feat: update L1 CloudFormation resource definitions #35816

aws-cdk-automation · 2025-10-22T11:53:18Z

Updates the L1 CloudFormation resource definitions with the latest changes from @aws-cdk/aws-service-spec

L1 CloudFormation resource definition changes:

├[~] service aws-applicationsignals
│ └ resources
│    └[~]  resource AWS::ApplicationSignals::GroupingConfiguration
│       └ attributes
│          └ AccountId: (documentation changed)
├[~] service aws-aps
│ └ resources
│    └[+]  resource AWS::APS::AnomalyDetector
│       ├      name: AnomalyDetector
│       │      cloudFormationType: AWS::APS::AnomalyDetector
│       │      documentation: AnomalyDetector schema for cloudformation.
│       │      tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│       ├ properties
│       │  ├ Workspace: string (required, immutable)
│       │  ├ Alias: string (required, immutable)
│       │  ├ EvaluationIntervalInSeconds: integer (default=60)
│       │  ├ Labels: Array<Label>
│       │  ├ MissingDataAction: MissingDataAction
│       │  ├ Configuration: AnomalyDetectorConfiguration (required)
│       │  └ Tags: Array<tag>
│       ├ attributes
│       │  └ Arn: string
│       └ types
│          ├ type AnomalyDetectorConfiguration
│          │ ├      name: AnomalyDetectorConfiguration
│          │ └ properties
│          │    └ RandomCutForest: RandomCutForestConfiguration (required)
│          ├ type IgnoreNearExpected
│          │ ├      name: IgnoreNearExpected
│          │ └ properties
│          │    ├ Amount: number
│          │    └ Ratio: number
│          ├ type Label
│          │ ├      documentation: A key-value pair to provide meta-data and multi-dimensional data analysis for filtering and aggregation.
│          │ │      name: Label
│          │ └ properties
│          │    ├ Key: string (required)
│          │    └ Value: string (required)
│          ├ type MissingDataAction
│          │ ├      name: MissingDataAction
│          │ └ properties
│          │    ├ MarkAsAnomaly: boolean
│          │    └ Skip: boolean
│          └ type RandomCutForestConfiguration
│            ├      name: RandomCutForestConfiguration
│            └ properties
│               ├ Query: string (required)
│               ├ ShingleSize: integer (default=8)
│               ├ SampleSize: integer (default=256)
│               ├ IgnoreNearExpectedFromAbove: IgnoreNearExpected
│               └ IgnoreNearExpectedFromBelow: IgnoreNearExpected
├[~] service aws-autoscaling
│ └ resources
│    └[~]  resource AWS::AutoScaling::LaunchConfiguration
│       └ properties
│          └ SecurityGroups: - relationshipRefs: [AWS::EC2::SecurityGroup.Id]
│                            + relationshipRefs: [AWS::EC2::SecurityGroup.GroupId, AWS::EC2::SecurityGroup.Id]
├[~] service aws-connect
│ └ resources
│    └[~]  resource AWS::Connect::EvaluationForm
│       └ types
│          ├[+]  type AutomaticFailConfiguration
│          │  ├      name: AutomaticFailConfiguration
│          │  └ properties
│          │     └ TargetSection: string
│          ├[+]  type EvaluationFormItemEnablementCondition
│          │  ├      name: EvaluationFormItemEnablementCondition
│          │  └ properties
│          │     ├ Operands: Array<EvaluationFormItemEnablementConditionOperand> (required)
│          │     └ Operator: string
│          ├[+]  type EvaluationFormItemEnablementConditionOperand
│          │  ├      name: EvaluationFormItemEnablementConditionOperand
│          │  └ properties
│          │     └ Expression: EvaluationFormItemEnablementExpression
│          ├[+]  type EvaluationFormItemEnablementConfiguration
│          │  ├      name: EvaluationFormItemEnablementConfiguration
│          │  └ properties
│          │     ├ Condition: EvaluationFormItemEnablementCondition (required)
│          │     ├ Action: string (required)
│          │     └ DefaultAction: string
│          ├[+]  type EvaluationFormItemEnablementExpression
│          │  ├      name: EvaluationFormItemEnablementExpression
│          │  └ properties
│          │     ├ Source: EvaluationFormItemEnablementSource (required)
│          │     ├ Values: Array<EvaluationFormItemEnablementSourceValue> (required)
│          │     └ Comparator: string (required)
│          ├[+]  type EvaluationFormItemEnablementSource
│          │  ├      name: EvaluationFormItemEnablementSource
│          │  └ properties
│          │     ├ Type: string (required)
│          │     └ RefId: string
│          ├[+]  type EvaluationFormItemEnablementSourceValue
│          │  ├      name: EvaluationFormItemEnablementSourceValue
│          │  └ properties
│          │     ├ Type: string
│          │     └ RefId: string
│          ├[~] type EvaluationFormNumericQuestionAutomation
│          │ └ properties
│          │    └[+] AnswerSource: EvaluationFormQuestionAutomationAnswerSource
│          ├[~] type EvaluationFormNumericQuestionOption
│          │ └ properties
│          │    └[+] AutomaticFailConfiguration: AutomaticFailConfiguration
│          ├[~] type EvaluationFormQuestion
│          │ └ properties
│          │    └[+] Enablement: EvaluationFormItemEnablementConfiguration
│          ├[+]  type EvaluationFormQuestionAutomationAnswerSource
│          │  ├      name: EvaluationFormQuestionAutomationAnswerSource
│          │  └ properties
│          │     └ SourceType: string (required)
│          ├[~] type EvaluationFormQuestionTypeProperties
│          │ └ properties
│          │    └[+] Text: EvaluationFormTextQuestionProperties
│          ├[~] type EvaluationFormSingleSelectQuestionAutomation
│          │ └ properties
│          │    └[+] AnswerSource: EvaluationFormQuestionAutomationAnswerSource
│          ├[~] type EvaluationFormSingleSelectQuestionOption
│          │ └ properties
│          │    └[+] AutomaticFailConfiguration: AutomaticFailConfiguration
│          ├[+]  type EvaluationFormTextQuestionAutomation
│          │  ├      name: EvaluationFormTextQuestionAutomation
│          │  └ properties
│          │     └ AnswerSource: EvaluationFormQuestionAutomationAnswerSource
│          └[+]  type EvaluationFormTextQuestionProperties
│             ├      name: EvaluationFormTextQuestionProperties
│             └ properties
│                └ Automation: EvaluationFormTextQuestionAutomation
├[~] service aws-directoryservice
│ └ resources
│    └[~]  resource AWS::DirectoryService::MicrosoftAD
│       └      - arnTemplate: arn:${Partition}:ds:${Region}:${Account}:directory/${DirectoryId}
│              + arnTemplate: arn:${Partition}:ds:${Region}:${Account}:${DirectoryId}
├[~] service aws-docdb
│ └ resources
│    └[~]  resource AWS::DocDB::DBCluster
│       └ properties
│          ├ GlobalClusterIdentifier: - string (immutable)
│          │                          + string
│          └ NetworkType: (documentation changed)
├[~] service aws-dynamodb
│ └ resources
│    ├[~]  resource AWS::DynamoDB::GlobalTable
│    │  └ types
│    │     └[~] type ReplicaSSESpecification
│    │       └ properties
│    │          └ KMSMasterKeyId: - relationshipRefs: [AWS::KMS::Key.KeyId]
│    │                            + relationshipRefs: [AWS::KMS::Key.Arn, AWS::KMS::Key.KeyId, AWS::KMS::Alias.AliasName]
│    └[~]  resource AWS::DynamoDB::Table
│       └ types
│          └[~] type SSESpecification
│            └ properties
│               └ KMSMasterKeyId: - relationshipRefs: [AWS::KMS::Key.Arn, AWS::KMS::Key.KeyId]
│                                 + relationshipRefs: [AWS::KMS::Key.Arn, AWS::KMS::Key.KeyId, AWS::KMS::Alias.AliasName]
├[~] service aws-ec2
│ └ resources
│    ├[~]  resource AWS::EC2::CapacityReservation
│    │  ├ properties
│    │  │  └ AvailabilityZoneId: (documentation changed)
│    │  └ attributes
│    │     ├ CreateDate: (documentation changed)
│    │     └ StartDate: (documentation changed)
│    ├[~]  resource AWS::EC2::EIPAssociation
│    │  └ properties
│    │     └ EIP: (documentation changed)
│    ├[~]  resource AWS::EC2::NatGateway
│    │  └ properties
│    │     └ VpcId: (documentation changed)
│    ├[~]  resource AWS::EC2::PrefixList
│    │  └ types
│    │     └[~] type Entry
│    │       └ properties
│    │          └ Description: - relationshipRefs: [AWS::EC2::Subnet.SubnetId]
│    │                         + relationshipRefs: undefined
│    └[~]  resource AWS::EC2::VPCEndpoint
│       └ properties
│          └ SecurityGroupIds: - relationshipRefs: [AWS::EC2::SecurityGroup.Id]
│                              + relationshipRefs: [AWS::EC2::SecurityGroup.GroupId, AWS::EC2::SecurityGroup.Id, AWS::EC2::VPC.DefaultSecurityGroup]
├[~] service aws-elasticloadbalancingv2
│ └ resources
│    ├[~]  resource AWS::ElasticLoadBalancingV2::Listener
│    │  └ types
│    │     ├[~] type AuthenticateCognitoConfig
│    │     │ └ properties
│    │     │    └ UserPoolClientId: - relationshipRefs: [AWS::Cognito::UserPoolClient.ClientId]
│    │     │                        + relationshipRefs: [AWS::Cognito::UserPoolClient.UserPoolId, AWS::Cognito::UserPoolClient.ClientId]
│    │     └[~] type Certificate
│    │       └ properties
│    │          └ CertificateArn: - relationshipRefs: undefined
│    │                            + relationshipRefs: [AWS::CertificateManager::Certificate.Id, AWS::IAM::ServerCertificate.Arn]
│    └[~]  resource AWS::ElasticLoadBalancingV2::ListenerRule
│       └ types
│          ├[~] type HostHeaderConfig
│          │ └ properties
│          │    └ Values: (documentation changed)
│          ├[~] type HttpHeaderConfig
│          │ └ properties
│          │    └ Values: (documentation changed)
│          ├[~] type HttpRequestMethodConfig
│          │ └ properties
│          │    └ Values: (documentation changed)
│          └[~] type QueryStringConfig
│            └ properties
│               └ Values: (documentation changed)
├[~] service aws-emrserverless
│ └ resources
│    └[~]  resource AWS::EMRServerless::Application
│       └ attributes
│          └ Arn: (documentation changed)
├[~] service aws-events
│ └ resources
│    └[~]  resource AWS::Events::EventBusPolicy
│       └ properties
│          ├ Action: - string
│          │         + string (deprecated=WARN)
│          ├ Condition: - Condition
│          │            + Condition (deprecated=WARN)
│          └ Principal: - string
│                       + string (deprecated=WARN)
├[~] service aws-gameliftstreams
│ └ resources
│    └[~]  resource AWS::GameLiftStreams::Application
│       └ properties
│          └ ExecutablePath: (documentation changed)
├[~] service aws-iotwireless
│ └ resources
│    └[~]  resource AWS::IoTWireless::WirelessDeviceImportTask
│       └      - arnTemplate: arn:${Partition}:iotwireless:${Region}:${Account}:ImportTask/${ImportTaskId}
│              + arnTemplate: arn:${Partition}:iotwireless:${Region}:${Account}:WirelessDeviceImportTask/${WirelessDeviceImportTaskId}
├[~] service aws-kinesis
│ └ resources
│    └[~]  resource AWS::Kinesis::ResourcePolicy
│       └ properties
│          └ ResourceArn: - relationshipRefs: undefined
│                         + relationshipRefs: [AWS::Kinesis::Stream.Arn, AWS::Kinesis::StreamConsumer.ConsumerARN]
├[~] service aws-kinesisfirehose
│ └ resources
│    └[~]  resource AWS::KinesisFirehose::DeliveryStream
│       └ types
│          ├[~] type ElasticsearchDestinationConfiguration
│          │ └ properties
│          │    └ DomainARN: - relationshipRefs: [AWS::OpenSearchService::Domain.Arn]
│          │                 + relationshipRefs: [AWS::Elasticsearch::Domain.Arn, AWS::OpenSearchService::Domain.Arn]
│          └[~] type VpcConfiguration
│            └ properties
│               └ SecurityGroupIds: - relationshipRefs: [AWS::EC2::SecurityGroup.Id]
│                                   + relationshipRefs: [AWS::EC2::SecurityGroup.GroupId, AWS::EC2::SecurityGroup.Id]
├[~] service aws-lambda
│ └ resources
│    └[~]  resource AWS::Lambda::Permission
│       └ properties
│          └ InvokedViaFunctionUrl: (documentation changed)
├[~] service aws-medialive
│ └ resources
│    └[~]  resource AWS::MediaLive::Channel
│       └ types
│          └[~] type MediaPackageV2GroupSettings
│            └ properties
│               ├[+] Id3Behavior: string
│               ├[+] KlvBehavior: string
│               ├[+] NielsenId3Behavior: string
│               ├[+] Scte35Type: string
│               ├[+] SegmentLength: integer
│               ├[+] SegmentLengthUnits: string
│               ├[+] TimedMetadataId3Frame: string
│               ├[+] TimedMetadataId3Period: integer
│               └[+] TimedMetadataPassthrough: string
├[~] service aws-neptune
│ └ resources
│    └[~]  resource AWS::Neptune::DBInstance
│       └ properties
│          └[+] PubliclyAccessible: boolean
├[~] service aws-observabilityadmin
│ └ resources
│    ├[~]  resource AWS::ObservabilityAdmin::OrganizationCentralizationRule
│    │  ├      - documentation: Resource schema for AWS:ObservabilityAdmin:OrganizationCentralizationRule
│    │  │      + documentation: Defines how telemetry data should be centralized across an AWS Organization, including source and destination configurations.
│    │  ├ properties
│    │  │  ├ RuleName: (documentation changed)
│    │  │  └ Tags: (documentation changed)
│    │  ├ attributes
│    │  │  └ RuleArn: (documentation changed)
│    │  └ types
│    │     ├[~] type CentralizationRule
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Defines how telemetry data should be centralized across an AWS Organization, including source and destination configurations.
│    │     │ └ properties
│    │     │    ├ Destination: (documentation changed)
│    │     │    └ Source: (documentation changed)
│    │     ├[~] type CentralizationRuleDestination
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Configuration specifying the primary destination for centralized telemetry data.
│    │     │ └ properties
│    │     │    ├ Account: (documentation changed)
│    │     │    ├ DestinationLogsConfiguration: (documentation changed)
│    │     │    └ Region: (documentation changed)
│    │     ├[~] type CentralizationRuleSource
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Configuration specifying the source of telemetry data to be centralized.
│    │     │ └ properties
│    │     │    ├ Regions: (documentation changed)
│    │     │    ├ Scope: (documentation changed)
│    │     │    └ SourceLogsConfiguration: (documentation changed)
│    │     ├[~] type DestinationLogsConfiguration
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Configuration for centralization destination log groups, including encryption and backup settings.
│    │     │ └ properties
│    │     │    ├ BackupConfiguration: (documentation changed)
│    │     │    └ LogsEncryptionConfiguration: (documentation changed)
│    │     ├[~] type LogsBackupConfiguration
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Configuration for backing up centralized log data to a secondary region.
│    │     │ └ properties
│    │     │    ├ KmsKeyArn: (documentation changed)
│    │     │    └ Region: (documentation changed)
│    │     ├[~] type LogsEncryptionConfiguration
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Configuration for encrypting centralized log groups. This configuration is only applied to destination log groups for which the corresponding source log groups are encrypted using Customer Managed KMS Keys.
│    │     │ └ properties
│    │     │    ├ EncryptionConflictResolutionStrategy: (documentation changed)
│    │     │    ├ EncryptionStrategy: (documentation changed)
│    │     │    └ KmsKeyArn: (documentation changed)
│    │     └[~] type SourceLogsConfiguration
│    │       ├      - documentation: undefined
│    │       │      + documentation: Configuration for selecting and handling source log groups for centralization.
│    │       └ properties
│    │          ├ EncryptedLogGroupStrategy: (documentation changed)
│    │          └ LogGroupSelectionCriteria: (documentation changed)
│    ├[~]  resource AWS::ObservabilityAdmin::OrganizationTelemetryRule
│    │  ├      - documentation: The AWS::ObservabilityAdmin::OrganizationTelemetryRule resource defines a CloudWatch Observability Admin Organization Telemetry Rule.
│    │  │      + documentation: Retrieves the details of a specific organization centralization rule. This operation can only be called by the organization's management account or a delegated administrator account.
│    │  ├ properties
│    │  │  ├ Rule: (documentation changed)
│    │  │  ├ RuleName: (documentation changed)
│    │  │  └ Tags: (documentation changed)
│    │  └ types
│    │     ├[~] type TelemetryDestinationConfiguration
│    │     │ ├      - documentation: The destination configuration for telemetry data
│    │     │ │      + documentation: Configuration specifying where and how telemetry data should be delivered for AWS resources.
│    │     │ └ properties
│    │     │    ├ DestinationPattern: (documentation changed)
│    │     │    ├ DestinationType: (documentation changed)
│    │     │    ├ RetentionInDays: (documentation changed)
│    │     │    └ VPCFlowLogParameters: (documentation changed)
│    │     ├[~] type TelemetryRule
│    │     │ ├      - documentation: The telemetry rule
│    │     │ │      + documentation: Defines how telemetry should be configured for specific AWS resources.
│    │     │ └ properties
│    │     │    ├ DestinationConfiguration: (documentation changed)
│    │     │    ├ ResourceType: (documentation changed)
│    │     │    ├ Scope: (documentation changed)
│    │     │    ├ SelectionCriteria: (documentation changed)
│    │     │    └ TelemetryType: (documentation changed)
│    │     └[~] type VPCFlowLogParameters
│    │       ├      - documentation: Telemetry parameters for VPC Flow logs
│    │       │      + documentation: Configuration parameters specific to VPC Flow Logs.
│    │       └ properties
│    │          ├ LogFormat: (documentation changed)
│    │          ├ MaxAggregationInterval: (documentation changed)
│    │          └ TrafficType: (documentation changed)
│    └[~]  resource AWS::ObservabilityAdmin::TelemetryRule
│       ├      - documentation: The AWS::ObservabilityAdmin::TelemetryRule resource defines a CloudWatch Observability Admin Telemetry Rule.
│       │      + documentation: Creates a telemetry rule that defines how telemetry should be configured for AWS resources in your account. The rule specifies which resources should have telemetry enabled and how that telemetry data should be collected based on resource type, telemetry type, and selection criteria.
│       ├ properties
│       │  ├ Rule: (documentation changed)
│       │  ├ RuleName: (documentation changed)
│       │  └ Tags: (documentation changed)
│       ├ attributes
│       │  └ RuleArn: (documentation changed)
│       └ types
│          ├[~] type TelemetryDestinationConfiguration
│          │ ├      - documentation: The destination configuration for telemetry data
│          │ │      + documentation: Configuration specifying where and how telemetry data should be delivered for AWS resources.
│          │ └ properties
│          │    ├ DestinationPattern: (documentation changed)
│          │    ├ DestinationType: (documentation changed)
│          │    ├ RetentionInDays: (documentation changed)
│          │    └ VPCFlowLogParameters: (documentation changed)
│          ├[~] type TelemetryRule
│          │ ├      - documentation: The telemetry rule
│          │ │      + documentation: Defines how telemetry should be configured for specific AWS resources.
│          │ └ properties
│          │    ├ DestinationConfiguration: (documentation changed)
│          │    ├ ResourceType: (documentation changed)
│          │    ├ SelectionCriteria: (documentation changed)
│          │    └ TelemetryType: (documentation changed)
│          └[~] type VPCFlowLogParameters
│            ├      - documentation: Telemetry parameters for VPC Flow logs
│            │      + documentation: Configuration parameters specific to VPC Flow Logs.
│            └ properties
│               ├ LogFormat: (documentation changed)
│               ├ MaxAggregationInterval: (documentation changed)
│               └ TrafficType: (documentation changed)
├[~] service aws-osis
│ └ resources
│    └[~]  resource AWS::OSIS::Pipeline
│       ├ properties
│       │  ├[+] PipelineRoleArn: string
│       │  └[+] ResourcePolicy: ResourcePolicy
│       └ types
│          └[+]  type ResourcePolicy
│             ├      name: ResourcePolicy
│             └ properties
│                └ Policy: json (required)
├[~] service aws-pinpoint
│ └ resources
│    ├[~]  resource AWS::Pinpoint::EmailTemplate
│    │  └      - arnTemplate: arn:${Partition}:mobiletargeting:${Region}:${Account}:templates/${TemplateName}/EMAIL
│    │         + arnTemplate: arn:${Partition}:mobiletargeting:${Region}:${Account}:templates/${TemplateName}/VOICE
│    ├[~]  resource AWS::Pinpoint::InAppTemplate
│    │  └      - arnTemplate: arn:${Partition}:mobiletargeting:${Region}:${Account}:templates/${TemplateName}/EMAIL
│    │         + arnTemplate: arn:${Partition}:mobiletargeting:${Region}:${Account}:templates/${TemplateName}/VOICE
│    ├[~]  resource AWS::Pinpoint::PushTemplate
│    │  └      - arnTemplate: arn:${Partition}:mobiletargeting:${Region}:${Account}:templates/${TemplateName}/PUSH
│    │         + arnTemplate: arn:${Partition}:mobiletargeting:${Region}:${Account}:templates/${TemplateName}/VOICE
│    └[~]  resource AWS::Pinpoint::SmsTemplate
│       └      - arnTemplate: arn:${Partition}:mobiletargeting:${Region}:${Account}:templates/${TemplateName}/EMAIL
│              + arnTemplate: arn:${Partition}:mobiletargeting:${Region}:${Account}:templates/${TemplateName}/SMS
├[~] service aws-redshift
│ └ resources
│    ├[~]  resource AWS::Redshift::Cluster
│    │  └ properties
│    │     ├ ClusterSecurityGroups: - relationshipRefs: undefined
│    │     │                        + relationshipRefs: [AWS::EC2::SecurityGroup.Id, AWS::Redshift::ClusterSecurityGroup.Id]
│    │     └ MasterPasswordSecretKmsKeyId: - relationshipRefs: undefined
│    │                                     + relationshipRefs: [AWS::KMS::Key.Arn, AWS::KMS::Key.KeyId]
│    ├[~]  resource AWS::Redshift::EndpointAccess
│    │  └ types
│    │     └[~] type VpcEndpoint
│    │       └ properties
│    │          ├ VpcEndpointId: - relationshipRefs: undefined
│    │          │                + relationshipRefs: [AWS::EC2::VPCEndpoint.Id]
│    │          └ VpcId: - relationshipRefs: undefined
│    │                   + relationshipRefs: [AWS::EC2::VPCEndpoint.VpcId]
│    └[~]  resource AWS::Redshift::EndpointAuthorization
│       └ properties
│          └ VpcIds: - relationshipRefs: undefined
│                    + relationshipRefs: [AWS::EC2::VPC.VpcId]
├[~] service aws-route53
│ └ resources
│    ├[~]  resource AWS::Route53::HealthCheck
│    │  └ types
│    │     └[~] type HealthCheckConfig
│    │       └ properties
│    │          ├ FailureThreshold: (documentation changed)
│    │          ├ MeasureLatency: (documentation changed)
│    │          └ RequestInterval: (documentation changed)
│    ├[~]  resource AWS::Route53::RecordSet
│    │  └ properties
│    │     └ Name: (documentation changed)
│    └[~]  resource AWS::Route53::RecordSetGroup
│       └ types
│          └[~] type RecordSet
│            └ properties
│               └ Name: (documentation changed)
├[~] service aws-route53resolver
│ └ resources
│    ├[~]  resource AWS::Route53Resolver::ResolverRule
│    │  └ properties
│    │     └ Name: (documentation changed)
│    └[~]  resource AWS::Route53Resolver::ResolverRuleAssociation
│       └ properties
│          └ Name: (documentation changed)
├[~] service aws-s3
│ └ resources
│    └[~]  resource AWS::S3::AccessGrantsLocation
│       └ properties
│          ├ IamRoleArn: - string
│          │             + string (required)
│          └ LocationScope: - string
│                           + string (required)
├[~] service aws-s3express
│ └ resources
│    └[~]  resource AWS::S3Express::DirectoryBucket
│       └ types
│          └[~] type ServerSideEncryptionByDefault
│            └ properties
│               └ KMSMasterKeyID: - relationshipRefs: undefined
│                                 + relationshipRefs: [AWS::KMS::Key.KeyId, AWS::KMS::Key.Arn]
├[~] service aws-sagemaker
│ └ resources
│    └[~]  resource AWS::SageMaker::Cluster
│       ├ properties
│       │  └[+] TieredStorageConfig: TieredStorageConfig
│       └ types
│          └[+]  type TieredStorageConfig
│             ├      documentation: Configuration for tiered storage in the SageMaker HyperPod cluster.
│             │      name: TieredStorageConfig
│             └ properties
│                ├ Mode: string (required)
│                └ InstanceMemoryAllocationPercentage: integer
├[~] service aws-ssm
│ └ resources
│    └[~]  resource AWS::SSM::Association
│       └ types
│          └[~] type Target
│            └ properties
│               └ Values: - relationshipRefs: [AWS::AutoScaling::AutoScalingGroup.AutoScalingGroupName, AWS::EC2::Instance.InstanceId]
│                         + relationshipRefs: [AWS::EC2::Instance.Id, AWS::AutoScaling::AutoScalingGroup.AutoScalingGroupName, AWS::EC2::Instance.InstanceId]
├[~] service aws-synthetics
│ └ resources
│    └[~]  resource AWS::Synthetics::Canary
│       └ types
│          ├[~] type Code
│          │ └ properties
│          │    ├ BlueprintTypes: (documentation changed)
│          │    └ Handler: (documentation changed)
│          └[~] type VisualReference
│            └ properties
│               └ BrowserType: (documentation changed)
└[~] service aws-vpclattice
  └ resources
     └[~]  resource AWS::VpcLattice::ResourceGateway
        └ properties
           ├ SecurityGroupIds: - relationshipRefs: undefined
           │                   + relationshipRefs: [AWS::EC2::SecurityGroup.GroupId, AWS::EC2::SecurityGroup.Id, AWS::EC2::VPC.DefaultSecurityGroup]
           └ SubnetIds: - relationshipRefs: undefined
                        + relationshipRefs: [AWS::EC2::Subnet.SubnetId]

CHANGES TO L1 RESOURCES: L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-s3: AWS::S3::AccessGrantsLocation: IamRoleArn property is now required.
aws-s3: AWS::S3::AccessGrantsLocation: LocationScope property is now required.

Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`

mergify · 2025-10-22T12:31:01Z

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

mergify · 2025-10-22T12:33:41Z

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

mergify · 2025-10-22T13:16:11Z

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

github-actions · 2025-10-22T13:16:33Z

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

feat: update L1 CloudFormation resource definitions

bfef2f2

Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`

aws-cdk-automation requested review from a team October 22, 2025 11:53

github-actions bot added the p2 label Oct 22, 2025

leonmk-aws self-assigned this Oct 22, 2025

leonmk-aws approved these changes Oct 22, 2025

View reviewed changes

mergify bot added the queued label Oct 22, 2025

Merge branch 'main' into automation/spec-update

d10157e

mergify bot merged commit 82bef28 into main Oct 22, 2025
18 of 19 checks passed

mergify bot deleted the automation/spec-update branch October 22, 2025 13:16

mergify bot removed the queued label Oct 22, 2025

github-actions bot locked as resolved and limited conversation to collaborators Oct 22, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat: update L1 CloudFormation resource definitions #35816

feat: update L1 CloudFormation resource definitions #35816

Uh oh!

aws-cdk-automation commented Oct 22, 2025 •

edited by leonmk-aws

Loading

Uh oh!

mergify bot commented Oct 22, 2025

Uh oh!

mergify bot commented Oct 22, 2025

Uh oh!

mergify bot commented Oct 22, 2025

Uh oh!

Uh oh!

github-actions bot commented Oct 22, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

feat: update L1 CloudFormation resource definitions #35816

feat: update L1 CloudFormation resource definitions #35816

Uh oh!

Conversation

aws-cdk-automation commented Oct 22, 2025 • edited by leonmk-aws Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

mergify bot commented Oct 22, 2025

Uh oh!

mergify bot commented Oct 22, 2025

Uh oh!

mergify bot commented Oct 22, 2025

Uh oh!

Uh oh!

github-actions bot commented Oct 22, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

aws-cdk-automation commented Oct 22, 2025 •

edited by leonmk-aws

Loading