Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: update L1 CloudFormation resource definitions #33487

Closed
wants to merge 1 commit into from
Closed

feat: update L1 CloudFormation resource definitions #33487

wants to merge 1 commit into from
+58 −26

Conversation

aws-cdk-automation
Copy link
Collaborator

Updates the L1 CloudFormation resource definitions with the latest changes from @aws-cdk/aws-service-spec

L1 CloudFormation resource definition changes:

├[~] service aws-acmpca
│ └ resources
│    └[~]  resource AWS::ACMPCA::CertificateAuthority
│       └ types
│          └[~] type CrlConfiguration
│            └ properties
│               ├[+] CrlType: string
│               └[+] CustomPath: string
├[~] service aws-appsync
│ └ resources
│    └[~]  resource AWS::AppSync::ApiCache
│       └ properties
│          └ ApiCachingBehavior: (documentation changed)
├[~] service aws-backup
│ └ resources
│    └[~]  resource AWS::Backup::BackupPlan
│       └ types
│          ├[~] type BackupRuleResourceType
│          │ └ properties
│          │    └[+] IndexActions: Array<IndexActionsResourceType>
│          └[+]  type IndexActionsResourceType
│             ├      name: IndexActionsResourceType
│             └ properties
│                └ ResourceTypes: Array<string>
├[~] service aws-batch
│ └ resources
│    ├[~]  resource AWS::Batch::ComputeEnvironment
│    │  └ properties
│    │     └ UnmanagedvCpus: (documentation changed)
│    ├[~]  resource AWS::Batch::JobDefinition
│    │  ├ properties
│    │  │  └ SchedulingPriority: (documentation changed)
│    │  └ types
│    │     ├[~] type LinuxParameters
│    │     │ └ properties
│    │     │    └ MaxSwap: (documentation changed)
│    │     ├[~] type MultiNodeContainerProperties
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Container properties are used for Amazon ECS based job definitions. These properties to describe the container that's launched as part of a job.
│    │     │ └ properties
│    │     │    ├ Command: (documentation changed)
│    │     │    ├ Environment: (documentation changed)
│    │     │    ├ EphemeralStorage: (documentation changed)
│    │     │    ├ ExecutionRoleArn: (documentation changed)
│    │     │    ├ Image: (documentation changed)
│    │     │    ├ InstanceType: (documentation changed)
│    │     │    ├ JobRoleArn: (documentation changed)
│    │     │    ├ LinuxParameters: (documentation changed)
│    │     │    ├ LogConfiguration: (documentation changed)
│    │     │    ├ Memory: (documentation changed)
│    │     │    ├ MountPoints: (documentation changed)
│    │     │    ├ Privileged: (documentation changed)
│    │     │    ├ ReadonlyRootFilesystem: (documentation changed)
│    │     │    ├ RepositoryCredentials: (documentation changed)
│    │     │    ├ ResourceRequirements: (documentation changed)
│    │     │    ├ RuntimePlatform: (documentation changed)
│    │     │    ├ Secrets: (documentation changed)
│    │     │    ├ Ulimits: (documentation changed)
│    │     │    ├ User: (documentation changed)
│    │     │    ├ Vcpus: (documentation changed)
│    │     │    └ Volumes: (documentation changed)
│    │     ├[~] type MultiNodeEcsProperties
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: An object that contains the properties for the Amazon ECS resources of a job.
│    │     │ └ properties
│    │     │    └ TaskProperties: (documentation changed)
│    │     └[~] type MultiNodeEcsTaskProperties
│    │       ├      - documentation: undefined
│    │       │      + documentation: The properties for a task definition that describes the container and volume definitions of an Amazon ECS task. You can specify which Docker images to use, the required resources, and other configurations related to launching the task definition through an Amazon ECS service or task.
│    │       └ properties
│    │          ├ Containers: (documentation changed)
│    │          ├ ExecutionRoleArn: (documentation changed)
│    │          ├ IpcMode: (documentation changed)
│    │          ├ PidMode: (documentation changed)
│    │          ├ TaskRoleArn: (documentation changed)
│    │          └ Volumes: (documentation changed)
│    └[~]  resource AWS::Batch::SchedulingPolicy
│       ├ properties
│       │  ├ FairsharePolicy: (documentation changed)
│       │  └ Name: (documentation changed)
│       └ types
│          ├[~] type FairsharePolicy
│          │ ├      - documentation: The fair share policy for a scheduling policy.
│          │ │      + documentation: The fair-share scheduling policy details.
│          │ └ properties
│          │    ├ ComputeReservation: (documentation changed)
│          │    ├ ShareDecaySeconds: (documentation changed)
│          │    └ ShareDistribution: (documentation changed)
│          └[~] type ShareAttributes
│            ├      - documentation: Specifies the weights for the fair share identifiers for the fair share policy. Fair share identifiers that aren't included have a default weight of `1.0` .
│            │      + documentation: Specifies the weights for the share identifiers for the fair-share policy. Share identifiers that aren't included have a default weight of `1.0` .
│            └ properties
│               ├ ShareIdentifier: (documentation changed)
│               └ WeightFactor: (documentation changed)
├[~] service aws-bedrock
│ └ resources
│    ├[~]  resource AWS::Bedrock::Agent
│    │  └ types
│    │     └[~] type PromptConfiguration
│    │       └ properties
│    │          └ ParserMode: (documentation changed)
│    ├[~]  resource AWS::Bedrock::AgentAlias
│    │  └ attributes
│    │     └ AgentAliasStatus: (documentation changed)
│    ├[~]  resource AWS::Bedrock::DataSource
│    │  └ types
│    │     └[~] type BedrockFoundationModelConfiguration
│    │       ├      - documentation: Settings for a foundation model or [inference profile](https://docs.aws.amazon.com/bedrock/latest/userguide/cross-region-inference.html) used to parse documents for a data source.
│    │       │      + documentation: Settings for a foundation model used to parse documents for a data source.
│    │       └ properties
│    │          └ ModelArn: (documentation changed)
│    ├[~]  resource AWS::Bedrock::KnowledgeBase
│    │  └ types
│    │     └[~] type VectorKnowledgeBaseConfiguration
│    │       └ properties
│    │          └ EmbeddingModelArn: (documentation changed)
│    ├[~]  resource AWS::Bedrock::Prompt
│    │  └ types
│    │     ├[+]  type CachePointBlock
│    │     │  ├      documentation: Indicates where a cache checkpoint is located. All information before this checkpoint is cached to be accessed on subsequent requests.
│    │     │  │      name: CachePointBlock
│    │     │  └ properties
│    │     │     └ Type: string (required)
│    │     ├[~] type ContentBlock
│    │     │ └ properties
│    │     │    ├[+] CachePoint: CachePointBlock
│    │     │    └ Text: - string (required)
│    │     │            + string
│    │     ├[~] type PromptVariant
│    │     │ └ properties
│    │     │    └[+] AdditionalModelRequestFields: json
│    │     ├[~] type SystemContentBlock
│    │     │ └ properties
│    │     │    ├[+] CachePoint: CachePointBlock
│    │     │    └ Text: - string (required)
│    │     │            + string
│    │     ├[~] type TextPromptTemplateConfiguration
│    │     │ └ properties
│    │     │    └[+] CachePoint: CachePointBlock
│    │     └[~] type Tool
│    │       └ properties
│    │          ├[+] CachePoint: CachePointBlock
│    │          └ ToolSpec: - ToolSpecification (required)
│    │                      + ToolSpecification
│    └[~]  resource AWS::Bedrock::PromptVersion
│       └ types
│          ├[+]  type CachePointBlock
│          │  ├      documentation: Indicates where a cache checkpoint is located. All information before this checkpoint is cached to be accessed on subsequent requests.
│          │  │      name: CachePointBlock
│          │  └ properties
│          │     └ Type: string (required)
│          ├[~] type ContentBlock
│          │ └ properties
│          │    ├[+] CachePoint: CachePointBlock
│          │    └ Text: - string (required)
│          │            + string
│          ├[~] type PromptVariant
│          │ └ properties
│          │    └[+] AdditionalModelRequestFields: json
│          ├[~] type SystemContentBlock
│          │ └ properties
│          │    ├[+] CachePoint: CachePointBlock
│          │    └ Text: - string (required)
│          │            + string
│          ├[~] type TextPromptTemplateConfiguration
│          │ └ properties
│          │    └[+] CachePoint: CachePointBlock
│          └[~] type Tool
│            └ properties
│               ├[+] CachePoint: CachePointBlock
│               └ ToolSpec: - ToolSpecification (required)
│                           + ToolSpecification
├[~] service aws-cloudfront
│ └ resources
│    ├[~]  resource AWS::CloudFront::Distribution
│    │  └ types
│    │     ├[~] type Origin
│    │     │ └ properties
│    │     │    └ VpcOriginConfig: (documentation changed)
│    │     └[~] type VpcOriginConfig
│    │       ├      - documentation: undefined
│    │       │      + documentation: An Amazon CloudFront VPC origin configuration.
│    │       └ properties
│    │          ├ OriginKeepaliveTimeout: (documentation changed)
│    │          ├ OriginReadTimeout: (documentation changed)
│    │          └ VpcOriginId: (documentation changed)
│    └[~]  resource AWS::CloudFront::VpcOrigin
│       └ types
│          └[~] type VpcOriginEndpointConfig
│            └ properties
│               ├ HTTPPort: (documentation changed)
│               └ HTTPSPort: (documentation changed)
├[~] service aws-cloudtrail
│ └ resources
│    ├[~]  resource AWS::CloudTrail::EventDataStore
│    │  └ types
│    │     ├[~] type AdvancedEventSelector
│    │     │ └      - documentation: Advanced event selectors let you create fine-grained selectors for AWS CloudTrail management, data, and network activity events. They help you control costs by logging only those events that are important to you. For more information about configuring advanced event selectors, see the [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) , [Logging network activity events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html) , and [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) topics in the *AWS CloudTrail User Guide* .
│    │     │        You cannot apply both event selectors and advanced event selectors to a trail.
│    │     │        *Supported CloudTrail event record fields for management events*
│    │     │        - `eventCategory` (required)
│    │     │        - `eventSource`
│    │     │        - `readOnly`
│    │     │        The following additional fields are available for event data stores:
│    │     │        - `eventName`
│    │     │        - `eventType`
│    │     │        - `sessionCredentialFromConsole`
│    │     │        - `userIdentity.arn`
│    │     │        *Supported CloudTrail event record fields for data events*
│    │     │        - `eventCategory` (required)
│    │     │        - `resources.type` (required)
│    │     │        - `readOnly`
│    │     │        - `eventName`
│    │     │        - `resources.ARN`
│    │     │        The following additional fields are available for event data stores:
│    │     │        - `eventSource`
│    │     │        - `eventType`
│    │     │        - `sessionCredentialFromConsole`
│    │     │        - `userIdentity.arn`
│    │     │        *Supported CloudTrail event record fields for network activity events*
│    │     │        > Network activity events is in preview release for CloudTrail and is subject to change. 
│    │     │        - `eventCategory` (required)
│    │     │        - `eventSource` (required)
│    │     │        - `eventName`
│    │     │        - `errorCode` - The only valid value for `errorCode` is `VpceAccessDenied` .
│    │     │        - `vpcEndpointId`
│    │     │        > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` .
│    │     │        + documentation: Advanced event selectors let you create fine-grained selectors for AWS CloudTrail management, data, and network activity events. They help you control costs by logging only those events that are important to you. For more information about configuring advanced event selectors, see the [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) , [Logging network activity events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html) , and [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) topics in the *AWS CloudTrail User Guide* .
│    │     │        You cannot apply both event selectors and advanced event selectors to a trail.
│    │     │        *Supported CloudTrail event record fields for management events*
│    │     │        - `eventCategory` (required)
│    │     │        - `eventSource`
│    │     │        - `readOnly`
│    │     │        The following additional fields are available for event data stores:
│    │     │        - `eventName`
│    │     │        - `eventType`
│    │     │        - `sessionCredentialFromConsole`
│    │     │        - `userIdentity.arn`
│    │     │        *Supported CloudTrail event record fields for data events*
│    │     │        - `eventCategory` (required)
│    │     │        - `resources.type` (required)
│    │     │        - `readOnly`
│    │     │        - `eventName`
│    │     │        - `resources.ARN`
│    │     │        The following additional fields are available for event data stores:
│    │     │        - `eventSource`
│    │     │        - `eventType`
│    │     │        - `sessionCredentialFromConsole`
│    │     │        - `userIdentity.arn`
│    │     │        *Supported CloudTrail event record fields for network activity events*
│    │     │        - `eventCategory` (required)
│    │     │        - `eventSource` (required)
│    │     │        - `eventName`
│    │     │        - `errorCode` - The only valid value for `errorCode` is `VpceAccessDenied` .
│    │     │        - `vpcEndpointId`
│    │     │        > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` .
│    │     └[~] type AdvancedFieldSelector
│    │       └ properties
│    │          └ Field: (documentation changed)
│    └[~]  resource AWS::CloudTrail::Trail
│       └ types
│          ├[~] type AdvancedEventSelector
│          │ └      - documentation: Advanced event selectors let you create fine-grained selectors for AWS CloudTrail management, data, and network activity events. They help you control costs by logging only those events that are important to you. For more information about configuring advanced event selectors, see the [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) , [Logging network activity events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html) , and [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) topics in the *AWS CloudTrail User Guide* .
│          │        You cannot apply both event selectors and advanced event selectors to a trail.
│          │        *Supported CloudTrail event record fields for management events*
│          │        - `eventCategory` (required)
│          │        - `eventSource`
│          │        - `readOnly`
│          │        The following additional fields are available for event data stores:
│          │        - `eventName`
│          │        - `eventType`
│          │        - `sessionCredentialFromConsole`
│          │        - `userIdentity.arn`
│          │        *Supported CloudTrail event record fields for data events*
│          │        - `eventCategory` (required)
│          │        - `resources.type` (required)
│          │        - `readOnly`
│          │        - `eventName`
│          │        - `resources.ARN`
│          │        The following additional fields are available for event data stores:
│          │        - `eventSource`
│          │        - `eventType`
│          │        - `sessionCredentialFromConsole`
│          │        - `userIdentity.arn`
│          │        *Supported CloudTrail event record fields for network activity events*
│          │        > Network activity events is in preview release for CloudTrail and is subject to change. 
│          │        - `eventCategory` (required)
│          │        - `eventSource` (required)
│          │        - `eventName`
│          │        - `errorCode` - The only valid value for `errorCode` is `VpceAccessDenied` .
│          │        - `vpcEndpointId`
│          │        > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` .
│          │        + documentation: Advanced event selectors let you create fine-grained selectors for AWS CloudTrail management, data, and network activity events. They help you control costs by logging only those events that are important to you. For more information about configuring advanced event selectors, see the [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) , [Logging network activity events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html) , and [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) topics in the *AWS CloudTrail User Guide* .
│          │        You cannot apply both event selectors and advanced event selectors to a trail.
│          │        *Supported CloudTrail event record fields for management events*
│          │        - `eventCategory` (required)
│          │        - `eventSource`
│          │        - `readOnly`
│          │        The following additional fields are available for event data stores:
│          │        - `eventName`
│          │        - `eventType`
│          │        - `sessionCredentialFromConsole`
│          │        - `userIdentity.arn`
│          │        *Supported CloudTrail event record fields for data events*
│          │        - `eventCategory` (required)
│          │        - `resources.type` (required)
│          │        - `readOnly`
│          │        - `eventName`
│          │        - `resources.ARN`
│          │        The following additional fields are available for event data stores:
│          │        - `eventSource`
│          │        - `eventType`
│          │        - `sessionCredentialFromConsole`
│          │        - `userIdentity.arn`
│          │        *Supported CloudTrail event record fields for network activity events*
│          │        - `eventCategory` (required)
│          │        - `eventSource` (required)
│          │        - `eventName`
│          │        - `errorCode` - The only valid value for `errorCode` is `VpceAccessDenied` .
│          │        - `vpcEndpointId`
│          │        > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` .
│          └[~] type AdvancedFieldSelector
│            └ properties
│               └ Field: (documentation changed)
├[~] service aws-cloudwatch
│ └ resources
│    └[~]  resource AWS::CloudWatch::Alarm
│       └ types
│          └[~] type Dimension
│            └      - documentation: Dimension is an embedded property of the `AWS::CloudWatch::Alarm` type. Dimensions are name/value pairs that can be associated with a CloudWatch metric. You can specify a maximum of 10 dimensions for a given metric.
│                   + documentation: Dimension is an embedded property of the `AWS::CloudWatch::Alarm` type. Dimensions are name/value pairs that can be associated with a CloudWatch metric. You can specify a maximum of 30 dimensions for a given metric.
├[~] service aws-codebuild
│ └ resources
│    └[~]  resource AWS::CodeBuild::Project
│       └ types
│          └[~] type WebhookFilter
│            └ properties
│               └ Type: (documentation changed)
├[~] service aws-codestar
│ └ resources
│    └[~]  resource AWS::CodeStar::GitHubRepository
│       └ attributes
│          └ Id: (documentation changed)
├[~] service aws-cognito
│ └ resources
│    └[~]  resource AWS::Cognito::UserPoolDomain
│       └ attributes
│          └[-] Id: string
├[~] service aws-connect
│ └ resources
│    └[+]  resource AWS::Connect::ContactFlowVersion
│       ├      name: ContactFlowVersion
│       │      cloudFormationType: AWS::Connect::ContactFlowVersion
│       │      documentation: Creates a version for the specified customer-managed flow within the specified instance.
│       ├ properties
│       │  ├ ContactFlowId: string (required, immutable)
│       │  └ Description: string (immutable)
│       └ attributes
│          ├ ContactFlowVersionARN: string
│          ├ Version: integer
│          └ FlowContentSha256: string
├[~] service aws-datasync
│ └ resources
│    └[~]  resource AWS::DataSync::LocationSMB
│       ├      - documentation: The `AWS::DataSync::LocationSMB` resource specifies a Server Message Block (SMB) location.
│       │      + documentation: The `AWS::DataSync::LocationSMB` resource specifies a Server Message Block (SMB) location that AWS DataSync can use as a transfer source or destination.
│       ├ properties
│       │  ├ AgentArns: (documentation changed)
│       │  ├[+] AuthenticationType: string
│       │  ├[+] DnsIpAddresses: Array<string>
│       │  ├[+] KerberosKeytab: string
│       │  ├[+] KerberosKrb5Conf: string
│       │  ├[+] KerberosPrincipal: string
│       │  ├ Password: (documentation changed)
│       │  ├ Subdirectory: (documentation changed)
│       │  └ User: - string (required)
│       │          + string
│       │          (documentation changed)
│       └ attributes
│          └ LocationArn: (documentation changed)
├[~] service aws-deadline
│ └ resources
│    ├[~]  resource AWS::Deadline::Farm
│    │  └ properties
│    │     └ Description: (documentation changed)
│    ├[~]  resource AWS::Deadline::Fleet
│    │  └ properties
│    │     └ Description: (documentation changed)
│    ├[+]  resource AWS::Deadline::Limit
│    │  ├      name: Limit
│    │  │      cloudFormationType: AWS::Deadline::Limit
│    │  │      documentation: Creates a limit that manages the distribution of shared resources, such as floating licenses. A limit can throttle work assignments, help manage workloads, and track current usage. Before you use a limit, you must associate the limit with one or more queues.
│    │  │      You must add the `amountRequirementName` to a step in a job template to declare the limit requirement.
│    │  ├ properties
│    │  │  ├ AmountRequirementName: string (required, immutable)
│    │  │  ├ Description: string (default="")
│    │  │  ├ DisplayName: string (required)
│    │  │  ├ FarmId: string (required, immutable)
│    │  │  └ MaxCount: integer (required)
│    │  └ attributes
│    │     ├ CurrentCount: integer
│    │     └ LimitId: string
│    ├[~]  resource AWS::Deadline::Queue
│    │  └ properties
│    │     └ Description: (documentation changed)
│    └[+]  resource AWS::Deadline::QueueLimitAssociation
│       ├      name: QueueLimitAssociation
│       │      cloudFormationType: AWS::Deadline::QueueLimitAssociation
│       │      documentation: Associates a limit with a particular queue. After the limit is associated, all workers for jobs that specify the limit associated with the queue are subject to the limit. You can't associate two limits with the same `amountRequirementName` to the same queue.
│       └ properties
│          ├ FarmId: string (required, immutable)
│          ├ LimitId: string (required, immutable)
│          └ QueueId: string (required, immutable)
├[~] service aws-directoryservice
│ └ resources
│    ├[~]  resource AWS::DirectoryService::MicrosoftAD
│    │  └ attributes
│    │     ├ Alias: (documentation changed)
│    │     └ Id: (documentation changed)
│    └[~]  resource AWS::DirectoryService::SimpleAD
│       └ attributes
│          ├ Alias: (documentation changed)
│          └ DirectoryId: (documentation changed)
├[~] service aws-dlm
│ └ resources
│    └[~]  resource AWS::DLM::LifecyclePolicy
│       └ types
│          └[~] type EventSource
│            └ properties
│               └ Type: (documentation changed)
├[~] service aws-dms
│ └ resources
│    └[~]  resource AWS::DMS::DataProvider
│       └ properties
│          └ Engine: (documentation changed)
├[~] service aws-dynamodb
│ └ resources
│    └[~]  resource AWS::DynamoDB::GlobalTable
│       └ properties
│          └[-] PointInTimeRecoverySpecification: PointInTimeRecoverySpecification
├[~] service aws-ec2
│ └ resources
│    ├[~]  resource AWS::EC2::EC2Fleet
│    │  └ types
│    │     └[~] type FleetLaunchTemplateOverridesRequest
│    │       └ properties
│    │          └ MaxPrice: (documentation changed)
│    ├[~]  resource AWS::EC2::IPAM
│    │  ├ properties
│    │  │  └[+] DefaultResourceDiscoveryOrganizationalUnitExclusions: Array<IpamOrganizationalUnitExclusion>
│    │  └ types
│    │     └[+]  type IpamOrganizationalUnitExclusion
│    │        ├      documentation: If your IPAM is integrated with AWS Organizations and you add an organizational unit (OU) exclusion, IPAM will not manage the IP addresses in accounts in that OU exclusion.
│    │        │      name: IpamOrganizationalUnitExclusion
│    │        └ properties
│    │           └ OrganizationsEntityPath: string (required)
│    ├[~]  resource AWS::EC2::IPAMResourceDiscovery
│    │  ├ properties
│    │  │  └[+] OrganizationalUnitExclusions: Array<IpamResourceDiscoveryOrganizationalUnitExclusion>
│    │  └ types
│    │     └[+]  type IpamResourceDiscoveryOrganizationalUnitExclusion
│    │        ├      documentation: If your IPAM is integrated with AWS Organizations and you add an organizational unit (OU) exclusion, IPAM will not manage the IP addresses in accounts in that OU exclusion.
│    │        │      name: IpamResourceDiscoveryOrganizationalUnitExclusion
│    │        └ properties
│    │           └ OrganizationsEntityPath: string (required)
│    ├[~]  resource AWS::EC2::LaunchTemplate
│    │  └ types
│    │     ├[~] type CpuOptions
│    │     │ └ properties
│    │     │    └ AmdSevSnp: (documentation changed)
│    │     ├[~] type Ebs
│    │     │ └ properties
│    │     │    └ Iops: (documentation changed)
│    │     ├[~] type LaunchTemplateData
│    │     │ └ properties
│    │     │    ├ CpuOptions: (documentation changed)
│    │     │    ├ DisableApiStop: (documentation changed)
│    │     │    ├ EnclaveOptions: (documentation changed)
│    │     │    ├ MetadataOptions: (documentation changed)
│    │     │    └ UserData: (documentation changed)
│    │     ├[~] type MetadataOptions
│    │     │ └ properties
│    │     │    └ InstanceMetadataTags: (documentation changed)
│    │     ├[~] type NetworkInterface
│    │     │ └ properties
│    │     │    └ InterfaceType: (documentation changed)
│    │     └[~] type SpotOptions
│    │       └ properties
│    │          └ MaxPrice: (documentation changed)
│    ├[~]  resource AWS::EC2::SecurityGroup
│    │  └      - documentation: Specifies a security group. To create a security group, use the [VpcId](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-vpcid) property to specify the VPC for which to create the security group.
│    │         If you do not specify an egress rule, we add egress rules that allow IPv4 and IPv6 traffic on all ports and protocols to any destination. We do not add these rules if you specify your own egress rules.
│    │         This type supports updates. For more information about updating stacks, see [AWS CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html) .
│    │         > To cross-reference two security groups in the ingress and egress rules of those security groups, use the [AWS::EC2::SecurityGroupEgress](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html) and [AWS::EC2::SecurityGroupIngress](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-ingress.html) resources to define your rules. Do not use the embedded ingress and egress rules in the `AWS::EC2::SecurityGroup` . Doing so creates a circular dependency, which AWS CloudFormation doesn't allow.
│    │         + documentation: Specifies a security group.
│    │         You must specify ingress rules to allow inbound traffic. By default, no inbound traffic is allowed.
│    │         If you do not specify an egress rule, we add egress rules that allow outbound IPv4 and IPv6 traffic on all ports and protocols to any destination. We do not add these rules if you specify your own egress rules.
│    │         This type supports updates. For more information about updating stacks, see [AWS CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html) .
│    │         > To cross-reference two security groups in the ingress and egress rules of those security groups, use the [AWS::EC2::SecurityGroupEgress](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html) and [AWS::EC2::SecurityGroupIngress](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-ingress.html) resources to define your rules. Do not use the embedded ingress and egress rules in the `AWS::EC2::SecurityGroup` . Doing so creates a circular dependency, which AWS CloudFormation doesn't allow.
│    ├[~]  resource AWS::EC2::VerifiedAccessEndpoint
│    │  └ types
│    │     ├[~] type CidrOptions
│    │     │ ├      - documentation: The options for cidr type endpoint.
│    │     │ │      + documentation: Describes the CIDR options for a Verified Access endpoint.
│    │     │ └ properties
│    │     │    ├ Cidr: (documentation changed)
│    │     │    ├ PortRanges: (documentation changed)
│    │     │    └ Protocol: (documentation changed)
│    │     ├[~] type LoadBalancerOptions
│    │     │ └ properties
│    │     │    ├ PortRanges: (documentation changed)
│    │     │    └ SubnetIds: (documentation changed)
│    │     ├[~] type NetworkInterfaceOptions
│    │     │ └ properties
│    │     │    └ PortRanges: (documentation changed)
│    │     ├[~] type PortRange
│    │     │ ├      - documentation: Describes a range of ports.
│    │     │ │      + documentation: Describes the port range for a Verified Access endpoint.
│    │     │ └ properties
│    │     │    ├ FromPort: (documentation changed)
│    │     │    └ ToPort: (documentation changed)
│    │     └[~] type RdsOptions
│    │       ├      - documentation: The options for rds type endpoint.
│    │       │      + documentation: Describes the RDS options for a Verified Access endpoint.
│    │       └ properties
│    │          ├ Port: (documentation changed)
│    │          ├ Protocol: (documentation changed)
│    │          ├ RdsDbClusterArn: (documentation changed)
│    │          ├ RdsDbInstanceArn: (documentation changed)
│    │          ├ RdsDbProxyArn: (documentation changed)
│    │          └ SubnetIds: (documentation changed)
│    ├[~]  resource AWS::EC2::VerifiedAccessInstance
│    │  └ attributes
│    │     └ CidrEndpointsCustomSubDomainNameServers: (documentation changed)
│    ├[~]  resource AWS::EC2::VerifiedAccessTrustProvider
│    │  └ types
│    │     └[~] type NativeApplicationOidcOptions
│    │       └ properties
│    │          └ ClientSecret: (documentation changed)
│    ├[~]  resource AWS::EC2::VPCCidrBlock
│    │  └ properties
│    │     └ Ipv6CidrBlockNetworkBorderGroup: (documentation changed)
│    ├[~]  resource AWS::EC2::VPCEndpoint
│    │  └ properties
│    │     └ Tags: (documentation changed)
│    └[~]  resource AWS::EC2::VPCEndpointService
│       └ properties
│          └ Tags: (documentation changed)
├[~] service aws-ecs
│ └ resources
│    ├[~]  resource AWS::ECS::Cluster
│    │  └ types
│    │     └[~] type ManagedStorageConfiguration
│    │       └ properties
│    │          ├ FargateEphemeralStorageKmsKeyId: (documentation changed)
│    │          └ KmsKeyId: (documentation changed)
│    ├[~]  resource AWS::ECS::Service
│    │  ├ properties
│    │  │  ├ AvailabilityZoneRebalancing: (documentation changed)
│    │  │  └ CapacityProviderStrategy: (documentation changed)
│    │  └ types
│    │     └[~] type ServiceManagedEBSVolumeConfiguration
│    │       └ properties
│    │          └[-] VolumeInitializationRate: integer
│    └[~]  resource AWS::ECS::TaskDefinition
│       └ types
│          └[~] type HealthCheck
│            └ properties
│               ├ Interval: (documentation changed)
│               ├ Retries: (documentation changed)
│               ├ StartPeriod: (documentation changed)
│               └ Timeout: (documentation changed)
├[~] service aws-eks
│ └ resources
│    └[~]  resource AWS::EKS::Nodegroup
│       └ types
│          └[~] type UpdateConfig
│            └ properties
│               └ UpdateStrategy: (documentation changed)
├[~] service aws-elasticloadbalancingv2
│ └ resources
│    └[~]  resource AWS::ElasticLoadBalancingV2::Listener
│       └ types
│          └[~] type MutualAuthentication
│            ├      - documentation: Specifies the configuration information for mutual authentication.
│            │      + documentation: The mutual authentication configuration information.
│            └ properties
│               ├ AdvertiseTrustStoreCaNames: (documentation changed)
│               └ Mode: (documentation changed)
├[~] service aws-emr
│ └ resources
│    └[~]  resource AWS::EMR::Studio
│       └      - tagInformation: undefined
│              + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
├[~] service aws-emrcontainers
│ └ resources
│    └[~]  resource AWS::EMRContainers::VirtualCluster
│       └ properties
│          └[+] SecurityConfigurationId: string
├[~] service aws-fms
│ └ resources
│    └[~]  resource AWS::FMS::Policy
│       ├ properties
│       │  └ SecurityServicePolicyData: (documentation changed)
│       └ types
│          └[~] type SecurityServicePolicyData
│            └ properties
│               └ Type: (documentation changed)
├[~] service aws-fsx
│ └ resources
│    └[~]  resource AWS::FSx::FileSystem
│       └ types
│          └[~] type OpenZFSConfiguration
│            └ properties
│               ├ EndpointIpAddressRange: (documentation changed)
│               └ ThroughputCapacity: (documentation changed)
├[~] service aws-glue
│ └ resources
│    └[~]  resource AWS::Glue::Crawler
│       └ types
│          ├[+]  type HudiTarget
│          │  ├      documentation: Specifies an Apache Hudi data source.
│          │  │      name: HudiTarget
│          │  └ properties
│          │     ├ ConnectionName: string
│          │     ├ Paths: Array<string>
│          │     ├ Exclusions: Array<string>
│          │     └ MaximumTraversalDepth: integer
│          └[~] type Targets
│            └ properties
│               └[+] HudiTargets: Array<HudiTarget>
├[~] service aws-groundstation
│ └ resources
│    ├[~]  resource AWS::GroundStation::DataflowEndpointGroup
│    │  └ properties
│    │     ├ ContactPostPassDurationSeconds: - integer
│    │     │                                 + integer (immutable)
│    │     ├ ContactPrePassDurationSeconds: - integer
│    │     │                                + integer (immutable)
│    │     └ EndpointDetails: - Array<EndpointDetails> (required)
│    │                        + Array<EndpointDetails> (required, immutable)
│    └[~]  resource AWS::GroundStation::MissionProfile
│       └ types
│          └[~] type StreamsKmsKey
│            └ properties
│               └[+] KmsAliasName: string
├[~] service aws-iot
│ └ resources
│    └[~]  resource AWS::IoT::Logging
│       └      - documentation: Configure logging.
│              + documentation: Configure logging.
│              > If you already set the log function of AWS IoT Core , you can't deploy the AWS Cloud Development Kit (AWS CDK) to change the logging settings. You can change the logging settings by either:
│              > 
│              > - Importing a role into your AWS CloudFormation stack, such as with the [infrastructure as code generator (IaC generator)](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/generate-IaC.html) .
│              > - [Deleting the existing role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_delete.html#roles-managingrole-deleting-console) .
├[~] service aws-ivs
│ └ resources
│    ├[~]  resource AWS::IVS::Channel
│    │  ├ properties
│    │  │  ├[+] ContainerFormat: string (default="TS")
│    │  │  ├[+] MultitrackInputConfiguration: MultitrackInputConfiguration
│    │  │  └ Type: (documentation changed)
│    │  └ types
│    │     └[+]  type MultitrackInputConfiguration
│    │        ├      documentation: A complex type that specifies multitrack input configuration.
│    │        │      name: MultitrackInputConfiguration
│    │        └ properties
│    │           ├ Enabled: boolean (default=false)
│    │           ├ MaximumResolution: string
│    │           └ Policy: string
│    ├[~]  resource AWS::IVS::PlaybackKeyPair
│    │  └ properties
│    │     └ PublicKeyMaterial: (documentation changed)
│    └[~]  resource AWS::IVS::PublicKey
│       └ properties
│          └ PublicKeyMaterial: (documentation changed)
├[~] service aws-medialive
│ └ resources
│    ├[~]  resource AWS::MediaLive::Channel
│    │  ├ properties
│    │  │  ├[+] ChannelEngineVersion: ChannelEngineVersionRequest
│    │  │  └[+] DryRun: boolean
│    │  └ types
│    │     ├[+]  type ChannelEngineVersionRequest
│    │     │  ├      name: ChannelEngineVersionRequest
│    │     │  └ properties
│    │     │     └ Version: string
│    │     ├[~] type CmafIngestGroupSettings
│    │     │ └ properties
│    │     │    ├[+] Id3Behavior: string
│    │     │    ├[+] Id3NameModifier: string
│    │     │    ├[+] KlvBehavior: string
│    │     │    ├[+] KlvNameModifier: string
│    │     │    ├[+] NielsenId3NameModifier: string
│    │     │    └[+] Scte35NameModifier: string
│    │     ├[~] type H265Settings
│    │     │ └ properties
│    │     │    └[+] Deblocking: string
│    │     └[~] type MediaPackageOutputDestinationSettings
│    │       └ properties
│    │          ├[+] ChannelGroup: string
│    │          └[+] ChannelName: string
│    └[~]  resource AWS::MediaLive::InputSecurityGroup
│       └ properties
│          └ Tags: - json
│                  + json (immutable)
├[~] service aws-opensearchserverless
│ └ resources
│    └[~]  resource AWS::OpenSearchServerless::SecurityConfig
│       └ types
│          └[~] type SamlConfigOptions
│            └ properties
│               └[+] OpenSearchServerlessEntityId: string
├[~] service aws-rds
│ └ resources
│    ├[~]  resource AWS::RDS::DBInstance
│    │  └ properties
│    │     └[+] ApplyImmediately: boolean
│    ├[~]  resource AWS::RDS::DBParameterGroup
│    │  └ properties
│    │     └ Parameters: (documentation changed)
│    └[~]  resource AWS::RDS::GlobalCluster
│       ├ properties
│       │  └[-] GlobalEndpoint: GlobalEndpoint
│       └ attributes
│          └[+] GlobalEndpoint: GlobalEndpoint
├[~] service aws-s3
│ └ resources
│    └[~]  resource AWS::S3::Bucket
│       ├ properties
│       │  └[+] MetadataTableConfiguration: MetadataTableConfiguration
│       ├ attributes
│       │  ├[+] MetadataTableConfiguration.S3TablesDestination.TableArn: string
│       │  └[+] MetadataTableConfiguration.S3TablesDestination.TableNamespace: string
│       └ types
│          ├[+]  type MetadataTableConfiguration
│          │  ├      documentation: The metadata table configuration of an Amazon S3 general purpose bucket. For more information, see [Accelerating data discovery with S3 Metadata](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-overview.html) and [Setting up permissions for configuring metadata tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-permissions.html) .
│          │  │      name: MetadataTableConfiguration
│          │  └ properties
│          │     └ S3TablesDestination: S3TablesDestination (required)
│          └[+]  type S3TablesDestination
│             ├      documentation: The destination information for the metadata table configuration. The destination table bucket must be in the same Region and AWS account as the general purpose bucket. The specified metadata table name must be unique within the `aws_s3_metadata` namespace in the destination table bucket.
│             │      name: S3TablesDestination
│             └ properties
│                ├ TableBucketArn: string (required)
│                ├ TableName: string (required)
│                ├ TableNamespace: string
│                └ TableArn: string
├[~] service aws-s3objectlambda
│ └ resources
│    └[~]  resource AWS::S3ObjectLambda::AccessPoint
│       └ types
│          └[~] type TransformationConfiguration
│            └ properties
│               └ Actions: (documentation changed)
├[~] service aws-ssm
│ └ resources
│    ├[~]  resource AWS::SSM::Association
│    │  └ properties
│    │     └ CalendarNames: (documentation changed)
│    └[~]  resource AWS::SSM::ResourceDataSync
│       └ attributes
│          └ SyncName: (documentation changed)
├[~] service aws-supportapp
│ └ resources
│    ├[~]  resource AWS::SupportApp::AccountAlias
│    │  └      - documentation: You can use the `AWS::SupportApp::AccountAlias` resource to specify your AWS account when you configure the AWS Support App in Slack. Your alias name appears on the AWS Support App page in the Support Center Console and in messages from the AWS Support App. You can use this alias to identify the account you've configured with the AWS Support App .
│    │         For more information, see [AWS Support App in Slack](https://docs.aws.amazon.com/awssupport/latest/user/aws-support-app-for-slack.html) in the *AWS Support User Guide* .
│    │         + documentation: You can use the `AWS::SupportApp::AccountAlias` resource to specify your AWS account when you configure the AWS Support App in Slack. Your alias name appears on the AWS Support App page in the Support Center Console and in messages from the  App. You can use this alias to identify the account you've configured with the AWS Support App .
│    │         For more information, see [AWS Support App in Slack](https://docs.aws.amazon.com/awssupport/latest/user/aws-support-app-for-slack.html) in the *User Guide* .
│    ├[~]  resource AWS::SupportApp::SlackChannelConfiguration
│    │  ├      - documentation: You can use the `AWS::SupportApp::SlackChannelConfiguration` resource to specify your AWS account when you configure the AWS Support App . This resource includes the following information:
│    │  │      - The Slack channel name and ID
│    │  │      - The team ID in Slack
│    │  │      - The Amazon Resource Name (ARN) of the AWS Identity and Access Management ( IAM ) role
│    │  │      - Whether you want the AWS Support App to notify you when your support cases are created, updated, resolved, or reopened
│    │  │      - The case severity that you want to get notified for
│    │  │      For more information, see the following topics in the *AWS Support User Guide* :
│    │  │      - [AWS Support App in Slack](https://docs.aws.amazon.com/awssupport/latest/user/aws-support-app-for-slack.html)
│    │  │      - [Creating AWS Support App in Slack resources with AWS CloudFormation](https://docs.aws.amazon.com/awssupport/latest/user/creating-resources-with-cloudformation.html)
│    │  │      + documentation: You can use the `AWS::SupportApp::SlackChannelConfiguration` resource to specify your AWS account when you configure the AWS Support App . This resource includes the following information:
│    │  │      - The Slack channel name and ID
│    │  │      - The team ID in Slack
│    │  │      - The Amazon Resource Name (ARN) of the AWS Identity and Access Management ( IAM ) role
│    │  │      - Whether you want the AWS Support App to notify you when your support cases are created, updated, resolved, or reopened
│    │  │      - The case severity that you want to get notified for
│    │  │      For more information, see the following topics in the *User Guide* :
│    │  │      - [AWS Support App in Slack](https://docs.aws.amazon.com/awssupport/latest/user/aws-support-app-for-slack.html)
│    │  │      - [Creating AWS Support App in Slack resources with AWS CloudFormation](https://docs.aws.amazon.com/awssupport/latest/user/creating-resources-with-cloudformation.html)
│    │  └ properties
│    │     └ ChannelRoleArn: (documentation changed)
│    └[~]  resource AWS::SupportApp::SlackWorkspaceConfiguration
│       └      - documentation: You can use the `AWS::SupportApp::SlackWorkspaceConfiguration` resource to specify your Slack workspace configuration. This resource configures your AWS account so that you can use the specified Slack workspace in the AWS Support App . This resource includes the following information:
│              - The team ID for the Slack workspace
│              - The version ID of the resource to use with AWS CloudFormation
│              For more information, see the following topics in the *AWS Support User Guide* :
│              - [AWS Support App in Slack](https://docs.aws.amazon.com/awssupport/latest/user/aws-support-app-for-slack.html)
│              - [Creating AWS Support App in Slack resources with AWS CloudFormation](https://docs.aws.amazon.com/awssupport/latest/user/creating-resources-with-cloudformation.html)
│              + documentation: You can use the `AWS::SupportApp::SlackWorkspaceConfiguration` resource to specify your Slack workspace configuration. This resource configures your AWS account so that you can use the specified Slack workspace in the AWS Support App . This resource includes the following information:
│              - The team ID for the Slack workspace
│              - The version ID of the resource to use with AWS CloudFormation
│              For more information, see the following topics in the *User Guide* :
│              - [AWS Support App in Slack](https://docs.aws.amazon.com/awssupport/latest/user/aws-support-app-for-slack.html)
│              - [Creating AWS Support App in Slack resources with AWS CloudFormation](https://docs.aws.amazon.com/awssupport/latest/user/creating-resources-with-cloudformation.html)
├[~] service aws-transfer
│ └ resources
│    ├[~]  resource AWS::Transfer::Agreement
│    │  └ properties
│    │     ├[+] EnforceMessageSigning: string
│    │     └[+] PreserveFilename: string
│    ├[~]  resource AWS::Transfer::Connector
│    │  └ types
│    │     └[~] type As2Config
│    │       └ properties
│    │          └[+] PreserveContentType: string
│    ├[~]  resource AWS::Transfer::User
│    │  └ properties
│    │     └ SshPublicKeys: (documentation changed)
│    └[+]  resource AWS::Transfer::WebApp
│       ├      name: WebApp
│       │      cloudFormationType: AWS::Transfer::WebApp
│       │      documentation: Creates a web app based on specified parameters, and returns the ID for the new web app.
│       │      tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│       ├ properties
│       │  ├ IdentityProviderDetails: IdentityProviderDetails (required)
│       │  ├ AccessEndpoint: string
│       │  ├ WebAppUnits: WebAppUnits
│       │  ├ WebAppCustomization: WebAppCustomization
│       │  └ Tags: Array<tag>
│       ├ attributes
│       │  ├ Arn: string
│       │  ├ WebAppId: string
│       │  └ IdentityProviderDetails.ApplicationArn: string
│       └ types
│          ├ type IdentityProviderDetails
│          │ ├      documentation: A structure that describes the values to use for the IAM Identity Center settings when you create or update a web app.
│          │ │      name: IdentityProviderDetails
│          │ └ properties
│          │    ├ ApplicationArn: string
│          │    ├ InstanceArn: string (immutable)
│          │    └ Role: string
│          ├ type WebAppCustomization
│          │ ├      documentation: A structure that contains the customization fields for the web app. You can provide a title, logo, and icon to customize the appearance of your web app.
│          │ │      name: WebAppCustomization
│          │ └ properties
│          │    ├ Title: string
│          │    ├ LogoFile: string
│          │    └ FaviconFile: string
│          └ type WebAppUnits
│            ├      documentation: Contains an integer value that represents the value for number of concurrent connections or the user sessions on your web app.
│            │      name: WebAppUnits
│            └ properties
│               └ Provisioned: integer (required)
├[~] service aws-wafv2
│ └ resources
│    ├[~]  resource AWS::WAFv2::LoggingConfiguration
│    │  ├      - documentation: Defines an association between logging destinations and a web ACL resource, for logging from AWS WAF . As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
│    │  │      > You can define one logging destination per web ACL. 
│    │  │      You can access information about the traffic that AWS WAF inspects using the following steps:
│    │  │      - Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.
│    │  │      The name that you give the destination must start with `aws-waf-logs-` . Depending on the type of destination, you might need to configure additional settings or permissions.
│    │  │      For configuration requirements and pricing information for each destination type, see [Logging web ACL traffic](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) in the *AWS WAF Developer Guide* .
│    │  │      - Associate your logging destination to your web ACL using a `PutLoggingConfiguration` request.
│    │  │      When you successfully enable logging using a `PutLoggingConfiguration` request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.
│    │  │      For additional information about web ACL logging, see [Logging web ACL traffic information](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) in the *AWS WAF Developer Guide* .
│    │  │      + documentation: Defines an association between logging destinations and a web ACL resource, for logging from AWS WAF . As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
│    │  │      If you configure data protection for the web ACL, the protection applies to the data that AWS WAF sends to the logs.
│    │  │      > You can define one logging destination per web ACL. 
│    │  │      You can access information about the traffic that AWS WAF inspects using the following steps:
│    │  │      - Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.
│    │  │      The name that you give the destination must start with `aws-waf-logs-` . Depending on the type of destination, you might need to configure additional settings or permissions.
│    │  │      For configuration requirements and pricing information for each destination type, see [Logging web ACL traffic](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) in the *AWS WAF Developer Guide* .
│    │  │      - Associate your logging destination to your web ACL using a `PutLoggingConfiguration` request.
│    │  │      When you successfully enable logging using a `PutLoggingConfiguration` request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.
│    │  │      For additional information about web ACL logging, see [Logging web ACL traffic information](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) in the *AWS WAF Developer Guide* .
│    │  └ properties
│    │     └ RedactedFields: (documentation changed)
│    ├[~]  resource AWS::WAFv2::RuleGroup
│    │  └ types
│    │     ├[~] type FieldToMatch
│    │     │ └      - documentation: Specifies a web request component to be used in a rule match statement or in a logging configuration.
│    │     │        - In a rule statement, this is the part of the web request that you want AWS WAF to inspect. Include the single `FieldToMatch` type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in `FieldToMatch` for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.
│    │     │        Example JSON for a `QueryString` field to match:
│    │     │        `"FieldToMatch": { "QueryString": {} }`
│    │     │        Example JSON for a `Method` field to match specification:
│    │     │        `"FieldToMatch": { "Method": { "Name": "DELETE" } }`
│    │     │        - In a logging configuration, this is used in the `RedactedFields` property to specify a field to redact from the logging records. For this use case, note the following:
│    │     │        - Even though all `FieldToMatch` settings are available, the only valid settings for field redaction are `UriPath` , `QueryString` , `SingleHeader` , and `Method` .
│    │     │        - In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs.
│    │     │        - If you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling. The only way to exclude fields from request sampling is by disabling sampling in the web ACL visibility configuration.
│    │     │        + documentation: Specifies a web request component to be used in a rule match statement or in a logging configuration.
│    │     │        - In a rule statement, this is the part of the web request that you want AWS WAF to inspect. Include the single `FieldToMatch` type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in `FieldToMatch` for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.
│    │     │        Example JSON for a `QueryString` field to match:
│    │     │        `"FieldToMatch": { "QueryString": {} }`
│    │     │        Example JSON for a `Method` field to match specification:
│    │     │        `"FieldToMatch": { "Method": { "Name": "DELETE" } }`
│    │     │        - In a logging configuration, this is used in the `RedactedFields` property to specify a field to redact from the logging records. For this use case, note the following:
│    │     │        - Even though all `FieldToMatch` settings are available, the only valid settings for field redaction are `UriPath` , `QueryString` , `SingleHeader` , and `Method` .
│    │     │        - In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs.
│    │     │        - If you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling. You can only exclude fields from request sampling by disabling sampling in the web ACL visibility configuration or by configuring data protection for the web ACL.
│    │     └[~] type VisibilityConfig
│    │       └ properties
│    │          └ SampledRequestsEnabled: (documentation changed)
│    └[~]  resource AWS::WAFv2::WebACL
│       └ types
│          ├[~] type FieldToMatch
│          │ └      - documentation: Specifies a web request component to be used in a rule match statement or in a logging configuration.
│          │        - In a rule statement, this is the part of the web request that you want AWS WAF to inspect. Include the single `FieldToMatch` type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in `FieldToMatch` for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.
│          │        Example JSON for a `QueryString` field to match:
│          │        `"FieldToMatch": { "QueryString": {} }`
│          │        Example JSON for a `Method` field to match specification:
│          │        `"FieldToMatch": { "Method": { "Name": "DELETE" } }`
│          │        - In a logging configuration, this is used in the `RedactedFields` property to specify a field to redact from the logging records. For this use case, note the following:
│          │        - Even though all `FieldToMatch` settings are available, the only valid settings for field redaction are `UriPath` , `QueryString` , `SingleHeader` , and `Method` .
│          │        - In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs.
│          │        - If you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling. The only way to exclude fields from request sampling is by disabling sampling in the web ACL visibility configuration.
│          │        + documentation: Specifies a web request component to be used in a rule match statement or in a logging configuration.
│          │        - In a rule statement, this is the part of the web request that you want AWS WAF to inspect. Include the single `FieldToMatch` type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in `FieldToMatch` for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.
│          │        Example JSON for a `QueryString` field to match:
│          │        `"FieldToMatch": { "QueryString": {} }`
│          │        Example JSON for a `Method` field to match specification:
│          │        `"FieldToMatch": { "Method": { "Name": "DELETE" } }`
│          │        - In a logging configuration, this is used in the `RedactedFields` property to specify a field to redact from the logging records. For this use case, note the following:
│          │        - Even though all `FieldToMatch` settings are available, the only valid settings for field redaction are `UriPath` , `QueryString` , `SingleHeader` , and `Method` .
│          │        - In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs.
│          │        - If you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling. You can only exclude fields from request sampling by disabling sampling in the web ACL visibility configuration or by configuring data protection for the web ACL.
│          └[~] type VisibilityConfig
│            └ properties
│               └ SampledRequestsEnabled: (documentation changed)
└[~] service aws-wisdom
  └ resources
     ├[~]  resource AWS::Wisdom::Assistant
     │  └      - tagInformation: undefined
     │         + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
     └[~]  resource AWS::Wisdom::AssistantAssociation
        └      - tagInformation: undefined
               + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}

@aws-cdk-automation @github-actions
feat: update L1 CloudFormation resource definitions
bf07324 
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
@aws-cdk-automation aws-cdk-automation added auto-approve contribution/core This is a PR that came from AWS. dependencies This issue is a problem in a dependency or a pull request that updates a dependency file. pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes pr-linter/exempt-integ-test The PR linter will not require integ test changes labels Feb 18, 2025
@aws-cdk-automation aws-cdk-automation requested a review from a team February 18, 2025 09:01
@github-actions github-actions bot added the p2 label Feb 18, 2025
@aws-cdk-automation aws-cdk-automation requested a review from a team February 18, 2025 09:01
@iliapolo iliapolo added the pr/do-not-merge This PR should not be merged at this time. label Feb 18, 2025
@iliapolo
Copy link
Contributor

Added pr/do-not-merge as per plan outlined here. We should address the breaking changes (either intentionally allow or apply patches) introduced with this spec before merging the PR.

@codecov Codecov
Copy link

codecov bot commented Feb 18, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 81.00%. Comparing base (411dc5a) to head (bf07324).
Report is 6 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #33487   +/-   ##
=======================================
  Coverage   81.00%   81.00%           
=======================================
  Files         238      238           
  Lines       14271    14271           
  Branches     2492     2492           
=======================================
  Hits        11560    11560           
  Misses       2425     2425           
  Partials      286      286
Flag Coverage Δ
suite.unit 81.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
packages/aws-cdk 79.92% <ø> (ø)
packages/aws-cdk-lib/core 82.16% <ø> (ø)

@aws-cdk-automation
Copy link
Collaborator Author

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: bf07324
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation aws-cdk-automation added the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Feb 18, 2025
@GavinZZ
Copy link
Contributor

GavinZZ commented Feb 18, 2025

Closing this as there's conflicts. Will create a new one based on the result of the RDS breaking change ticket.

@GavinZZ GavinZZ closed this Feb 18, 2025
@github-actions GitHub Actions
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 18, 2025
@GavinZZ GavinZZ deleted the automation/spec-update branch February 20, 2025 20:40
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees
No one assigned
Labels
auto-approve contribution/core This is a PR that came from AWS. dependencies This issue is a problem in a dependency or a pull request that updates a dependency file. p2 pr/do-not-merge This PR should not be merged at this time. pr/needs-maintainer-review This PR needs a review from a Core Team Member pr-linter/exempt-integ-test The PR linter will not require integ test changes pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aws-cdk-automation @iliapolo @GavinZZ