Skip to content

feat(sources): update documentation #2247

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
aws-cdk-automation merged 1 commit into from
Nov 26, 2025
Merged

feat(sources): update documentation #2247

aws-cdk-automation merged 1 commit into from
Nov 26, 2025

Conversation

@aws-cdk-automation
Copy link
Contributor

@aws-cdk-automation aws-cdk-automation commented Nov 26, 2025

⚠️ This Pull Request updates daily and will overwrite all manual changes pushed to the branch

Updates the documentation source from upstream. See details in workflow run.

Automatically created by projen via the "update-source-documentation" workflow

@github-actions
feat(sources): update documentation
a5f2a9f 
> ⚠️ This Pull Request updates daily and will overwrite **all** manual changes pushed to the branch

Updates the documentation source from upstream. See details in [workflow run].

[Workflow Run]: https://github.com/cdklabs/awscdk-service-spec/actions/runs/19691636735

------

*Automatically created by projen via the "update-source-documentation" workflow*

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@github-actions
Copy link
Contributor

github-actions bot commented Nov 26, 2025

To work on this Pull Request, please create a new branch and PR. This prevents your work from being deleted by the automation.

Run the following commands inside the repo:

gh co 2247
git switch -c fix-pr-2247 && git push -u origin HEAD
gh pr create -t "fix: PR #2247" --body "Fixes https://github.com/cdklabs/awscdk-service-spec/pull/2247"

@github-actions
Copy link
Contributor

github-actions bot commented Nov 26, 2025

@aws-cdk/aws-service-spec: Model database diff detected
📁 Download full diff

├[~] service aws-athena
│ └ resources
│    └[~]  resource AWS::Athena::WorkGroup
│       └ types
│          ├[~] type EngineConfiguration
│          │ ├      - documentation: The engine configuration for running queries.
│          │ │      + documentation: The engine configuration for the workgroup, which includes the minimum/maximum number of Data Processing Units (DPU) that queries should use when running in provisioned capacity. If not specified, Athena uses default values (Default value for min is 4 and for max is Minimum of 124 and allocated DPUs).
│          │ │      To specify DPU values for PC queries the WG containing EngineConfiguration should have the following values: The name of the Classifications should be `athena-query-engine-properties` , with the only allowed properties as `max-dpu-count` and `min-dpu-count` .
│          │ └ properties
│          │    └ AdditionalConfigs: (documentation changed)
│          └[~] type ManagedLoggingConfiguration
│            ├      - documentation: Configuration settings for managed log persistence.
│            │      + documentation: Configuration settings for delivering logs to Amazon S3 buckets.
│            └ properties
│               └ Enabled: (documentation changed)
├[~] service aws-bedrock
│ └ resources
│    ├[~]  resource AWS::Bedrock::Guardrail
│    │  └ attributes
│    │     ├ CreatedAt: (documentation changed)
│    │     └ UpdatedAt: (documentation changed)
│    └[~]  resource AWS::Bedrock::KnowledgeBase
│       └ types
│          └[~] type StorageConfiguration
│            └ properties
│               └ S3VectorsConfiguration: (documentation changed)
├[~] service aws-cloudfront
│ └ resources
│    ├[~]  resource AWS::CloudFront::ConnectionFunction
│    │  ├      - documentation: Resource Type definition for AWS::CloudFront::ConnectionFunction
│    │  │      + documentation: A connection function.
│    │  ├ properties
│    │  │  ├ AutoPublish: (documentation changed)
│    │  │  ├ ConnectionFunctionCode: (documentation changed)
│    │  │  ├ ConnectionFunctionConfig: (documentation changed)
│    │  │  ├ Name: (documentation changed)
│    │  │  └ Tags: (documentation changed)
│    │  ├ attributes
│    │  │  ├ ConnectionFunctionArn: (documentation changed)
│    │  │  ├ CreatedTime: (documentation changed)
│    │  │  ├ ETag: (documentation changed)
│    │  │  ├ Id: (documentation changed)
│    │  │  ├ LastModifiedTime: (documentation changed)
│    │  │  ├ Stage: (documentation changed)
│    │  │  └ Status: (documentation changed)
│    │  └ types
│    │     ├[~] type ConnectionFunctionConfig
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Contains configuration information about a CloudFront function.
│    │     │ └ properties
│    │     │    ├ Comment: (documentation changed)
│    │     │    ├ KeyValueStoreAssociations: (documentation changed)
│    │     │    └ Runtime: (documentation changed)
│    │     └[~] type KeyValueStoreAssociation
│    │       ├      - documentation: undefined
│    │       │      + documentation: The key value store association.
│    │       └ properties
│    │          └ KeyValueStoreARN: (documentation changed)
│    ├[~]  resource AWS::CloudFront::Distribution
│    │  └ types
│    │     ├[~] type ConnectionFunctionAssociation
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: A connection function association.
│    │     │ └ properties
│    │     │    └ Id: (documentation changed)
│    │     ├[~] type DistributionConfig
│    │     │ └ properties
│    │     │    ├ ConnectionFunctionAssociation: (documentation changed)
│    │     │    └ ViewerMtlsConfig: (documentation changed)
│    │     ├[~] type TrustStoreConfig
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: A trust store configuration.
│    │     │ └ properties
│    │     │    ├ AdvertiseTrustStoreCaNames: (documentation changed)
│    │     │    ├ IgnoreCertificateExpiry: (documentation changed)
│    │     │    └ TrustStoreId: (documentation changed)
│    │     └[~] type ViewerMtlsConfig
│    │       ├      - documentation: undefined
│    │       │      + documentation: A viewer mTLS configuration.
│    │       └ properties
│    │          ├ Mode: (documentation changed)
│    │          └ TrustStoreConfig: (documentation changed)
│    └[~]  resource AWS::CloudFront::TrustStore
│       ├      - documentation: Resource Type definition for AWS::CloudFront::TrustStore. TrustStores contain CA certificates for mTLS authentication and can be associated with CloudFront distributions.
│       │      + documentation: A trust store.
│       ├ properties
│       │  ├ CaCertificatesBundleSource: (documentation changed)
│       │  ├ Name: (documentation changed)
│       │  └ Tags: (documentation changed)
│       ├ attributes
│       │  ├ Arn: (documentation changed)
│       │  ├ ETag: (documentation changed)
│       │  ├ Id: (documentation changed)
│       │  ├ LastModifiedTime: (documentation changed)
│       │  ├ NumberOfCaCertificates: (documentation changed)
│       │  └ Status: (documentation changed)
│       └ types
│          ├[~] type CaCertificatesBundleS3Location
│          │ ├      - documentation: undefined
│          │ │      + documentation: The CA certificates bundle location in Amazon S3.
│          │ └ properties
│          │    ├ Bucket: (documentation changed)
│          │    ├ Key: (documentation changed)
│          │    ├ Region: (documentation changed)
│          │    └ Version: (documentation changed)
│          └[~] type CaCertificatesBundleSource
│            ├      - documentation: undefined
│            │      + documentation: A CA certificates bundle source.
│            └ properties
│               └ CaCertificatesBundleS3Location: (documentation changed)
├[~] service aws-cloudtrail
│ └ resources
│    ├[~]  resource AWS::CloudTrail::EventDataStore
│    │  └ types
│    │     └[~] type AdvancedFieldSelector
│    │       └ properties
│    │          └ Field: (documentation changed)
│    └[~]  resource AWS::CloudTrail::Trail
│       └ types
│          ├[~] type AdvancedFieldSelector
│          │ └ properties
│          │    └ Field: (documentation changed)
│          ├[~] type AggregationConfiguration
│          │ ├      - documentation: Configure to add aggregation rules to aggregate CloudTrail Events.
│          │ │      + documentation: An object that contains configuration settings for aggregating events.
│          │ └ properties
│          │    ├ EventCategory: (documentation changed)
│          │    └ Templates: (documentation changed)
│          └[~] type InsightSelector
│            └ properties
│               └ EventCategories: (documentation changed)
├[~] service aws-cognito
│ └ resources
│    └[~]  resource AWS::Cognito::Terms
│       ├      - documentation: Resource Type definition for AWS::Cognito::Terms
│       │      + documentation: Creates terms documents for the requested app client. When Terms and conditions and Privacy policy documents are configured, the app client displays links to them in the sign-up page of managed login for the app client.
│       │      You can provide URLs for terms documents in the languages that are supported by [managed login localization](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html#managed-login-localization) . Amazon Cognito directs users to the terms documents for their current language, with fallback to `default` if no document exists for the language.
│       │      Each request accepts one type of terms document and a map of language-to-link for that document type. You must provide both types of terms documents in at least one language before Amazon Cognito displays your terms documents. Supply each type in separate requests.
│       │      For more information, see [Terms documents](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html#managed-login-terms-documents) .
│       │      > Amazon Cognito evaluates AWS Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
│       │      > 
│       │      > **Learn more** - [Signing AWS API Requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html)
│       │      > - [Using the Amazon Cognito user pools API and user pool endpoints](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html)
│       ├ properties
│       │  ├ ClientId: (documentation changed)
│       │  ├ Enforcement: (documentation changed)
│       │  ├ Links: (documentation changed)
│       │  ├ TermsName: (documentation changed)
│       │  ├ TermsSource: (documentation changed)
│       │  └ UserPoolId: (documentation changed)
│       └ attributes
│          └ TermsId: (documentation changed)
├[~] service aws-deadline
│ └ resources
│    ├[~]  resource AWS::Deadline::Fleet
│    │  └ types
│    │     ├[~] type AcceleratorCapabilities
│    │     │ └ properties
│    │     │    └ Selections: (documentation changed)
│    │     ├[~] type AcceleratorSelection
│    │     │ └ properties
│    │     │    └ Runtime: (documentation changed)
│    │     ├[~] type CustomerManagedFleetConfiguration
│    │     │ ├      - documentation: The details of a customer managed fleet configuration.
│    │     │ │      + documentation: The configuration details for a customer managed fleet.
│    │     │ └ properties
│    │     │    ├ Mode: (documentation changed)
│    │     │    ├ StorageProfileId: (documentation changed)
│    │     │    ├ TagPropagationMode: (documentation changed)
│    │     │    └ WorkerCapabilities: (documentation changed)
│    │     └[~] type ServiceManagedEc2FleetConfiguration
│    │       ├      - documentation: The configuration details for a service managed Amazon EC2 fleet.
│    │       │      + documentation: The configuration details for a service managed EC2 fleet.
│    │       └ properties
│    │          ├ InstanceCapabilities: (documentation changed)
│    │          ├ InstanceMarketOptions: (documentation changed)
│    │          ├ StorageProfileId: (documentation changed)
│    │          └ VpcConfiguration: (documentation changed)
│    └[~]  resource AWS::Deadline::Monitor
│       ├ properties
│       │  ├ IdentityCenterInstanceArn: (documentation changed)
│       │  └ RoleArn: (documentation changed)
│       └ attributes
│          └ IdentityCenterApplicationArn: (documentation changed)
├[~] service aws-directoryservice
│ └ resources
│    ├[~]  resource AWS::DirectoryService::MicrosoftAD
│    │  └      - documentation: The `AWS::DirectoryService::MicrosoftAD` resource specifies a Microsoft Active Directory in AWS so that your directory users and groups can access the the console and AWS applications using their existing credentials. For more information, see [AWS Managed Microsoft AD](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_microsoft_ad.html) in the *Directory Service Admin Guide* .
│    │         + documentation: The `AWS::DirectoryService::MicrosoftAD` resource specifies a Microsoft Active Directory in AWS so that your directory users and groups can access the AWS Management Console and AWS applications using their existing credentials. For more information, see [AWS Managed Microsoft AD](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_microsoft_ad.html) in the *Directory Service Admin Guide* .
│    └[~]  resource AWS::DirectoryService::SimpleAD
│       └      - documentation: The `AWS::DirectoryService::SimpleAD` resource specifies an Directory Service Simple Active Directory ( Simple AD ) in AWS so that your directory users and groups can access the the console and AWS applications using their existing credentials. Simple AD is a Microsoft Active Directory–compatible directory. For more information, see [Simple Active Directory](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_simple_ad.html) in the *Directory Service Admin Guide* .
│              + documentation: The `AWS::DirectoryService::SimpleAD` resource specifies an Directory Service Simple Active Directory ( Simple AD ) in AWS so that your directory users and groups can access the AWS Management Console and AWS applications using their existing credentials. Simple AD is a Microsoft Active Directory–compatible directory. For more information, see [Simple Active Directory](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_simple_ad.html) in the *Directory Service Admin Guide* .
├[~] service aws-ec2
│ └ resources
│    ├[~]  resource AWS::EC2::CapacityReservation
│    │  └ properties
│    │     └ InstanceCount: (documentation changed)
│    ├[~]  resource AWS::EC2::IPAMScope
│    │  └ properties
│    │     └ ExternalAuthorityConfiguration: (documentation changed)
│    ├[~]  resource AWS::EC2::NatGateway
│    │  ├ properties
│    │  │  ├ AvailabilityMode: (documentation changed)
│    │  │  └ AvailabilityZoneAddresses: (documentation changed)
│    │  ├ attributes
│    │  │  ├ AutoProvisionZones: (documentation changed)
│    │  │  ├ AutoScalingIps: (documentation changed)
│    │  │  └ RouteTableId: (documentation changed)
│    │  └ types
│    │     └[~] type AvailabilityZoneAddress
│    │       ├      - documentation: undefined
│    │       │      + documentation: For regional NAT gateways only: The configuration specifying which Elastic IP address (EIP) to use for handling outbound NAT traffic from a specific Availability Zone.
│    │       │      A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.
│    │       │      For more information, see [Regional NAT gateways for automatic multi-AZ expansion](https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateways-regional.html) in the *Amazon VPC User Guide* .
│    │       └ properties
│    │          ├ AllocationIds: (documentation changed)
│    │          ├ AvailabilityZone: (documentation changed)
│    │          └ AvailabilityZoneId: (documentation changed)
│    ├[~]  resource AWS::EC2::TransitGatewayMeteringPolicy
│    │  ├      - documentation: AWS::EC2::TransitGatewayMeteringPolicy Resource Definition
│    │  │      + documentation: Describes a transit gateway metering policy.
│    │  ├ properties
│    │  │  ├ MiddleboxAttachmentIds: (documentation changed)
│    │  │  ├ Tags: (documentation changed)
│    │  │  └ TransitGatewayId: (documentation changed)
│    │  └ attributes
│    │     ├ State: (documentation changed)
│    │     ├ TransitGatewayMeteringPolicyId: (documentation changed)
│    │     └ UpdateEffectiveAt: (documentation changed)
│    ├[~]  resource AWS::EC2::TransitGatewayMeteringPolicyEntry
│    │  ├      - documentation: AWS::EC2::TransitGatewayMeteringPolicyEntry Resource Definition
│    │  │      + documentation: Creates an entry in a transit gateway metering policy to define traffic measurement rules.
│    │  ├ properties
│    │  │  ├ DestinationCidrBlock: (documentation changed)
│    │  │  ├ DestinationPortRange: (documentation changed)
│    │  │  ├ MeteredAccount: (documentation changed)
│    │  │  ├ PolicyRuleNumber: (documentation changed)
│    │  │  ├ SourceCidrBlock: (documentation changed)
│    │  │  └ SourcePortRange: (documentation changed)
│    │  └ attributes
│    │     ├ State: (documentation changed)
│    │     └ UpdateEffectiveAt: (documentation changed)
│    ├[~]  resource AWS::EC2::Volume
│    │  ├      - documentation: Specifies an Amazon Elastic Block Store (Amazon EBS) volume.
│    │  │      When you use AWS CloudFormation to update an Amazon EBS volume that modifies `Iops` , `Size` , or `VolumeType` , there is a cooldown period before another operation can occur. This can cause your stack to report being in `UPDATE_IN_PROGRESS` or `UPDATE_ROLLBACK_IN_PROGRESS` for long periods of time.
│    │  │      Amazon EBS does not support sizing down an Amazon EBS volume. AWS CloudFormation does not attempt to modify an Amazon EBS volume to a smaller size on rollback.
│    │  │      Some common scenarios when you might encounter a cooldown period for Amazon EBS include:
│    │  │      - You successfully update an Amazon EBS volume and the update succeeds. When you attempt another update within the cooldown window, that update will be subject to a cooldown period.
│    │  │      - You successfully update an Amazon EBS volume and the update succeeds but another change in your `update-stack` call fails. The rollback will be subject to a cooldown period.
│    │  │      For more information, see [Requirements for EBS volume modifications](https://docs.aws.amazon.com/ebs/latest/userguide/modify-volume-requirements.html) .
│    │  │      *DeletionPolicy attribute*
│    │  │      To control how AWS CloudFormation handles the volume when the stack is deleted, set a deletion policy for your volume. You can choose to retain the volume, to delete the volume, or to create a snapshot of the volume. For more information, see [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) .
│    │  │      > If you set a deletion policy that creates a snapshot, all tags on the volume are included in the snapshot.
│    │  │      + documentation: Specifies an Amazon Elastic Block Store (Amazon EBS) volume. You can create an empty volume, a volume from a snapshot, or a volume copy from an existing source volume.
│    │  │      > - When you use AWS CloudFormation to update an Amazon EBS volume that modifies `Iops` , `Size` , or `VolumeType` , there is a cooldown period before another operation can occur. This can cause your stack to report being in `UPDATE_IN_PROGRESS` or `UPDATE_ROLLBACK_IN_PROGRESS` for long periods of time. Some common scenarios when you might encounter a cooldown period for Amazon EBS include:
│    │  │      > 
│    │  │      > - You successfully update an Amazon EBS volume and the update succeeds. When you attempt another update within the cooldown window, that update will be subject to a cooldown period.
│    │  │      > - You successfully update an Amazon EBS volume and the update succeeds but another change in your `update-stack` call fails. The rollback will be subject to a cooldown period.
│    │  │      > 
│    │  │      > For more information, see [Requirements for EBS volume modifications](https://docs.aws.amazon.com/ebs/latest/userguide/modify-volume-requirements.html) .
│    │  │      > - Amazon EBS does not support sizing down an Amazon EBS volume. AWS CloudFormation does not attempt to modify an Amazon EBS volume to a smaller size on rollback. 
│    │  │      *DeletionPolicy attribute*
│    │  │      To control how AWS CloudFormation handles the volume when the stack is deleted, set a deletion policy for your volume. You can choose to retain the volume, to delete the volume, or to create a snapshot of the volume. For more information, see [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) .
│    │  │      > If you set a deletion policy that creates a snapshot, all tags on the volume are included in the snapshot.
│    │  └ properties
│    │     ├ AvailabilityZone: (documentation changed)
│    │     ├ AvailabilityZoneId: (documentation changed)
│    │     ├ Encrypted: (documentation changed)
│    │     ├ KmsKeyId: (documentation changed)
│    │     ├ OutpostArn: (documentation changed)
│    │     ├ Size: (documentation changed)
│    │     ├ SnapshotId: (documentation changed)
│    │     ├ SourceVolumeId: (documentation changed)
│    │     └ VolumeType: (documentation changed)
│    ├[~]  resource AWS::EC2::VPCEncryptionControl
│    │  ├      - documentation: Resource Type definition for AWS::EC2::VPCEncryptionControl
│    │  │      + documentation: Describes the configuration and state of VPC encryption controls.
│    │  │      For more information, see [Enforce VPC encryption in transit](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-encryption-controls.html) in the *Amazon VPC User Guide* .
│    │  ├ properties
│    │  │  ├ EgressOnlyInternetGatewayExclusionInput: (documentation changed)
│    │  │  ├ ElasticFileSystemExclusionInput: (documentation changed)
│    │  │  ├ InternetGatewayExclusionInput: (documentation changed)
│    │  │  ├ LambdaExclusionInput: (documentation changed)
│    │  │  ├ Mode: (documentation changed)
│    │  │  ├ NatGatewayExclusionInput: (documentation changed)
│    │  │  ├ Tags: (documentation changed)
│    │  │  ├ VirtualPrivateGatewayExclusionInput: (documentation changed)
│    │  │  ├ VpcId: (documentation changed)
│    │  │  ├ VpcLatticeExclusionInput: (documentation changed)
│    │  │  └ VpcPeeringExclusionInput: (documentation changed)
│    │  ├ attributes
│    │  │  ├ ResourceExclusions.EgressOnlyInternetGateway: (documentation changed)
│    │  │  ├ ResourceExclusions.EgressOnlyInternetGateway.State: (documentation changed)
│    │  │  ├ ResourceExclusions.EgressOnlyInternetGateway.StateMessage: (documentation changed)
│    │  │  ├ ResourceExclusions.ElasticFileSystem: (documentation changed)
│    │  │  ├ ResourceExclusions.ElasticFileSystem.State: (documentation changed)
│    │  │  ├ ResourceExclusions.ElasticFileSystem.StateMessage: (documentation changed)
│    │  │  ├ ResourceExclusions.InternetGateway: (documentation changed)
│    │  │  ├ ResourceExclusions.InternetGateway.State: (documentation changed)
│    │  │  ├ ResourceExclusions.InternetGateway.StateMessage: (documentation changed)
│    │  │  ├ ResourceExclusions.Lambda: (documentation changed)
│    │  │  ├ ResourceExclusions.Lambda.State: (documentation changed)
│    │  │  ├ ResourceExclusions.Lambda.StateMessage: (documentation changed)
│    │  │  ├ ResourceExclusions.NatGateway: (documentation changed)
│    │  │  ├ ResourceExclusions.NatGateway.State: (documentation changed)
│    │  │  ├ ResourceExclusions.NatGateway.StateMessage: (documentation changed)
│    │  │  ├ ResourceExclusions.VirtualPrivateGateway: (documentation changed)
│    │  │  ├ ResourceExclusions.VirtualPrivateGateway.State: (documentation changed)
│    │  │  ├ ResourceExclusions.VirtualPrivateGateway.StateMessage: (documentation changed)
│    │  │  ├ ResourceExclusions.VpcLattice: (documentation changed)
│    │  │  ├ ResourceExclusions.VpcLattice.State: (documentation changed)
│    │  │  ├ ResourceExclusions.VpcLattice.StateMessage: (documentation changed)
│    │  │  ├ ResourceExclusions.VpcPeering: (documentation changed)
│    │  │  ├ ResourceExclusions.VpcPeering.State: (documentation changed)
│    │  │  ├ ResourceExclusions.VpcPeering.StateMessage: (documentation changed)
│    │  │  ├ State: (documentation changed)
│    │  │  ├ StateMessage: (documentation changed)
│    │  │  └ VpcEncryptionControlId: (documentation changed)
│    │  └ types
│    │     ├[~] type ResourceExclusions
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Information about resource exclusions for the VPC Encryption Control configuration.
│    │     │ └ properties
│    │     │    ├ EgressOnlyInternetGateway: (documentation changed)
│    │     │    ├ ElasticFileSystem: (documentation changed)
│    │     │    ├ InternetGateway: (documentation changed)
│    │     │    ├ Lambda: (documentation changed)
│    │     │    ├ NatGateway: (documentation changed)
│    │     │    ├ VirtualPrivateGateway: (documentation changed)
│    │     │    ├ VpcLattice: (documentation changed)
│    │     │    └ VpcPeering: (documentation changed)
│    │     └[~] type VpcEncryptionControlExclusion
│    │       ├      - documentation: undefined
│    │       │      + documentation: Describes an exclusion configuration for VPC Encryption Control.
│    │       │      For more information, see [Enforce VPC encryption in transit](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-encryption-controls.html) in the *Amazon VPC User Guide* .
│    │       └ properties
│    │          ├ State: (documentation changed)
│    │          └ StateMessage: (documentation changed)
│    └[~]  resource AWS::EC2::VPNConnection
│       └ types
│          └[~] type CloudwatchLogOptionsSpecification
│            └ properties
│               ├ BgpLogEnabled: (documentation changed)
│               ├ BgpLogGroupArn: (documentation changed)
│               └ BgpLogOutputFormat: (documentation changed)
├[~] service aws-ecr
│ └ resources
│    ├[~]  resource AWS::ECR::PullTimeUpdateExclusion
│    │  └ properties
│    │     └ PrincipalArn: (documentation changed)
│    └[~]  resource AWS::ECR::SigningConfiguration
│       ├      - documentation: The AWS::ECR::SigningConfiguration resource creates or updates the signing configuration for an Amazon ECR registry.
│       │      + documentation: The signing configuration for a registry, which specifies rules for automatically signing images when pushed.
│       ├ properties
│       │  └ Rules: (documentation changed)
│       └ types
│          └[~] type RepositoryFilter
│            ├      - documentation: An array of objects representing the details of a repository filter.
│            │      + documentation: The filter settings used with image replication. Specifying a repository filter to a replication rule provides a method for controlling which repositories in a private registry are replicated. If no filters are added, the contents of all repositories are replicated.
│            └ properties
│               ├ Filter: (documentation changed)
│               └ FilterType: (documentation changed)
├[~] service aws-ecs
│ └ resources
│    ├[~]  resource AWS::ECS::CapacityProvider
│    │  └ types
│    │     ├[~] type InfrastructureOptimization
│    │     │ ├      - documentation: Defines how Amazon ECS Managed Instances optimizes the infrastructure in your capacity provider. Configure it to turn on or off the infrastructure optimization in your capacity provider, and to control the idle EC2 instances optimization delay.
│    │     │ │      + documentation: The configuration that controls how Amazon ECS optimizes your infrastructure.
│    │     │ └ properties
│    │     │    └ ScaleInAfter: (documentation changed)
│    │     └[~] type ManagedInstancesProvider
│    │       └ properties
│    │          └ InfrastructureOptimization: (documentation changed)
│    ├[~]  resource AWS::ECS::ExpressGatewayService
│    │  ├      - documentation: Resource Type definition for AWS::ECS::ExpressGatewayService
│    │  │      + documentation: Creates an Express service that simplifies deploying containerized web applications on Amazon ECS with managed AWS infrastructure. This operation provisions and configures Application Load Balancers, target groups, security groups, and auto-scaling policies automatically.
│    │  │      Specify a primary container configuration with your application image and basic settings. Amazon ECS creates the necessary AWS resources for traffic distribution, health monitoring, network access control, and capacity management.
│    │  │      Provide an execution role for task operations and an infrastructure role for managing AWS resources on your behalf.
│    │  ├ properties
│    │  │  ├ Cluster: (documentation changed)
│    │  │  ├ Cpu: (documentation changed)
│    │  │  ├ ExecutionRoleArn: (documentation changed)
│    │  │  ├ HealthCheckPath: (documentation changed)
│    │  │  ├ InfrastructureRoleArn: (documentation changed)
│    │  │  ├ Memory: (documentation changed)
│    │  │  ├ NetworkConfiguration: (documentation changed)
│    │  │  ├ PrimaryContainer: (documentation changed)
│    │  │  ├ ScalingTarget: (documentation changed)
│    │  │  ├ ServiceName: (documentation changed)
│    │  │  ├ Tags: (documentation changed)
│    │  │  └ TaskRoleArn: (documentation changed)
│    │  ├ attributes
│    │  │  ├ ActiveConfigurations: (documentation changed)
│    │  │  ├ CreatedAt: (documentation changed)
│    │  │  ├ ServiceArn: (documentation changed)
│    │  │  └ UpdatedAt: (documentation changed)
│    │  └ types
│    │     ├[~] type ExpressGatewayContainer
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Defines the configuration for the primary container in an Express service. This container receives traffic from the Application Load Balancer and runs your application code.
│    │     │ │      The container configuration includes the container image, port mapping, logging settings, environment variables, and secrets. The container image is the only required parameter, with sensible defaults provided for other settings.
│    │     │ └ properties
│    │     │    ├ AwsLogsConfiguration: (documentation changed)
│    │     │    ├ Command: (documentation changed)
│    │     │    ├ ContainerPort: (documentation changed)
│    │     │    ├ Environment: (documentation changed)
│    │     │    ├ Image: (documentation changed)
│    │     │    ├ RepositoryCredentials: (documentation changed)
│    │     │    └ Secrets: (documentation changed)
│    │     ├[~] type ExpressGatewayRepositoryCredentials
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: The repository credentials for private registry authentication to pass to the container.
│    │     │ └ properties
│    │     │    └ CredentialsParameter: (documentation changed)
│    │     ├[~] type ExpressGatewayScalingTarget
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Defines the auto-scaling configuration for an Express service. This determines how the service automatically adjusts the number of running tasks based on demand metrics such as CPU utilization, memory utilization, or request count per target.
│    │     │ │      Auto-scaling helps ensure your application can handle varying levels of traffic while optimizing costs by scaling down during low-demand periods. You can specify the minimum and maximum number of tasks, the scaling metric, and the target value for that metric.
│    │     │ └ properties
│    │     │    ├ AutoScalingMetric: (documentation changed)
│    │     │    ├ AutoScalingTargetValue: (documentation changed)
│    │     │    ├ MaxTaskCount: (documentation changed)
│    │     │    └ MinTaskCount: (documentation changed)
│    │     ├[~] type ExpressGatewayServiceAwsLogsConfiguration
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Specifies the Amazon CloudWatch Logs configuration for the Express service container.
│    │     │ └ properties
│    │     │    ├ LogGroup: (documentation changed)
│    │     │    └ LogStreamPrefix: (documentation changed)
│    │     ├[~] type ExpressGatewayServiceConfiguration
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Represents a specific configuration revision of an Express service, containing all the settings and parameters for that revision.
│    │     │ └ properties
│    │     │    ├ Cpu: (documentation changed)
│    │     │    ├ CreatedAt: (documentation changed)
│    │     │    ├ ExecutionRoleArn: (documentation changed)
│    │     │    ├ HealthCheckPath: (documentation changed)
│    │     │    ├ IngressPaths: (documentation changed)
│    │     │    ├ Memory: (documentation changed)
│    │     │    ├ NetworkConfiguration: (documentation changed)
│    │     │    ├ PrimaryContainer: (documentation changed)
│    │     │    ├ ScalingTarget: (documentation changed)
│    │     │    ├ ServiceRevisionArn: (documentation changed)
│    │     │    └ TaskRoleArn: (documentation changed)
│    │     ├[~] type ExpressGatewayServiceNetworkConfiguration
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: The network configuration for an Express service. By default, an Express service utilizes subnets and security groups associated with the default VPC.
│    │     │ └ properties
│    │     │    ├ SecurityGroups: (documentation changed)
│    │     │    └ Subnets: (documentation changed)
│    │     ├[~] type ExpressGatewayServiceStatus
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: An object that defines the status of Express service creation and information about the status of the service.
│    │     │ └ properties
│    │     │    └ StatusCode: (documentation changed)
│    │     ├[~] type IngressPathSummary
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: The entry point into an Express service.
│    │     │ └ properties
│    │     │    ├ AccessType: (documentation changed)
│    │     │    └ Endpoint: (documentation changed)
│    │     ├[~] type KeyValuePair
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: A key-value pair object.
│    │     │ └ properties
│    │     │    ├ Name: (documentation changed)
│    │     │    └ Value: (documentation changed)
│    │     └[~] type Secret
│    │       ├      - documentation: undefined
│    │       │      + documentation: An object representing the secret to expose to your container. Secrets can be exposed to a container in the following ways:
│    │       │      - To inject sensitive data into your containers as environment variables, use the `secrets` container definition parameter.
│    │       │      - To reference sensitive information in the log configuration of a container, use the `secretOptions` container definition parameter.
│    │       │      For more information, see [Specifying sensitive data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide* .
│    │       └ properties
│    │          ├ Name: (documentation changed)
│    │          └ ValueFrom: (documentation changed)
│    └[~]  resource AWS::ECS::Service
│       └ types
│          └[~] type DeploymentConfiguration
│            └ properties
│               └ Strategy: (documentation changed)
├[~] service aws-eks
│ └ resources
│    └[~]  resource AWS::EKS::Cluster
│       ├ properties
│       │  └ ControlPlaneScalingConfig: (documentation changed)
│       └ types
│          ├[~] type AccessConfig
│          │ └ properties
│          │    └ AuthenticationMode: (documentation changed)
│          └[~] type ControlPlaneScalingConfig
│            ├      - documentation: Configuration for provisioned control plane scaling.
│            │      + documentation: The control plane scaling tier configuration. For more information, see EKS Provisioned Control Plane in the Amazon EKS User Guide.
│            └ properties
│               └ Tier: (documentation changed)
├[~] service aws-elasticloadbalancingv2
│ └ resources
│    ├[~]  resource AWS::ElasticLoadBalancingV2::Listener
│    │  ├ properties
│    │  │  └ Protocol: (documentation changed)
│    │  └ types
│    │     ├[~] type Action
│    │     │ └ properties
│    │     │    └ JwtValidationConfig: (documentation changed)
│    │     └[~] type JwtValidationActionAdditionalClaim
│    │       ├      - documentation: undefined
│    │       │      + documentation: Information about an additional claim to validate.
│    │       └ properties
│    │          ├ Format: (documentation changed)
│    │          ├ Name: (documentation changed)
│    │          └ Values: (documentation changed)
│    ├[~]  resource AWS::ElasticLoadBalancingV2::ListenerRule
│    │  └ types
│    │     ├[~] type Action
│    │     │ └ properties
│    │     │    └ JwtValidationConfig: (documentation changed)
│    │     └[~] type JwtValidationActionAdditionalClaim
│    │       ├      - documentation: undefined
│    │       │      + documentation: Information about an additional claim to validate.
│    │       └ properties
│    │          ├ Format: (documentation changed)
│    │          ├ Name: (documentation changed)
│    │          └ Values: (documentation changed)
│    ├[~]  resource AWS::ElasticLoadBalancingV2::LoadBalancer
│    │  └ types
│    │     └[~] type LoadBalancerAttribute
│    │       └ properties
│    │          └ Key: (documentation changed)
│    └[~]  resource AWS::ElasticLoadBalancingV2::TargetGroup
│       ├ properties
│       │  ├ HealthCheckIntervalSeconds: (documentation changed)
│       │  ├ HealthCheckPort: (documentation changed)
│       │  ├ HealthCheckProtocol: (documentation changed)
│       │  ├ Matcher: (documentation changed)
│       │  ├ Protocol: (documentation changed)
│       │  ├ TargetControlPort: (documentation changed)
│       │  └ UnhealthyThresholdCount: (documentation changed)
│       └ types
│          └[~] type TargetDescription
│            └ properties
│               └ QuicServerId: (documentation changed)
├[~] service aws-events
│ └ resources
│    └[~]  resource AWS::Events::Rule
│       └ properties
│          └ Targets: (documentation changed)
├[~] service aws-fsx
│ └ resources
│    ├[~]  resource AWS::FSx::FileSystem
│    │  └ types
│    │     └[~] type SelfManagedActiveDirectoryConfiguration
│    │       └ properties
│    │          └ DomainJoinServiceAccountSecret: (documentation changed)
│    └[~]  resource AWS::FSx::StorageVirtualMachine
│       └ types
│          └[~] type SelfManagedActiveDirectoryConfiguration
│            └ properties
│               └ DomainJoinServiceAccountSecret: (documentation changed)
├[~] service aws-gamelift
│ └ resources
│    ├[~]  resource AWS::GameLift::ContainerGroupDefinition
│    │  └ properties
│    │     └ OperatingSystem: (documentation changed)
│    └[~]  resource AWS::GameLift::Fleet
│       └ properties
│          ├ InstanceRoleARN: (documentation changed)
│          ├ PeerVpcAwsAccountId: (documentation changed)
│          └ PeerVpcId: (documentation changed)
├[~] service aws-glue
│ └ resources
│    └[~]  resource AWS::Glue::Connection
│       └ types
│          └[~] type ConnectionInput
│            └ properties
│               └ ConnectionType: (documentation changed)
├[~] service aws-iam
│ └ resources
│    ├[~]  resource AWS::IAM::SAMLProvider
│    │  └      - documentation: Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.
│    │         The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the the console or one that supports API access to AWS .
│    │         When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.
│    │         > This operation requires [Signature Version 4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) . 
│    │         For more information, see [Enabling SAML 2.0 federated users to access the the console](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html) and [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide* .
│    │         + documentation: Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.
│    │         The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS .
│    │         When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.
│    │         > This operation requires [Signature Version 4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) . 
│    │         For more information, see [Enabling SAML 2.0 federated users to access the AWS Management Console](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html) and [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide* .
│    └[~]  resource AWS::IAM::User
│       ├ properties
│       │  └ LoginProfile: (documentation changed)
│       └ types
│          └[~] type LoginProfile
│            └      - documentation: Creates a password for the specified user, giving the user the ability to access AWS services through the the console . For more information about managing passwords, see [Managing Passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *IAM User Guide* .
│                   + documentation: Creates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console . For more information about managing passwords, see [Managing Passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *IAM User Guide* .
├[~] service aws-kinesisvideo
│ └ resources
│    └[~]  resource AWS::KinesisVideo::Stream
│       ├ properties
│       │  └ StreamStorageConfiguration: (documentation changed)
│       └ types
│          └[~] type StreamStorageConfiguration
│            ├      - documentation: Configuration for the storage tier of the Kinesis Video Stream.
│            │      + documentation: The configuration for stream storage, including the default storage tier for stream data. This configuration determines how stream data is stored and accessed, with different tiers offering varying levels of performance and cost optimization.
│            └ properties
│               └ DefaultStorageTier: (documentation changed)
├[~] service aws-lambda
│ └ resources
│    ├[~]  resource AWS::Lambda::EventInvokeConfig
│    │  └ types
│    │     └[~] type OnFailure
│    │       └ properties
│    │          └ Destination: (documentation changed)
│    ├[~]  resource AWS::Lambda::EventSourceMapping
│    │  ├ properties
│    │  │  ├ DestinationConfig: (documentation changed)
│    │  │  ├ MaximumRecordAgeInSeconds: (documentation changed)
│    │  │  └ MaximumRetryAttempts: (documentation changed)
│    │  └ types
│    │     ├[~] type OnFailure
│    │     │ └ properties
│    │     │    └ Destination: (documentation changed)
│    │     └[~] type ProvisionedPollerConfig
│    │       └ properties
│    │          └ PollerGroupName: (documentation changed)
│    └[~]  resource AWS::Lambda::Function
│       └ types
│          └[~] type Code
│            ├      - documentation: The [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template.
│            │      > When you specify source code inline for a Node.js function, the `index` file that CloudFormation creates uses the extension `.js` . This means that Lambda treats the file as a CommonJS module. ES modules aren't supported for inline functions. 
│            │      Changes to a deployment package in Amazon S3 or a container image in ECR are not detected automatically during stack updates. To update the function code, change the object key or version in the template.
│            │      + documentation: The [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template.
│            │      > When you specify source code inline for a Node.js function, the `index` file that CloudFormation creates uses the extension `.js` . This means that Node.js treats the file as a CommonJS module. 
│            │      Changes to a deployment package in Amazon S3 or a container image in ECR are not detected automatically during stack updates. To update the function code, change the object key or version in the template.
│            └ properties
│               └ ZipFile: (documentation changed)
├[~] service aws-msk
│ └ resources
│    └[~]  resource AWS::MSK::Cluster
│       └ properties
│          └ CurrentVersion: (documentation changed)
├[~] service aws-organizations
│ └ resources
│    └[~]  resource AWS::Organizations::Policy
│       └ properties
│          └ Content: (documentation changed)
├[~] service aws-pcs
│ └ resources
│    └[~]  resource AWS::PCS::Cluster
│       └ types
│          ├[~] type JwtAuth
│          │ ├      - documentation: JWT authentication configuration for Slurm.
│          │ │      + documentation: The JWT authentication configuration for Slurm REST API access.
│          │ └ properties
│          │    └ JwtKey: (documentation changed)
│          ├[~] type JwtKey
│          │ ├      - documentation: JWT key configuration.
│          │ │      + documentation: The JWT key stored in AWS Secrets Manager for Slurm REST API authentication.
│          │ └ properties
│          │    ├ SecretArn: (documentation changed)
│          │    └ SecretVersion: (documentation changed)
│          ├[~] type SlurmConfiguration
│          │ └ properties
│          │    ├ JwtAuth: (documentation changed)
│          │    └ SlurmRest: (documentation changed)
│          └[~] type SlurmRest
│            ├      - documentation: The SlurmRest configuration includes configurable settings for Slurm Rest.
│            │      + documentation: The Slurm REST API configuration includes settings for enabling and configuring the Slurm REST API. It's a property of the [ClusterSlurmConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pcs-cluster-slurmconfiguration.html) object.
│            └ properties
│               └ Mode: (documentation changed)
├[~] service aws-rbin
│ └ resources
│    └[~]  resource AWS::Rbin::Rule
│       ├ properties
│       │  └ ResourceType: (documentation changed)
│       └ types
│          ├[~] type RetentionPeriod
│          │ └ properties
│          │    └ RetentionPeriodValue: (documentation changed)
│          └[~] type UnlockDelay
│            └ properties
│               └ UnlockDelayUnit: (documentation changed)
├[~] service aws-route53
│ └ resources
│    ├[~]  resource AWS::Route53::RecordSet
│    │  └ types
│    │     └[~] type AliasTarget
│    │       └ properties
│    │          ├ DNSName: (documentation changed)
│    │          └ HostedZoneId: (documentation changed)
│    └[~]  resource AWS::Route53::RecordSetGroup
│       └ types
│          └[~] type AliasTarget
│            └ properties
│               ├ DNSName: (documentation changed)
│               └ HostedZoneId: (documentation changed)
├[~] service aws-s3
│ └ resources
│    └[~]  resource AWS::S3::Bucket
│       ├ properties
│       │  └ AbacStatus: (documentation changed)
│       └ types
│          ├[~] type BlockedEncryptionTypes
│          │ ├      - documentation: undefined
│          │ │      + documentation: A bucket-level setting for Amazon S3 general purpose buckets used to prevent the upload of new objects encrypted with the specified server-side encryption type. For example, blocking an encryption type will block `PutObject` , `CopyObject` , `PostObject` , multipart upload, and replication requests to the bucket for objects with the specified encryption type. However, you can continue to read and list any pre-existing objects already encrypted with the specified encryption type. For more information, see [Blocking or unblocking SSE-C for a general purpose bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/blocking-unblocking-s3-c-encryption-gpb.html) .
│          │ │      This data type is used with the following actions:
│          │ │      - [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html)
│          │ │      - [GetBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html)
│          │ │      - [DeleteBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html)
│          │ │      - **Permissions** - You must have the `s3:PutEncryptionConfiguration` permission to block or unblock an encryption type for a bucket.
│          │ │      You must have the `s3:GetEncryptionConfiguration` permission to view a bucket's encryption type.
│          │ └ properties
│          │    └ EncryptionType: (documentation changed)
│          └[~] type ServerSideEncryptionRule
│            └ properties
│               └ BlockedEncryptionTypes: (documentation changed)
├[~] service aws-s3objectlambda
│ └ resources
│    ├[~]  resource AWS::S3ObjectLambda::AccessPoint
│    │  ├ properties
│    │  │  └ ObjectLambdaConfiguration: (documentation changed)
│    │  └ types
│    │     ├[~] type Alias
│    │     │ └      - documentation: > Amazon S3 Object Lambda will no longer be open to new customers starting on 11/7/2025. If you would like to use the service, please sign up prior to 11/7/2025. For capabilities similar to S3 Object Lambda, learn more here - [Amazon S3 Object Lambda availability change](https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazons3-ol-change.html) . 
│    │     │        The alias of an Object Lambda Access Point. For more information, see [How to use a bucket-style alias for your S3 bucket Object Lambda Access Point](https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-use.html#ol-access-points-alias) .
│    │     │        + documentation: The alias of an Object Lambda Access Point. For more information, see [How to use a bucket-style alias for your S3 bucket Object Lambda Access Point](https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-use.html#ol-access-points-alias) .
│    │     ├[~] type ObjectLambdaConfiguration
│    │     │ └      - documentation: > Amazon S3 Object Lambda will no longer be open to new customers starting on 11/7/2025. If you would like to use the service, please sign up prior to 11/7/2025. For capabilities similar to S3 Object Lambda, learn more here - [Amazon S3 Object Lambda availability change](https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazons3-ol-change.html) . 
│    │     │        A configuration used when creating an Object Lambda Access Point.
│    │     │        + documentation: A configuration used when creating an Object Lambda Access Point.
│    │     └[~] type TransformationConfiguration
│    │       └      - documentation: > Amazon S3 Object Lambda will no longer be open to new customers starting on 11/7/2025. If you would like to use the service, please sign up prior to 11/7/2025. For capabilities similar to S3 Object Lambda, learn more here - [Amazon S3 Object Lambda availability change](https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazons3-ol-change.html) . 
│    │              A configuration used when creating an Object Lambda Access Point transformation.
│    │              + documentation: A configuration used when creating an Object Lambda Access Point transformation.
│    └[~]  resource AWS::S3ObjectLambda::AccessPointPolicy
│       └ properties
│          └ ObjectLambdaAccessPoint: (documentation changed)
├[~] service aws-secretsmanager
│ └ resources
│    ├[~]  resource AWS::SecretsManager::RotationSchedule
│    │  └ types
│    │     └[~] type ExternalSecretRotationMetadataItem
│    │       ├      - documentation: The metadata needed to successfully rotate a managed external secret. Each metadata item is a key and value pair of strings in a JSON text string.
│    │       │      + documentation: The metadata needed to successfully rotate a managed external secret. A list of key value pairs in JSON format specified by the partner. For more information, see [Managed external secret partners](https://docs.aws.amazon.com/secretsmanager/latest/userguide/mes-partners.html) .
│    │       └ properties
│    │          ├ Key: (documentation changed)
│    │          └ Value: (documentation changed)
│    └[~]  resource AWS::SecretsManager::Secret
│       └ properties
│          └ Type: (documentation changed)
├[~] service aws-sso
│ └ resources
│    └[~]  resource AWS::SSO::Application
│       └      - documentation: Creates an OAuth 2.0 customer managed application in IAM Identity Center for the given application provider.
│              > This API does not support creating SAML 2.0 customer managed applications or AWS managed applications. To learn how to create an AWS managed application, see the application user guide. You can create a SAML 2.0 customer managed application in the the console only. See [Setting up customer managed SAML 2.0 applications](https://docs.aws.amazon.com/singlesignon/latest/userguide/customermanagedapps-saml2-setup.html) . For more information on these application types, see [AWS managed applications](https://docs.aws.amazon.com/singlesignon/latest/userguide/awsapps.html) .
│              + documentation: Creates an OAuth 2.0 customer managed application in IAM Identity Center for the given application provider.
│              > This API does not support creating SAML 2.0 customer managed applications or AWS managed applications. To learn how to create an AWS managed application, see the application user guide. You can create a SAML 2.0 customer managed application in the AWS Management Console only. See [Setting up customer managed SAML 2.0 applications](https://docs.aws.amazon.com/singlesignon/latest/userguide/customermanagedapps-saml2-setup.html) . For more information on these application types, see [AWS managed applications](https://docs.aws.amazon.com/singlesignon/latest/userguide/awsapps.html) .
└[~] service aws-transfer
  └ resources
     └[~]  resource AWS::Transfer::WebApp
        └      - documentation: Creates a web app based on specified parameters, and returns the ID for the new web app.
               + documentation: Creates a web app based on specified parameters, and returns the ID for the new web app. You can configure the web app to be publicly accessible or hosted within a VPC.
               For more information about using VPC endpoints with AWS Transfer Family , see [Create a Transfer Family web app in a VPC](https://docs.aws.amazon.com/transfer/latest/userguide/create-webapp-in-vpc.html) .

@aws-cdk-automation aws-cdk-automation added this pull request to the merge queue Nov 26, 2025
Merged via the queue into main with commit 4998d8a Nov 26, 2025
13 checks passed
@aws-cdk-automation aws-cdk-automation deleted the update-source/documentation branch November 26, 2025 03:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

auto-approve

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aws-cdk-automation