diff --git a/packages/aws-cdk-lib/aws-appsync/README.md b/packages/aws-cdk-lib/aws-appsync/README.md
index f672bf1429c60..ffae1b3f8ac20 100644
--- a/packages/aws-cdk-lib/aws-appsync/README.md
+++ b/packages/aws-cdk-lib/aws-appsync/README.md
@@ -428,6 +428,11 @@ new appsync.SourceApiAssociation(this, 'SourceApiAssociation2', {
 });
 ```
 
+## Merge Source API Update Within CDK Deployment
+
+The SourceApiAssociationMergeOperation construct available in the [awscdk-appsync-utils](https://github.com/cdklabs/awscdk-appsync-utils) package provides the ability to merge a source API to a Merged API via a custom
+resource. If the merge operation fails with a conflict, the stack update will fail and rollback the changes to the source API in the stack in order to prevent merge conflicts and ensure the source API changes are always propagated to the Merged API.
+
 ## Custom Domain Names
 
 For many use cases you may want to associate a custom domain name with your
diff --git a/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts b/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts
index 7002dc99ee6ad..a9f1ecdd0545d 100644
--- a/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts
+++ b/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts
@@ -37,6 +37,8 @@ export interface RotationScheduleOptions {
    * Specifies the number of days after the previous rotation before
    * Secrets Manager triggers the next automatic rotation.
    *
+   * The maximum value is 1000 days.
+   *
    * A value of zero (`Duration.days(0)`) will not create RotationRules.
    *
    * @default Duration.days(30)
@@ -125,6 +127,9 @@ export class RotationSchedule extends Resource {
     }
 
     let automaticallyAfterDays: number | undefined = undefined;
+    if (props.automaticallyAfter && props.automaticallyAfter.toDays() > 1000) {
+      throw new Error(`automaticallyAfter must not be greater than 1000 days, got ${props.automaticallyAfter.toDays()} days`);
+    }
     if (props.automaticallyAfter?.toMilliseconds() !== 0) {
       automaticallyAfterDays = props.automaticallyAfter?.toDays() || 30;
     }
diff --git a/packages/aws-cdk-lib/aws-secretsmanager/test/rotation-schedule.test.ts b/packages/aws-cdk-lib/aws-secretsmanager/test/rotation-schedule.test.ts
index d406b8830dda1..81d14021be962 100644
--- a/packages/aws-cdk-lib/aws-secretsmanager/test/rotation-schedule.test.ts
+++ b/packages/aws-cdk-lib/aws-secretsmanager/test/rotation-schedule.test.ts
@@ -651,3 +651,21 @@ test('rotation schedule should have a dependency on lambda permissions', () => {
     ],
   });
 });
+
+test('automaticallyAfter must not be greater than 1000 days', () => {
+  // GIVEN
+  const secret = new secretsmanager.Secret(stack, 'Secret');
+  const rotationLambda = new lambda.Function(stack, 'Lambda', {
+    runtime: lambda.Runtime.NODEJS_LATEST,
+    code: lambda.Code.fromInline('export.handler = event => event;'),
+    handler: 'index.handler',
+  });
+
+  // WHEN
+  // THEN
+  expect(() => new secretsmanager.RotationSchedule(stack, 'RotationSchedule', {
+    secret,
+    rotationLambda,
+    automaticallyAfter: Duration.days(1001),
+  })).toThrow(/automaticallyAfter must not be greater than 1000 days, got 1001 days/);
+});
\ No newline at end of file