Skip to content

feat: update L1 CloudFormation resource definitions #35679

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 7, 2025
Merged

feat: update L1 CloudFormation resource definitions #35679

merged 2 commits into from
Oct 7, 2025

Conversation

@aws-cdk-automation
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation commented Oct 6, 2025
edited by alvazjor
Loading

Updates the L1 CloudFormation resource definitions with the latest changes from @aws-cdk/aws-service-spec

L1 CloudFormation resource definition changes:

├[~] service aws-apigateway
│ └ resources
│    ├[~]  resource AWS::ApiGateway::Account
│    │  └      - arnTemplate: arn:${Partition}:apigateway:${Region}::/account
│    │         + arnTemplate: arn:${Partition}:apigateway:${Region}::/account/${ApiGatewayAccountId}
│    └[~]  resource AWS::ApiGateway::DomainNameAccessAssociation
│       └      - arnTemplate: arn:${Partition}:apigateway:${Region}:${Account}:/domainnameaccessassociations
│              + arnTemplate: arn:${Partition}:apigateway:${Region}:${Account}:/domainnameaccessassociations/domainname/${DomainName}/${SourceType}/${SourceId}
├[~] service aws-applicationsignals
│ └ resources
│    ├[~]  resource AWS::ApplicationSignals::Discovery
│    │  └      - documentation: Enables this AWS account to be able to use CloudWatch Application Signals by creating the `AWSServiceRoleForCloudWatchApplicationSignals` service-linked role. This service-linked role has the following permissions:
│    │         - `xray:GetServiceGraph`
│    │         - `logs:StartQuery`
│    │         - `logs:GetQueryResults`
│    │         - `cloudwatch:GetMetricData`
│    │         - `cloudwatch:ListMetrics`
│    │         - `tag:GetResources`
│    │         - `autoscaling:DescribeAutoScalingGroups`
│    │         After completing this step, you still need to instrument your Java and Python applications to send data to Application Signals. For more information, see [Enabling Application Signals](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Application-Signals-Enable.html) .
│    │         + documentation: > If you have existing `AWS::ApplicationSignals::Discovery` resources that were created prior to the Application Map release, you will need to delete and recreate these resources in your account to enable Application Map. 
│    │         Enables this AWS account to be able to use CloudWatch Application Signals by creating the `AWSServiceRoleForCloudWatchApplicationSignals` service-linked role. This service-linked role has the following permissions:
│    │         - `xray:GetServiceGraph`
│    │         - `logs:StartQuery`
│    │         - `logs:GetQueryResults`
│    │         - `cloudwatch:GetMetricData`
│    │         - `cloudwatch:ListMetrics`
│    │         - `tag:GetResources`
│    │         - `autoscaling:DescribeAutoScalingGroups`
│    │         A service-linked CloudTrail event channel is created to process CloudTrail events and return change event information. This includes last deployment time, userName, eventName, and other event metadata.
│    │         After completing this step, you still need to instrument your Java and Python applications to send data to Application Signals. For more information, see [Enabling Application Signals](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Application-Signals-Enable.html) .
│    └[+]  resource AWS::ApplicationSignals::GroupingConfiguration
│       ├      name: GroupingConfiguration
│       │      cloudFormationType: AWS::ApplicationSignals::GroupingConfiguration
│       │      documentation: Resource Type definition for AWS::ApplicationSignals::GroupingConfiguration
│       ├ properties
│       │  └ GroupingAttributeDefinitions: Array<GroupingAttributeDefinition> (required)
│       ├ attributes
│       │  ├ UpdatedAt: string
│       │  └ AccountId: string
│       └ types
│          └ type GroupingAttributeDefinition
│            ├      name: GroupingAttributeDefinition
│            └ properties
│               ├ GroupingName: string (required)
│               ├ GroupingSourceKeys: Array<string> (required)
│               └ DefaultGroupingValue: string
├[~] service aws-arcregionswitch
│ └ resources
│    └[~]  resource AWS::ARCRegionSwitch::Plan
│       └ attributes
│          └[+] PlanHealthChecks: Array<string>
├[~] service aws-backup
│ └ resources
│    ├[~]  resource AWS::Backup::BackupVault
│    │  └      - arnTemplate: arn:${Partition}:backup:${Region}:${Account}:backup-vault:${BackupVaultName}
│    │         + arnTemplate: undefined
│    └[~]  resource AWS::Backup::LogicallyAirGappedBackupVault
│       └      - arnTemplate: undefined
│              + arnTemplate: arn:${Partition}:backup:${Region}:${Account}:backup-vault:${BackupVaultName}
├[~] service aws-bedrock
│ └ resources
│    └[~]  resource AWS::Bedrock::DataAutomationProject
│       └ types
│          ├[~] type AudioExtractionCategory
│          │ └ properties
│          │    └ TypeConfiguration: (documentation changed)
│          ├[~] type AudioExtractionCategoryTypeConfiguration
│          │ ├      - documentation: undefined
│          │ │      + documentation: Allows configuration of extractions for different types of data, such as transcript and content moderation.
│          │ └ properties
│          │    └ Transcript: (documentation changed)
│          ├[~] type ChannelLabelingConfiguration
│          │ ├      - documentation: undefined
│          │ │      + documentation: Enables or disables channel labeling. Channel labeling, when enabled will assign a number to each audio channel, and indicate which channel is being used in each portion of the transcript. This appears in the response as "ch_0" for the first channel, and "ch_1" for the second.
│          │ └ properties
│          │    └ State: (documentation changed)
│          ├[~] type SpeakerLabelingConfiguration
│          │ ├      - documentation: undefined
│          │ │      + documentation: Enables or disables speaker labeling. Speaker labeling, when enabled will assign a number to each speaker, and indicate which speaker is talking in each portion of the transcript. This appears in the response as "spk_0" for the first speaker, "spk_1" for the second, and so on for up to 30 speakers.
│          │ └ properties
│          │    └ State: (documentation changed)
│          └[~] type TranscriptConfiguration
│            ├      - documentation: undefined
│            │      + documentation: Configuration for transcript options. This option allows you to enable speaker labeling and channel labeling.
│            └ properties
│               ├ ChannelLabeling: (documentation changed)
│               └ SpeakerLabeling: (documentation changed)
├[~] service aws-bedrockagentcore
│ └ resources
│    ├[+]  resource AWS::BedrockAgentCore::Gateway
│    │  ├      name: Gateway
│    │  │      cloudFormationType: AWS::BedrockAgentCore::Gateway
│    │  │      documentation: Definition of AWS::BedrockAgentCore::Gateway Resource Type
│    │  │      tagInformation: {"tagPropertyName":"Tags","variant":"map"}
│    │  │      arnTemplate: arn:${Partition}:bedrock-agentcore:${Region}:${Account}:gateway/${GatewayId}
│    │  ├ properties
│    │  │  ├ AuthorizerConfiguration: AuthorizerConfiguration
│    │  │  ├ AuthorizerType: string (required)
│    │  │  ├ Description: string
│    │  │  ├ ExceptionLevel: string
│    │  │  ├ KmsKeyArn: string
│    │  │  ├ Name: string (required)
│    │  │  ├ ProtocolConfiguration: GatewayProtocolConfiguration
│    │  │  ├ ProtocolType: string (required)
│    │  │  ├ RoleArn: string (required)
│    │  │  └ Tags: Map<string, string>
│    │  ├ attributes
│    │  │  ├ CreatedAt: string
│    │  │  ├ GatewayArn: string
│    │  │  ├ GatewayIdentifier: string
│    │  │  ├ GatewayUrl: string
│    │  │  ├ Status: string
│    │  │  ├ StatusReasons: Array<string>
│    │  │  ├ UpdatedAt: string
│    │  │  └ WorkloadIdentityDetails: WorkloadIdentityDetails
│    │  └ types
│    │     ├ type AuthorizerConfiguration
│    │     │ ├      name: AuthorizerConfiguration
│    │     │ └ properties
│    │     │    └ CustomJWTAuthorizer: CustomJWTAuthorizerConfiguration (required)
│    │     ├ type CustomJWTAuthorizerConfiguration
│    │     │ ├      name: CustomJWTAuthorizerConfiguration
│    │     │ └ properties
│    │     │    ├ DiscoveryUrl: string (required)
│    │     │    ├ AllowedAudience: Array<string>
│    │     │    └ AllowedClients: Array<string>
│    │     ├ type GatewayProtocolConfiguration
│    │     │ ├      name: GatewayProtocolConfiguration
│    │     │ └ properties
│    │     │    └ Mcp: MCPGatewayConfiguration (required)
│    │     ├ type MCPGatewayConfiguration
│    │     │ ├      name: MCPGatewayConfiguration
│    │     │ └ properties
│    │     │    ├ SupportedVersions: Array<string>
│    │     │    ├ Instructions: string
│    │     │    └ SearchType: string
│    │     └ type WorkloadIdentityDetails
│    │       ├      name: WorkloadIdentityDetails
│    │       └ properties
│    │          └ WorkloadIdentityArn: string (required)
│    └[+]  resource AWS::BedrockAgentCore::GatewayTarget
│       ├      name: GatewayTarget
│       │      cloudFormationType: AWS::BedrockAgentCore::GatewayTarget
│       │      documentation: Definition of AWS::BedrockAgentCore::GatewayTarget Resource Type
│       ├ properties
│       │  ├ CredentialProviderConfigurations: Array<CredentialProviderConfiguration> (required)
│       │  ├ Description: string
│       │  ├ GatewayIdentifier: string (immutable)
│       │  ├ Name: string (required)
│       │  └ TargetConfiguration: TargetConfiguration (required)
│       ├ attributes
│       │  ├ CreatedAt: string
│       │  ├ GatewayArn: string
│       │  ├ Status: string
│       │  ├ StatusReasons: Array<string>
│       │  ├ TargetId: string
│       │  └ UpdatedAt: string
│       └ types
│          ├ type ApiKeyCredentialProvider
│          │ ├      name: ApiKeyCredentialProvider
│          │ └ properties
│          │    ├ ProviderArn: string (required)
│          │    ├ CredentialParameterName: string
│          │    ├ CredentialPrefix: string
│          │    └ CredentialLocation: string
│          ├ type ApiSchemaConfiguration
│          │ ├      name: ApiSchemaConfiguration
│          │ └ properties
│          │    ├ S3: S3Configuration
│          │    └ InlinePayload: string
│          ├ type CredentialProvider
│          │ ├      name: CredentialProvider
│          │ └ properties
│          │    ├ OauthCredentialProvider: OAuthCredentialProvider
│          │    └ ApiKeyCredentialProvider: ApiKeyCredentialProvider
│          ├ type CredentialProviderConfiguration
│          │ ├      name: CredentialProviderConfiguration
│          │ └ properties
│          │    ├ CredentialProviderType: string (required)
│          │    └ CredentialProvider: CredentialProvider
│          ├ type McpLambdaTargetConfiguration
│          │ ├      name: McpLambdaTargetConfiguration
│          │ └ properties
│          │    ├ LambdaArn: string (required)
│          │    └ ToolSchema: ToolSchema (required)
│          ├ type McpTargetConfiguration
│          │ ├      name: McpTargetConfiguration
│          │ └ properties
│          │    ├ OpenApiSchema: ApiSchemaConfiguration
│          │    ├ SmithyModel: ApiSchemaConfiguration
│          │    └ Lambda: McpLambdaTargetConfiguration
│          ├ type OAuthCredentialProvider
│          │ ├      name: OAuthCredentialProvider
│          │ └ properties
│          │    ├ ProviderArn: string (required)
│          │    ├ Scopes: Array<string> (required)
│          │    └ CustomParameters: Map<string, string>
│          ├ type S3Configuration
│          │ ├      name: S3Configuration
│          │ └ properties
│          │    ├ Uri: string
│          │    └ BucketOwnerAccountId: string
│          ├ type SchemaDefinition
│          │ ├      name: SchemaDefinition
│          │ └ properties
│          │    ├ Type: string (required)
│          │    ├ Description: string
│          │    ├ Required: Array<string>
│          │    ├ Items: SchemaDefinition
│          │    └ Properties: Map<string, SchemaDefinition>
│          ├ type TargetConfiguration
│          │ ├      name: TargetConfiguration
│          │ └ properties
│          │    └ Mcp: McpTargetConfiguration (required)
│          ├ type ToolDefinition
│          │ ├      name: ToolDefinition
│          │ └ properties
│          │    ├ Name: string (required)
│          │    ├ Description: string (required)
│          │    ├ InputSchema: SchemaDefinition (required)
│          │    └ OutputSchema: SchemaDefinition
│          └ type ToolSchema
│            ├      name: ToolSchema
│            └ properties
│               ├ S3: S3Configuration
│               └ InlinePayload: Array<ToolDefinition>
├[~] service aws-cognito
│ └ resources
│    └[~]  resource AWS::Cognito::UserPoolUser
│       └ properties
│          └ ClientMetadata: (documentation changed)
├[~] service aws-devicefarm
│ └ resources
│    └[~]  resource AWS::DeviceFarm::DevicePool
│       └      - arnTemplate: arn:${Partition}:devicefarm:${Region}:${Account}:devicepool:${ResourceId}
│              + arnTemplate: arn:${Partition}:devicefarm:${Region}:${Account}:devicepool:${ProjectId}/${DevicePoolId}
├[~] service aws-directoryservice
│ └ resources
│    └[~]  resource AWS::DirectoryService::SimpleAD
│       └      - arnTemplate: undefined
│              + arnTemplate: arn:${Partition}:ds:${Region}:${Account}:directory/${DirectoryId}
├[~] service aws-ec2
│ └ resources
│    └[~]  resource AWS::EC2::TransitGatewayPeeringAttachment
│       └      - arnTemplate: arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-attachment/${TransitGatewayAttachmentId}
│              + arnTemplate: undefined
├[~] service aws-ecs
│ └ resources
│    └[~]  resource AWS::ECS::CapacityProvider
│       ├      - documentation: Creates a new capacity provider. Capacity providers are associated with an Amazon ECS cluster and are used in capacity provider strategies to facilitate cluster auto scaling.
│       │      Only capacity providers that use an Auto Scaling group can be created. Amazon ECS tasks on AWS Fargate use the `FARGATE` and `FARGATE_SPOT` capacity providers. These providers are available to all accounts in the AWS Regions that AWS Fargate supports.
│       │      + documentation: Creates a capacity provider. Capacity providers are associated with a cluster and are used in capacity provider strategies to facilitate cluster auto scaling. You can create capacity providers for Amazon ECS Managed Instances and EC2 instances. AWS Fargate has the predefined `FARGATE` and `FARGATE_SPOT` capacity providers.
│       ├ properties
│       │  └ ManagedInstancesProvider: (documentation changed)
│       └ types
│          ├[~] type AcceleratorCountRequest
│          │ ├      - documentation: undefined
│          │ │      + documentation: The minimum and maximum number of accelerators (such as GPUs) for instance type selection. This is used for workloads that require specific numbers of accelerators.
│          │ └ properties
│          │    ├ Max: (documentation changed)
│          │    └ Min: (documentation changed)
│          ├[~] type AcceleratorTotalMemoryMiBRequest
│          │ ├      - documentation: undefined
│          │ │      + documentation: The minimum and maximum total accelerator memory in mebibytes (MiB) for instance type selection. This is important for GPU workloads that require specific amounts of video memory.
│          │ └ properties
│          │    ├ Max: (documentation changed)
│          │    └ Min: (documentation changed)
│          ├[~] type BaselineEbsBandwidthMbpsRequest
│          │ ├      - documentation: undefined
│          │ │      + documentation: The minimum and maximum baseline Amazon EBS bandwidth in megabits per second (Mbps) for instance type selection. This is important for workloads with high storage I/O requirements.
│          │ └ properties
│          │    ├ Max: (documentation changed)
│          │    └ Min: (documentation changed)
│          ├[~] type InstanceLaunchTemplate
│          │ ├      - documentation: undefined
│          │ │      + documentation: The launch template configuration for Amazon ECS Managed Instances. This defines how Amazon ECS launches Amazon EC2 instances, including the instance profile for your tasks, network and storage configuration, capacity options, and instance requirements for flexible instance type selection.
│          │ └ properties
│          │    ├ Ec2InstanceProfileArn: (documentation changed)
│          │    ├ InstanceRequirements: (documentation changed)
│          │    ├ Monitoring: (documentation changed)
│          │    ├ NetworkConfiguration: (documentation changed)
│          │    └ StorageConfiguration: (documentation changed)
│          ├[~] type InstanceRequirementsRequest
│          │ ├      - documentation: undefined
│          │ │      + documentation: The instance requirements for attribute-based instance type selection. Instead of specifying exact instance types, you define requirements such as vCPU count, memory size, network performance, and accelerator specifications. Amazon ECS automatically selects Amazon EC2 instance types that match these requirements, providing flexibility and helping to mitigate capacity constraints.
│          │ └ properties
│          │    ├ AcceleratorCount: (documentation changed)
│          │    ├ AcceleratorManufacturers: (documentation changed)
│          │    ├ AcceleratorNames: (documentation changed)
│          │    ├ AcceleratorTotalMemoryMiB: (documentation changed)
│          │    ├ AcceleratorTypes: (documentation changed)
│          │    ├ AllowedInstanceTypes: (documentation changed)
│          │    ├ BareMetal: (documentation changed)
│          │    ├ BaselineEbsBandwidthMbps: (documentation changed)
│          │    ├ BurstablePerformance: (documentation changed)
│          │    ├ CpuManufacturers: (documentation changed)
│          │    ├ ExcludedInstanceTypes: (documentation changed)
│          │    ├ InstanceGenerations: (documentation changed)
│          │    ├ LocalStorage: (documentation changed)
│          │    ├ LocalStorageTypes: (documentation changed)
│          │    ├ MaxSpotPriceAsPercentageOfOptimalOnDemandPrice: (documentation changed)
│          │    ├ MemoryGiBPerVCpu: (documentation changed)
│          │    ├ MemoryMiB: (documentation changed)
│          │    ├ NetworkBandwidthGbps: (documentation changed)
│          │    ├ NetworkInterfaceCount: (documentation changed)
│          │    ├ OnDemandMaxPricePercentageOverLowestPrice: (documentation changed)
│          │    ├ RequireHibernateSupport: (documentation changed)
│          │    ├ SpotMaxPricePercentageOverLowestPrice: (documentation changed)
│          │    ├ TotalLocalStorageGB: (documentation changed)
│          │    └ VCpuCount: (documentation changed)
│          ├[~] type ManagedInstancesNetworkConfiguration
│          │ ├      - documentation: undefined
│          │ │      + documentation: The network configuration for Amazon ECS Managed Instances. This specifies the VPC subnets and security groups that instances use for network connectivity. Amazon ECS Managed Instances support multiple network modes including `awsvpc` (instances receive ENIs for task isolation), `host` (instances share network namespace with tasks), and `none` (no external network connectivity), ensuring backward compatibility for migrating workloads from Fargate or Amazon EC2.
│          │ └ properties
│          │    ├ SecurityGroups: (documentation changed)
│          │    └ Subnets: (documentation changed)
│          ├[~] type ManagedInstancesProvider
│          │ ├      - documentation: undefined
│          │ │      + documentation: The configuration for a Amazon ECS Managed Instances provider. Amazon ECS uses this configuration to automatically launch, manage, and terminate Amazon EC2 instances on your behalf. Managed instances provide access to the full range of Amazon EC2 instance types and features while offloading infrastructure management to AWS .
│          │ └ properties
│          │    ├ InfrastructureRoleArn: (documentation changed)
│          │    ├ InstanceLaunchTemplate: (documentation changed)
│          │    └ PropagateTags: (documentation changed)
│          ├[~] type ManagedInstancesStorageConfiguration
│          │ ├      - documentation: undefined
│          │ │      + documentation: The storage configuration for Amazon ECS Managed Instances. This defines the root volume configuration for the instances.
│          │ └ properties
│          │    └ StorageSizeGiB: (documentation changed)
│          ├[~] type MemoryGiBPerVCpuRequest
│          │ ├      - documentation: undefined
│          │ │      + documentation: The minimum and maximum amount of memory per vCPU in gibibytes (GiB). This helps ensure that instance types have the appropriate memory-to-CPU ratio for your workloads.
│          │ └ properties
│          │    ├ Max: (documentation changed)
│          │    └ Min: (documentation changed)
│          ├[~] type MemoryMiBRequest
│          │ ├      - documentation: undefined
│          │ │      + documentation: The minimum and maximum amount of memory in mebibytes (MiB) for instance type selection. This ensures that selected instance types have adequate memory for your workloads.
│          │ └ properties
│          │    ├ Max: (documentation changed)
│          │    └ Min: (documentation changed)
│          ├[~] type NetworkBandwidthGbpsRequest
│          │ ├      - documentation: undefined
│          │ │      + documentation: The minimum and maximum network bandwidth in gigabits per second (Gbps) for instance type selection. This is important for network-intensive workloads.
│          │ └ properties
│          │    ├ Max: (documentation changed)
│          │    └ Min: (documentation changed)
│          ├[~] type NetworkInterfaceCountRequest
│          │ ├      - documentation: undefined
│          │ │      + documentation: The minimum and maximum number of network interfaces for instance type selection. This is useful for workloads that require multiple network interfaces.
│          │ └ properties
│          │    ├ Max: (documentation changed)
│          │    └ Min: (documentation changed)
│          ├[~] type TotalLocalStorageGBRequest
│          │ ├      - documentation: undefined
│          │ │      + documentation: The minimum and maximum total local storage in gigabytes (GB) for instance types with local storage. This is useful for workloads that require local storage for temporary data or caching.
│          │ └ properties
│          │    ├ Max: (documentation changed)
│          │    └ Min: (documentation changed)
│          └[~] type VCpuCountRangeRequest
│            ├      - documentation: undefined
│            │      + documentation: The minimum and maximum number of vCPUs for instance type selection. This allows you to specify a range of vCPU counts that meet your workload requirements.
│            └ properties
│               ├ Max: (documentation changed)
│               └ Min: (documentation changed)
├[~] service aws-events
│ └ resources
│    └[~]  resource AWS::Events::Rule
│       └      - arnTemplate: arn:${Partition}:events:${Region}:${Account}:rule/${RuleName}
│              + arnTemplate: arn:${Partition}:events:${Region}:${Account}:rule/${EventBusName}/${RuleName}
├[~] service aws-fsx
│ └ resources
│    └[~]  resource AWS::FSx::FileSystem
│       └ types
│          ├[~] type OntapConfiguration
│          │ └ properties
│          │    └ EndpointIpAddressRange: (documentation changed)
│          └[~] type OpenZFSConfiguration
│            └ properties
│               └ EndpointIpAddressRange: (documentation changed)
├[~] service aws-imagebuilder
│ └ resources
│    ├[~]  resource AWS::ImageBuilder::Image
│    │  ├ properties
│    │  │  └[+] LoggingConfiguration: ImageLoggingConfiguration
│    │  └ types
│    │     └[+]  type ImageLoggingConfiguration
│    │        ├      documentation: The logging configuration settings for the image.
│    │        │      name: ImageLoggingConfiguration
│    │        └ properties
│    │           └ LogGroupName: string
│    ├[~]  resource AWS::ImageBuilder::ImagePipeline
│    │  ├ properties
│    │  │  └[+] LoggingConfiguration: PipelineLoggingConfiguration
│    │  └ types
│    │     ├[+]  type AutoDisablePolicy
│    │     │  ├      documentation: The auto-disable policy configuration for the image pipeline.
│    │     │  │      name: AutoDisablePolicy
│    │     │  └ properties
│    │     │     └ FailureCount: integer (required)
│    │     ├[+]  type PipelineLoggingConfiguration
│    │     │  ├      documentation: The logging configuration settings for the image pipeline.
│    │     │  │      name: PipelineLoggingConfiguration
│    │     │  └ properties
│    │     │     ├ PipelineLogGroupName: string
│    │     │     └ ImageLogGroupName: string
│    │     └[~] type Schedule
│    │       └ properties
│    │          └[+] AutoDisablePolicy: AutoDisablePolicy
│    └[~]  resource AWS::ImageBuilder::ImageRecipe
│       └ properties
│          └[+] AmiTags: Map<string, string>
├[~] service aws-lex
│ └ resources
│    └[~]  resource AWS::Lex::ResourcePolicy
│       └ properties
│          └ ResourceArn: - string (required)
│                         + string (required, immutable)
├[~] service aws-lookoutmetrics
│ └ resources
│    ├[~]  resource AWS::LookoutMetrics::Alert
│    │  └      - documentation: The `AWS::LookoutMetrics::Alert` type creates an alert for an anomaly detector.
│    │         + documentation: > End of support notice: On October 31, 2025, AWS will end support for Amazon Lookout for Metrics. After October 31, 2025, you will no longer be able to access the Amazon Lookout for Metrics console or Amazon Lookout for Metrics resources. For more information, see [Amazon Lookout for Metrics end of support](https://docs.aws.amazon.com//blogs/machine-learning/transitioning-off-amazon-lookout-for-metrics/) . 
│    │         The `AWS::LookoutMetrics::Alert` type creates an alert for an anomaly detector.
│    └[~]  resource AWS::LookoutMetrics::AnomalyDetector
│       └      - documentation: The `AWS::LookoutMetrics::AnomalyDetector` type creates an anomaly detector.
│              + documentation: > End of support notice: On October 31, 2025, AWS will end support for Amazon Lookout for Metrics. After October 31, 2025, you will no longer be able to access the Amazon Lookout for Metrics console or Amazon Lookout for Metrics resources. For more information, see [Amazon Lookout for Metrics end of support](https://docs.aws.amazon.com//blogs/machine-learning/transitioning-off-amazon-lookout-for-metrics/) . 
│              The `AWS::LookoutMetrics::AnomalyDetector` type creates an anomaly detector.
├[~] service aws-networkfirewall
│ └ resources
│    └[~]  resource AWS::NetworkFirewall::RuleGroup
│       └      - arnTemplate: arn:${Partition}:network-firewall:${Region}:${Account}:stateless-rulegroup/${Name}
│              + arnTemplate: arn:${Partition}:network-firewall:${Region}:${Account}:stateful-rulegroup/${Name}
├[~] service aws-networkmanager
│ └ resources
│    ├[~]  resource AWS::NetworkManager::ConnectAttachment
│    │  └      - arnTemplate: arn:${Partition}:networkmanager::${Account}:attachment/${AttachmentId}
│    │         + arnTemplate: undefined
│    └[~]  resource AWS::NetworkManager::VpcAttachment
│       └      - arnTemplate: undefined
│              + arnTemplate: arn:${Partition}:networkmanager::${Account}:attachment/${AttachmentId}
├[~] service aws-opensearchservice
│ └ resources
│    └[~]  resource AWS::OpenSearchService::Domain
│       └      - arnTemplate: arn:${Partition}:es:${Region}:${Account}:domain/${DomainName}
│              + arnTemplate: undefined
├[~] service aws-pcs
│ └ resources
│    └[~]  resource AWS::PCS::ComputeNodeGroup
│       └ properties
│          └ PurchaseOption: (documentation changed)
├[~] service aws-pinpoint
│ └ resources
│    └[~]  resource AWS::Pinpoint::InAppTemplate
│       └      - arnTemplate: arn:${Partition}:mobiletargeting:${Region}:${Account}:templates
│              + arnTemplate: arn:${Partition}:mobiletargeting:${Region}:${Account}:templates/${TemplateName}/PUSH
├[~] service aws-redshift
│ └ resources
│    ├[~]  resource AWS::Redshift::ClusterSecurityGroup
│    │  └      - arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroup:${SecurityGroupName}
│    │         + arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroup:${SecurityGroupName}/ec2securitygroup/${Owner}/${Ec2SecurityGroupId}
│    └[~]  resource AWS::Redshift::ClusterSecurityGroupIngress
│       └      - arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroupingress:${SecurityGroupName}/cidrip/${IpRange}
│              + arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroupingress:${SecurityGroupName}/ec2securitygroup/${Owner}/${Ece2SecuritygroupId}
├[~] service aws-servicecatalog
│ └ resources
│    └[~]  resource AWS::ServiceCatalog::PortfolioShare
└[~] service aws-xray
  └ resources
     └[~]  resource AWS::XRay::Group
        └      - arnTemplate: arn:${Partition}:xray:${Region}:${AccountId}:group/${GroupName}
               + arnTemplate: arn:${Partition}:xray:${Region}:${AccountId}:group/${GroupName}/${Id}

CHANGES TO L1 RESOURCES:
L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

  • aws-lex: AWS::Lex::ResourcePolicy: ResourceArn property is now immutable.

@aws-cdk-automation @github-actions
feat: update L1 CloudFormation resource definitions
408aaa6 
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
@aws-cdk-automation aws-cdk-automation added contribution/core This is a PR that came from AWS. dependencies This issue is a problem in a dependency or a pull request that updates a dependency file. pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes pr-linter/exempt-integ-test The PR linter will not require integ test changes labels Oct 6, 2025
@aws-cdk-automation aws-cdk-automation requested review from a team October 6, 2025 10:27
@github-actions github-actions bot added the p2 label Oct 6, 2025
@alvazjor alvazjor self-assigned this Oct 7, 2025
@mergify
Copy link
Contributor

mergify bot commented Oct 7, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot added the queued label Oct 7, 2025
@mergify
Copy link
Contributor

mergify bot commented Oct 7, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit dec6e6a into main Oct 7, 2025
19 checks passed
@mergify mergify bot deleted the automation/spec-update branch October 7, 2025 08:57
@mergify mergify bot removed the queued label Oct 7, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Oct 7, 2025

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 7, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@alvazjor alvazjor alvazjor approved these changes

Assignees

@alvazjor alvazjor

Labels

contribution/core This is a PR that came from AWS. dependencies This issue is a problem in a dependency or a pull request that updates a dependency file. p2 pr-linter/exempt-integ-test The PR linter will not require integ test changes pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aws-cdk-automation @alvazjor