating a product from a local asset](#creating-a-product-from-local-asset)
+  - [Creating a product from a stack](#creating-a-product-from-a-stack)
+  - [Using Assets in your Product Stack](#using-aseets-in-your-product-stack)
+  - [Creating a Product from a stack with a history of previous versions](#creating-a-product-from-a-stack-with-a-history-of-all-previous-versions)
+  - [Adding a product to a portfolio](#adding-a-product-to-a-portfolio)
+- [TagOptions](#tag-options)
+- [Constraints](#constraints)
+  - [Tag update constraint](#tag-update-constraint)
+  - [Notify on stack events](#notify-on-stack-events)
+  - [CloudFormation template parameters constraint](#cloudformation-template-parameters-constraint)
+  - [Set launch role](#set-launch-role)
+  - [Deploy with StackSets](#deploy-with-stacksets)
+
+
+The `aws-cdk-lib/aws-servicecatalog` package contains resources that enable users to automate governance and management of their AWS resources at scale.
+
+```ts nofixture
+import * as servicecatalog from 'aws-cdk-lib/aws-servicecatalog';
+```
+
+## Portfolio
+
+AWS Service Catalog portfolios allow administrators to organize, manage, and distribute cloud resources for their end users.
+Using the CDK, a new portfolio can be created with the `Portfolio` construct:
+
+```ts
+new servicecatalog.Portfolio(this, 'Portfolio', {
+  displayName: 'MyPortfolio',
+  providerName: 'MyTeam',
+});
+```
+
+You can also specify optional metadata properties such as `description` and `messageLanguage`
+to help better catalog and manage your portfolios.
+
+```ts
+new servicecatalog.Portfolio(this, 'Portfolio', {
+  displayName: 'MyFirstPortfolio',
+  providerName: 'SCAdmin',
+  description: 'Portfolio for a project',
+  messageLanguage: servicecatalog.MessageLanguage.EN,
+});
+```
+
+Read more at [Creating and Managing Portfolios](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/catalogs_portfolios.html).
+
+To reference an existing portfolio into your CDK application, use the `Portfolio.fromPortfolioArn()` factory method:
+
+```ts
+const portfolio = servicecatalog.Portfolio.fromPortfolioArn(this, 'ReferencedPortfolio',
+  'arn:aws:catalog:region:account-id:portfolio/port-abcdefghi');
+```
+
+### Granting access to a portfolio
+
+You can grant access to and manage the `IAM` users, groups, or roles that have access to the products within a portfolio.
+Entities with granted access will be able to utilize the portfolios resources and products via the console or AWS CLI.
+Once resources are deployed end users will be able to access them via the console or service catalog CLI.
+
+```ts
+declare const portfolio: servicecatalog.Portfolio;
+
+const user = new iam.User(this, 'User');
+portfolio.giveAccessToUser(user);
+
+const role = new iam.Role(this, 'Role', {
+  assumedBy: new iam.AccountRootPrincipal(),
+});
+portfolio.giveAccessToRole(role);
+
+const group = new iam.Group(this, 'Group');
+portfolio.giveAccessToGroup(group);
+```
+
+### Sharing a portfolio with another AWS account
+
+You can use account-to-account sharing to distribute a reference to your portfolio to other AWS accounts by passing the recipient account number.
+After the share is initiated, the recipient account can accept the share via CLI or console by importing the portfolio ID.
+Changes made to the shared portfolio will automatically propagate to recipients.
+
+```ts
+declare const portfolio: servicecatalog.Portfolio;
+portfolio.shareWithAccount('012345678901');
+```
+
+## Product
+
+Products are version friendly infrastructure-as-code templates that admins create and add to portfolios for end users to provision and create AWS resources.
+Service Catalog supports products from AWS Marketplace or ones defined by a CloudFormation template.
+The CDK currently only supports adding products of type CloudFormation.
+Using the CDK, a new Product can be created with the `CloudFormationProduct` construct.
+You can use `CloudFormationTemplate.fromUrl` to create a Product from a CloudFormation template directly from a URL that points to the template in S3, GitHub, or CodeCommit:
+
+```ts
+const product = new servicecatalog.CloudFormationProduct(this, 'MyFirstProduct', {
+  productName: "My Product",
+  owner: "Product Owner",
+  productVersions: [
+    {
+      productVersionName: "v1",
+      cloudFormationTemplate: servicecatalog.CloudFormationTemplate.fromUrl(
+        'https://raw.githubusercontent.com/awslabs/aws-cloudformation-templates/master/aws/services/ServiceCatalog/Product.yaml'),
+    },
+  ],
+});
+```
+
+### Creating a product from a local asset
+
+A `CloudFormationProduct` can also be created by using a CloudFormation template held locally on disk using Assets.
+Assets are files that are uploaded to an S3 Bucket before deployment.
+`CloudFormationTemplate.fromAsset` can be utilized to create a Product by passing the path to a local template file on your disk:
+
+```ts
+import * as path from 'path';
+
+const product = new servicecatalog.CloudFormationProduct(this, 'Product', {
+  productName: "My Product",
+  owner: "Product Owner",
+  productVersions: [
+    {
+      productVersionName: "v1",
+      cloudFormationTemplate: servicecatalog.CloudFormationTemplate.fromUrl(
+        'https://raw.githubusercontent.com/awslabs/aws-cloudformation-templates/master/aws/services/ServiceCatalog/Product.yaml'),
+    },
+    {
+      productVersionName: "v2",
+      cloudFormationTemplate: servicecatalog.CloudFormationTemplate.fromAsset(path.join(__dirname, 'development-environment.template.json')),
+    },
+  ],
+});
+```
+
+### Creating a product from a stack
+
+You can create a Service Catalog `CloudFormationProduct` entirely defined with CDK code using a service catalog `ProductStack`.
+A separate child stack for your product is created and you can add resources like you would for any other CDK stack,
+such as an S3 Bucket, IAM roles, and EC2 instances. This stack is passed in as a product version to your
+product.  This will not create a separate CloudFormation stack during deployment.
+
+```ts
+import * as cdk from 'aws-cdk-lib';
+
+class S3BucketProduct extends servicecatalog.ProductStack {
+  constructor(scope: Construct, id: string) {
+    super(scope, id);
+
+    new s3.Bucket(this, 'BucketProduct');
+  }
+}
+
+const product = new servicecatalog.CloudFormationProduct(this, 'Product', {
+  productName: "My Product",
+  owner: "Product Owner",
+  productVersions: [
+    {
+      productVersionName: "v1",
+      cloudFormationTemplate: servicecatalog.CloudFormationTemplate.fromProductStack(new S3BucketProduct(this, 'S3BucketProduct')),
+    },
+  ],
+});
+```
+
+### Using Assets in your Product Stack
+
+You can reference assets in a Product Stack. For example, we can add a handler to a Lambda function or a S3 Asset directly from a local asset file.
+In this case, you must provide a S3 Bucket with a bucketName to store your assets.
+
+```ts
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import * as cdk from 'aws-cdk-lib';
+import { Bucket } from "aws-cdk-lib/aws-s3";
+
+class LambdaProduct extends servicecatalog.ProductStack {
+  constructor(scope: Construct, id: string, props: servicecatalog.ProductStackProps) {
+    super(scope, id, props);
+
+    new lambda.Function(this, 'LambdaProduct', {
+      runtime: lambda.Runtime.PYTHON_3_9,
+      code: lambda.Code.fromAsset("./assets"),
+      handler: 'index.handler'
+    });
+  }
+}
+
+const userDefinedBucket = new Bucket(this, `UserDefinedBucket`, {
+  bucketName: 'amzn-s3-demo-bucket',
+});
+
+const product = new servicecatalog.CloudFormationProduct(this, 'Product', {
+  productName: "My Product",
+  owner: "Product Owner",
+  productVersions: [
+    {
+      productVersionName: "v1",
+      cloudFormationTemplate: servicecatalog.CloudFormationTemplate.fromProductStack(new LambdaProduct(this, 'LambdaFunctionProduct', {
+        assetBucket: userDefinedBucket,
+      })),
+    },
+  ],
+});
+```
+
+When a product containing an asset is shared with a spoke account, the corresponding asset bucket
+will automatically grant read permissions to the spoke account.
+Note, it is not recommended using a referenced bucket as permissions cannot be added from CDK.
+In this case, it will be your responsibility to grant read permissions for the asset bucket to
+the spoke account.
+If you want to provide your own bucket policy or scope down your bucket policy further to only allow
+reads from a specific launch role, refer to the following example policy:
+
+```ts
+declare const bucket: s3.IBucket;
+
+new iam.PolicyStatement({
+  actions: [
+    's3:GetObject*',
+    's3:GetBucket*',
+    's3:List*', ],
+  effect: iam.Effect.ALLOW,
+  resources: [
+    bucket.bucketArn,
+    bucket.arnForObjects('*'),
+  ],
+  principals: [
+    new iam.ArnPrincipal(Stack.of(this).formatArn({
+      service: 'iam',
+      region: '',
+      account: '111111111111',
+      resource: 'role',
+      resourceName: 'MyLaunchRole',
+    }))
+  ],
+  conditions: {
+    'ForAnyValue:StringEquals': {
+      'aws:CalledVia': ['cloudformation.amazonaws.com'],
+    },
+    'Bool': {
+      'aws:ViaAWSService': true,
+    },
+  },
+});
+```
+
+Furthermore, in order for a spoke account to provision a product with an asset, the role launching
+the product needs permissions to read from the asset bucket.
+We recommend you utilize a launch role with permissions to read from the asset bucket.
+For example your launch role would need to include at least the following policy:
+
+```json
+{
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetObject"
+      ],
+      "Resource": "*"
+    }
+  ]
+}
+```
+
+Please refer to [Set launch role](#set-launch-role) for additional details about launch roles.
+See [Launch Constraint](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/constraints-launch.html) documentation
+to understand the permissions that launch roles need.
+
+### Creating a Product from a stack with a history of previous versions
+
+The default behavior of Service Catalog is to overwrite each product version upon deployment.
+This applies to Product Stacks as well, where only the latest changes to your Product Stack will
+be deployed.
+To keep a history of the revisions of a ProductStack available in Service Catalog,
+you would need to define a ProductStack for each historical copy.
+
+You can instead create a `ProductStackHistory` to maintain snapshots of all previous versions.
+The `ProductStackHistory` can be created by passing the base `productStack`,
+a `currentVersionName` for your current version and a `locked` boolean.
+The `locked` boolean which when set to true will prevent your `currentVersionName`
+from being overwritten when there is an existing snapshot for that version.
+
+```ts
+class S3BucketProduct extends servicecatalog.ProductStack {
+  constructor(scope: Construct, id: string) {
+    super(scope, id);
+
+    new s3.Bucket(this, 'BucketProduct');
+  }
+}
+
+const productStackHistory = new servicecatalog.ProductStackHistory(this, 'ProductStackHistory', {
+  productStack: new S3BucketProduct(this, 'S3BucketProduct'),
+  currentVersionName: 'v1',
+  currentVersionLocked: true
+});
+```
+
+We can deploy the current version `v1` by using `productStackHistory.currentVersion()`
+
+```ts
+class S3BucketProduct extends servicecatalog.ProductStack {
+  constructor(scope: Construct, id: string) {
+    super(scope, id);
+
+    new s3.Bucket(this, 'BucketProductV2');
+  }
+}
+
+const productStackHistory = new servicecatalog.ProductStackHistory(this, 'ProductStackHistory', {
+  productStack: new S3BucketProduct(this, 'S3BucketProduct'),
+  currentVersionName: 'v2',
+  currentVersionLocked: true
+});
+
+const product = new servicecatalog.CloudFormationProduct(this, 'MyFirstProduct', {
+  productName: "My Product",
+  owner: "Product Owner",
+  productVersions: [
+    productStackHistory.currentVersion(),
+  ],
+});
+```
+
+Using `ProductStackHistory` all deployed templates for the ProductStack will be written to disk,
+so that they will still be available in the future as the definition of the `ProductStack` subclass changes over time.
+**It is very important** that you commit these old versions to source control as these versions
+determine whether a version has already been deployed and can also be deployed themselves.
+
+After using `ProductStackHistory` to deploy version `v1` of your `ProductStack`, we
+make changes to the `ProductStack` and update the `currentVersionName` to `v2`.
+We still want our `v1` version to still be deployed, so we reference it by calling `productStackHistory.versionFromSnapshot('v1')`.
+
+```ts
+class S3BucketProduct extends servicecatalog.ProductStack {
+  constructor(scope: Construct, id: string) {
+    super(scope, id);
+
+    new s3.Bucket(this, 'BucketProductV2');
+  }
+}
+
+const productStackHistory = new servicecatalog.ProductStackHistory(this, 'ProductStackHistory', {
+  productStack: new S3BucketProduct(this, 'S3BucketProduct'),
+  currentVersionName: 'v2',
+  currentVersionLocked: true
+});
+
+const product = new servicecatalog.CloudFormationProduct(this, 'MyFirstProduct', {
+  productName: "My Product",
+  owner: "Product Owner",
+  productVersions: [
+    productStackHistory.currentVersion(),
+    productStackHistory.versionFromSnapshot('v1')
+  ],
+});
+```
+
+### Adding a product to a portfolio
+
+You add products to a portfolio to organize and distribute your catalog at scale.  Adding a product to a portfolio creates an association,
+and the product will become visible within the portfolio side in both the Service Catalog console and AWS CLI.
+You can add a product to multiple portfolios depending on your organizational structure and how you would like to group access to products.
+
+```ts
+declare const portfolio: servicecatalog.Portfolio;
+declare const product: servicecatalog.CloudFormationProduct;
+
+portfolio.addProduct(product);
+```
+
+## Tag Options
+
+TagOptions allow administrators to easily manage tags on provisioned products by providing a template for a selection of tags that end users choose from.
+TagOptions are created by specifying a tag key with a set of allowed values and can be associated with both portfolios and products.
+When launching a product, both the TagOptions associated with the product and the containing portfolio are made available.
+
+At the moment, TagOptions can only be deactivated in the console.
+
+```ts
+declare const portfolio: servicecatalog.Portfolio;
+declare const product: servicecatalog.CloudFormationProduct;
+
+const tagOptionsForPortfolio = new servicecatalog.TagOptions(this, 'OrgTagOptions', {
+  allowedValuesForTags: {
+    Group: ['finance', 'engineering', 'marketing', 'research'],
+    CostCenter: ['01', '02','03'],
+  },
+});
+portfolio.associateTagOptions(tagOptionsForPortfolio);
+
+const tagOptionsForProduct = new servicecatalog.TagOptions(this, 'ProductTagOptions', {
+  allowedValuesForTags: {
+    Environment: ['dev', 'alpha', 'prod'],
+  },
+});
+product.associateTagOptions(tagOptionsForProduct);
+```
+
+## Constraints
+
+Constraints are governance gestures that you place on product-portfolio associations that allow you to manage minimal launch permissions, notifications, and other optional actions that end users can perform on products.
+Using the CDK, if you do not explicitly associate a product to a portfolio and add a constraint, it will automatically add an association for you.
+
+There are rules around how constraints are applied to portfolio-product associations.
+For example, you can only have a single "launch role" constraint applied to a portfolio-product association.
+If a misconfigured constraint is added, `synth` will fail with an error message.
+
+Read more at [Service Catalog Constraints](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/constraints.html).
+
+### Tag update constraint
+
+Tag update constraints allow or disallow end users to update tags on resources associated with an AWS Service Catalog product upon provisioning.
+By default, if a Tag Update constraint is not configured, tag updating is not permitted.
+If tag updating is allowed, then new tags associated with the product or portfolio will be applied to provisioned resources during a provisioned product update.
+
+```ts
+declare const portfolio: servicecatalog.Portfolio;
+declare const product: servicecatalog.CloudFormationProduct;
+
+portfolio.addProduct(product);
+portfolio.constrainTagUpdates(product);
+```
+
+If you want to disable this feature later on, you can update it by setting the "allow" parameter to `false`:
+
+```ts
+declare const portfolio: servicecatalog.Portfolio;
+declare const product: servicecatalog.CloudFormationProduct;
+
+// to disable tag updates:
+portfolio.constrainTagUpdates(product, {
+  allow: false,
+});
+```
+
+### Notify on stack events
+
+Allows users to subscribe an AWS `SNS` topic to a provisioned product's CloudFormation stack events.
+When an end user provisions a product it creates a CloudFormation stack that notifies the subscribed topic on creation, edit, and delete events.
+An individual `SNS` topic may only have a single subscription to any given portfolio-product association.
+
+```ts
+import * as sns from 'aws-cdk-lib/aws-sns';
+
+declare const portfolio: servicecatalog.Portfolio;
+declare const product: servicecatalog.CloudFormationProduct;
+
+const topic1 = new sns.Topic(this, 'Topic1');
+portfolio.notifyOnStackEvents(product, topic1);
+
+const topic2 = new sns.Topic(this, 'Topic2');
+portfolio.notifyOnStackEvents(product, topic2, {
+  description: 'description for topic2', // description is an optional field.
+});
+```
+
+### CloudFormation template parameters constraint
+
+CloudFormation template parameter constraints allow you to configure the provisioning parameters that are available to end users when they launch a product.
+Template constraint rules consist of one or more assertions that define the default and/or allowable values for a product’s provisioning parameters.
+You can configure multiple parameter constraints to govern the different provisioning parameters within your products.
+For example, a rule might define the `EC2` instance types that users can choose from when launching a product that includes one or more `EC2` instances.
+Parameter rules have an optional `condition` field that allow for rule application to consider conditional evaluations.
+If a `condition` is specified, all  assertions will be applied if the condition evaluates to true.
+For information on rule-specific intrinsic functions to define rule conditions and assertions,
+see [AWS Rule Functions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-rules.html).
+
+```ts
+import * as cdk from 'aws-cdk-lib';
+
+declare const portfolio: servicecatalog.Portfolio;
+declare const product: servicecatalog.CloudFormationProduct;
+
+portfolio.constrainCloudFormationParameters(product, {
+  rule: {
+    ruleName: 'testInstanceType',
+    condition: Fn.conditionEquals(Fn.ref('Environment'), 'test'),
+    assertions: [{
+      assert: Fn.conditionContains(['t2.micro', 't2.small'], Fn.ref('InstanceType')),
+      description: 'For test environment, the instance type should be small',
+    }],
+  },
+});
+```
+
+### Set launch role
+
+Allows you to configure a specific `IAM` role that Service Catalog assumes on behalf of the end user when launching a product.
+By setting a launch role constraint, you can maintain least permissions for an end user when launching a product.
+For example, a launch role can grant permissions for specific resource creation like an `S3` bucket that the user.
+The launch role must be assumed by the Service Catalog principal.
+You can only have one launch role set for a portfolio-product association,
+and you cannot set a launch role on a product that already has a StackSets deployment configured.
+
+```ts
+declare const portfolio: servicecatalog.Portfolio;
+declare const product: servicecatalog.CloudFormationProduct;
+
+const launchRole = new iam.Role(this, 'LaunchRole', {
+  assumedBy: new iam.ServicePrincipal('servicecatalog.amazonaws.com'),
+});
+
+portfolio.setLaunchRole(product, launchRole);
+```
+
+You can also set the launch role using just the name of a role which is locally deployed in end user accounts.
+This is useful for when roles and users are separately managed outside of the CDK.
+The given role must exist in both the account that creates the launch role constraint,
+as well as in any end user accounts that wish to provision a product with the launch role.
+
+You can do this by passing in the role with an explicitly set name:
+
+```ts
+declare const portfolio: servicecatalog.Portfolio;
+declare const product: servicecatalog.CloudFormationProduct;
+
+const launchRole = new iam.Role(this, 'LaunchRole', {
+  roleName: 'MyRole',
+  assumedBy: new iam.ServicePrincipal('servicecatalog.amazonaws.com'),
+});
+
+portfolio.setLocalLaunchRole(product, launchRole);
+```
+
+Or you can simply pass in a role name and CDK will create a role with that name that trusts service catalog in the account:
+
+```ts
+declare const portfolio: servicecatalog.Portfolio;
+declare const product: servicecatalog.CloudFormationProduct;
+
+const roleName = 'MyRole';
+const launchRole: iam.IRole = portfolio.setLocalLaunchRoleName(product, roleName);
+```
+
+See [Launch Constraint](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/constraints-launch.html) documentation
+to understand the permissions that launch roles need.
+
+### Deploy with StackSets
+
+A StackSets deployment constraint allows you to configure product deployment options using
+[AWS CloudFormation StackSets](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/using-stacksets.html).
+You can specify one or more accounts and regions into which stack instances will launch when the product is provisioned.
+There is an additional field `allowStackSetInstanceOperations` that sets ability for end users to create, edit, or delete the stacks created by the StackSet.
+By default, this field is set to `false`.
+When launching a StackSets product, end users can select from the list of accounts and regions configured in the constraint to determine where the Stack Instances will deploy and the order of deployment.
+You can only define one StackSets deployment configuration per portfolio-product association,
+and you cannot both set a launch role and StackSets deployment configuration for an assocation.
+
+```ts
+declare const portfolio: servicecatalog.Portfolio;
+declare const product: servicecatalog.CloudFormationProduct;
+
+const adminRole = new iam.Role(this, 'AdminRole', {
+  assumedBy: new iam.AccountRootPrincipal(),
+});
+
+portfolio.deployWithStackSets(product, {
+  accounts: ['012345678901', '012345678902', '012345678903'],
+  regions: ['us-west-1', 'us-east-1', 'us-west-2', 'us-east-1'],
+  adminRole: adminRole,
+  executionRoleName: 'SCStackSetExecutionRole', // Name of role deployed in end users accounts.
+  allowStackSetInstanceOperations: true,
+});
+```
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/index.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/index.d.ts
@@ -0,0 +1 @@
+export * from './lib';
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/index.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/index.js
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/cloudformation-template.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/cloudformation-template.d.ts
@@ -0,0 +1,46 @@
+import type { Construct } from 'constructs';
+import type { ProductStack } from './product-stack';
+import type { IBucket } from '../../aws-s3';
+import * as s3_assets from '../../aws-s3-assets';
+/**
+ * Represents the Product Provisioning Artifact Template.
+ */
+export declare abstract class CloudFormationTemplate {
+    /**
+     * Template from URL
+     * @param url The url that points to the provisioning artifacts template
+     */
+    static fromUrl(url: string): CloudFormationTemplate;
+    /**
+     * Loads the provisioning artifacts template from a local disk path.
+     *
+     * @param path A file containing the provisioning artifacts
+     */
+    static fromAsset(path: string, options?: s3_assets.AssetOptions): CloudFormationTemplate;
+    /**
+     * Creates a product with the resources defined in the given product stack.
+     */
+    static fromProductStack(productStack: ProductStack): CloudFormationTemplate;
+    /**
+     * Called when the product is initialized to allow this object to bind
+     * to the stack, add resources and have fun.
+     *
+     * @param scope The binding scope. Don't be smart about trying to down-cast or
+     * assume it's initialized. You may just use it as a construct scope.
+     */
+    abstract bind(scope: Construct): CloudFormationTemplateConfig;
+}
+/**
+ * Result of binding `Template` into a `Product`.
+ */
+export interface CloudFormationTemplateConfig {
+    /**
+     * The http url of the template in S3.
+     */
+    readonly httpUrl: string;
+    /**
+     * The S3 bucket containing product stack assets.
+     * @default - None - no assets are used in this product
+     */
+    readonly assetBucket?: IBucket;
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/cloudformation-template.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/cloudformation-template.js
@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.CloudFormationTemplate=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var util_1=()=>{var tmp=require("./private/util");return util_1=()=>tmp,tmp},s3_assets=()=>{var tmp=require("../../aws-s3-assets");return s3_assets=()=>tmp,tmp};class CloudFormationTemplate{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_servicecatalog.CloudFormationTemplate",version:"2.252.0"};static fromUrl(url){return new CloudFormationUrlTemplate(url)}static fromAsset(path,options){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_s3_assets_AssetOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromAsset),error}return new CloudFormationAssetTemplate(path,options)}static fromProductStack(productStack){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_servicecatalog_ProductStack(productStack)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromProductStack),error}return new CloudFormationProductStackTemplate(productStack)}}exports.CloudFormationTemplate=CloudFormationTemplate;class CloudFormationUrlTemplate extends CloudFormationTemplate{url;constructor(url){super(),this.url=url}bind(_scope){return{httpUrl:this.url}}}class CloudFormationAssetTemplate extends CloudFormationTemplate{path;options;asset;constructor(path,options={}){super(),this.path=path,this.options=options}bind(scope){return this.asset||(this.asset=new(s3_assets()).Asset(scope,`Template${(0,util_1().hashValues)(this.path)}`,{path:this.path,...this.options})),{httpUrl:this.asset.httpUrl}}}class CloudFormationProductStackTemplate extends CloudFormationTemplate{productStack;constructor(productStack){super(),this.productStack=productStack}bind(_scope){return{httpUrl:this.productStack._getTemplateUrl(),assetBucket:this.productStack._getAssetBucket()}}}
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/common.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/common.d.ts
@@ -0,0 +1,23 @@
+/**
+ * Constant for the default directory to store ProductStack snapshots.
+ */
+export declare const DEFAULT_PRODUCT_STACK_SNAPSHOT_DIRECTORY = "product-stack-snapshots";
+/**
+ * The language code.
+ * Used for error and logging messages for end users.
+ * The default behavior if not specified is English.
+ */
+export declare enum MessageLanguage {
+    /**
+     * English
+     */
+    EN = "en",
+    /**
+     * Japanese
+     */
+    JP = "jp",
+    /**
+     * Chinese
+     */
+    ZH = "zh"
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/common.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/common.js
@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.MessageLanguage=exports.DEFAULT_PRODUCT_STACK_SNAPSHOT_DIRECTORY=void 0,exports.DEFAULT_PRODUCT_STACK_SNAPSHOT_DIRECTORY="product-stack-snapshots";var MessageLanguage;(function(MessageLanguage2){MessageLanguage2.EN="en",MessageLanguage2.JP="jp",MessageLanguage2.ZH="zh"})(MessageLanguage||(exports.MessageLanguage=MessageLanguage={}));
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/constraints.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/constraints.d.ts
@@ -0,0 +1,99 @@
+import type { MessageLanguage } from './common';
+import type * as iam from '../../aws-iam';
+import type * as cdk from '../../core';
+/**
+ * Properties for governance mechanisms and constraints.
+ */
+export interface CommonConstraintOptions {
+    /**
+     * The language code.
+     * Configures the language for error messages from service catalog.
+     *
+     * @default - English
+     */
+    readonly messageLanguage?: MessageLanguage;
+    /**
+     * The description of the constraint.
+     *
+     * @default - No description provided
+     */
+    readonly description?: string;
+}
+/**
+ * Properties for deploying with Stackset, which creates a StackSet constraint.
+ */
+export interface StackSetsConstraintOptions extends CommonConstraintOptions {
+    /**
+     * List of accounts to deploy stacks to.
+     */
+    readonly accounts: string[];
+    /**
+     * List of regions to deploy stacks to.
+     */
+    readonly regions: string[];
+    /**
+     * IAM role used to administer the StackSets configuration.
+     */
+    readonly adminRole: iam.IRoleRef;
+    /**
+     * IAM role used to provision the products in the Stacks.
+     */
+    readonly executionRoleName: string;
+    /**
+     * Whether to allow end users to create, update, and delete stacks.
+     *
+     * @default false
+     */
+    readonly allowStackSetInstanceOperations?: boolean;
+}
+/**
+ * Properties for ResourceUpdateConstraint.
+ */
+export interface TagUpdateConstraintOptions extends CommonConstraintOptions {
+    /**
+     * Toggle for if users should be allowed to change/update tags on provisioned products.
+     * @default true
+     */
+    readonly allow?: boolean;
+}
+/**
+ * An assertion within a template rule, defined by intrinsic functions.
+ */
+export interface TemplateRuleAssertion {
+    /**
+     * The assertion condition.
+     */
+    readonly assert: cdk.ICfnRuleConditionExpression;
+    /**
+     * The description for the asssertion.
+     * @default - no description provided for the assertion.
+     */
+    readonly description?: string;
+}
+/**
+ * Defines the provisioning template constraints.
+ */
+export interface TemplateRule {
+    /**
+     * Name of the rule.
+     */
+    readonly ruleName: string;
+    /**
+     * Specify when to apply rule with a rule-specific intrinsic function.
+     * @default - no rule condition provided
+     */
+    readonly condition?: cdk.ICfnRuleConditionExpression;
+    /**
+     * A list of assertions that make up the rule.
+     */
+    readonly assertions: TemplateRuleAssertion[];
+}
+/**
+ * Properties for provisoning rule constraint.
+ */
+export interface CloudFormationRuleConstraintOptions extends CommonConstraintOptions {
+    /**
+     * The rule with condition and assertions to apply to template.
+     */
+    readonly rule: TemplateRule;
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/constraints.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/constraints.js
@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0});
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/index.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/index.d.ts
@@ -0,0 +1,9 @@
+export * from './common';
+export * from './constraints';
+export * from './cloudformation-template';
+export * from './portfolio';
+export * from './product';
+export * from './product-stack';
+export * from './product-stack-history';
+export * from './tag-options';
+export * from './servicecatalog.generated';
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/index.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/index.js
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/portfolio.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/portfolio.d.ts
@@ -0,0 +1,218 @@
+import type { Construct } from 'constructs';
+import type { MessageLanguage } from './common';
+import type { CloudFormationRuleConstraintOptions, CommonConstraintOptions, StackSetsConstraintOptions, TagUpdateConstraintOptions } from './constraints';
+import type { IProduct } from './product';
+import type { TagOptions } from './tag-options';
+import * as iam from '../../aws-iam';
+import type * as sns from '../../aws-sns';
+import * as cdk from '../../core';
+import type { IPortfolioRef, PortfolioReference } from '../../interfaces/generated/aws-servicecatalog-interfaces.generated';
+/**
+ * Options for portfolio share.
+ */
+export interface PortfolioShareOptions {
+    /**
+     * Whether to share tagOptions as a part of the portfolio share
+     *
+     * @default - share not specified
+     */
+    readonly shareTagOptions?: boolean;
+    /**
+     * The message language of the share.
+     * Controls status and error message language for share.
+     *
+     * @default - English
+     */
+    readonly messageLanguage?: MessageLanguage;
+}
+/**
+ * A Service Catalog portfolio.
+ */
+export interface IPortfolio extends cdk.IResource, IPortfolioRef {
+    /**
+     * The ARN of the portfolio.
+     * @attribute
+     */
+    readonly portfolioArn: string;
+    /**
+     * The ID of the portfolio.
+     * @attribute
+     */
+    readonly portfolioId: string;
+    /**
+     * Associate portfolio with an IAM Role.
+     * @param role an IAM role
+     */
+    giveAccessToRole(role: iam.IRole): void;
+    /**
+     * Associate portfolio with an IAM User.
+     * @param user an IAM user
+     */
+    giveAccessToUser(user: iam.IUser): void;
+    /**
+     * Associate portfolio with an IAM Group.
+     * @param group an IAM Group
+     */
+    giveAccessToGroup(group: iam.IGroup): void;
+    /**
+     * Initiate a portfolio share with another account.
+     * @param accountId AWS account to share portfolio with
+     * @param options Options for the initiate share
+     */
+    shareWithAccount(accountId: string, options?: PortfolioShareOptions): void;
+    /**
+     * Associate portfolio with the given product.
+     * @param product A service catalog produt.
+     */
+    addProduct(product: IProduct): void;
+    /**
+     * Associate Tag Options.
+     * A TagOption is a key-value pair managed in AWS Service Catalog.
+     * It is not an AWS tag, but serves as a template for creating an AWS tag based on the TagOption.
+     */
+    associateTagOptions(tagOptions: TagOptions): void;
+    /**
+     * Add a Resource Update Constraint.
+     */
+    constrainTagUpdates(product: IProduct, options?: TagUpdateConstraintOptions): void;
+    /**
+     * Add notifications for supplied topics on the provisioned product.
+     * @param product A service catalog product.
+     * @param topic A SNS Topic to receive notifications on events related to the provisioned product.
+     */
+    notifyOnStackEvents(product: IProduct, topic: sns.ITopic, options?: CommonConstraintOptions): void;
+    /**
+     * Set provisioning rules for the product.
+     * @param product A service catalog product.
+     * @param options options for the constraint.
+     */
+    constrainCloudFormationParameters(product: IProduct, options: CloudFormationRuleConstraintOptions): void;
+    /**
+     * Force users to assume a certain role when launching a product.
+     * This sets the launch role using the role arn which is tied to the account this role exists in.
+     * This is useful if you will be provisioning products from the account where this role exists.
+     * If you intend to share the portfolio across accounts, use a local launch role.
+     *
+     * @param product A service catalog product.
+     * @param launchRole The IAM role a user must assume when provisioning the product.
+     * @param options options for the constraint.
+     */
+    setLaunchRole(product: IProduct, launchRole: iam.IRole, options?: CommonConstraintOptions): void;
+    /**
+     * Force users to assume a certain role when launching a product.
+     * The role will be referenced by name in the local account instead of a static role arn.
+     * A role with this name will automatically be created and assumable by Service Catalog in this account.
+     * This is useful when sharing the portfolio with multiple accounts.
+     *
+     * @param product A service catalog product.
+     * @param launchRoleName The name of the IAM role a user must assume when provisioning the product. A role with this name must exist in the account where the portolio is created and the accounts it is shared with.
+     * @param options options for the constraint.
+     */
+    setLocalLaunchRoleName(product: IProduct, launchRoleName: string, options?: CommonConstraintOptions): iam.IRole;
+    /**
+     * Force users to assume a certain role when launching a product.
+     * The role name will be referenced by in the local account and must be set explicitly.
+     * This is useful when sharing the portfolio with multiple accounts.
+     *
+     * @param product A service catalog product.
+     * @param launchRole The IAM role a user must assume when provisioning the product. A role with this name must exist in the account where the portolio is created and the accounts it is shared with. The role name must be set explicitly.
+     * @param options options for the constraint.
+     */
+    setLocalLaunchRole(product: IProduct, launchRole: iam.IRole, options?: CommonConstraintOptions): void;
+    /**
+     * Configure deployment options using AWS Cloudformation StackSets
+     *
+     * @param product A service catalog product.
+     * @param options Configuration options for the constraint.
+     */
+    deployWithStackSets(product: IProduct, options: StackSetsConstraintOptions): void;
+}
+declare abstract class PortfolioBase extends cdk.Resource implements IPortfolio {
+    abstract readonly portfolioArn: string;
+    abstract readonly portfolioId: string;
+    private readonly associatedPrincipals;
+    private readonly assetBuckets;
+    private readonly sharedAccounts;
+    get portfolioRef(): PortfolioReference;
+    giveAccessToRole(role: iam.IRole): void;
+    giveAccessToUser(user: iam.IUser): void;
+    giveAccessToGroup(group: iam.IGroup): void;
+    addProduct(product: IProduct): void;
+    shareWithAccount(accountId: string, options?: PortfolioShareOptions): void;
+    associateTagOptions(tagOptions: TagOptions): void;
+    constrainTagUpdates(product: IProduct, options?: TagUpdateConstraintOptions): void;
+    notifyOnStackEvents(product: IProduct, topic: sns.ITopic, options?: CommonConstraintOptions): void;
+    constrainCloudFormationParameters(product: IProduct, options: CloudFormationRuleConstraintOptions): void;
+    setLaunchRole(product: IProduct, launchRole: iam.IRole, options?: CommonConstraintOptions): void;
+    setLocalLaunchRoleName(product: IProduct, launchRoleName: string, options?: CommonConstraintOptions): iam.IRole;
+    setLocalLaunchRole(product: IProduct, launchRole: iam.IRole, options?: CommonConstraintOptions): void;
+    deployWithStackSets(product: IProduct, options: StackSetsConstraintOptions): void;
+    /**
+     * Associate a principal with the portfolio.
+     * If the principal is already associated, it will skip.
+     */
+    private associatePrincipal;
+    /**
+     * Gives access to Asset Buckets to Shared Accounts.
+     *
+     */
+    protected addBucketPermissionsToSharedAccounts(): void;
+    /**
+     * Create a unique id based off the L1 CfnPortfolio or the arn of an imported portfolio.
+     */
+    protected abstract generateUniqueHash(value: string): string;
+}
+/**
+ * Properties for a Portfolio.
+ */
+export interface PortfolioProps {
+    /**
+     * The name of the portfolio.
+     */
+    readonly displayName: string;
+    /**
+     * The provider name.
+     */
+    readonly providerName: string;
+    /**
+     * The message language. Controls language for
+     * status logging and errors.
+     *
+     * @default - English
+     */
+    readonly messageLanguage?: MessageLanguage;
+    /**
+     * Description for portfolio.
+     *
+     * @default - No description provided
+     */
+    readonly description?: string;
+    /**
+     * TagOptions associated directly to a portfolio.
+     *
+     * @default - No tagOptions provided
+     */
+    readonly tagOptions?: TagOptions;
+}
+/**
+ * A Service Catalog portfolio.
+ */
+export declare class Portfolio extends PortfolioBase {
+    /** Uniquely identifies this class. */
+    static readonly PROPERTY_INJECTION_ID: string;
+    /**
+     * Creates a Portfolio construct that represents an external portfolio.
+     *
+     * @param scope The parent creating construct (usually `this`).
+     * @param id The construct's name.
+     * @param portfolioArn the Amazon Resource Name of the existing portfolio.
+     */
+    static fromPortfolioArn(scope: Construct, id: string, portfolioArn: string): IPortfolio;
+    readonly portfolioArn: string;
+    readonly portfolioId: string;
+    private readonly portfolio;
+    constructor(scope: Construct, id: string, props: PortfolioProps);
+    protected generateUniqueHash(value: string): string;
+    private validatePortfolioProps;
+}
+export {};
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/portfolio.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/portfolio.js
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/private/association-manager.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/private/association-manager.d.ts
@@ -0,0 +1,27 @@
+import type * as iam from '../../../aws-iam';
+import type * as sns from '../../../aws-sns';
+import type * as cdk from '../../../core';
+import type { CloudFormationRuleConstraintOptions, CommonConstraintOptions, StackSetsConstraintOptions, TagUpdateConstraintOptions } from '../constraints';
+import type { IPortfolio } from '../portfolio';
+import type { IProduct } from '../product';
+import { CfnPortfolioProductAssociation } from '../servicecatalog.generated';
+import type { TagOptions } from '../tag-options';
+export declare class AssociationManager {
+    static associateProductWithPortfolio(portfolio: IPortfolio, product: IProduct, options: CommonConstraintOptions | undefined): {
+        associationKey: string;
+        cfnPortfolioProductAssociation: CfnPortfolioProductAssociation;
+    };
+    static constrainTagUpdates(portfolio: IPortfolio, product: IProduct, options: TagUpdateConstraintOptions): void;
+    static notifyOnStackEvents(portfolio: IPortfolio, product: IProduct, topic: sns.ITopic, options: CommonConstraintOptions): void;
+    static constrainCloudFormationParameters(portfolio: IPortfolio, product: IProduct, options: CloudFormationRuleConstraintOptions): void;
+    static setLaunchRole(portfolio: IPortfolio, product: IProduct, launchRole: iam.IRoleRef, options: CommonConstraintOptions): void;
+    static setLocalLaunchRoleName(portfolio: IPortfolio, product: IProduct, launchRoleName: string, options: CommonConstraintOptions): void;
+    static deployWithStackSets(portfolio: IPortfolio, product: IProduct, options: StackSetsConstraintOptions): void;
+    static associateTagOptions(resource: cdk.IResource, resourceId: string, tagOptions: TagOptions): void;
+    private static setLaunchRoleConstraint;
+    private static stackSetConstraintLogicalId;
+    private static launchRoleConstraintLogicalId;
+    private static prettyPrintAssociation;
+    private static formatTemplateRule;
+    private static formatAssertions;
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/private/association-manager.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/private/association-manager.js
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/private/product-stack-synthesizer.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/private/product-stack-synthesizer.d.ts
@@ -0,0 +1,58 @@
+import type { IBucket } from '../../../aws-s3';
+import { ServerSideEncryption } from '../../../aws-s3-deployment';
+import * as cdk from '../../../core';
+/**
+ * Product stack synthesizer props.
+ */
+export interface ProductStackSynthesizerProps {
+    /**
+     * The parent stack of the stack that this synthesizer is bound to.
+     */
+    readonly parentStack: cdk.Stack;
+    /**
+     * The bucket used to store assets and enable ProductStack asset support.
+     *
+     * @default - No bucket provided and assets will not be supported
+     */
+    readonly assetBucket?: IBucket;
+    /**
+     * A ServerSideEncryption can be enabled to encrypt assets that are put into assetBucket.
+     *
+     * @default - No encryption is used
+     */
+    readonly serverSideEncryption?: ServerSideEncryption;
+    /**
+     * For AWS_KMS ServerSideEncryption a KMS KeyId must be provided which will be used to encrypt assets.
+     *
+     * @default - No KMS KeyId and SSE_KMS encryption cannot be used
+     */
+    readonly serverSideEncryptionAwsKmsKeyId?: string;
+    /**
+     * The amount of memory (in MiB) to allocate to the AWS Lambda function which
+     * replicates the files from the CDK bucket to the destination bucket.
+     *
+     * If you are deploying large files, you will need to increase this number
+     * accordingly.
+     *
+     * @default 128
+     */
+    readonly memoryLimit?: number;
+}
+/**
+ * Deployment environment for an AWS Service Catalog product stack.
+ *
+ * Interoperates with the StackSynthesizer of the parent stack.
+ */
+export declare class ProductStackSynthesizer extends cdk.StackSynthesizer {
+    private readonly parentStack;
+    private readonly assetBucket?;
+    private readonly serverSideEncryption?;
+    private readonly serverSideEncryptionAwsKmsKeyId?;
+    private readonly memoryLimit?;
+    private parentAssetBucket?;
+    constructor(props: ProductStackSynthesizerProps);
+    addFileAsset(asset: cdk.FileAssetSource): cdk.FileAssetLocation;
+    private physicalNameOfBucket;
+    addDockerImageAsset(_asset: cdk.DockerImageAssetSource): cdk.DockerImageAssetLocation;
+    synthesize(session: cdk.ISynthesisSession): void;
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/private/product-stack-synthesizer.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/private/product-stack-synthesizer.js
@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.ProductStackSynthesizer=void 0;var aws_s3_1=()=>{var tmp=require("../../../aws-s3");return aws_s3_1=()=>tmp,tmp},aws_s3_deployment_1=()=>{var tmp=require("../../../aws-s3-deployment");return aws_s3_deployment_1=()=>tmp,tmp},cdk=()=>{var tmp=require("../../../core");return cdk=()=>tmp,tmp},core_1=()=>{var tmp=require("../../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};class ProductStackSynthesizer extends cdk().StackSynthesizer{parentStack;assetBucket;serverSideEncryption;serverSideEncryptionAwsKmsKeyId;memoryLimit;parentAssetBucket;constructor(props){super(),this.parentStack=props.parentStack,this.assetBucket=props.assetBucket,this.serverSideEncryption=props.serverSideEncryption,this.serverSideEncryptionAwsKmsKeyId=props.serverSideEncryptionAwsKmsKeyId,this.memoryLimit=props.memoryLimit,this.assetBucket&&!cdk().Resource.isOwnedResource(this.assetBucket)&&cdk().Annotations.of(this.parentStack).addWarningV2("@aws-cdk/aws-servicecatalog:assetsManuallyAddBucketPermissions","[WARNING] Bucket Policy Permissions cannot be added to referenced Bucket. Please make sure your bucket has the correct permissions")}addFileAsset(asset){if(!this.assetBucket)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`AssetBucketRequired`,"An Asset Bucket must be provided to use Assets");const location=this.parentStack.synthesizer.addFileAsset(asset);this.parentAssetBucket||(this.parentAssetBucket=aws_s3_1().Bucket.fromBucketName(this.boundStack,"ParentAssetBucket",location.bucketName));const objectKey=location.objectKey,source=aws_s3_deployment_1().Source.bucket(this.parentAssetBucket,location.objectKey);if(this.serverSideEncryption===aws_s3_deployment_1().ServerSideEncryption.AWS_KMS&&!this.serverSideEncryptionAwsKmsKeyId)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`KmsKeyRequiredForSseKms`,"A KMS Key must be provided to use SSE_KMS");if(this.serverSideEncryption!==aws_s3_deployment_1().ServerSideEncryption.AWS_KMS&&this.serverSideEncryptionAwsKmsKeyId)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`SseKmsRequiredForKmsKey`,"A SSE_KMS encryption must be enabled if you provide KMS Key");const deploymentScope=this.assetBucket,deploymentCid="ProductAssetsDeployment";(deploymentScope.node.tryFindChild(deploymentCid)??new(aws_s3_deployment_1()).BucketDeployment(deploymentScope,deploymentCid,{sources:[source],destinationBucket:this.assetBucket,extract:!1,prune:!1,retainOnDelete:!0,serverSideEncryption:this.serverSideEncryption,serverSideEncryptionAwsKmsKeyId:this.serverSideEncryptionAwsKmsKeyId,memoryLimit:this.memoryLimit,outputObjectKeys:!1})).addSource(source);const bucketName=this.physicalNameOfBucket(this.assetBucket);if(!asset.fileName)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`AssetFileNameRequired`,"Asset file name is undefined");const s3ObjectUrl=`s3://${bucketName}/${objectKey}`,httpUrl=`https://s3.${bucketName}/${objectKey}`;return{bucketName,objectKey,httpUrl,s3ObjectUrl,s3Url:httpUrl}}physicalNameOfBucket(bucket){let resolvedName;if(cdk().Resource.isOwnedResource(bucket)?resolvedName=cdk().Stack.of(bucket).resolve(bucket.node.defaultChild.bucketName):resolvedName=bucket.bucketName,resolvedName===void 0)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`BucketNameRequiredForAssets`,"A bucketName must be provided to use Assets");return resolvedName}addDockerImageAsset(_asset){throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`DockerAssetsNotSupported`,"Service Catalog Product Stacks cannot use Assets")}synthesize(session){this.synthesizeTemplate(session)}}exports.ProductStackSynthesizer=ProductStackSynthesizer;
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/private/util.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/private/util.d.ts
@@ -0,0 +1,4 @@
+/**
+ * Generates a unique hash identfifer using SHA256 encryption algorithm
+ */
+export declare function hashValues(...ids: string[]): string;
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/private/util.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/private/util.js
@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.hashValues=hashValues;var crypto=()=>{var tmp=require("crypto");return crypto=()=>tmp,tmp};function hashValues(...ids){const sha256=crypto().createHash("sha256");return ids.forEach(val=>sha256.update(val)),sha256.digest("hex").slice(0,12)}
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/private/validation.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/private/validation.d.ts
@@ -0,0 +1,27 @@
+import type * as iam from '../../../aws-iam';
+/**
+ * Class to validate that inputs match requirements.
+ */
+export declare class InputValidator {
+    /**
+     * Validates length is between allowed min and max lengths.
+     */
+    static validateLength(resourceName: string, inputName: string, minLength: number, maxLength: number, inputString?: string): void;
+    /**
+     * Validates string matches the allowed regex pattern.
+     */
+    static validateRegex(resourceName: string, inputName: string, regexp: RegExp, inputString?: string): void;
+    /**
+     * Validates string matches the valid URL regex pattern.
+     */
+    static validateUrl(resourceName: string, inputName: string, inputString?: string): void;
+    /**
+     * Validates string matches the valid email regex pattern.
+     */
+    static validateEmail(resourceName: string, inputName: string, inputString?: string): void;
+    /**
+     * Validates that a role being used as a local launch role has the role name set
+     */
+    static validateRoleNameSetForLocalLaunchRole(role: iam.IRole): void;
+    private static truncateString;
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/private/validation.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/private/validation.js
@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.InputValidator=void 0;var cdk=()=>{var tmp=require("../../../core");return cdk=()=>tmp,tmp},core_1=()=>{var tmp=require("../../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};class InputValidator{static validateLength(resourceName,inputName,minLength,maxLength,inputString){if(!cdk().Token.isUnresolved(inputString)&&inputString!==void 0&&(inputString.length<minLength||inputString.length>maxLength))throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`InvalidInputLength`,`Invalid ${inputName} for resource ${resourceName}, must have length between ${minLength} and ${maxLength}, got: '${this.truncateString(inputString,100)}'`)}static validateRegex(resourceName,inputName,regexp,inputString){if(!cdk().Token.isUnresolved(inputString)&&inputString!==void 0&&!regexp.test(inputString))throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`InvalidInputPattern`,`Invalid ${inputName} for resource ${resourceName}, must match regex pattern ${regexp}, got: '${this.truncateString(inputString,100)}'`)}static validateUrl(resourceName,inputName,inputString){this.validateRegex(resourceName,inputName,/^https?:\/\/.*/,inputString)}static validateEmail(resourceName,inputName,inputString){this.validateRegex(resourceName,inputName,/^[\w\d.%+\-]+@[a-z\d.\-]+\.[a-z]{2,4}$/i,inputString)}static validateRoleNameSetForLocalLaunchRole(role){if(role.node.defaultChild&&cdk().Token.isUnresolved(role.node.defaultChild.roleName))throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`LocalLaunchRoleMustHaveRoleName`,`Role ${role.node.id} used for Local Launch Role must have roleName explicitly set`)}static truncateString(string,maxLength){return string.length>maxLength?string.substring(0,maxLength)+"[truncated]":string}}exports.InputValidator=InputValidator;
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/product-stack-history.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/product-stack-history.d.ts
@@ -0,0 +1,62 @@
+import { Construct } from 'constructs';
+import type { CloudFormationProductVersion } from './product';
+import type { ProductStack } from './product-stack';
+/**
+ * Properties for a ProductStackHistory.
+ */
+export interface ProductStackHistoryProps {
+    /**
+     * The ProductStack whose history will be retained as a snapshot
+     */
+    readonly productStack: ProductStack;
+    /**
+     * The current version name of the ProductStack.
+     */
+    readonly currentVersionName: string;
+    /**
+     * If this is set to true, the ProductStack will not be overwritten if a snapshot is found for the currentVersionName.
+     */
+    readonly currentVersionLocked: boolean;
+    /**
+     * The description of the product version
+     * @default - No description provided
+     */
+    readonly description?: string;
+    /**
+     * Whether the specified product template will be validated by CloudFormation.
+     * If turned off, an invalid template configuration can be stored.
+     * @default true
+     */
+    readonly validateTemplate?: boolean;
+    /**
+     * The directory where template snapshots will be stored
+     * @default 'product-stack-snapshots'
+     */
+    readonly directory?: string;
+}
+/**
+ * A Construct that contains a Service Catalog product stack with its previous deployments maintained.
+ */
+export declare class ProductStackHistory extends Construct {
+    /**
+     * Uniquely identifies this class.
+     */
+    static readonly PROPERTY_INJECTION_ID: string;
+    private readonly props;
+    constructor(scope: Construct, id: string, props: ProductStackHistoryProps);
+    /**
+     * Retains product stack template as a snapshot when deployed and
+     * retrieves a CloudFormationProductVersion for the current product version.
+     */
+    currentVersion(): CloudFormationProductVersion;
+    /**
+     * Retrieves a CloudFormationProductVersion from a previously deployed productVersionName.
+     */
+    versionFromSnapshot(productVersionName: string): CloudFormationProductVersion;
+    /**
+     * Writes current template generated from Product Stack to a snapshot directory.
+     *
+     * @internal
+     */
+    _writeTemplateToSnapshot(cfn: string): void;
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/product-stack-history.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/product-stack-history.js
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/product-stack.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/product-stack.d.ts
@@ -0,0 +1,101 @@
+import type { Construct } from 'constructs';
+import type { ProductStackHistory } from './product-stack-history';
+import type { IBucket } from '../../aws-s3';
+import type { ServerSideEncryption } from '../../aws-s3-deployment';
+import * as cdk from '../../core';
+/**
+ * Product stack props.
+ */
+export interface ProductStackProps {
+    /**
+     * A Bucket can be passed to store assets, enabling ProductStack Asset support
+     *
+     * @default - No Bucket provided and Assets will not be supported.
+     */
+    readonly assetBucket?: IBucket;
+    /**
+     * A ServerSideEncryption can be enabled to encrypt assets that are put into assetBucket
+     *
+     * @default - No encryption is used
+     */
+    readonly serverSideEncryption?: ServerSideEncryption;
+    /**
+     * For AWS_KMS ServerSideEncryption a KMS KeyId must be provided which will be used to encrypt assets
+     *
+     * @default - No KMS KeyId and SSE_KMS encryption cannot be used
+     */
+    readonly serverSideEncryptionAwsKmsKeyId?: string;
+    /**
+     * The amount of memory (in MiB) to allocate to the AWS Lambda function which
+     * replicates the files from the CDK bucket to the destination bucket.
+     *
+     * If you are deploying large files, you will need to increase this number
+     * accordingly.
+     *
+     * @default 128
+     */
+    readonly memoryLimit?: number;
+    /**
+     * A description of the stack.
+     *
+     * @default - No description.
+     */
+    readonly description?: string;
+    /**
+     * Include runtime versioning information in this Stack
+     *
+     * @default - `analyticsReporting` setting of containing `App`, or value of
+     * 'aws:cdk:version-reporting' context key
+     */
+    readonly analyticsReporting?: boolean;
+}
+/**
+ * A Service Catalog product stack, which is similar in form to a Cloudformation nested stack.
+ * You can add the resources to this stack that you want to define for your service catalog product.
+ *
+ * This stack will not be treated as an independent deployment
+ * artifact (won't be listed in "cdk list" or deployable through "cdk deploy"),
+ * but rather only synthesized as a template and uploaded as an asset to S3.
+ *
+ */
+export declare class ProductStack extends cdk.Stack {
+    readonly templateFile: string;
+    private _parentProductStackHistory?;
+    private _templateUrl?;
+    private _parentStack;
+    private assetBucket?;
+    constructor(scope: Construct, id: string, props?: ProductStackProps);
+    /**
+     * Set the parent product stack history
+     *
+     * @internal
+     */
+    _setParentProductStackHistory(parentProductStackHistory: ProductStackHistory): ProductStackHistory;
+    /**
+     * Fetch the template URL.
+     *
+     * @internal
+     */
+    _getTemplateUrl(): string;
+    /**
+     * Fetch the asset bucket.
+     *
+     * @internal
+     */
+    _getAssetBucket(): IBucket | undefined;
+    /**
+     * Fetch the parent Stack.
+     *
+     * @internal
+     */
+    _getParentStack(): cdk.Stack;
+    /**
+     * Synthesize the product stack template, overrides the `super` class method.
+     *
+     * Defines an asset at the parent stack which represents the template of this
+     * product stack.
+     *
+     * @internal
+     */
+    _synthesizeTemplate(session: cdk.ISynthesisSession): void;
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/product-stack.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/product-stack.js
@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.ProductStack=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var crypto=()=>{var tmp=require("crypto");return crypto=()=>tmp,tmp},fs=()=>{var tmp=require("fs");return fs=()=>tmp,tmp},path=()=>{var tmp=require("path");return path=()=>tmp,tmp},product_stack_synthesizer_1=()=>{var tmp=require("./private/product-stack-synthesizer");return product_stack_synthesizer_1=()=>tmp,tmp},cdk=()=>{var tmp=require("../../core");return cdk=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};class ProductStack extends cdk().Stack{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_servicecatalog.ProductStack",version:"2.252.0"};templateFile;_parentProductStackHistory;_templateUrl;_parentStack;assetBucket;constructor(scope,id,props={}){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_servicecatalog_ProductStackProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,ProductStack),error}const parentStack=findParentStack(scope);super(scope,id,{analyticsReporting:props.analyticsReporting,description:props.description,synthesizer:new(product_stack_synthesizer_1()).ProductStackSynthesizer({parentStack,assetBucket:props.assetBucket,serverSideEncryption:props.serverSideEncryption,serverSideEncryptionAwsKmsKeyId:props.serverSideEncryptionAwsKmsKeyId,memoryLimit:props.memoryLimit})}),this._parentStack=parentStack,this.templateFile=`${cdk().Names.uniqueId(this)}.product.template.json`,this.assetBucket=props.assetBucket}_setParentProductStackHistory(parentProductStackHistory){return this._parentProductStackHistory=parentProductStackHistory}_getTemplateUrl(){return cdk().Lazy.uncachedString({produce:()=>this._templateUrl})}_getAssetBucket(){return this.assetBucket}_getParentStack(){return this._parentStack}_synthesizeTemplate(session){const cfn=JSON.stringify(this._toCloudFormation(),void 0,2),templateHash=crypto().createHash("sha256").update(cfn).digest("hex");this._templateUrl=this._parentStack.synthesizer.addFileAsset({packaging:cdk().FileAssetPackaging.FILE,sourceHash:templateHash,fileName:this.templateFile,displayName:`${this.node.path} Template`}).httpUrl,this._parentProductStackHistory&&this._parentProductStackHistory._writeTemplateToSnapshot(cfn),fs().writeFileSync(path().join(session.assembly.outdir,this.templateFile),cfn)}}exports.ProductStack=ProductStack;function findParentStack(scope){try{return cdk().Stack.of(scope)}catch{throw new(core_1()).ValidationError((0,literal_string_1().lit)`ProductStackMustBeDefinedWithinStack`,"Product stacks must be defined within scope of another non-product stack",scope)}}
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/product.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/product.d.ts
@@ -0,0 +1,156 @@
+import type { Construct } from 'constructs';
+import type { CloudFormationTemplate } from './cloudformation-template';
+import type { MessageLanguage } from './common';
+import type { TagOptions } from './tag-options';
+import type { IBucket } from '../../aws-s3';
+import type { IResource } from '../../core';
+import { Resource } from '../../core';
+import type { CloudFormationProductReference, ICloudFormationProductRef } from '../../interfaces/generated/aws-servicecatalog-interfaces.generated';
+/**
+ * A Service Catalog product, currently only supports type CloudFormationProduct
+ */
+export interface IProduct extends IResource, ICloudFormationProductRef {
+    /**
+     * The ARN of the product.
+     * @attribute
+     */
+    readonly productArn: string;
+    /**
+     * The id of the product
+     * @attribute
+     */
+    readonly productId: string;
+    /**
+     * The asset buckets of a product created via product stack.
+     * @attribute
+     */
+    readonly assetBuckets: IBucket[];
+    /**
+     * Associate Tag Options.
+     * A TagOption is a key-value pair managed in AWS Service Catalog.
+     * It is not an AWS tag, but serves as a template for creating an AWS tag based on the TagOption.
+     */
+    associateTagOptions(tagOptions: TagOptions): void;
+}
+declare abstract class ProductBase extends Resource implements IProduct {
+    abstract readonly productArn: string;
+    abstract readonly productId: string;
+    abstract readonly assetBuckets: IBucket[];
+    get cloudFormationProductRef(): CloudFormationProductReference;
+    associateTagOptions(tagOptions: TagOptions): void;
+}
+/**
+ * Properties of product version (also known as a provisioning artifact).
+ */
+export interface CloudFormationProductVersion {
+    /**
+     * The description of the product version
+     * @default - No description provided
+     */
+    readonly description?: string;
+    /**
+     * Whether the specified product template will be validated by CloudFormation.
+     * If turned off, an invalid template configuration can be stored.
+     * @default true
+     */
+    readonly validateTemplate?: boolean;
+    /**
+     * The S3 template that points to the provisioning version template
+     */
+    readonly cloudFormationTemplate: CloudFormationTemplate;
+    /**
+     * The name of the product version.
+     * @default - No product version name provided
+     */
+    readonly productVersionName?: string;
+}
+/**
+ * Properties for a Cloudformation Product
+ */
+export interface CloudFormationProductProps {
+    /**
+     * The owner of the product.
+     */
+    readonly owner: string;
+    /**
+     * The name of the product.
+     */
+    readonly productName: string;
+    /**
+     * The configuration of the product version.
+     */
+    readonly productVersions: CloudFormationProductVersion[];
+    /**
+     * The language code.
+     * Controls language for logging and errors.
+     *
+     * @default - English
+     */
+    readonly messageLanguage?: MessageLanguage;
+    /**
+     * The description of the product.
+     * @default - No description provided
+     */
+    readonly description?: string;
+    /**
+     * The distributor of the product.
+     * @default - No distributor provided
+     */
+    readonly distributor?: string;
+    /**
+     * Whether to give provisioning artifacts a new unique identifier when the product attributes or provisioning artifacts is updated
+     * @default false
+     */
+    readonly replaceProductVersionIds?: boolean;
+    /**
+     * The support information about the product
+     * @default - No support description provided
+     */
+    readonly supportDescription?: string;
+    /**
+     * The contact email for product support.
+     * @default - No support email provided
+     */
+    readonly supportEmail?: string;
+    /**
+     * The contact URL for product support.
+     * @default - No support URL provided
+     */
+    readonly supportUrl?: string;
+    /**
+     * TagOptions associated directly to a product.
+     *
+     * @default - No tagOptions provided
+     */
+    readonly tagOptions?: TagOptions;
+}
+/**
+ * Abstract class for Service Catalog Product.
+ */
+export declare abstract class Product extends ProductBase {
+    /**
+     * Creates a Product construct that represents an external product.
+     * @param scope The parent creating construct (usually `this`).
+     * @param id The construct's name.
+     * @param productArn Product Arn
+     */
+    static fromProductArn(scope: Construct, id: string, productArn: string): IProduct;
+}
+/**
+ * A Service Catalog Cloudformation Product.
+ */
+export declare class CloudFormationProduct extends Product {
+    /** Uniquely identifies this class. */
+    static readonly PROPERTY_INJECTION_ID: string;
+    readonly productArn: string;
+    readonly productId: string;
+    /**
+     * The asset bucket of a product created via product stack.
+     * @default - Empty - no assets are used in this product
+     */
+    readonly assetBuckets: IBucket[];
+    constructor(scope: Construct, id: string, props: CloudFormationProductProps);
+    private renderProvisioningArtifacts;
+    private validateProductProps;
+}
+export {};
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/product.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/product.js
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/servicecatalog-canned-metrics.generated.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/servicecatalog-canned-metrics.generated.d.ts
@@ -0,0 +1,13 @@
+export interface MetricWithDims<D> {
+    readonly namespace: string;
+    readonly metricName: string;
+    readonly statistic: string;
+    readonly dimensionsMap: D;
+}
+export declare class ServiceCatalogMetrics {
+    static provisionedProductLaunchSum(this: void, dimensions: {
+        ProductId: string;
+    }): MetricWithDims<{
+        ProductId: string;
+    }>;
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/servicecatalog-canned-metrics.generated.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/servicecatalog-canned-metrics.generated.js
@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.ServiceCatalogMetrics=void 0;class ServiceCatalogMetrics{static provisionedProductLaunchSum(dimensions){return{namespace:"AWS/ServiceCatalog",metricName:"ProvisionedProductLaunch",dimensionsMap:dimensions,statistic:"Sum"}}}exports.ServiceCatalogMetrics=ServiceCatalogMetrics;
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/servicecatalog.generated.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/servicecatalog.generated.d.ts
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/servicecatalog.generated.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/servicecatalog.generated.js
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/tag-options.d.ts
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/tag-options.d.ts
@@ -0,0 +1,35 @@
+import type { Construct } from 'constructs';
+import { CfnTagOption } from './servicecatalog.generated';
+import * as cdk from '../../core';
+/**
+ * Properties for TagOptions.
+ */
+export interface TagOptionsProps {
+    /**
+     * The values that are allowed to be set for specific tags.
+     * The keys of the map represent the tag keys,
+     * and the values of the map are a list of allowed values for that particular tag key.
+     */
+    readonly allowedValuesForTags: {
+        [tagKey: string]: string[];
+    };
+}
+/**
+ * Defines a set of TagOptions, which are a list of key-value pairs managed in AWS Service Catalog.
+ * It is not an AWS tag, but serves as a template for creating an AWS tag based on the TagOption.
+ * See https://docs.aws.amazon.com/servicecatalog/latest/adminguide/tagoptions.html
+ *
+ * @resource AWS::ServiceCatalog::TagOption
+ */
+export declare class TagOptions extends cdk.Resource {
+    /** Uniquely identifies this class. */
+    static readonly PROPERTY_INJECTION_ID: string;
+    /**
+     * List of underlying CfnTagOption resources.
+     *
+     * @internal
+     */
+    _cfnTagOptions: CfnTagOption[];
+    constructor(scope: Construct, id: string, props: TagOptionsProps);
+    private createUnderlyingTagOptions;
+}
--- a/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/tag-options.js
+++ b/cdk/node_modules/aws-cdk-lib/aws-servicecatalog/lib/tag-options.js
				`@@ -0,0 +1 @@`
				"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.CloudFormationTemplate=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var util_1=()=>{var tmp=require("./private/util");return util_1=()=>tmp,tmp},s3_assets=()=>{var tmp=require("../../aws-s3-assets");return s3_assets=()=>tmp,tmp};class CloudFormationTemplate{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_servicecatalog.CloudFormationTemplate",version:"2.252.0"};static fromUrl(url){return new CloudFormationUrlTemplate(url)}static fromAsset(path,options){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_s3_assets_AssetOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromAsset),error}return new CloudFormationAssetTemplate(path,options)}static fromProductStack(productStack){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_servicecatalog_ProductStack(productStack)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromProductStack),error}return new CloudFormationProductStackTemplate(productStack)}}exports.CloudFormationTemplate=CloudFormationTemplate;class CloudFormationUrlTemplate extends CloudFormationTemplate{url;constructor(url){super(),this.url=url}bind(_scope){return{httpUrl:this.url}}}class CloudFormationAssetTemplate extends CloudFormationTemplate{path;options;asset;constructor(path,options={}){super(),this.path=path,this.options=options}bind(scope){return this.asset\|\|(this.asset=new(s3_assets()).Asset(scope,`Template${(0,util_1().hashValues)(this.path)}`,{path:this.path,...this.options})),{httpUrl:this.asset.httpUrl}}}class CloudFormationProductStackTemplate extends CloudFormationTemplate{productStack;constructor(productStack){super(),this.productStack=productStack}bind(_scope){return{httpUrl:this.productStack._getTemplateUrl(),assetBucket:this.productStack._getAssetBucket()}}}
				`@@ -0,0 +1 @@`
				`"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.MessageLanguage=exports.DEFAULT_PRODUCT_STACK_SNAPSHOT_DIRECTORY=void 0,exports.DEFAULT_PRODUCT_STACK_SNAPSHOT_DIRECTORY="product-stack-snapshots";var MessageLanguage;(function(MessageLanguage2){MessageLanguage2.EN="en",MessageLanguage2.JP="jp",MessageLanguage2.ZH="zh"})(MessageLanguage\|\|(exports.MessageLanguage=MessageLanguage={}));`