feat(cloudformation): update L1 CloudFormation resource definitions

[aws-cdk-automation]

Updates the L1 CloudFormation resource definitions with the latest changes from @aws-cdk/aws-service-spec

L1 CloudFormation resource definition changes:

├[~] service aws-acmpca
│ └ resources
│    └[~]  resource AWS::ACMPCA::CertificateAuthority
│       └ properties
│          └ KeyStorageSecurityStandard: (documentation changed)
├[~] service aws-applicationautoscaling
│ └ resources
│    ├[~]  resource AWS::ApplicationAutoScaling::ScalableTarget
│    │  └ properties
│    │     ├ ResourceId: (documentation changed)
│    │     └ ScalableDimension: (documentation changed)
│    └[~]  resource AWS::ApplicationAutoScaling::ScalingPolicy
│       └ properties
│          ├ PolicyType: (documentation changed)
│          ├ ResourceId: (documentation changed)
│          └ ScalableDimension: (documentation changed)
├[~] service aws-applicationsignals
│ └ resources
│    └[~]  resource AWS::ApplicationSignals::ServiceLevelObjective
│       ├      - documentation: Creates or updates a service level objective (SLO), which can help you ensure that your critical business operations are meeting customer expectations. Use SLOs to set and track specific target levels for the reliability and availability of your applications and services. SLOs use service level indicators (SLIs) to calculate whether the application is performing at the level that you want.
│       │      Create an SLO to set a target for a service or operation’s availability or latency. CloudWatch measures this target frequently you can find whether it has been breached.
│       │      The target performance quality that is defined for an SLO is the *attainment goal* . An attainment goal is the percentage of time or requests that the SLI is expected to meet the threshold over each time interval. For example, an attainment goal of 99.9% means that within your interval, you are targeting 99.9% of the periods to be in healthy state.
│       │      When you create an SLO, you specify whether it is a *period-based SLO* or a *request-based SLO* . Each type of SLO has a different way of evaluating your application's performance against its attainment goal.
│       │      - A *period-based SLO* uses defined *periods* of time within a specified total time interval. For each period of time, Application Signals determines whether the application met its goal. The attainment rate is calculated as the `number of good periods/number of total periods` .
│       │      For example, for a period-based SLO, meeting an attainment goal of 99.9% means that within your interval, your application must meet its performance goal during at least 99.9% of the time periods.
│       │      - A *request-based SLO* doesn't use pre-defined periods of time. Instead, the SLO measures `number of good requests/number of total requests` during the interval. At any time, you can find the ratio of good requests to total requests for the interval up to the time stamp that you specify, and measure that ratio against the goal set in your SLO.
│       │      After you have created an SLO, you can retrieve error budget reports for it. An *error budget* is the amount of time or amount of requests that your application can be non-compliant with the SLO's goal, and still have your application meet the goal.
│       │      - For a period-based SLO, the error budget starts at a number defined by the highest number of periods that can fail to meet the threshold, while still meeting the overall goal. The *remaining error budget* decreases with every failed period that is recorded. The error budget within one interval can never increase.
│       │      For example, an SLO with a threshold that 99.95% of requests must be completed under 2000ms every month translates to an error budget of 21.9 minutes of downtime per month.
│       │      - For a request-based SLO, the remaining error budget is dynamic and can increase or decrease, depending on the ratio of good requests to total requests.
│       │      When you call this operation, Application Signals creates the *AWSServiceRoleForCloudWatchApplicationSignals* service-linked role, if it doesn't already exist in your account. This service- linked role has the following permissions:
│       │      - `xray:GetServiceGraph`
│       │      - `logs:StartQuery`
│       │      - `logs:GetQueryResults`
│       │      - `cloudwatch:GetMetricData`
│       │      - `cloudwatch:ListMetrics`
│       │      - `tag:GetResources`
│       │      - `autoscaling:DescribeAutoScalingGroups`
│       │      You can easily set SLO targets for your applications that are discovered by Application Signals, using critical metrics such as latency and availability. You can also set SLOs against any CloudWatch metric or math expression that produces a time series.
│       │      > You can't create an SLO for a service operation that was discovered by Application Signals until after that operation has reported standard metrics to Application Signals. 
│       │      You cannot change from a period-based SLO to a request-based SLO, or change from a request-based SLO to a period-based SLO.
│       │      For more information about SLOs, see [Service level objectives (SLOs)](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-ServiceLevelObjectives.html) .
│       │      + documentation: Creates or updates a service level objective (SLO), which can help you ensure that your critical business operations are meeting customer expectations. Use SLOs to set and track specific target levels for the reliability and availability of your applications and services. SLOs use service level indicators (SLIs) to calculate whether the application is performing at the level that you want.
│       │      Create an SLO to set a target for a service operation, or service dependency's availability or latency. CloudWatch measures this target frequently you can find whether it has been breached.
│       │      The target performance quality that is defined for an SLO is the *attainment goal* . An attainment goal is the percentage of time or requests that the SLI is expected to meet the threshold over each time interval. For example, an attainment goal of 99.9% means that within your interval, you are targeting 99.9% of the periods to be in healthy state.
│       │      When you create an SLO, you specify whether it is a *period-based SLO* or a *request-based SLO* . Each type of SLO has a different way of evaluating your application's performance against its attainment goal.
│       │      - A *period-based SLO* uses defined *periods* of time within a specified total time interval. For each period of time, Application Signals determines whether the application met its goal. The attainment rate is calculated as the `number of good periods/number of total periods` .
│       │      For example, for a period-based SLO, meeting an attainment goal of 99.9% means that within your interval, your application must meet its performance goal during at least 99.9% of the time periods.
│       │      - A *request-based SLO* doesn't use pre-defined periods of time. Instead, the SLO measures `number of good requests/number of total requests` during the interval. At any time, you can find the ratio of good requests to total requests for the interval up to the time stamp that you specify, and measure that ratio against the goal set in your SLO.
│       │      After you have created an SLO, you can retrieve error budget reports for it. An *error budget* is the amount of time or amount of requests that your application can be non-compliant with the SLO's goal, and still have your application meet the goal.
│       │      - For a period-based SLO, the error budget starts at a number defined by the highest number of periods that can fail to meet the threshold, while still meeting the overall goal. The *remaining error budget* decreases with every failed period that is recorded. The error budget within one interval can never increase.
│       │      For example, an SLO with a threshold that 99.95% of requests must be completed under 2000ms every month translates to an error budget of 21.9 minutes of downtime per month.
│       │      - For a request-based SLO, the remaining error budget is dynamic and can increase or decrease, depending on the ratio of good requests to total requests.
│       │      When you call this operation, Application Signals creates the *AWSServiceRoleForCloudWatchApplicationSignals* service-linked role, if it doesn't already exist in your account. This service- linked role has the following permissions:
│       │      - `xray:GetServiceGraph`
│       │      - `logs:StartQuery`
│       │      - `logs:GetQueryResults`
│       │      - `cloudwatch:GetMetricData`
│       │      - `cloudwatch:ListMetrics`
│       │      - `tag:GetResources`
│       │      - `autoscaling:DescribeAutoScalingGroups`
│       │      You can easily set SLO targets for your applications, and their dependencies, that are discovered by Application Signals, using critical metrics such as latency and availability. You can also set SLOs against any CloudWatch metric or math expression that produces a time series.
│       │      > You can't create an SLO for a service operation that was discovered by Application Signals until after that operation has reported standard metrics to Application Signals. 
│       │      You cannot change from a period-based SLO to a request-based SLO, or change from a request-based SLO to a period-based SLO.
│       │      For more information about SLOs, see [Service level objectives (SLOs)](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-ServiceLevelObjectives.html) .
│       ├ properties
│       │  └ ExclusionWindows: (documentation changed)
│       └ types
│          ├[+]  type DependencyConfig
│          │  ├      documentation: Identifies the dependency using the `DependencyKeyAttributes` and `DependencyOperationName` .
│          │  │      name: DependencyConfig
│          │  └ properties
│          │     ├ DependencyKeyAttributes: Map<string, string> (required)
│          │     └ DependencyOperationName: string (required)
│          ├[~] type ExclusionWindow
│          │ ├      - documentation: The core SLO time window exclusion object that includes Window, StartTime, RecurrenceRule, and Reason.
│          │ │      + documentation: The time window to be excluded from the SLO performance metrics.
│          │ └ properties
│          │    ├ Reason: (documentation changed)
│          │    ├ RecurrenceRule: (documentation changed)
│          │    ├ StartTime: (documentation changed)
│          │    └ Window: (documentation changed)
│          ├[~] type RecurrenceRule
│          │ ├      - documentation: The recurrence rule for the SLO time window exclusion .
│          │ │      + documentation: The recurrence rule for the time exclusion window.
│          │ └ properties
│          │    └ Expression: (documentation changed)
│          ├[~] type RequestBasedSliMetric
│          │ └ properties
│          │    └[+] DependencyConfig: DependencyConfig
│          ├[~] type SliMetric
│          │ └ properties
│          │    └[+] DependencyConfig: DependencyConfig
│          └[~] type Window
│            ├      - documentation: The object that defines the time length of an exclusion window.
│            │      + documentation: The start and end time of the time exclusion window.
│            └ properties
│               ├ Duration: (documentation changed)
│               └ DurationUnit: (documentation changed)
├[~] service aws-backup
│ └ resources
│    └[~]  resource AWS::Backup::RestoreTestingPlan
│       └ properties
│          └[-] ScheduleStatus: string
├[~] service aws-batch
│ └ resources
│    └[~]  resource AWS::Batch::JobDefinition
│       └ types
│          ├[~] type ContainerProperties
│          │ └ properties
│          │    └[+] EnableExecuteCommand: boolean
│          ├[~] type EcsTaskProperties
│          │ └ properties
│          │    └[+] EnableExecuteCommand: boolean
│          ├[+]  type FirelensConfiguration
│          │  ├      name: FirelensConfiguration
│          │  └ properties
│          │     ├ Type: string (required)
│          │     └ Options: Map<string, string>
│          ├[~] type MultiNodeContainerProperties
│          │ └ properties
│          │    └[+] EnableExecuteCommand: boolean
│          ├[~] type MultiNodeEcsTaskProperties
│          │ └ properties
│          │    └[+] EnableExecuteCommand: boolean
│          └[~] type TaskContainerProperties
│            └ properties
│               └[+] FirelensConfiguration: FirelensConfiguration
├[~] service aws-bedrock
│ └ resources
│    └[~]  resource AWS::Bedrock::KnowledgeBase
│       └ types
│          ├[+]  type OpenSearchManagedClusterConfiguration
│          │  ├      documentation: Contains details about the Managed Cluster configuration of the knowledge base in Amazon OpenSearch Service. For more information, see [Create a vector index in OpenSearch Managed Cluster](https://docs.aws.amazon.com/bedrock/latest/userguide/knowledge-base-setup-osm.html) .
│          │  │      name: OpenSearchManagedClusterConfiguration
│          │  └ properties
│          │     ├ DomainArn: string (required)
│          │     ├ DomainEndpoint: string (required)
│          │     ├ VectorIndexName: string (required)
│          │     └ FieldMapping: OpenSearchManagedClusterFieldMapping (required)
│          ├[+]  type OpenSearchManagedClusterFieldMapping
│          │  ├      documentation: Contains the names of the fields to which to map information about the vector store.
│          │  │      name: OpenSearchManagedClusterFieldMapping
│          │  └ properties
│          │     ├ VectorField: string (required)
│          │     ├ TextField: string (required)
│          │     └ MetadataField: string (required)
│          └[~] type StorageConfiguration
│            └ properties
│               └[+] OpensearchManagedClusterConfiguration: OpenSearchManagedClusterConfiguration
├[~] service aws-cleanrooms
│ └ resources
│    ├[~]  resource AWS::CleanRooms::AnalysisTemplate
│    │  ├ properties
│    │  │  ├[+] Schema: AnalysisSchema (immutable)
│    │  │  └[+] SourceMetadata: AnalysisSourceMetadata
│    │  └ types
│    │     ├[~] type AnalysisSource
│    │     │ └ properties
│    │     │    ├[+] Artifacts: AnalysisTemplateArtifacts
│    │     │    └ Text: - string (required, immutable)
│    │     │            + string (immutable)
│    │     ├[+]  type AnalysisSourceMetadata
│    │     │  ├      documentation: The analysis source metadata.
│    │     │  │      name: AnalysisSourceMetadata
│    │     │  └ properties
│    │     │     └ Artifacts: AnalysisTemplateArtifactMetadata (required)
│    │     ├[+]  type AnalysisTemplateArtifact
│    │     │  ├      documentation: The analysis template artifact.
│    │     │  │      name: AnalysisTemplateArtifact
│    │     │  └ properties
│    │     │     └ Location: S3Location (required)
│    │     ├[+]  type AnalysisTemplateArtifactMetadata
│    │     │  ├      documentation: The analysis template artifact metadata.
│    │     │  │      name: AnalysisTemplateArtifactMetadata
│    │     │  └ properties
│    │     │     ├ EntryPointHash: Hash (required)
│    │     │     └ AdditionalArtifactHashes: Array<Hash>
│    │     ├[+]  type AnalysisTemplateArtifacts
│    │     │  ├      documentation: The analysis template artifacts.
│    │     │  │      name: AnalysisTemplateArtifacts
│    │     │  └ properties
│    │     │     ├ EntryPoint: AnalysisTemplateArtifact (required)
│    │     │     ├ AdditionalArtifacts: Array<AnalysisTemplateArtifact>
│    │     │     └ RoleArn: string (required)
│    │     ├[+]  type Hash
│    │     │  ├      documentation: Hash
│    │     │  │      name: Hash
│    │     │  └ properties
│    │     │     └ Sha256: string
│    │     └[+]  type S3Location
│    │        ├      documentation: The S3 location.
│    │        │      name: S3Location
│    │        └ properties
│    │           ├ Bucket: string (required)
│    │           └ Key: string (required)
│    ├[~]  resource AWS::CleanRooms::Collaboration
│    │  ├ properties
│    │  │  ├ CreatorMemberAbilities: (documentation changed)
│    │  │  └[+] JobLogStatus: string (immutable)
│    │  └ types
│    │     ├[+]  type JobComputePaymentConfig
│    │     │  ├      documentation: An object representing the collaboration member's payment responsibilities set by the collaboration creator for query and job compute costs.
│    │     │  │      name: JobComputePaymentConfig
│    │     │  └ properties
│    │     │     └ IsResponsible: boolean (required)
│    │     └[~] type PaymentConfiguration
│    │       └ properties
│    │          └[+] JobCompute: JobComputePaymentConfig
│    ├[~]  resource AWS::CleanRooms::ConfiguredTable
│    │  └ properties
│    │     └[+] SelectedAnalysisMethods: Array<string>
│    └[~]  resource AWS::CleanRooms::Membership
│       ├ properties
│       │  ├[+] DefaultJobResultConfiguration: MembershipProtectedJobResultConfiguration
│       │  └[+] JobLogStatus: string
│       └ types
│          ├[+]  type MembershipJobComputePaymentConfig
│          │  ├      documentation: An object representing the payment responsibilities accepted by the collaboration member for query and job compute costs.
│          │  │      name: MembershipJobComputePaymentConfig
│          │  └ properties
│          │     └ IsResponsible: boolean (required)
│          ├[~] type MembershipPaymentConfiguration
│          │ └ properties
│          │    └[+] JobCompute: MembershipJobComputePaymentConfig
│          ├[+]  type MembershipProtectedJobOutputConfiguration
│          │  ├      documentation: Contains configurations for protected job results.
│          │  │      name: MembershipProtectedJobOutputConfiguration
│          │  └ properties
│          │     └ S3: ProtectedJobS3OutputConfigurationInput (required)
│          ├[+]  type MembershipProtectedJobResultConfiguration
│          │  ├      documentation: Contains configurations for protected job results.
│          │  │      name: MembershipProtectedJobResultConfiguration
│          │  └ properties
│          │     ├ OutputConfiguration: MembershipProtectedJobOutputConfiguration (required)
│          │     └ RoleArn: string (required)
│          └[+]  type ProtectedJobS3OutputConfigurationInput
│             ├      documentation: Contains input information for protected jobs with an S3 output type.
│             │      name: ProtectedJobS3OutputConfigurationInput
│             └ properties
│                ├ Bucket: string (required)
│                └ KeyPrefix: string
├[~] service aws-cloudtrail
│ └ resources
│    ├[~]  resource AWS::CloudTrail::EventDataStore
│    │  └ types
│    │     ├[~] type AdvancedEventSelector
│    │     │ └      - documentation: Advanced event selectors let you create fine-grained selectors for AWS CloudTrail management, data, and network activity events. They help you control costs by logging only those events that are important to you. For more information about configuring advanced event selectors, see the [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) , [Logging network activity events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html) , and [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) topics in the *AWS CloudTrail User Guide* .
│    │     │        You cannot apply both event selectors and advanced event selectors to a trail.
│    │     │        *Supported CloudTrail event record fields for management events*
│    │     │        - `eventCategory` (required)
│    │     │        - `eventSource`
│    │     │        - `readOnly`
│    │     │        The following additional fields are available for event data stores:
│    │     │        - `eventName`
│    │     │        - `eventType`
│    │     │        - `sessionCredentialFromConsole`
│    │     │        - `userIdentity.arn`
│    │     │        *Supported CloudTrail event record fields for data events*
│    │     │        - `eventCategory` (required)
│    │     │        - `resources.type` (required)
│    │     │        - `readOnly`
│    │     │        - `eventName`
│    │     │        - `resources.ARN`
│    │     │        The following additional fields are available for event data stores:
│    │     │        - `eventSource`
│    │     │        - `eventType`
│    │     │        - `sessionCredentialFromConsole`
│    │     │        - `userIdentity.arn`
│    │     │        *Supported CloudTrail event record fields for network activity events*
│    │     │        - `eventCategory` (required)
│    │     │        - `eventSource` (required)
│    │     │        - `eventName`
│    │     │        - `errorCode` - The only valid value for `errorCode` is `VpceAccessDenied` .
│    │     │        - `vpcEndpointId`
│    │     │        > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` .
│    │     │        + documentation: Advanced event selectors let you create fine-grained selectors for AWS CloudTrail management, data, and network activity events. They help you control costs by logging only those events that are important to you. For more information about configuring advanced event selectors, see the [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) , [Logging network activity events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html) , and [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) topics in the *AWS CloudTrail User Guide* .
│    │     │        You cannot apply both event selectors and advanced event selectors to a trail.
│    │     │        *Supported CloudTrail event record fields for management events*
│    │     │        - `eventCategory` (required)
│    │     │        - `eventSource`
│    │     │        - `readOnly`
│    │     │        The following additional fields are available for event data stores:
│    │     │        - `eventName`
│    │     │        - `eventType`
│    │     │        - `sessionCredentialFromConsole`
│    │     │        - `userIdentity.arn`
│    │     │        *Supported CloudTrail event record fields for data events*
│    │     │        - `eventCategory` (required)
│    │     │        - `eventName`
│    │     │        - `eventSource`
│    │     │        - `eventType`
│    │     │        - `resources.ARN`
│    │     │        - `resources.type` (required)
│    │     │        - `readOnly`
│    │     │        - `sessionCredentialFromConsole`
│    │     │        - `userIdentity.arn`
│    │     │        *Supported CloudTrail event record fields for network activity events*
│    │     │        - `eventCategory` (required)
│    │     │        - `eventSource` (required)
│    │     │        - `eventName`
│    │     │        - `errorCode` - The only valid value for `errorCode` is `VpceAccessDenied` .
│    │     │        - `vpcEndpointId`
│    │     │        > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` .
│    │     └[~] type AdvancedFieldSelector
│    │       └ properties
│    │          └ Field: (documentation changed)
│    └[~]  resource AWS::CloudTrail::Trail
│       └ types
│          ├[~] type AdvancedEventSelector
│          │ └      - documentation: Advanced event selectors let you create fine-grained selectors for AWS CloudTrail management, data, and network activity events. They help you control costs by logging only those events that are important to you. For more information about configuring advanced event selectors, see the [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) , [Logging network activity events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html) , and [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) topics in the *AWS CloudTrail User Guide* .
│          │        You cannot apply both event selectors and advanced event selectors to a trail.
│          │        *Supported CloudTrail event record fields for management events*
│          │        - `eventCategory` (required)
│          │        - `eventSource`
│          │        - `readOnly`
│          │        The following additional fields are available for event data stores:
│          │        - `eventName`
│          │        - `eventType`
│          │        - `sessionCredentialFromConsole`
│          │        - `userIdentity.arn`
│          │        *Supported CloudTrail event record fields for data events*
│          │        - `eventCategory` (required)
│          │        - `resources.type` (required)
│          │        - `readOnly`
│          │        - `eventName`
│          │        - `resources.ARN`
│          │        The following additional fields are available for event data stores:
│          │        - `eventSource`
│          │        - `eventType`
│          │        - `sessionCredentialFromConsole`
│          │        - `userIdentity.arn`
│          │        *Supported CloudTrail event record fields for network activity events*
│          │        - `eventCategory` (required)
│          │        - `eventSource` (required)
│          │        - `eventName`
│          │        - `errorCode` - The only valid value for `errorCode` is `VpceAccessDenied` .
│          │        - `vpcEndpointId`
│          │        > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` .
│          │        + documentation: Advanced event selectors let you create fine-grained selectors for AWS CloudTrail management, data, and network activity events. They help you control costs by logging only those events that are important to you. For more information about configuring advanced event selectors, see the [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) , [Logging network activity events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html) , and [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) topics in the *AWS CloudTrail User Guide* .
│          │        You cannot apply both event selectors and advanced event selectors to a trail.
│          │        *Supported CloudTrail event record fields for management events*
│          │        - `eventCategory` (required)
│          │        - `eventSource`
│          │        - `readOnly`
│          │        The following additional fields are available for event data stores:
│          │        - `eventName`
│          │        - `eventType`
│          │        - `sessionCredentialFromConsole`
│          │        - `userIdentity.arn`
│          │        *Supported CloudTrail event record fields for data events*
│          │        - `eventCategory` (required)
│          │        - `eventName`
│          │        - `eventSource`
│          │        - `eventType`
│          │        - `resources.ARN`
│          │        - `resources.type` (required)
│          │        - `readOnly`
│          │        - `sessionCredentialFromConsole`
│          │        - `userIdentity.arn`
│          │        *Supported CloudTrail event record fields for network activity events*
│          │        - `eventCategory` (required)
│          │        - `eventSource` (required)
│          │        - `eventName`
│          │        - `errorCode` - The only valid value for `errorCode` is `VpceAccessDenied` .
│          │        - `vpcEndpointId`
│          │        > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` .
│          └[~] type AdvancedFieldSelector
│            └ properties
│               └ Field: (documentation changed)
├[~] service aws-codebuild
│ └ resources
│    └[~]  resource AWS::CodeBuild::Project
│       └ types
│          └[~] type ScopeConfiguration
│            └ properties
│               ├[+] Domain: string
│               └[+] Scope: string
├[~] service aws-dms
│ └ resources
│    └[~]  resource AWS::DMS::ReplicationInstance
│       └ properties
│          └[+] DnsNameServers: string (immutable)
├[~] service aws-ec2
│ └ resources
│    ├[~]  resource AWS::EC2::Host
│    │  ├      - tagInformation: undefined
│    │  │      + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │  └ properties
│    │     └[+] Tags: Array<tag>
│    ├[~]  resource AWS::EC2::SecurityGroup
│    │  └      - documentation: Specifies a security group.
│    │         You must specify ingress rules to allow inbound traffic. By default, no inbound traffic is allowed.
│    │         If you do not specify an egress rule, we add egress rules that allow outbound IPv4 and IPv6 traffic on all ports and protocols to any destination. We do not add these rules if you specify your own egress rules.
│    │         If you modify a rule, CloudFormation removes the existing rule and then adds a new rule. There is a brief period when neither the original rule or the new rule exists, so the corresponding traffic is dropped.
│    │         This type supports updates. For more information about updating stacks, see [AWS CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html) .
│    │         > To cross-reference two security groups in the ingress and egress rules of those security groups, use the [AWS::EC2::SecurityGroupEgress](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html) and [AWS::EC2::SecurityGroupIngress](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-ingress.html) resources to define your rules. Do not use the embedded ingress and egress rules in the `AWS::EC2::SecurityGroup` . Doing so creates a circular dependency, which AWS CloudFormation doesn't allow.
│    │         + documentation: Specifies a security group.
│    │         You must specify ingress rules to allow inbound traffic. By default, no inbound traffic is allowed.
│    │         When you create a security group, if you do not add egress rules, we add egress rules that allow all outbound IPv4 and IPv6 traffic. Otherwise, we do not add them. After the security group is created, if you remove all egress rules that you added, we do not add egress rules, so no outbound traffic is allowed.
│    │         If you modify a rule, CloudFormation removes the existing rule and then adds a new rule. There is a brief period when neither the original rule or the new rule exists, so the corresponding traffic is dropped.
│    │         This type supports updates. For more information about updating stacks, see [AWS CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html) .
│    │         > To cross-reference two security groups in the ingress and egress rules of those security groups, use the [AWS::EC2::SecurityGroupEgress](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html) and [AWS::EC2::SecurityGroupIngress](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-ingress.html) resources to define your rules. Do not use the embedded ingress and egress rules in the `AWS::EC2::SecurityGroup` . Doing so creates a circular dependency, which AWS CloudFormation doesn't allow.
│    └[~]  resource AWS::EC2::VPCEndpoint
│       └ properties
│          └[+] ServiceRegion: string (immutable)
├[~] service aws-eks
│ └ resources
│    └[~]  resource AWS::EKS::PodIdentityAssociation
│       ├ properties
│       │  ├[-] DisableSessionTags: boolean
│       │  └[-] TargetRoleArn: string
│       └ attributes
│          └[-] ExternalId: string
├[~] service aws-elasticache
│ └ resources
│    └[~]  resource AWS::ElastiCache::ReplicationGroup
│       └ properties
│          ├ AtRestEncryptionEnabled: (documentation changed)
│          └ TransitEncryptionEnabled: (documentation changed)
├[~] service aws-events
│ └ resources
│    ├[~]  resource AWS::Events::ApiDestination
│    │  └ attributes
│    │     └[+] ArnForPolicy: string
│    ├[~]  resource AWS::Events::Archive
│    │  ├      - documentation: Creates an archive of events with the specified settings. When you create an archive, incoming events might not immediately start being sent to the archive. Allow a short period of time for changes to take effect. If you do not specify a pattern to filter events sent to the archive, all events are sent to the archive except replayed events. Replayed events are not sent to an archive.
│    │  │      > Archives and schema discovery are not supported for event buses encrypted using a customer managed key. EventBridge returns an error if:
│    │  │      > 
│    │  │      > - You call `[CreateArchive](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_CreateArchive.html)` on an event bus set to use a customer managed key for encryption.
│    │  │      > - You call `[CreateDiscoverer](https://docs.aws.amazon.com/eventbridge/latest/schema-reference/v1-discoverers.html#CreateDiscoverer)` on an event bus set to use a customer managed key for encryption.
│    │  │      > - You call `[UpdatedEventBus](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_UpdatedEventBus.html)` to set a customer managed key on an event bus with an archives or schema discovery enabled.
│    │  │      > 
│    │  │      > To enable archives or schema discovery on an event bus, choose to use an AWS owned key . For more information, see [Data encryption in EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption.html) in the *Amazon EventBridge User Guide* .
│    │  │      + documentation: Creates an archive of events with the specified settings. When you create an archive, incoming events might not immediately start being sent to the archive. Allow a short period of time for changes to take effect. If you do not specify a pattern to filter events sent to the archive, all events are sent to the archive except replayed events. Replayed events are not sent to an archive.
│    │  │      > If you have specified that EventBridge use a customer managed key for encrypting the source event bus, we strongly recommend you also specify a customer managed key for any archives for the event bus as well.
│    │  │      > 
│    │  │      > For more information, see [Encrypting archives](https://docs.aws.amazon.com/eventbridge/latest/userguide/encryption-archives.html) in the *Amazon EventBridge User Guide* .
│    │  └ properties
│    │     └[+] KmsKeyIdentifier: string
│    ├[~]  resource AWS::Events::Connection
│    │  └ attributes
│    │     └[+] ArnForPolicy: string
│    └[~]  resource AWS::Events::EventBus
│       └ properties
│          └ KmsKeyIdentifier: (documentation changed)
├[~] service aws-fsx
│ └ resources
│    └[~]  resource AWS::FSx::FileSystem
│       ├ properties
│       │  └ StorageType: (documentation changed)
│       └ types
│          ├[~] type LustreConfiguration
│          │ └ properties
│          │    └ WeeklyMaintenanceStartTime: (documentation changed)
│          ├[~] type OntapConfiguration
│          │ └ properties
│          │    └ WeeklyMaintenanceStartTime: (documentation changed)
│          └[~] type OpenZFSConfiguration
│            └ properties
│               └ WeeklyMaintenanceStartTime: (documentation changed)
├[~] service aws-iot
│ └ resources
│    ├[~]  resource AWS::IoT::AccountAuditConfiguration
│    │  └ properties
│    │     └ AuditCheckConfigurations: (documentation changed)
│    └[~]  resource AWS::IoT::ScheduledAudit
│       └ properties
│          └ TargetCheckNames: (documentation changed)
├[~] service aws-kafkaconnect
│ └ resources
│    └[~]  resource AWS::KafkaConnect::Connector
│       └ types
│          └[~] type Vpc
│            └ properties
│               └ SecurityGroups: (documentation changed)
├[~] service aws-kinesis
│ └ resources
│    └[~]  resource AWS::Kinesis::Stream
│       └ properties
│          └[+] DesiredShardLevelMetrics: Array<string>
├[~] service aws-lex
│ └ resources
│    └[~]  resource AWS::Lex::Bot
│       ├ properties
│       │  └ Replication: (documentation changed)
│       └ types
│          ├[+]  type BedrockAgentConfiguration
│          │  ├      name: BedrockAgentConfiguration
│          │  └ properties
│          │     ├ BedrockAgentId: string
│          │     └ BedrockAgentAliasId: string
│          ├[+]  type BedrockAgentIntentConfiguration
│          │  ├      name: BedrockAgentIntentConfiguration
│          │  └ properties
│          │     ├ BedrockAgentConfiguration: BedrockAgentConfiguration
│          │     └ BedrockAgentIntentKnowledgeBaseConfiguration: BedrockAgentIntentKnowledgeBaseConfiguration
│          ├[+]  type BedrockAgentIntentKnowledgeBaseConfiguration
│          │  ├      name: BedrockAgentIntentKnowledgeBaseConfiguration
│          │  └ properties
│          │     ├ BedrockKnowledgeBaseArn: string (required)
│          │     └ BedrockModelConfiguration: BedrockModelSpecification (required)
│          ├[~] type BedrockGuardrailConfiguration
│          │ └ properties
│          │    ├ BedrockGuardrailIdentifier: (documentation changed)
│          │    └ BedrockGuardrailVersion: (documentation changed)
│          ├[~] type BedrockKnowledgeStoreConfiguration
│          │ └ properties
│          │    └ BKBExactResponseFields: (documentation changed)
│          ├[~] type BedrockModelSpecification
│          │ └ properties
│          │    ├ BedrockGuardrailConfiguration: (documentation changed)
│          │    ├ BedrockModelCustomPrompt: (documentation changed)
│          │    └ BedrockTraceStatus: (documentation changed)
│          ├[~] type BKBExactResponseFields
│          │ ├      - documentation: Contains the names of the fields used for an exact response to the user.
│          │ │      + documentation: undefined
│          │ └ properties
│          │    └ AnswerField: (documentation changed)
│          ├[+]  type CompositeSlotTypeSetting
│          │  ├      documentation: A composite slot is a combination of two or more slots that capture multiple pieces of information in a single user input.
│          │  │      name: CompositeSlotTypeSetting
│          │  └ properties
│          │     └ SubSlots: Array<SubSlotTypeComposition>
│          ├[~] type Intent
│          │ └ properties
│          │    ├[+] BedrockAgentIntentConfiguration: BedrockAgentIntentConfiguration
│          │    ├[+] QInConnectIntentConfiguration: QInConnectIntentConfiguration
│          │    └ QnAIntentConfiguration: (documentation changed)
│          ├[+]  type QInConnectAssistantConfiguration
│          │  ├      name: QInConnectAssistantConfiguration
│          │  └ properties
│          │     └ AssistantArn: string (required)
│          ├[+]  type QInConnectIntentConfiguration
│          │  ├      name: QInConnectIntentConfiguration
│          │  └ properties
│          │     └ QInConnectAssistantConfiguration: QInConnectAssistantConfiguration
│          ├[~] type QnAIntentConfiguration
│          │ └ properties
│          │    └ BedrockModelConfiguration: (documentation changed)
│          ├[~] type Replication
│          │ ├      - documentation: Parameter used to create a replication of the source bot in the secondary region.
│          │ │      + documentation: undefined
│          │ └ properties
│          │    └ ReplicaRegions: (documentation changed)
│          ├[~] type SlotType
│          │ └ properties
│          │    └[+] CompositeSlotTypeSetting: CompositeSlotTypeSetting
│          └[+]  type SubSlotTypeComposition
│             ├      documentation: Subslot type composition.
│             │      name: SubSlotTypeComposition
│             └ properties
│                ├ Name: string (required)
│                └ SlotTypeId: string (required)
├[~] service aws-location
│ └ resources
│    └[~]  resource AWS::Location::PlaceIndex
│       └ properties
│          └ DataSource: (documentation changed)
├[~] service aws-macie
│ └ resources
│    └[~]  resource AWS::Macie::Session
│       ├ properties
│       │  └ Status: (documentation changed)
│       └ attributes
│          └[+] AutomatedDiscoveryStatus: string
├[~] service aws-memorydb
│ └ resources
│    ├[~]  resource AWS::MemoryDB::Cluster
│    │  └ properties
│    │     ├[+] IpDiscovery: string
│    │     └[+] NetworkType: string (immutable)
│    └[~]  resource AWS::MemoryDB::SubnetGroup
│       └ attributes
│          └[+] SupportedNetworkTypes: Array<string>
├[~] service aws-msk
│ └ resources
│    ├[~]  resource AWS::MSK::Cluster
│    │  └ types
│    │     ├[~] type BrokerLogs
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: The broker logs configuration for this MSK cluster.
│    │     │ └ properties
│    │     │    ├ Firehose: (documentation changed)
│    │     │    └ S3: (documentation changed)
│    │     ├[~] type ClientAuthentication
│    │     │ └ properties
│    │     │    ├ Sasl: (documentation changed)
│    │     │    ├ Tls: (documentation changed)
│    │     │    └ Unauthenticated: (documentation changed)
│    │     ├[~] type CloudWatchLogs
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Details of the CloudWatch Logs destination for broker logs.
│    │     │ └ properties
│    │     │    ├ Enabled: (documentation changed)
│    │     │    └ LogGroup: (documentation changed)
│    │     ├[~] type ConfigurationInfo
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Specifies the configuration to use for the brokers.
│    │     │ └ properties
│    │     │    ├ Arn: (documentation changed)
│    │     │    └ Revision: (documentation changed)
│    │     ├[~] type ConnectivityInfo
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Broker access controls.
│    │     │ └ properties
│    │     │    ├ PublicAccess: (documentation changed)
│    │     │    └ VpcConnectivity: (documentation changed)
│    │     ├[~] type EBSStorageInfo
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Contains information about the EBS storage volumes attached to the broker nodes.
│    │     │ └ properties
│    │     │    ├ ProvisionedThroughput: (documentation changed)
│    │     │    └ VolumeSize: (documentation changed)
│    │     ├[~] type EncryptionAtRest
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: The data-volume encryption details. You can't update encryption at rest settings for existing clusters.
│    │     │ └ properties
│    │     │    └ DataVolumeKMSKeyId: (documentation changed)
│    │     ├[~] type EncryptionInfo
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Includes encryption-related information, such as the Amazon KMS key used for encrypting data at rest and whether you want MSK to encrypt your data in transit.
│    │     │ └ properties
│    │     │    └ EncryptionAtRest: (documentation changed)
│    │     ├[~] type Firehose
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Firehose details for BrokerLogs.
│    │     │ └ properties
│    │     │    ├ DeliveryStream: (documentation changed)
│    │     │    └ Enabled: (documentation changed)
│    │     ├[~] type Iam
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Details for SASL/IAM client authentication.
│    │     │ └ properties
│    │     │    └ Enabled: (documentation changed)
│    │     ├[~] type JmxExporter
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Indicates whether you want to enable or disable the JMX Exporter.
│    │     │ └ properties
│    │     │    └ EnabledInBroker: (documentation changed)
│    │     ├[~] type LoggingInfo
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: You can configure your MSK cluster to send broker logs to different destination types. This is a container for the configuration details related to broker logs.
│    │     │ └ properties
│    │     │    └ BrokerLogs: (documentation changed)
│    │     ├[~] type NodeExporter
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Indicates whether you want to enable or disable the Node Exporter.
│    │     │ └ properties
│    │     │    └ EnabledInBroker: (documentation changed)
│    │     ├[~] type OpenMonitoring
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: JMX and Node monitoring for the MSK cluster.
│    │     │ └ properties
│    │     │    └ Prometheus: (documentation changed)
│    │     ├[~] type Prometheus
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Prometheus settings for open monitoring.
│    │     │ └ properties
│    │     │    ├ JmxExporter: (documentation changed)
│    │     │    └ NodeExporter: (documentation changed)
│    │     ├[~] type ProvisionedThroughput
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Contains information about provisioned throughput for EBS storage volumes attached to kafka broker nodes.
│    │     │ └ properties
│    │     │    ├ Enabled: (documentation changed)
│    │     │    └ VolumeThroughput: (documentation changed)
│    │     ├[~] type PublicAccess
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Broker access controls
│    │     │ └ properties
│    │     │    └ Type: (documentation changed)
│    │     ├[~] type S3
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: The details of the Amazon S3 destination for broker logs.
│    │     │ └ properties
│    │     │    ├ Bucket: (documentation changed)
│    │     │    ├ Enabled: (documentation changed)
│    │     │    └ Prefix: (documentation changed)
│    │     ├[~] type Sasl
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Details for client authentication using SASL. To turn on SASL, you must also turn on `EncryptionInTransit` by setting `inCluster` to true. You must set `clientBroker` to either `TLS` or `TLS_PLAINTEXT` . If you choose `TLS_PLAINTEXT` , then you must also set `unauthenticated` to true.
│    │     │ └ properties
│    │     │    ├ Iam: (documentation changed)
│    │     │    └ Scram: (documentation changed)
│    │     ├[~] type Scram
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Details for SASL/SCRAM client authentication.
│    │     │ └ properties
│    │     │    └ Enabled: (documentation changed)
│    │     ├[~] type StorageInfo
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Contains information about storage volumes attached to Amazon MSK broker nodes.
│    │     │ └ properties
│    │     │    └ EBSStorageInfo: (documentation changed)
│    │     ├[~] type Tls
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Details for client authentication using TLS.
│    │     │ └ properties
│    │     │    ├ CertificateAuthorityArnList: (documentation changed)
│    │     │    └ Enabled: (documentation changed)
│    │     ├[~] type Unauthenticated
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Details for allowing no client authentication.
│    │     │ └ properties
│    │     │    └ Enabled: (documentation changed)
│    │     ├[~] type VpcConnectivity
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: VPC connection control settings for brokers.
│    │     │ └ properties
│    │     │    └ ClientAuthentication: (documentation changed)
│    │     ├[~] type VpcConnectivityClientAuthentication
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Includes all client authentication information for VpcConnectivity.
│    │     │ └ properties
│    │     │    ├ Sasl: (documentation changed)
│    │     │    └ Tls: (documentation changed)
│    │     ├[~] type VpcConnectivityIam
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Details for SASL/IAM client authentication for VpcConnectivity.
│    │     │ └ properties
│    │     │    └ Enabled: (documentation changed)
│    │     ├[~] type VpcConnectivitySasl
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Details for client authentication using SASL for VpcConnectivity.
│    │     │ └ properties
│    │     │    ├ Iam: (documentation changed)
│    │     │    └ Scram: (documentation changed)
│    │     ├[~] type VpcConnectivityScram
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Details for SASL/SCRAM client authentication for VpcConnectivity.
│    │     │ └ properties
│    │     │    └ Enabled: (documentation changed)
│    │     └[~] type VpcConnectivityTls
│    │       ├      - documentation: undefined
│    │       │      + documentation: Details for client authentication using TLS for VpcConnectivity.
│    │       └ properties
│    │          └ Enabled: (documentation changed)
│    └[~]  resource AWS::MSK::ServerlessCluster
│       └ types
│          ├[~] type ClientAuthentication
│          │ ├      - documentation: undefined
│          │ │      + documentation: Includes all client authentication information.
│          │ └ properties
│          │    └ Sasl: (documentation changed)
│          ├[~] type Iam
│          │ ├      - documentation: undefined
│          │ │      + documentation: Details for SASL/IAM client authentication.
│          │ └ properties
│          │    └ Enabled: (documentation changed)
│          └[~] type Sasl
│            ├      - documentation: undefined
│            │      + documentation: Details for client authentication using SASL. To turn on SASL, you must also turn on `EncryptionInTransit` by setting `inCluster` to true. You must set `clientBroker` to either `TLS` or `TLS_PLAINTEXT` . If you choose `TLS_PLAINTEXT` , then you must also set `unauthenticated` to true.
│            └ properties
│               └ Iam: (documentation changed)
├[~] service aws-neptune
│ └ resources
│    └[~]  resource AWS::Neptune::DBSubnetGroup
│       └ attributes
│          └[-] Id: string
├[~] service aws-opensearchservice
│ └ resources
│    ├[~]  resource AWS::OpenSearchService::Application
│    │  ├      - documentation: Creates an OpenSearch Application.
│    │  │      + documentation: Creates an OpenSearch UI application. For more information, see [Using the OpenSearch user interface in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/application.html) .
│    │  ├ properties
│    │  │  ├ Endpoint: (documentation changed)
│    │  │  ├ IamIdentityCenterOptions: (documentation changed)
│    │  │  └ Name: (documentation changed)
│    │  ├ attributes
│    │  │  └ Id: (documentation changed)
│    │  └ types
│    │     ├[~] type AppConfig
│    │     │ ├      - documentation: Configurations of the OpenSearch Application.
│    │     │ │      + documentation: Configuration settings for an OpenSearch application. For more information, see see [Using the OpenSearch user interface in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/application.html) .
│    │     │ └ properties
│    │     │    ├ Key: (documentation changed)
│    │     │    └ Value: (documentation changed)
│    │     ├[~] type DataSource
│    │     │ └      - documentation: Data sources that are associated with an OpenSearch Application.
│    │     │        + documentation: Data sources that are associated with an OpenSearch application.
│    │     └[~] type IamIdentityCenterOptions
│    │       ├      - documentation: Settings for IAM Identity Center for an OpenSearch Application.
│    │       │      + documentation: Configuration settings for IAM Identity Center in an OpenSearch application.
│    │       └ properties
│    │          ├ Enabled: (documentation changed)
│    │          └ IamRoleForIdentityCenterApplicationArn: (documentation changed)
│    └[~]  resource AWS::OpenSearchService::Domain
│       ├ properties
│       │  └ IdentityCenterOptions: (documentation changed)
│       ├ attributes
│       │  ├ IdentityCenterOptions.IdentityCenterApplicationARN: (documentation changed)
│       │  └ IdentityCenterOptions.IdentityStoreId: (documentation changed)
│       └ types
│          ├[~] type IdentityCenterOptions
│          │ ├      - documentation: Container for IAM Identity Center Options settings.
│          │ │      + documentation: Settings container for integrating IAM Identity Center with OpenSearch UI applications, which enables enabling secure user authentication and access control across multiple data sources. This setup supports single sign-on (SSO) through IAM Identity Center, allowing centralized user management.
│          │ └ properties
│          │    ├ EnabledAPIAccess: (documentation changed)
│          │    ├ IdentityCenterApplicationARN: (documentation changed)
│          │    ├ IdentityCenterInstanceARN: (documentation changed)
│          │    ├ IdentityStoreId: (documentation changed)
│          │    ├ RolesKey: (documentation changed)
│          │    └ SubjectKey: (documentation changed)
│          ├[~] type NodeConfig
│          │ ├      - documentation: Container for specifying configuration of any node type.
│          │ │      + documentation: Configuration options for defining the setup of any node type within the cluster.
│          │ └ properties
│          │    ├ Count: (documentation changed)
│          │    ├ Enabled: (documentation changed)
│          │    └ Type: (documentation changed)
│          └[~] type NodeOption
│            ├      - documentation: Container for specifying node type.
│            │      + documentation: Configuration settings for defining the node type within a cluster.
│            └ properties
│               ├ NodeConfig: (documentation changed)
│               └ NodeType: (documentation changed)
├[~] service aws-paymentcryptography
│ └ resources
│    └[~]  resource AWS::PaymentCryptography::Key
│       └ properties
│          └[+] DeriveKeyUsage: string
├[~] service aws-qbusiness
│ └ resources
│    └[~]  resource AWS::QBusiness::DataSource
│       └ types
│          ├[+]  type AudioExtractionConfiguration
│          │  ├      documentation: Configuration settings for audio content extraction and processing.
│          │  │      name: AudioExtractionConfiguration
│          │  └ properties
│          │     └ AudioExtractionStatus: string (required)
│          ├[~] type HookConfiguration
│          │ └ properties
│          │    └ LambdaArn: (documentation changed)
│          ├[~] type MediaExtractionConfiguration
│          │ └ properties
│          │    ├[+] AudioExtractionConfiguration: AudioExtractionConfiguration
│          │    └[+] VideoExtractionConfiguration: VideoExtractionConfiguration
│          └[+]  type VideoExtractionConfiguration
│             ├      documentation: Configuration settings for video content extraction and processing.
│             │      name: VideoExtractionConfiguration
│             └ properties
│                └ VideoExtractionStatus: string (required)
├[~] service aws-quicksight
│ └ resources
│    ├[~]  resource AWS::QuickSight::Analysis
│    │  └ types
│    │     ├[~] type TableFieldOptions
│    │     │ └ properties
│    │     │    └[+] TransposedTableOptions: Array<TransposedTableOption>
│    │     └[+]  type TransposedTableOption
│    │        ├      documentation: The column option of the transposed table.
│    │        │      name: TransposedTableOption
│    │        └ properties
│    │           ├ ColumnWidth: string
│    │           ├ ColumnIndex: number
│    │           └ ColumnType: string (required)
│    ├[~]  resource AWS::QuickSight::Dashboard
│    │  └ types
│    │     ├[~] type TableFieldOptions
│    │     │ └ properties
│    │     │    └[+] TransposedTableOptions: Array<TransposedTableOption>
│    │     └[+]  type TransposedTableOption
│    │        ├      documentation: The column option of the transposed table.
│    │        │      name: TransposedTableOption
│    │        └ properties
│    │           ├ ColumnWidth: string
│    │           ├ ColumnIndex: number
│    │           └ ColumnType: string (required)
│    └[~]  resource AWS::QuickSight::Template
│       └ types
│          ├[~] type TableFieldOptions
│          │ └ properties
│          │    └[+] TransposedTableOptions: Array<TransposedTableOption>
│          └[+]  type TransposedTableOption
│             ├      documentation: The column option of the transposed table.
│             │      name: TransposedTableOption
│             └ properties
│                ├ ColumnWidth: string
│                ├ ColumnIndex: number
│                └ ColumnType: string (required)
├[~] service aws-rds
│ └ resources
│    └[~]  resource AWS::RDS::DBInstance
│       └ properties
│          ├[-] CertificateDetails: CertificateDetails
│          └[-] Endpoint: Endpoint
├[~] service aws-redshiftserverless
│ └ resources
│    └[~]  resource AWS::RedshiftServerless::Workgroup
│       ├ properties
│       │  └ SnapshotOwnerAccount: (documentation changed)
│       └ attributes
│          └[-] Workgroup.BaseCapacity: integer
├[~] service aws-route53resolver
│ └ resources
│    ├[~]  resource AWS::Route53Resolver::ResolverConfig
│    │  └ properties
│    │     └ ResourceId: (documentation changed)
│    └[~]  resource AWS::Route53Resolver::ResolverQueryLoggingConfig
│       ├      - tagInformation: undefined
│       │      + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│       └ properties
│          └[+] Tags: Array<tag> (immutable)
├[~] service aws-sagemaker
│ └ resources
│    └[~]  resource AWS::SageMaker::PartnerApp
│       ├      - documentation: Creates an Amazon SageMaker Partner AI App.
│       │      + documentation: The `AWS::SageMaker::PartnerApp` resource creates an Amazon SageMaker Partner AI App. For more information, see [Partner AI Apps](https://docs.aws.amazon.com/sagemaker/latest/dg/partner-apps.html) .
│       ├ properties
│       │  ├ ApplicationConfig: (documentation changed)
│       │  ├ AuthType: (documentation changed)
│       │  ├ ExecutionRoleArn: (documentation changed)
│       │  ├ Name: (documentation changed)
│       │  ├ Tier: (documentation changed)
│       │  └ Type: (documentation changed)
│       ├ attributes
│       │  └ Arn: (documentation changed)
│       └ types
│          ├[~] type PartnerAppConfig
│          │ ├      - documentation: Configuration settings for the SageMaker Partner AI App.
│          │ │      + documentation: A collection of configuration settings for the PartnerApp.
│          │ └ properties
│          │    ├ AdminUsers: (documentation changed)
│          │    └ Arguments: (documentation changed)
│          └[~] type PartnerAppMaintenanceConfig
│            ├      - documentation: Maintenance configuration settings for the SageMaker Partner AI App.
│            │      + documentation: A collection of settings that specify the maintenance schedule for the PartnerApp.
│            └ properties
│               └ MaintenanceWindowStart: (documentation changed)
├[~] service aws-ssmquicksetup
│ └ resources
│    └[~]  resource AWS::SSMQuickSetup::ConfigurationManager
│       └ types
│          └[~] type ConfigurationDefinition
│            └ properties
│               └ Parameters: (documentation changed)
├[~] service aws-stepfunctions
│ └ resources
│    └[~]  resource AWS::StepFunctions::Activity
│       └ properties
│          └ Name: (documentation changed)
└[~] service aws-transfer
  └ resources
     ├[~]  resource AWS::Transfer::Connector
     │  └ types
     │     └[~] type SftpConfig
     │       └ properties
     │          ├ TrustedHostKeys: (documentation changed)
     │          └ UserSecretId: (documentation changed)
     └[~]  resource AWS::Transfer::WebApp
        └ properties
           └[+] WebAppEndpointPolicy: string (immutable)

BREAKING CHANGE: Some L1 resources experienced breaking changes due to updated CloudFormation resources. Please check the notes for each specific module for more information.

• backup: The ScheduleStatus property has been removed from AWS::Backup::RestoreTestingPlan.
• eks: The DisableSessionTags and TargetRoleArn properties and ExternalId attribute have been removed from AWS::EKS::PodIdentityAssociation.
• neptune: The Id attribute has been removed from AWS::Neptune::DBSubnetGroup.
• rds: The CertificateDetails and Endpoint properties have been removed from AWS::RDS::DBInstance.
• redshiftserverless: The Workgroup.BaseCapacity attribute has been removed from AWS::RedshiftServerless::Workgroup.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 84.00%. Comparing base (14cd83b) to head (6e22706).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #34164   +/-   ##
=======================================
  Coverage   84.00%   84.00%           
=======================================
  Files         121      121           
  Lines        6985     6985           
  Branches     1179     1179           
=======================================
  Hits         5868     5868           
  Misses       1005     1005           
  Partials      112      112           

Flag	Coverage Δ
suite.unit	84.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
packages/aws-cdk	∅ <ø> (∅)
packages/aws-cdk-lib/core	84.00% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[paulhcsun]

@Mergifyio update

[mergify]

update

✅ Branch has been successfully updated

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 6e22706
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.