Skip to content

feat: update L1 CloudFormation resource definitions#37530

Open
aws-cdk-automation wants to merge 1 commit intomainfrom
automation/spec-update
Open

feat: update L1 CloudFormation resource definitions#37530
aws-cdk-automation wants to merge 1 commit intomainfrom
automation/spec-update

Conversation

@aws-cdk-automation
Copy link
Copy Markdown
Collaborator

@aws-cdk-automation aws-cdk-automation commented Apr 6, 2026

Updates the L1 CloudFormation resource definitions with the latest changes from @aws-cdk/aws-service-spec

L1 CloudFormation resource definition changes:

├[~] service aws-appstream
│ └ resources
│    └[~]  resource AWS::AppStream::Stack
│       ├      - primaryIdentifier: ["Id"]
│       │      + primaryIdentifier: ["Name"]
│       └ attributes
│          └[-] Id: string
├[~] service aws-appsync
│ └ resources
│    └[~]  resource AWS::AppSync::GraphQLApi
│       └ types
│          └[~] type LogConfig
│            └ properties
│               ├ CloudWatchLogsRoleArn: - string
│               │                        + string (required)
│               └ FieldLogLevel: - string
│                                + string (required)
├[~] service aws-bedrockagentcore
│ └ resources
│    ├[~]  resource AWS::BedrockAgentCore::Evaluator
│    │  └ types
│    │     ├[+]  type CodeBasedEvaluatorConfig
│    │     │  ├      documentation: The configuration for code-based evaluation using a Lambda function.
│    │     │  │      name: CodeBasedEvaluatorConfig
│    │     │  └ properties
│    │     │     └ LambdaConfig: LambdaEvaluatorConfig (required)
│    │     ├[~] type EvaluatorConfig
│    │     │ └ properties
│    │     │    ├[+] CodeBased: CodeBasedEvaluatorConfig
│    │     │    └ LlmAsAJudge: - LlmAsAJudgeEvaluatorConfig (required)
│    │     │                   + LlmAsAJudgeEvaluatorConfig
│    │     └[+]  type LambdaEvaluatorConfig
│    │        ├      documentation: The Lambda function configuration for code-based evaluation.
│    │        │      name: LambdaEvaluatorConfig
│    │        └ properties
│    │           ├ LambdaArn: string (required)
│    │           └ LambdaTimeoutInSeconds: integer
│    └[~]  resource AWS::BedrockAgentCore::Memory
│       └ types
│          ├[~] type CustomMemoryStrategy
│          │ └ properties
│          │    └[+] NamespaceTemplates: Array<string>
│          ├[~] type EpisodicMemoryStrategy
│          │ └ properties
│          │    └[+] NamespaceTemplates: Array<string>
│          ├[~] type EpisodicOverrideReflectionConfigurationInput
│          │ └ properties
│          │    └[+] NamespaceTemplates: Array<string>
│          ├[~] type EpisodicReflectionConfigurationInput
│          │ └ properties
│          │    └[+] NamespaceTemplates: Array<string>
│          ├[~] type SemanticMemoryStrategy
│          │ └ properties
│          │    └[+] NamespaceTemplates: Array<string>
│          ├[~] type SummaryMemoryStrategy
│          │ └ properties
│          │    └[+] NamespaceTemplates: Array<string>
│          └[~] type UserPreferenceMemoryStrategy
│            └ properties
│               └[+] NamespaceTemplates: Array<string>
├[~] service aws-customerprofiles
│ └ resources
│    └[~]  resource AWS::CustomerProfiles::SegmentDefinition
│       ├ properties
│       │  └[+] SegmentSort: SegmentSort
│       └ types
│          ├[+]  type SegmentSort
│          │  ├      documentation: Defines how segments should be sorted and ordered in the results.
│          │  │      name: SegmentSort
│          │  └ properties
│          │     └ Attributes: Array<SortAttribute> (required)
│          └[+]  type SortAttribute
│             ├      documentation: Defines the characteristics and rules for sorting by a specific attribute.
│             │      name: SortAttribute
│             └ properties
│                ├ Name: string (required)
│                ├ Order: string<ASC|DESC> (required)
│                ├ DataType: string<STRING|NUMBER|DATE>
│                └ Type: string<PROFILE|CALCULATED>
├[~] service aws-datazone
│ └ resources
│    ├[~]  resource AWS::DataZone::Connection
│    │  └ types
│    │     ├[~] type ConnectionPropertiesInput
│    │     │ └ properties
│    │     │    ├[+] WorkflowsMwaaProperties: WorkflowsMwaaPropertiesInput
│    │     │    └[+] WorkflowsServerlessProperties: json
│    │     └[+]  type WorkflowsMwaaPropertiesInput
│    │        ├      documentation: Workflows MWAA Properties Input
│    │        │      name: WorkflowsMwaaPropertiesInput
│    │        └ properties
│    │           └ MwaaEnvironmentName: string
│    ├[~]  resource AWS::DataZone::Project
│    │  ├ properties
│    │  │  └[+] ResourceTags: Array<ResourceTag>
│    │  └ types
│    │     └[+]  type ResourceTag
│    │        ├      name: ResourceTag
│    │        └ properties
│    │           ├ Key: string (required)
│    │           └ Value: string (required)
│    └[~]  resource AWS::DataZone::ProjectProfile
│       ├ properties
│       │  ├[+] AllowCustomProjectResourceTags: boolean
│       │  ├[+] ProjectResourceTags: Array<ResourceTagParameter>
│       │  └[+] ProjectResourceTagsDescription: string
│       └ types
│          └[+]  type ResourceTagParameter
│             ├      name: ResourceTagParameter
│             └ properties
│                ├ Key: string (required)
│                ├ Value: string (required)
│                └ IsValueEditable: boolean (required)
├[~] service aws-devopsagent
│ └ resources
│    ├[~]  resource AWS::DevOpsAgent::AgentSpace
│    │  ├      - tagInformation: undefined
│    │  │      + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │  └ properties
│    │     ├[+] KmsKeyArn: string (immutable)
│    │     └[+] Tags: Array<tag>
│    └[~]  resource AWS::DevOpsAgent::Service
│       ├      - tagInformation: undefined
│       │      + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│       ├ properties
│       │  ├[+] KmsKeyArn: string (immutable)
│       │  └[+] Tags: Array<tag>
│       └ attributes
│          └[+] Arn: string
├[~] service aws-directoryservice
│ └ resources
│    └[~]  resource AWS::DirectoryService::MicrosoftAD
│       └      - arnTemplate: arn:${Partition}:ds:${Region}:${Account}:directory/${DirectoryId}
│              + arnTemplate: arn:${Partition}:ds:${Region}:${Account}:${DirectoryId}
├[~] service aws-dlm
│ └ resources
│    └[~]  resource AWS::DLM::LifecyclePolicy
│       └ types
│          └[~] type FastRestoreRule
│            └ properties
│               └[+] AvailabilityZoneIds: Array<string>
├[~] service aws-ec2
│ └ resources
│    └[~]  resource AWS::EC2::Instance
│       ├      - vendedLogs: undefined
│       │      + vendedLogs: [{"permissionsVersion":"V2","logType":"CONSOLE_LOGS","destinations":[{"destinationType":"S3","outputFormats":["json","plain","w3c","parquet"]},{"destinationType":"CWL","outputFormats":["plain","json"]},{"destinationType":"FH","outputFormats":["json","plain","raw"]}],"mandatoryFields":["resource_arn","event_timestamp","message"]}]
│       └ vendedLogs
│          └[+] logType: CONSOLE_LOGS
│            ├permissionsVersion: V2
│            ├destinations: [S3, CWL, FH]
│            └mandatoryFields: [resource_arn, event_timestamp, message]
├[~] service aws-ecs
│ └ resources
│    ├[~]  resource AWS::ECS::CapacityProvider
│    │  └ types
│    │     ├[~] type InstanceLaunchTemplate
│    │     │ └ properties
│    │     │    └[+] LocalStorageConfiguration: ManagedInstancesLocalStorageConfiguration
│    │     └[+]  type ManagedInstancesLocalStorageConfiguration
│    │        ├      name: ManagedInstancesLocalStorageConfiguration
│    │        └ properties
│    │           └ UseLocalStorage: boolean
│    ├[+]  resource AWS::ECS::Daemon
│    │  ├      name: Daemon
│    │  │      cloudFormationType: AWS::ECS::Daemon
│    │  │      documentation: Resource schema for AWS ECS Daemon
│    │  │      tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │  │      primaryIdentifier: ["DaemonArn"]
│    │  ├ properties
│    │  │  ├ ClusterArn: string (immutable)
│    │  │  ├ DaemonTaskDefinitionArn: string
│    │  │  ├ DaemonName: string (immutable)
│    │  │  ├ EnableECSManagedTags: boolean
│    │  │  ├ EnableExecuteCommand: boolean
│    │  │  ├ PropagateTags: string<DAEMON|NONE>
│    │  │  ├ CapacityProviderArns: Array<string>
│    │  │  ├ DeploymentConfiguration: DaemonDeploymentConfiguration
│    │  │  └ Tags: Array<tag>
│    │  ├ attributes
│    │  │  ├ DaemonArn: string
│    │  │  ├ DeploymentArn: string
│    │  │  ├ CreatedAt: string
│    │  │  ├ UpdatedAt: string
│    │  │  └ DaemonStatus: string<ACTIVE|DELETE_IN_PROGRESS>
│    │  └ types
│    │     ├ type DaemonAlarmConfiguration
│    │     │ ├      name: DaemonAlarmConfiguration
│    │     │ └ properties
│    │     │    ├ AlarmNames: Array<string>
│    │     │    └ Enable: boolean
│    │     └ type DaemonDeploymentConfiguration
│    │       ├      name: DaemonDeploymentConfiguration
│    │       └ properties
│    │          ├ DrainPercent: number
│    │          ├ BakeTimeInMinutes: integer
│    │          └ Alarms: DaemonAlarmConfiguration
│    └[+]  resource AWS::ECS::DaemonTaskDefinition
│       ├      name: DaemonTaskDefinition
│       │      cloudFormationType: AWS::ECS::DaemonTaskDefinition
│       │      documentation: Resource Schema describing various properties for ECS DaemonTaskDefinition
│       │      tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│       │      primaryIdentifier: ["DaemonTaskDefinitionArn"]
│       ├ properties
│       │  ├ ExecutionRoleArn: string (immutable)
│       │  ├ TaskRoleArn: string (immutable)
│       │  ├ Volumes: Array<Volume> (immutable)
│       │  ├ Memory: string (immutable)
│       │  ├ ContainerDefinitions: Array<DaemonContainerDefinition> (immutable)
│       │  ├ Family: string (immutable)
│       │  ├ Cpu: string (immutable)
│       │  └ Tags: Array<tag>
│       ├ attributes
│       │  └ DaemonTaskDefinitionArn: string
│       └ types
│          ├ type ContainerDependency
│          │ ├      name: ContainerDependency
│          │ └ properties
│          │    ├ Condition: string
│          │    └ ContainerName: string
│          ├ type DaemonContainerDefinition
│          │ ├      documentation: Container definition for daemon task definition
│          │ │      name: DaemonContainerDefinition
│          │ └ properties
│          │    ├ User: string
│          │    ├ Secrets: Array<Secret>
│          │    ├ Memory: integer
│          │    ├ Privileged: boolean
│          │    ├ StartTimeout: integer
│          │    ├ HealthCheck: HealthCheck
│          │    ├ Cpu: integer
│          │    ├ EntryPoint: Array<string>
│          │    ├ ReadonlyRootFilesystem: boolean
│          │    ├ Image: string (required)
│          │    ├ Essential: boolean
│          │    ├ LogConfiguration: LogConfiguration
│          │    ├ EnvironmentFiles: Array<EnvironmentFile>
│          │    ├ Name: string (required)
│          │    ├ FirelensConfiguration: FirelensConfiguration
│          │    ├ SystemControls: Array<SystemControl>
│          │    ├ Interactive: boolean
│          │    ├ Ulimits: Array<Ulimit>
│          │    ├ StopTimeout: integer
│          │    ├ WorkingDirectory: string
│          │    ├ MemoryReservation: integer
│          │    ├ RepositoryCredentials: RepositoryCredentials
│          │    ├ LinuxParameters: LinuxParameters
│          │    ├ RestartPolicy: RestartPolicy
│          │    ├ PseudoTerminal: boolean
│          │    ├ MountPoints: Array<MountPoint>
│          │    ├ DependsOn: Array<ContainerDependency>
│          │    ├ Command: Array<string>
│          │    └ Environment: Array<KeyValuePair>
│          ├ type Device
│          │ ├      name: Device
│          │ └ properties
│          │    ├ HostPath: string
│          │    ├ Permissions: Array<string>
│          │    └ ContainerPath: string
│          ├ type EnvironmentFile
│          │ ├      name: EnvironmentFile
│          │ └ properties
│          │    ├ Type: string
│          │    └ Value: string
│          ├ type FirelensConfiguration
│          │ ├      name: FirelensConfiguration
│          │ └ properties
│          │    ├ Options: Map<string, string>
│          │    └ Type: string
│          ├ type HealthCheck
│          │ ├      name: HealthCheck
│          │ └ properties
│          │    ├ Command: Array<string>
│          │    ├ Timeout: integer
│          │    ├ Retries: integer
│          │    ├ Interval: integer
│          │    └ StartPeriod: integer
│          ├ type HostVolumeProperties
│          │ ├      name: HostVolumeProperties
│          │ └ properties
│          │    └ SourcePath: string
│          ├ type KernelCapabilities
│          │ ├      name: KernelCapabilities
│          │ └ properties
│          │    ├ Add: Array<string>
│          │    └ Drop: Array<string>
│          ├ type KeyValuePair
│          │ ├      name: KeyValuePair
│          │ └ properties
│          │    ├ Value: string
│          │    └ Name: string
│          ├ type LinuxParameters
│          │ ├      name: LinuxParameters
│          │ └ properties
│          │    ├ Capabilities: KernelCapabilities
│          │    ├ Tmpfs: Array<Tmpfs>
│          │    ├ Devices: Array<Device>
│          │    └ InitProcessEnabled: boolean
│          ├ type LogConfiguration
│          │ ├      name: LogConfiguration
│          │ └ properties
│          │    ├ SecretOptions: Array<Secret>
│          │    ├ Options: Map<string, string>
│          │    └ LogDriver: string (required)
│          ├ type MountPoint
│          │ ├      name: MountPoint
│          │ └ properties
│          │    ├ ReadOnly: boolean
│          │    ├ SourceVolume: string
│          │    └ ContainerPath: string
│          ├ type RepositoryCredentials
│          │ ├      name: RepositoryCredentials
│          │ └ properties
│          │    └ CredentialsParameter: string
│          ├ type RestartPolicy
│          │ ├      name: RestartPolicy
│          │ └ properties
│          │    ├ IgnoredExitCodes: Array<integer>
│          │    ├ RestartAttemptPeriod: integer
│          │    └ Enabled: boolean
│          ├ type Secret
│          │ ├      name: Secret
│          │ └ properties
│          │    ├ ValueFrom: string (required)
│          │    └ Name: string (required)
│          ├ type SystemControl
│          │ ├      name: SystemControl
│          │ └ properties
│          │    ├ Value: string
│          │    └ Namespace: string
│          ├ type Tmpfs
│          │ ├      name: Tmpfs
│          │ └ properties
│          │    ├ Size: integer (required)
│          │    ├ ContainerPath: string
│          │    └ MountOptions: Array<string>
│          ├ type Ulimit
│          │ ├      name: Ulimit
│          │ └ properties
│          │    ├ SoftLimit: integer (required)
│          │    ├ HardLimit: integer (required)
│          │    └ Name: string (required)
│          └ type Volume
│            ├      name: Volume
│            └ properties
│               ├ Host: HostVolumeProperties
│               └ Name: string
├[~] service aws-eks
│ └ resources
│    └[~]  resource AWS::EKS::Nodegroup
│       ├ properties
│       │  └[+] WarmPoolConfig: WarmPoolConfig
│       └ types
│          └[+]  type WarmPoolConfig
│             ├      documentation: The warm pool configuration for the node group.
│             │      name: WarmPoolConfig
│             └ properties
│                ├ Enabled: boolean
│                ├ MaxGroupPreparedCapacity: integer
│                ├ MinSize: integer
│                ├ PoolState: string
│                └ ReuseOnScaleIn: boolean
├[~] service aws-elasticloadbalancing
│ └ resources
│    └[~]  resource AWS::ElasticLoadBalancing::LoadBalancer
│       ├ attributes
│       │  └[+] SourceSecurityGroup: SourceSecurityGroup
│       └ types
│          ├[~] type Policies
│          │ └ properties
│          │    └ Attributes: - Array<json> (required)
│          │                  + Array<PolicyItem> ⇐ Array<json> (required)
│          ├[+]  type PolicyItem
│          │  ├      name: PolicyItem
│          │  └ properties
│          │     ├ Name: string
│          │     └ Value: string
│          └[+]  type SourceSecurityGroup
│             ├      name: SourceSecurityGroup
│             └ properties
│                ├ GroupName: string
│                └ OwnerAlias: string
├[~] service aws-emr
│ └ resources
│    └[~]  resource AWS::EMR::Cluster
│       ├ properties
│       │  ├ AdditionalInfo: - json | string ⇐ json (immutable)
│       │  │                 + json (immutable)
│       │  ├ MonitoringConfiguration: (documentation changed)
│       │  ├ PlacementGroupConfigs: (documentation changed)
│       │  ├ ScaleDownBehavior: - string<TERMINATE_AT_INSTANCE_HOUR|TERMINATE_AT_TASK_COMPLETION> (immutable)
│       │  │                    + string (immutable)
│       │  └ VisibleToAllUsers: - boolean (deprecated=WARN)
│       │                       + boolean
│       └ types
│          ├[~] type CloudWatchAlarmDefinition
│          │ └ properties
│          │    ├ ComparisonOperator: - string<GREATER_THAN_OR_EQUAL|GREATER_THAN|LESS_THAN|LESS_THAN_OR_EQUAL> (required)
│          │    │                     + string (required)
│          │    ├ Statistic: - string<SAMPLE_COUNT|AVERAGE|SUM|MINIMUM|MAXIMUM>
│          │    │            + string
│          │    └ Unit: - string<NONE|SECONDS|MICRO_SECONDS|MILLI_SECONDS|BYTES|KILO_BYTES|MEGA_BYTES|GIGA_BYTES|TERA_BYTES|BITS|KILO_BITS|MEGA_BITS|GIGA_BITS|TERA_BITS|PERCENT|COUNT|BYTES_PER_SECOND|KILO_BYTES_PER_SECOND|MEGA_BYTES_PER_SECOND|GIGA_BYTES_PER_SECOND|TERA_BYTES_PER_SECOND|BITS_PER_SECOND|KILO_BITS_PER_SECOND|MEGA_BITS_PER_SECOND|GIGA_BITS_PER_SECOND|TERA_BITS_PER_SECOND|COUNT_PER_SECOND>
│          │            + string
│          ├[~] type CloudWatchLogConfiguration
│          │ ├      - documentation: Holds CloudWatch log configuration settings and metadata that specify settings like log files to monitor and where to send them.
│          │ │      + documentation: undefined
│          │ └ properties
│          │    ├ Enabled: (documentation changed)
│          │    ├ EncryptionKeyArn: (documentation changed)
│          │    ├ LogGroupName: (documentation changed)
│          │    ├ LogStreamNamePrefix: (documentation changed)
│          │    └ LogTypes: - Map<string, Array<string>>
│          │                + json
│          │                (documentation changed)
│          ├[~] type ComputeLimits
│          │ └ properties
│          │    └ UnitType: - string<InstanceFleetUnits|Instances|VCPU> (required)
│          │                + string (required)
│          ├[~] type EMRConfiguration
│          │ └ properties
│          │    └ Classification: (documentation changed)
│          ├[~] type InstanceGroupConfig
│          │ └ properties
│          │    └ Market: - string<ON_DEMAND|SPOT> (immutable)
│          │              + string (immutable)
│          ├[~] type MonitoringConfiguration
│          │ ├      - documentation: Contains CloudWatch log configuration metadata and settings.
│          │ │      + documentation: undefined
│          │ └ properties
│          │    └ CloudWatchLogConfiguration: (documentation changed)
│          ├[~] type PlacementGroupConfig
│          │ └ properties
│          │    ├ InstanceRole: - string<MASTER|CORE|TASK> (required)
│          │    │               + string (required)
│          │    └ PlacementStrategy: - string<SPREAD|PARTITION|CLUSTER|NONE>
│          │                         + string
│          ├[~] type ScalingAction
│          │ └ properties
│          │    └ Market: - string<ON_DEMAND|SPOT>
│          │              + string
│          ├[~] type SimpleScalingPolicyConfiguration
│          │ └ properties
│          │    └ AdjustmentType: - string<CHANGE_IN_CAPACITY|EXACT_CAPACITY|PERCENT_CHANGE_IN_CAPACITY>
│          │                      + string
│          ├[~] type SpotProvisioningSpecification
│          │ └ properties
│          │    └ TimeoutAction: - string<SWITCH_TO_ON_DEMAND|TERMINATE_CLUSTER> (required)
│          │                     + string (required)
│          └[~] type StepConfig
│            └ properties
│               └ ActionOnFailure: - string<CANCEL_AND_WAIT|CONTINUE|TERMINATE_CLUSTER|TERMINATE_JOB_FLOW>
│                                  + string
├[~] service aws-fsx
│ └ resources
│    └[~]  resource AWS::FSx::FileSystem
│       └ types
│          ├[+]  type FsrmConfiguration
│          │  ├      name: FsrmConfiguration
│          │  └ properties
│          │     ├ FsrmServiceEnabled: boolean (required)
│          │     └ EventLogDestination: string
│          └[~] type WindowsConfiguration
│            └ properties
│               └[+] FsrmConfiguration: FsrmConfiguration
├[~] service aws-glue
│ └ resources
│    └[~]  resource AWS::Glue::Partition
│       └      - arnTemplate: arn:${Partition}:glue:${Region}:${Account}:partition/${PartitionName}
│              + arnTemplate: undefined
├[~] service aws-interconnect
│ └ resources
│    └[~]  resource AWS::Interconnect::Connection
│       └      - arnTemplate: undefined
│              + arnTemplate: arn:${Partition}:interconnect:${Region}:${Account}:connection/${Id}
├[~] service aws-kafkaconnect
│ └ resources
│    └[~]  resource AWS::KafkaConnect::Connector
│       └ types
│          └[~] type ProvisionedCapacity
│            └ properties
│               └ McuCount: - integer<1|2|4|8>
│                           + integer<1|2|4|8> (required)
├[+] service aws-novaact
│ ├      capitalized: NovaAct
│ │      cloudFormationNamespace: AWS::NovaAct
│ │      name: aws-novaact
│ │      shortName: novaact
│ └ resources
│    └ resource AWS::NovaAct::WorkflowDefinition
│      ├      name: WorkflowDefinition
│      │      cloudFormationType: AWS::NovaAct::WorkflowDefinition
│      │      documentation: Definition of AWS::NovaAct::WorkflowDefinition Resource Type
│      │      primaryIdentifier: ["Arn"]
│      ├ properties
│      │  ├ Description: string (immutable)
│      │  ├ ExportConfig: WorkflowExportConfig (immutable)
│      │  └ Name: string (required, immutable)
│      ├ attributes
│      │  ├ Arn: string
│      │  ├ CreatedAt: string
│      │  └ Status: string<ACTIVE|DELETING>
│      └ types
│         └ type WorkflowExportConfig
│           ├      documentation: Configuration settings for exporting workflow execution data and logs to Amazon S3.
│           │      name: WorkflowExportConfig
│           └ properties
│              ├ S3BucketName: string (required)
│              └ S3KeyPrefix: string
├[~] service aws-observabilityadmin
│ └ resources
│    ├[~]  resource AWS::ObservabilityAdmin::OrganizationTelemetryRule
│    │  └ types
│    │     └[~] type TelemetryRule
│    │       └ properties
│    │          ├ ResourceType: - string<AWS::EC2::VPC|AWS::WAFv2::WebACL|AWS::CloudTrail|AWS::EKS::Cluster|AWS::ElasticLoadBalancingV2::LoadBalancer> (required)
│    │          │               + string<AWS::EC2::VPC|AWS::WAFv2::WebACL|AWS::CloudTrail|AWS::EKS::Cluster|AWS::ElasticLoadBalancingV2::LoadBalancer|AWS::EC2::Instance> (required)
│    │          └ TelemetryType: - string<Logs> (required)
│    │                           + string<Logs|Metrics> (required)
│    └[~]  resource AWS::ObservabilityAdmin::TelemetryRule
│       └ types
│          └[~] type TelemetryRule
│            └ properties
│               ├ ResourceType: - string<AWS::EC2::VPC|AWS::WAFv2::WebACL|AWS::CloudTrail|AWS::EKS::Cluster|AWS::ElasticLoadBalancingV2::LoadBalancer|AWS::BedrockAgentCore::Runtime|AWS::BedrockAgentCore::Browser|AWS::BedrockAgentCore::CodeInterpreter> (required)
│               │               + string<AWS::EC2::VPC|AWS::WAFv2::WebACL|AWS::CloudTrail|AWS::EKS::Cluster|AWS::ElasticLoadBalancingV2::LoadBalancer|AWS::EC2::Instance|AWS::BedrockAgentCore::Runtime|AWS::BedrockAgentCore::Browser|AWS::BedrockAgentCore::CodeInterpreter> (required)
│               └ TelemetryType: - string<Logs|Traces> (required)
│                                + string<Logs|Traces|Metrics> (required)
├[~] service aws-omics
│ └ resources
│    └[+]  resource AWS::Omics::Configuration
│       ├      name: Configuration
│       │      cloudFormationType: AWS::Omics::Configuration
│       │      documentation: Resource schema for AWS::Omics::Configuration
│       │      tagInformation: {"tagPropertyName":"Tags","variant":"map"}
│       │      arnTemplate: arn:${Partition}:omics:${Region}:${Account}:configuration/${Name}
│       │      primaryIdentifier: ["Name"]
│       ├ properties
│       │  ├ Name: string (required, immutable)
│       │  ├ Description: string
│       │  ├ RunConfigurations: RunConfigurations (required, immutable)
│       │  └ Tags: Map<string, string>
│       ├ attributes
│       │  ├ Arn: string
│       │  ├ Uuid: string
│       │  ├ Status: string<CREATING|ACTIVE|UPDATING|DELETING|DELETED|FAILED>
│       │  └ CreationTime: string
│       └ types
│          ├ type RunConfigurations
│          │ ├      name: RunConfigurations
│          │ └ properties
│          │    └ VpcConfig: VpcConfig
│          └ type VpcConfig
│            ├      name: VpcConfig
│            └ properties
│               ├ SecurityGroupIds: Array<string>
│               └ SubnetIds: Array<string>
├[~] service aws-pinpoint
│ └ resources
│    └[~]  resource AWS::Pinpoint::InAppTemplate
│       └      - arnTemplate: arn:${Partition}:mobiletargeting:${Region}:${Account}:templates/${TemplateName}/VOICE
│              + arnTemplate: arn:${Partition}:mobiletargeting:${Region}:${Account}:templates/${TemplateName}/EMAIL
├[~] service aws-quicksight
│ └ resources
│    ├[~]  resource AWS::QuickSight::DataSet
│    │  ├ properties
│    │  │  ├ FolderArns: (documentation changed)
│    │  │  └ RowLevelPermissionDataSet: (documentation changed)
│    │  └ types
│    │     └[~] type RowLevelPermissionConfiguration
│    │       └ properties
│    │          └ RowLevelPermissionDataSet: (documentation changed)
│    └[~]  resource AWS::QuickSight::DataSource
│       ├ properties
│       │  └ Type: - string<ADOBE_ANALYTICS|AMAZON_ELASTICSEARCH|AMAZON_OPENSEARCH|ATHENA|AURORA|AURORA_POSTGRESQL|AWS_IOT_ANALYTICS|DATABRICKS|DENODO|DREMIO|DYNAMODB|SAPHANA|DB2_AS400|EXASOL|FILE|GITHUB|INTERNATIONAL_DATA_CORPORATION|JIRA|MARIADB|MYSQL|ORACLE|POSTGRESQL|PRESTO|QBUSINESS|REDSHIFT|S3|S3_TABLES|S3_KNOWLEDGE_BASE|SALESFORCE|SERVICENOW|SNOWFLAKE|SPARK|SPICE|SQLSERVER|TERADATA|TIMESTREAM|TWITTER|BIGQUERY|GOOGLE_ANALYTICS|TRINO|STARBURST|MONGO|MONGO_ATLAS|DOCUMENTDB|APPFLOW|IMPALA|GLUE|GOOGLE_DRIVE|CONFLUENCE|SHAREPOINT|ONE_DRIVE|WEB_CRAWLER> (required, immutable)
│       │          + string<ADOBE_ANALYTICS|AMAZON_ELASTICSEARCH|AMAZON_OPENSEARCH|ATHENA|AURORA|AURORA_POSTGRESQL|AWS_IOT_ANALYTICS|DATABRICKS|DENODO|DREMIO|DYNAMODB|SAPHANA|DB2_AS400|EXASOL|FILE|GITHUB|INTERNATIONAL_DATA_CORPORATION|JIRA|MARIADB|MYSQL|ORACLE|POSTGRESQL|PRESTO|QBUSINESS|REDSHIFT|S3|S3_TABLES|S3_KNOWLEDGE_BASE|SALESFORCE|SERVICENOW|SNOWFLAKE|SPARK|SPICE|SQLSERVER|TERADATA|TIMESTREAM|TWITTER|BIGQUERY|GOOGLE_ANALYTICS|TRINO|STARBURST|MONGO|MONGO_ATLAS|DOCUMENTDB|APPFLOW|IMPALA|GLUE|GOOGLE_DRIVE|CONFLUENCE|SHAREPOINT|ONE_DRIVE|WEB_CRAWLER|BOX> (required, immutable)
│       └ types
│          ├[~] type DataSourceParameters
│          │ └ properties
│          │    └[+] S3TablesParameters: S3TablesParameters
│          └[+]  type S3TablesParameters
│             ├      name: S3TablesParameters
│             └ properties
│                └ TableBucketArn: string
├[~] service aws-rds
│ └ resources
│    └[~]  resource AWS::RDS::DBCluster
│       └ attributes
│          └[+] StorageEncryptionType: string
├[~] service aws-sagemaker
│ └ resources
│    └[~]  resource AWS::SageMaker::Model
│       ├      - primaryIdentifier: ["Id"]
│       │      + primaryIdentifier: ["ModelArn"]
│       ├ attributes
│       │  └[+] ModelArn: string
│       └ types
│          ├[~] type ContainerDefinition
│          │ └ properties
│          │    └ Mode: - string (immutable)
│          │            + string<SingleModel|MultiModel> (immutable)
│          ├[~] type ImageConfig
│          │ └ properties
│          │    └ RepositoryAccessMode: - string (required, immutable)
│          │                            + string<Platform|Vpc> (required, immutable)
│          ├[~] type InferenceExecutionConfig
│          │ └ properties
│          │    └ Mode: - string (required, immutable)
│          │            + string<Serial|Direct> (required, immutable)
│          ├[~] type MultiModelConfig
│          │ └ properties
│          │    └ ModelCacheSetting: - string (immutable)
│          │                         + string<Enabled|Disabled> (immutable)
│          └[~] type S3DataSource
│            └ properties
│               ├ CompressionType: - string (required)
│               │                  + string<None|Gzip> (required)
│               │                  (documentation changed)
│               ├ ModelAccessConfig: (documentation changed)
│               └ S3DataType: - string (required)
│                             + string<S3Prefix|S3Object> (required)
├[+] service aws-securityagent
│ ├      capitalized: SecurityAgent
│ │      cloudFormationNamespace: AWS::SecurityAgent
│ │      name: aws-securityagent
│ │      shortName: securityagent
│ └ resources
│    ├ resource AWS::SecurityAgent::AgentSpace
│    │ ├      name: AgentSpace
│    │ │      cloudFormationType: AWS::SecurityAgent::AgentSpace
│    │ │      documentation: Resource Type definition for AWS::SecurityAgent::AgentSpace
│    │ │      tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │ │      arnTemplate: arn:${Partition}:securityagent:${Region}:${Account}:agent-space/${AgentId}
│    │ │      primaryIdentifier: ["AgentSpaceId"]
│    │ ├ properties
│    │ │  ├ Name: string (required)
│    │ │  ├ Description: string
│    │ │  ├ AwsResources: AWSResources
│    │ │  ├ CodeReviewSettings: CodeReviewSettings
│    │ │  ├ KmsKeyId: string (immutable)
│    │ │  ├ IntegratedResources: Array<IntegratedResource>
│    │ │  ├ TargetDomainIds: Array<string>
│    │ │  └ Tags: Array<tag>
│    │ ├ attributes
│    │ │  ├ AgentSpaceId: string
│    │ │  ├ CreatedAt: string
│    │ │  └ UpdatedAt: string
│    │ └ types
│    │    ├ type AWSResources
│    │    │ ├      documentation: AWS resource configuration
│    │    │ │      name: AWSResources
│    │    │ └ properties
│    │    │    ├ Vpcs: Array<VpcConfig>
│    │    │    ├ LogGroups: Array<string>
│    │    │    ├ S3Buckets: Array<string>
│    │    │    ├ SecretArns: Array<string>
│    │    │    ├ LambdaFunctionArns: Array<string>
│    │    │    └ IamRoles: Array<string>
│    │    ├ type CodeReviewSettings
│    │    │ ├      documentation: Details of code review settings
│    │    │ │      name: CodeReviewSettings
│    │    │ └ properties
│    │    │    ├ ControlsScanning: boolean (required)
│    │    │    └ GeneralPurposeScanning: boolean (required)
│    │    ├ type IntegratedResource
│    │    │ ├      documentation: Integrated Resource details
│    │    │ │      name: IntegratedResource
│    │    │ └ properties
│    │    │    └ Integration: string (required)
│    │    └ type VpcConfig
│    │      ├      documentation: Customer VPC configuration that the security testing environment accesses
│    │      │      name: VpcConfig
│    │      └ properties
│    │         ├ VpcArn: string
│    │         ├ SecurityGroupArns: Array<string>
│    │         └ SubnetArns: Array<string>
│    ├ resource AWS::SecurityAgent::Application
│    │ ├      name: Application
│    │ │      cloudFormationType: AWS::SecurityAgent::Application
│    │ │      documentation: Resource Type definition for AWS::SecurityAgent::Application
│    │ │      tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │ │      arnTemplate: arn:${Partition}:securityagent:${Region}:${Account}:application/${ApplicationId}
│    │ │      primaryIdentifier: ["ApplicationId"]
│    │ ├ properties
│    │ │  ├ IdCConfiguration: IdCConfiguration (immutable)
│    │ │  ├ RoleArn: string
│    │ │  ├ DefaultKmsKeyId: string
│    │ │  └ Tags: Array<tag>
│    │ ├ attributes
│    │ │  ├ ApplicationName: string
│    │ │  ├ ApplicationId: string
│    │ │  ├ Domain: string
│    │ │  └ IdCConfiguration.IdCApplicationArn: string
│    │ └ types
│    │    └ type IdCConfiguration
│    │      ├      name: IdCConfiguration
│    │      └ properties
│    │         ├ IdCApplicationArn: string
│    │         └ IdCInstanceArn: string (immutable)
│    ├ resource AWS::SecurityAgent::Pentest
│    │ ├      name: Pentest
│    │ │      cloudFormationType: AWS::SecurityAgent::Pentest
│    │ │      documentation: Resource Type definition for AWS::SecurityAgent::Pentest
│    │ │      primaryIdentifier: ["PentestId","AgentSpaceId"]
│    │ ├ properties
│    │ │  ├ AgentSpaceId: string (required, immutable)
│    │ │  ├ Title: string
│    │ │  ├ Assets: Assets (required)
│    │ │  ├ ExcludeRiskTypes: Array<string<CROSS_SITE_SCRIPTING|DEFAULT_CREDENTIALS|INSECURE_DIRECT_OBJECT_REFERENCE|PRIVILEGE_ESCALATION|SERVER_SIDE_TEMPLATE_INJECTION|COMMAND_INJECTION|CODE_INJECTION|SQL_INJECTION|ARBITRARY_FILE_UPLOAD|INSECURE_DESERIALIZATION|LOCAL_FILE_INCLUSION|INFORMATION_DISCLOSURE|PATH_TRAVERSAL|SERVER_SIDE_REQUEST_FORGERY|JSON_WEB_TOKEN_VULNERABILITIES|XML_EXTERNAL_ENTITY|FILE_DELETION|OTHER|GRAPHQL_VULNERABILITIES|BUSINESS_LOGIC_VULNERABILITIES|CRYPTOGRAPHIC_VULNERABILITIES|DENIAL_OF_SERVICE|FILE_ACCESS|FILE_CREATION|DATABASE_MODIFICATION|DATABASE_ACCESS|OUTBOUND_SERVICE_REQUEST|UNKNOWN>>
│    │ │  ├ ServiceRole: string (required)
│    │ │  ├ LogConfig: CloudWatchLog
│    │ │  ├ VpcConfig: VpcConfig
│    │ │  ├ NetworkTrafficConfig: NetworkTrafficConfig
│    │ │  └ CodeRemediationStrategy: string<AUTOMATIC|DISABLED>
│    │ ├ attributes
│    │ │  ├ PentestId: string
│    │ │  ├ CreatedAt: string
│    │ │  └ UpdatedAt: string
│    │ └ types
│    │    ├ type Actor
│    │    │ ├      name: Actor
│    │    │ └ properties
│    │    │    ├ Identifier: string
│    │    │    ├ Uris: Array<string>
│    │    │    ├ Authentication: Authentication
│    │    │    └ Description: string
│    │    ├ type Assets
│    │    │ ├      name: Assets
│    │    │ └ properties
│    │    │    ├ Endpoints: Array<Endpoint>
│    │    │    ├ Actors: Array<Actor>
│    │    │    ├ Documents: Array<DocumentInfo>
│    │    │    ├ SourceCode: Array<SourceCodeRepository>
│    │    │    └ IntegratedRepositories: Array<IntegratedRepository>
│    │    ├ type Authentication
│    │    │ ├      name: Authentication
│    │    │ └ properties
│    │    │    ├ ProviderType: string<SECRETS_MANAGER|AWS_LAMBDA|AWS_IAM_ROLE|AWS_INTERNAL>
│    │    │    └ Value: string
│    │    ├ type CloudWatchLog
│    │    │ ├      name: CloudWatchLog
│    │    │ └ properties
│    │    │    ├ LogGroup: string
│    │    │    └ LogStream: string
│    │    ├ type CustomHeader
│    │    │ ├      name: CustomHeader
│    │    │ └ properties
│    │    │    ├ Name: string
│    │    │    └ Value: string
│    │    ├ type DocumentInfo
│    │    │ ├      name: DocumentInfo
│    │    │ └ properties
│    │    │    ├ S3Location: string
│    │    │    └ ArtifactId: string
│    │    ├ type Endpoint
│    │    │ ├      name: Endpoint
│    │    │ └ properties
│    │    │    └ Uri: string
│    │    ├ type IntegratedRepository
│    │    │ ├      name: IntegratedRepository
│    │    │ └ properties
│    │    │    ├ IntegrationId: string (required)
│    │    │    └ ProviderResourceId: string (required)
│    │    ├ type NetworkTrafficConfig
│    │    │ ├      name: NetworkTrafficConfig
│    │    │ └ properties
│    │    │    ├ Rules: Array<NetworkTrafficRule>
│    │    │    └ CustomHeaders: Array<CustomHeader>
│    │    ├ type NetworkTrafficRule
│    │    │ ├      name: NetworkTrafficRule
│    │    │ └ properties
│    │    │    ├ Effect: string<ALLOW|DENY>
│    │    │    ├ Pattern: string
│    │    │    └ NetworkTrafficRuleType: string<URL>
│    │    ├ type SourceCodeRepository
│    │    │ ├      name: SourceCodeRepository
│    │    │ └ properties
│    │    │    └ S3Location: string
│    │    └ type VpcConfig
│    │      ├      name: VpcConfig
│    │      └ properties
│    │         ├ VpcArn: string
│    │         ├ SecurityGroupArns: Array<string>
│    │         └ SubnetArns: Array<string>
│    └ resource AWS::SecurityAgent::TargetDomain
│      ├      name: TargetDomain
│      │      cloudFormationType: AWS::SecurityAgent::TargetDomain
│      │      documentation: Resource Type definition for AWS::SecurityAgent::TargetDomain
│      │      tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│      │      arnTemplate: arn:${Partition}:securityagent:${Region}:${Account}:target-domain/${TargetDomainId}
│      │      primaryIdentifier: ["TargetDomainId"]
│      ├ properties
│      │  ├ TargetDomainName: string (required, immutable)
│      │  ├ VerificationMethod: string<DNS_TXT|HTTP_ROUTE> (required)
│      │  └ Tags: Array<tag>
│      ├ attributes
│      │  ├ TargetDomainId: string
│      │  ├ VerificationStatus: string<PENDING|VERIFIED|FAILED|UNREACHABLE>
│      │  ├ VerificationDetails: VerificationDetails
│      │  ├ CreatedAt: string
│      │  └ VerifiedAt: string
│      └ types
│         ├ type DnsVerification
│         │ ├      documentation: Represents DNS TXT verification details
│         │ │      name: DnsVerification
│         │ └ properties
│         │    ├ Token: string
│         │    ├ DnsRecordName: string
│         │    └ DnsRecordType: string<TXT>
│         ├ type HttpVerification
│         │ ├      documentation: Represents HTTP route verification details
│         │ │      name: HttpVerification
│         │ └ properties
│         │    ├ Token: string
│         │    └ RoutePath: string
│         └ type VerificationDetails
│           ├      documentation: Verification details to verify registered target domain
│           │      name: VerificationDetails
│           └ properties
│              ├ Method: string<DNS_TXT|HTTP_ROUTE>
│              ├ DnsTxt: DnsVerification
│              └ HttpRoute: HttpVerification
├[~] service aws-servicediscovery
│ └ resources
│    └[~]  resource AWS::ServiceDiscovery::Service
│       └ properties
│          └ ServiceAttributes: - Map<string, string> ⇐ json
│                               + json
└[~] service aws-stepfunctions
  └ resources
     └[~]  resource AWS::StepFunctions::StateMachineAlias
        └ properties
           └[+] StateMachineArn: string

@aws-cdk-automation @github-actions
feat: update L1 CloudFormation resource definitions
4213019 
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
@aws-cdk-automation aws-cdk-automation added contribution/core This is a PR that came from AWS. dependencies This issue is a problem in a dependency or a pull request that updates a dependency file. pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes pr-linter/exempt-integ-test The PR linter will not require integ test changes labels Apr 6, 2026
@aws-cdk-automation aws-cdk-automation requested a review from a team April 6, 2026 10:42
@github-actions github-actions bot added the p2 label Apr 6, 2026
@aws-cdk-automation aws-cdk-automation requested a review from a team April 6, 2026 10:42
@pahud pahud mentioned this pull request Apr 6, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

contribution/core This is a PR that came from AWS. dependencies This issue is a problem in a dependency or a pull request that updates a dependency file. p2 pr-linter/exempt-integ-test The PR linter will not require integ test changes pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aws-cdk-automation