feat: update L1 CloudFormation resource definitions (#35020)

aws-cdk-automation · web-flow · commit 3f695b38a97d · 2025-07-23T11:30:13.000Z
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-aiops │ └ resources │ └[~] resource AWS::AIOps::InvestigationGroup │ ├ - documentation: Creates an *investigation group* in your account. Creating an investigation group is a one-time setup task for each Region in your account. It is a necessary task to be able to perform investigations. │ │ Settings in the investigation group help you centrally manage the common properties of your investigations, such as the following: │ │ - Who can access the investigations │ │ - Whether investigation data is encrypted with a customer managed AWS Key Management Service key. │ │ - How long investigations and their data are retained by default. │ │ Currently, you can have one investigation group in each Region in your account. Each investigation in a Region is a part of the investigation group in that Region │ │ To create an investigation group and set up Amazon Q Developer operational investigations, you must be signed in to an IAM principal that has the either the `AIOpsConsoleAdminPolicy` or the `AdministratorAccess` IAM policy attached, or to an account that has similar permissions. │ │ > You can optionally configure CloudWatch alarms to start investigations and add events to investigations. The examples section on this page demonstrates creating an investigation group and an alarm at the same time. │ │ > │ │ > For more information about configuring CloudWatch alarms to work with Amazon Q Developer operational investigations, see │ │ + documentation: Creates an *investigation group* in your account. Creating an investigation group is a one-time setup task for each Region in your account. It is a necessary task to be able to perform investigations. │ │ Settings in the investigation group help you centrally manage the common properties of your investigations, such as the following: │ │ - Who can access the investigations │ │ - Whether investigation data is encrypted with a customer managed AWS Key Management Service key. │ │ - How long investigations and their data are retained by default. │ │ Currently, you can have one investigation group in each Region in your account. Each investigation in a Region is a part of the investigation group in that Region │ │ To create an investigation group and set up CloudWatch investigations, you must be signed in to an IAM principal that has the either the `AIOpsConsoleAdminPolicy` or the `AdministratorAccess` IAM policy attached, or to an account that has similar permissions. │ │ > You can configure CloudWatch alarms to start investigations and add events to investigations. If you create your investigation group with `CreateInvestigationGroup` and you want to enable alarms to do this, you must use `PutInvestigationGroupPolicy` to create a resource policy that grants this permission to CloudWatch alarms. │ │ > │ │ > For more information about configuring CloudWatch alarms to work with CloudWatch investigations, see │ ├ properties │ │ ├ ChatbotNotificationChannels: (documentation changed) │ │ ├ CrossAccountConfigurations: (documentation changed) │ │ ├ EncryptionConfig: (documentation changed) │ │ ├ InvestigationGroupPolicy: (documentation changed) │ │ ├ IsCloudTrailEventHistoryEnabled: (documentation changed) │ │ ├ Name: (documentation changed) │ │ ├ RetentionInDays: (documentation changed) │ │ ├ RoleArn: (documentation changed) │ │ ├ TagKeyBoundaries: (documentation changed) │ │ └ Tags: (documentation changed) │ ├ attributes │ │ ├ Arn: (documentation changed) │ │ └ LastModifiedBy: (documentation changed) │ └ types │ ├[~] type ChatbotNotificationChannel │ │ ├ - documentation: This structure is a string array. The first string is the ARN of a Amazon SNS topic. The array of strings display the ARNs of Amazon Q in chat applications configurations that are associated with that topic. For more information about these configuration ARNs, see [Getting started with Amazon Q in chat applications](https://docs.aws.amazon.com/chatbot/latest/adminguide/getting-started.html) and [Resource type defined by AWS Chatbot](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awschatbot.html#awschatbot-resources-for-iam-policies) . │ │ │ + documentation: Use this structure to integrate CloudWatch investigations with chat applications. This structure is a string array. For the first string, specify the ARN of an Amazon SNS topic. For the array of strings, specify the ARNs of one or more chat applications configurations that you want to associate with that topic. For more information about these configuration ARNs, see [Getting started with Amazon Q in chat applications](https://docs.aws.amazon.com/chatbot/latest/adminguide/getting-started.html) and [Resource type defined by AWS Chatbot](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awschatbot.html#awschatbot-resources-for-iam-policies) . │ │ └ properties │ │ ├ ChatConfigurationArns: (documentation changed) │ │ └ SNSTopicArn: (documentation changed) │ ├[~] type CrossAccountConfiguration │ │ ├ - documentation: undefined │ │ │ + documentation: This structure contains information about the cross-account configuration in the account. │ │ └ properties │ │ └ SourceRoleArn: (documentation changed) │ └[~] type EncryptionConfigMap │ ├ - documentation: undefined │ │ + documentation: Use this structure if you want to use a customer managed AWS KMS key to encrypt your investigation data. If you omit this parameter, CloudWatch investigations will use an AWS key to encrypt the data. For more information, see [Encryption of investigation data](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Investigations-Security.html#Investigations-KMS) . │ └ properties │ └ EncryptionConfigurationType: (documentation changed) ├[~] service aws-bedrock │ └ resources │ ├[~] resource AWS::Bedrock::Flow │ │ └ types │ │ ├[~] type FieldForReranking │ │ │ ├ - documentation: Contains information for a metadata field to include in or exclude from consideration when reranking. │ │ │ │ + documentation: Specifies a field to be used during the reranking process in a Knowledge Base vector search. This structure identifies metadata fields that should be considered when reordering search results to improve relevance. │ │ │ └ properties │ │ │ └ FieldName: (documentation changed) │ │ ├[~] type MetadataConfigurationForReranking │ │ │ ├ - documentation: Contains configurations for the metadata to use in reranking. │ │ │ │ + documentation: Configuration for how metadata should be used during the reranking process in Knowledge Base vector searches. This determines which metadata fields are included or excluded when reordering search results. │ │ │ └ properties │ │ │ ├ SelectionMode: (documentation changed) │ │ │ └ SelectiveModeConfiguration: (documentation changed) │ │ ├[~] type RerankingMetadataSelectiveModeConfiguration │ │ │ ├ - documentation: Contains configurations for the metadata fields to include or exclude when considering reranking. If you include the `fieldsToExclude` field, the reranker ignores all the metadata fields that you specify. If you include the `fieldsToInclude` field, the reranker uses only the metadata fields that you specify and ignores all others. You can include only one of these fields. │ │ │ │ + documentation: Configuration for selectively including or excluding metadata fields during the reranking process. This allows you to control which metadata attributes are considered when reordering search results. │ │ │ └ properties │ │ │ ├ FieldsToExclude: (documentation changed) │ │ │ └ FieldsToInclude: (documentation changed) │ │ ├[~] type VectorSearchBedrockRerankingConfiguration │ │ │ ├ - documentation: Contains configurations for reranking with an Amazon Bedrock reranker model. │ │ │ │ + documentation: Configuration for using Amazon Bedrock foundation models to rerank Knowledge Base vector search results. This enables more sophisticated relevance ranking using large language models. │ │ │ └ properties │ │ │ ├ MetadataConfiguration: (documentation changed) │ │ │ ├ ModelConfiguration: (documentation changed) │ │ │ └ NumberOfRerankedResults: (documentation changed) │ │ ├[~] type VectorSearchBedrockRerankingModelConfiguration │ │ │ ├ - documentation: Contains configurations for an Amazon Bedrock reranker model. │ │ │ │ + documentation: Configuration for the Amazon Bedrock foundation model used for reranking vector search results. This specifies which model to use and any additional parameters required by the model. │ │ │ └ properties │ │ │ ├ AdditionalModelRequestFields: (documentation changed) │ │ │ └ ModelArn: (documentation changed) │ │ └[~] type VectorSearchRerankingConfiguration │ │ ├ - documentation: Contains configurations for reranking the retrieved results. │ │ │ + documentation: Configuration for reranking vector search results to improve relevance. Reranking applies additional relevance models to reorder the initial vector search results based on more sophisticated criteria. │ │ └ properties │ │ ├ BedrockRerankingConfiguration: (documentation changed) │ │ └ Type: (documentation changed) │ ├[~] resource AWS::Bedrock::FlowVersion │ │ └ types │ │ ├[~] type FieldForReranking │ │ │ ├ - documentation: Contains information for a metadata field to include in or exclude from consideration when reranking. │ │ │ │ + documentation: Specifies a field to be used during the reranking process in a Knowledge Base vector search. This structure identifies metadata fields that should be considered when reordering search results to improve relevance. │ │ │ └ properties │ │ │ └ FieldName: (documentation changed) │ │ ├[~] type MetadataConfigurationForReranking │ │ │ ├ - documentation: Contains configurations for the metadata to use in reranking. │ │ │ │ + documentation: Configuration for how metadata should be used during the reranking process in Knowledge Base vector searches. This determines which metadata fields are included or excluded when reordering search results. │ │ │ └ properties │ │ │ ├ SelectionMode: (documentation changed) │ │ │ └ SelectiveModeConfiguration: (documentation changed) │ │ ├[~] type RerankingMetadataSelectiveModeConfiguration │ │ │ ├ - documentation: Contains configurations for the metadata fields to include or exclude when considering reranking. If you include the `fieldsToExclude` field, the reranker ignores all the metadata fields that you specify. If you include the `fieldsToInclude` field, the reranker uses only the metadata fields that you specify and ignores all others. You can include only one of these fields. │ │ │ │ + documentation: Configuration for selectively including or excluding metadata fields during the reranking process. This allows you to control which metadata attributes are considered when reordering search results. │ │ │ └ properties │ │ │ ├ FieldsToExclude: (documentation changed) │ │ │ └ FieldsToInclude: (documentation changed) │ │ ├[~] type VectorSearchBedrockRerankingConfiguration │ │ │ ├ - documentation: Contains configurations for reranking with an Amazon Bedrock reranker model. │ │ │ │ + documentation: Configuration for using Amazon Bedrock foundation models to rerank Knowledge Base vector search results. This enables more sophisticated relevance ranking using large language models. │ │ │ └ properties │ │ │ ├ MetadataConfiguration: (documentation changed) │ │ │ ├ ModelConfiguration: (documentation changed) │ │ │ └ NumberOfRerankedResults: (documentation changed) │ │ ├[~] type VectorSearchBedrockRerankingModelConfiguration │ │ │ ├ - documentation: Contains configurations for an Amazon Bedrock reranker model. │ │ │ │ + documentation: Configuration for the Amazon Bedrock foundation model used for reranking vector search results. This specifies which model to use and any additional parameters required by the model. │ │ │ └ properties │ │ │ ├ AdditionalModelRequestFields: (documentation changed) │ │ │ └ ModelArn: (documentation changed) │ │ └[~] type VectorSearchRerankingConfiguration │ │ ├ - documentation: Contains configurations for reranking the retrieved results. │ │ │ + documentation: Configuration for reranking vector search results to improve relevance. Reranking applies additional relevance models to reorder the initial vector search results based on more sophisticated criteria. │ │ └ properties │ │ ├ BedrockRerankingConfiguration: (documentation changed) │ │ └ Type: (documentation changed) │ ├[~] resource AWS::Bedrock::Prompt │ │ └ types │ │ └[~] type ToolChoice │ │ └ properties │ │ └ Tool: (documentation changed) │ └[~] resource AWS::Bedrock::PromptVersion │ └ types │ └[~] type ToolChoice │ └ properties │ └ Tool: (documentation changed) ├[~] service aws-billing │ └ resources │ └[~] resource AWS::Billing::BillingView │ ├ - documentation: A billing view is a container of cost & usage metadata. │ │ + documentation: Creates a billing view with the specified billing view attributes. │ ├ properties │ │ ├ DataFilterExpression: (documentation changed) │ │ ├ Description: (documentation changed) │ │ ├ Name: (documentation changed) │ │ ├ SourceViews: (documentation changed) │ │ └ Tags: (documentation changed) │ ├ attributes │ │ ├ Arn: (documentation changed) │ │ ├ BillingViewType: (documentation changed) │ │ └ OwnerAccountId: (documentation changed) │ └ types │ ├[~] type DataFilterExpression │ │ ├ - documentation: undefined │ │ │ + documentation: See [Expression](https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_billing_Expression.html) . Billing view only supports `LINKED_ACCOUNT` and `Tags` . │ │ └ properties │ │ ├ Dimensions: (documentation changed) │ │ └ Tags: (documentation changed) │ ├[~] type Dimensions │ │ ├ - documentation: undefined │ │ │ + documentation: The specific `Dimension` to use for `Expression` . │ │ └ properties │ │ ├ Key: (documentation changed) │ │ └ Values: (documentation changed) │ └[~] type Tags │ ├ - documentation: undefined │ │ + documentation: Tags associated with the billing view resource. │ └ properties │ ├ Key: (documentation changed) │ └ Values: (documentation changed) ├[~] service aws-certificatemanager │ └ resources │ └[~] resource AWS::CertificateManager::Certificate │ └ properties │ └ KeyAlgorithm: (documentation changed) ├[~] service aws-cleanrooms │ └ resources │ └[~] resource AWS::CleanRooms::Collaboration │ └ properties │ └ AnalyticsEngine: (documentation changed) ├[~] service aws-cloudformation │ └ resources │ └[~] resource AWS::CloudFormation::StackSet │ └ types │ ├[~] type AutoDeployment │ │ └ - documentation: [ `Service-managed` permissions] Describes whether StackSets automatically deploys to AWS Organizations accounts that are added to a target organizational unit (OU). │ │ + documentation: Describes whether StackSets automatically deploys to AWS Organizations accounts that are added to a target organization or organizational unit (OU). For more information, see [Enable or disable automatic deployments for StackSets in AWS Organizations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-manage-auto-deployment.html) in the *AWS CloudFormation User Guide* . │ ├[~] type DeploymentTargets │ │ ├ - documentation: The AWS `OrganizationalUnitIds` or `Accounts` for which to create stack instances in the specified Regions. │ │ │ + documentation: The AWS Organizations accounts or AWS accounts to deploy stacks to in the specified Regions. │ │ │ When deploying to AWS Organizations accounts with `SERVICE_MANAGED` permissions: │ │ │ - You must specify the `OrganizationalUnitIds` property. │ │ │ - If you specify organizational units (OUs) for `OrganizationalUnitIds` and use either the `Accounts` or `AccountsUrl` property, you must also specify the `AccountFilterType` property. │ │ │ When deploying to AWS accounts with `SELF_MANAGED` permissions: │ │ │ - You must specify either the `Accounts` or `AccountsUrl` property, but not both. │ │ └ properties │ │ ├ AccountFilterType: (documentation changed) │ │ └ AccountsUrl: (documentation changed) │ ├[~] type ManagedExecution │ │ └ properties │ │ └ Active: (documentation changed) │ └[~] type StackInstances │ └ properties │ └ DeploymentTargets: (documentation changed) ├[~] service aws-datasync │ └ resources │ ├[~] resource AWS::DataSync::LocationNFS │ │ └ properties │ │ └ ServerHostname: (documentation changed) │ ├[~] resource AWS::DataSync::LocationObjectStorage │ │ └ properties │ │ └ ServerHostname: (documentation changed) │ └[~] resource AWS::DataSync::LocationSMB │ └ properties │ └ ServerHostname: (documentation changed) ├[~] service aws-ec2 │ └ resources │ └[~] resource AWS::EC2::InstanceConnectEndpoint │ └ properties │ └ PreserveClientIp: (documentation changed) ├[~] service aws-ecs │ └ resources │ └[~] resource AWS::ECS::Service │ ├ properties │ │ ├ DeploymentController: (documentation changed) │ │ └ EnableECSManagedTags: (documentation changed) │ └ types │ ├[~] type DeploymentAlarms │ │ └ - documentation: One of the methods which provide a way for you to quickly identify when a deployment has failed, and then to optionally roll back the failure to the last working deployment. │ │ When the alarms are generated, Amazon ECS sets the service deployment to failed. Set the rollback parameter to have Amazon ECS to roll back your service to the last completed deployment after a failure. │ │ You can only use the `DeploymentAlarms` method to detect failures when the `DeploymentController` is set to `ECS` (rolling update). │ │ For more information, see [Rolling update](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) in the **Amazon Elastic Container Service Developer Guide** . │ │ + documentation: One of the methods which provide a way for you to quickly identify when a deployment has failed, and then to optionally roll back the failure to the last working deployment. │ │ When the alarms are generated, Amazon ECS sets the service deployment to failed. Set the rollback parameter to have Amazon ECS to roll back your service to the last completed deployment after a failure. │ │ You can only use the `DeploymentAlarms` method to detect failures when the `DeploymentController` is set to `ECS` . │ │ For more information, see [Rolling update](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) in the **Amazon Elastic Container Service Developer Guide** . │ └[~] type DeploymentController │ └ properties │ └ Type: (documentation changed) ├[~] service aws-iotsitewise │ └ resources │ └[~] resource AWS::IoTSiteWise::Gateway │ ├ properties │ │ └ GatewayVersion: (documentation changed) │ └ types │ ├[~] type GatewayCapabilitySummary │ │ └ properties │ │ └ CapabilityNamespace: (documentation changed) │ └[~] type GatewayPlatform │ └ - documentation: Contains a gateway's platform information. │ + documentation: The gateway's platform configuration. You can only specify one platform type in a gateway. │ (Legacy only) For Greengrass V1 gateways, specify the `greengrass` parameter with a valid Greengrass group ARN. │ For Greengrass V2 gateways, specify the `greengrassV2` parameter with a valid core device thing name. If creating a V3 gateway ( `gatewayVersion=3` ), you must also specify the `coreDeviceOperatingSystem` . │ For Siemens Industrial Edge gateways, specify the `siemensIE` parameter with a valid IoT Core thing name. ├[~] service aws-logs │ └ resources │ ├[~] resource AWS::Logs::DeliveryDestination │ │ ├ - documentation: This structure contains information about one *delivery destination* in your account. A delivery destination is an AWS resource that represents an AWS service that logs can be sent to. CloudWatch Logs, Amazon S3, are supported as Firehose delivery destinations. │ │ │ To configure logs delivery between a supported AWS service and a destination, you must do the following: │ │ │ - Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see [PutDeliverySource](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html) . │ │ │ - Create a *delivery destination* , which is a logical object that represents the actual delivery destination. │ │ │ - If you are delivering logs cross-account, you must use [PutDeliveryDestinationPolicy](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html) in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination. │ │ │ - Create a *delivery* by pairing exactly one delivery source and one delivery destination. For more information, see [CreateDelivery](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html) . │ │ │ You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination. │ │ │ + documentation: This structure contains information about one *delivery destination* in your account. A delivery destination is an AWS resource that represents an AWS service that logs can be sent to. CloudWatch Logs, Amazon S3, Firehose, and X-Ray are supported as delivery destinations. │ │ │ To configure logs delivery between a supported AWS service and a destination, you must do the following: │ │ │ - Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see [PutDeliverySource](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html) . │ │ │ - Create a *delivery destination* , which is a logical object that represents the actual delivery destination. │ │ │ - If you are delivering logs cross-account, you must use [PutDeliveryDestinationPolicy](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html) in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination. │ │ │ - Create a *delivery* by pairing exactly one delivery source and one delivery destination. For more information, see [CreateDelivery](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html) . │ │ │ You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination. │ │ └ attributes │ │ └ DeliveryDestinationType: (documentation changed) │ └[~] resource AWS::Logs::Transformer │ └ types │ └[~] type Processor │ └ properties │ └ ParseToOCSF: (documentation changed) ├[~] service aws-mediapackagev2 │ └ resources │ ├[~] resource AWS::MediaPackageV2::Channel │ │ ├ properties │ │ │ └ Tags: (documentation changed) │ │ └ attributes │ │ └ IngestEndpointUrls: (documentation changed) │ └[~] resource AWS::MediaPackageV2::OriginEndpoint │ ├ attributes │ │ ├ DashManifestUrls: (documentation changed) │ │ ├ HlsManifestUrls: (documentation changed) │ │ └ LowLatencyHlsManifestUrls: (documentation changed) │ └ types │ ├[~] type DashManifestConfiguration │ │ └ properties │ │ ├ DrmSignaling: (documentation changed) │ │ ├ FilterConfiguration: (documentation changed) │ │ ├ ManifestName: (documentation changed) │ │ ├ ManifestWindowSeconds: (documentation changed) │ │ ├ MinBufferTimeSeconds: (documentation changed) │ │ ├ MinUpdatePeriodSeconds: (documentation changed) │ │ ├ PeriodTriggers: (documentation changed) │ │ ├ ScteDash: (documentation changed) │ │ ├ SegmentTemplateFormat: (documentation changed) │ │ ├ SuggestedPresentationDelaySeconds: (documentation changed) │ │ └ UtcTiming: (documentation changed) │ ├[~] type HlsManifestConfiguration │ │ └ properties │ │ ├ FilterConfiguration: (documentation changed) │ │ ├ StartTag: (documentation changed) │ │ └ UrlEncodeChildManifest: (documentation changed) │ └[~] type LowLatencyHlsManifestConfiguration │ └ properties │ ├ FilterConfiguration: (documentation changed) │ ├ StartTag: (documentation changed) │ └ UrlEncodeChildManifest: (documentation changed) ├[~] service aws-opsworkscm │ └ resources │ └[~] resource AWS::OpsWorksCM::Server │ └ properties │ └ ServiceRoleArn: (documentation changed) ├[~] service aws-rds │ └ resources │ ├[~] resource AWS::RDS::DBCluster │ │ └ properties │ │ ├ ClusterScalabilityType: (documentation changed) │ │ └ SourceDBClusterIdentifier: (documentation changed) │ └[~] resource AWS::RDS::DBInstance │ └ properties │ └ BackupTarget: (documentation changed) ├[~] service aws-s3 │ └ resources │ └[~] resource AWS::S3::Bucket │ ├ properties │ │ └ InventoryConfigurations: (documentation changed) │ └ types │ ├[~] type InventoryConfiguration │ │ └ - documentation: Specifies the inventory configuration for an Amazon S3 bucket. For more information, see [GET Bucket inventory](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the *Amazon S3 API Reference* . │ │ + documentation: Specifies the S3 Inventory configuration for an Amazon S3 bucket. For more information, see [GET Bucket inventory](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the *Amazon S3 API Reference* . │ └[~] type S3TablesDestination │ └ - documentation: The destination information for the metadata table configuration. The destination table bucket must be in the same Region and AWS account as the general purpose bucket. The specified metadata table name must be unique within the `aws_s3_metadata` namespace in the destination table bucket. │ + documentation: The destination information for a V1 S3 Metadata configuration. The destination table bucket must be in the same Region and AWS account as the general purpose bucket. The specified metadata table name must be unique within the `aws_s3_metadata` namespace in the destination table bucket. │ > If you created your S3 Metadata configuration before July 15, 2025, we recommend that you delete and re-create your configuration by using [CreateBucketMetadataConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketMetadataConfiguration.html) so that you can expire journal table records and create a live inventory table. ├[~] service aws-sagemaker │ └ resources │ ├[~] resource AWS::SageMaker::Domain │ │ └ types │ │ └[~] type UnifiedStudioSettings │ │ └ properties │ │ └ SingleSignOnApplicationArn: (documentation changed) │ └[~] resource AWS::SageMaker::ModelCard │ └ types │ └[~] type UserContext │ └ - documentation: Information about the user who created or modified an experiment, trial, trial component, lineage group, project, or model card. │ + documentation: Information about the user who created or modified a SageMaker resource. ├[~] service aws-ssm │ └ resources │ ├[~] resource AWS::SSM::Association │ │ └ properties │ │ └ InstanceId: (documentation changed) │ ├[~] resource AWS::SSM::MaintenanceWindowTask │ │ ├ properties │ │ │ ├ LoggingInfo: (documentation changed) │ │ │ └ TaskParameters: (documentation changed) │ │ └ types │ │ └[~] type LoggingInfo │ │ └ - documentation: The `LoggingInfo` property type specifies information about the Amazon S3 bucket to write instance-level logs to. │ │ `LoggingInfo` is a property of the [AWS::SSM::MaintenanceWindowTask](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html) resource. │ │ > `LoggingInfo` has been deprecated. To specify an Amazon S3 bucket to contain logs, instead use the `OutputS3BucketName` and `OutputS3KeyPrefix` options in the `TaskInvocationParameters` structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see [AWS ::SSM::MaintenanceWindowTask MaintenanceWindowRunCommandParameters](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssm-maintenancewindowtask-maintenancewindowruncommandparameters.html) . │ │ + documentation: > `LoggingInfo` has been deprecated. To specify an Amazon S3 bucket to contain logs, instead use the `OutputS3BucketName` and `OutputS3KeyPrefix` options in the `TaskInvocationParameters` structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see [AWS ::SSM::MaintenanceWindowTask MaintenanceWindowRunCommandParameters](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssm-maintenancewindowtask-maintenancewindowruncommandparameters.html) . │ │ The `LoggingInfo` property type specifies information about the Amazon S3 bucket to write instance-level logs to. │ │ `LoggingInfo` is a property of the [AWS::SSM::MaintenanceWindowTask](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html) resource. │ ├[~] resource AWS::SSM::Parameter │ │ ├ - documentation: The `AWS::SSM::Parameter` resource creates an SSM parameter in AWS Systems Manager Parameter Store. │ │ │ > To create an SSM parameter, you must have the AWS Identity and Access Management ( IAM ) permissions `ssm:PutParameter` and `ssm:AddTagsToResource` . On stack creation, AWS CloudFormation adds the following three tags to the parameter: `aws:cloudformation:stack-name` , `aws:cloudformation:logical-id` , and `aws:cloudformation:stack-id` , in addition to any custom tags you specify. │ │ │ > │ │ │ > To add, update, or remove tags during stack update, you must have IAM permissions for both `ssm:AddTagsToResource` and `ssm:RemoveTagsFromResource` . For more information, see [Managing Access Using Policies](https://docs.aws.amazon.com/systems-manager/latest/userguide/security-iam.html#security_iam_access-manage) in the *AWS Systems Manager User Guide* . │ │ │ For information about valid values for parameters, see [About requirements and constraints for parameter names](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-su-create.html#sysman-parameter-name-constraints) in the *AWS Systems Manager User Guide* and [PutParameter](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutParameter.html) in the *AWS Systems Manager API Reference* . │ │ │ > Parameters of type `SecureString` are not supported by AWS CloudFormation . │ │ │ + documentation: The `AWS::SSM::Parameter` resource creates an SSM parameter in AWS Systems Manager Parameter Store. │ │ │ > To create an SSM parameter, you must have the AWS Identity and Access Management ( IAM ) permissions `ssm:PutParameter` and `ssm:AddTagsToResource` . On stack creation, AWS CloudFormation adds the following three tags to the parameter: `aws:cloudformation:stack-name` , `aws:cloudformation:logical-id` , and `aws:cloudformation:stack-id` , in addition to any custom tags you specify. │ │ │ > │ │ │ > To add, update, or remove tags during stack update, you must have IAM permissions for both `ssm:AddTagsToResource` and `ssm:RemoveTagsFromResource` . For more information, see [Managing access using policies](https://docs.aws.amazon.com/systems-manager/latest/userguide/security-iam.html#security_iam_access-manage) in the *AWS Systems Manager User Guide* . │ │ │ For information about valid values for parameters, see [About requirements and constraints for parameter names](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-su-create.html#sysman-parameter-name-constraints) in the *AWS Systems Manager User Guide* and [PutParameter](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutParameter.html) in the *AWS Systems Manager API Reference* . │ │ └ properties │ │ └ Name: (documentation changed) │ └[~] resource AWS::SSM::PatchBaseline │ └ types │ └[~] type PatchSource │ └ properties │ └ Configuration: (documentation changed) └[~] service aws-transfer └ resources ├[~] resource AWS::Transfer::Connector │ └ types │ └[~] type SftpConfig │ └ properties │ └ MaxConcurrentConnections: (documentation changed) └[~] resource AWS::Transfer::Server ├ properties │ └ S3StorageOptions: (documentation changed) └ types └[~] type S3StorageOptions └ properties └ DirectoryListingOptimization: (documentation changed) ```
diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json
@@ -136,7 +136,7 @@
   },
   "devDependencies": {
     "@aws-cdk/lambda-layer-kubectl-v31": "^2.1.0",
-    "@aws-cdk/aws-service-spec": "^0.1.86",
+    "@aws-cdk/aws-service-spec": "^0.1.87",
     "@aws-cdk/cdk-build-tools": "0.0.0",
     "@aws-cdk/custom-resource-handlers": "0.0.0",
     "@aws-cdk/pkglint": "0.0.0",
diff --git a/tools/@aws-cdk/spec2cdk/package.json b/tools/@aws-cdk/spec2cdk/package.json
@@ -32,9 +32,9 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-cdk/aws-service-spec": "^0.1.86",
+    "@aws-cdk/aws-service-spec": "^0.1.87",
     "@aws-cdk/service-spec-importers": "^0.0.82",
-    "@aws-cdk/service-spec-types": "^0.0.152",
+    "@aws-cdk/service-spec-types": "^0.0.153",
     "@cdklabs/tskb": "^0.0.3",
     "@cdklabs/typewriter": "^0.0.5",
     "camelcase": "^6",
diff --git a/yarn.lock b/yarn.lock
@@ -48,11 +48,6 @@
     "@jridgewell/gen-mapping" "^0.3.5"
     "@jridgewell/trace-mapping" "^0.3.24"
 
-"@aws-cdk/asset-awscli-v1@2.2.240":
-  version "2.2.240"
-  resolved "https://registry.npmjs.org/@aws-cdk/asset-awscli-v1/-/asset-awscli-v1-2.2.240.tgz#1dae84e4772778b461aaf14dec5ed7922d8c4385"
-  integrity sha512-Ry5yvGVf8s7j1Gf1aBFs0mBnWzRkkRtgSVpRGkDWXvZoPbRODAH33S1mAxkETNb+dNnTPGE2Gvws0XbhpJ6RzA==
-
 "@aws-cdk/asset-awscli-v1@2.2.242":
   version "2.2.242"
   resolved "https://registry.npmjs.org/@aws-cdk/asset-awscli-v1/-/asset-awscli-v1-2.2.242.tgz#235cb25b6d1ad26975b0095c0d6ee84309adae5c"
@@ -63,13 +58,6 @@
   resolved "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.1.0.tgz#6d3c7860354d4856a7e75375f2f0ecab313b4989"
   integrity sha512-7bY3J8GCVxLupn/kNmpPc5VJz8grx+4RKfnnJiO1LG+uxkZfANZG3RMHhE+qQxxwkyQ9/MfPtTpf748UhR425A==
 
-"@aws-cdk/aws-bedrock-alpha@file:packages/@aws-cdk/aws-bedrock-alpha":
-  version "0.0.0"
-
-"@aws-cdk/aws-lambda-python-alpha@file:packages/@aws-cdk/aws-lambda-python-alpha":
-  version "0.0.0"
-
-
 "@aws-cdk/aws-service-spec@0.1.84":
   version "0.1.84"
   resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.1.84.tgz#520b4d69365bed901813fac1821750d899f6cc7e"
@@ -78,20 +66,12 @@
     "@aws-cdk/service-spec-types" "^0.0.150"
     "@cdklabs/tskb" "^0.0.3"
 
-"@aws-cdk/cloud-assembly-schema@^44.2.0":
-  version "44.8.0"
-  resolved "https://registry.npmjs.org/@aws-cdk/cloud-assembly-schema/-/cloud-assembly-schema-44.8.0.tgz#52da129bd718cc354c2970a6922c2346459f3945"
-  integrity sha512-Bxyj0VH8phE1uHJ6LiG3/UC/HYK91EBZnXSOzwtLsMJ0ZPuaQCYDRVAAfjDCSsEOwAk56/Waks8b5pXHpgz/xw==
+"@aws-cdk/aws-service-spec@^0.1.87":
+  version "0.1.87"
+  resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.1.87.tgz#be3571161347a18bd84368638fed2e5153885944"
+  integrity sha512-ygUSEZy2LZWfhOYNr0Hw3U26BKbITHN47b67FcL17oq2QF5/y4MdbGgycsoEz39vRJl6YWJ2gL8S5j13HBLDhA==
   dependencies:
-    jsonschema "~1.4.1"
-    semver "^7.7.2"
-
-"@aws-cdk/aws-service-spec@^0.1.86":
-  version "0.1.86"
-  resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.1.86.tgz#ef9a74a3a9ff6a2901e5489bab465ed5ee6163ab"
-  integrity sha512-/el9RfmBfwVnz1D7/Y3pKImLUnEpm+qTwaLSbWEg0iS7owYOvU/Ab5WivLN3EOVCZpE9XHkMhbaHiJ9WUGXdcg==
-  dependencies:
-    "@aws-cdk/service-spec-types" "^0.0.152"
+    "@aws-cdk/service-spec-types" "^0.0.153"
     "@cdklabs/tskb" "^0.0.3"
 
 "@aws-cdk/cloud-assembly-schema@^45.0.0":
@@ -172,10 +152,10 @@
   dependencies:
     "@cdklabs/tskb" "^0.0.3"
 
-"@aws-cdk/service-spec-types@^0.0.152":
-  version "0.0.152"
-  resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.152.tgz#09370362ef9fd26604f79075d9e7759cdfdd658c"
-  integrity sha512-zTEzp4EwUXrwqts48xV11GknGnQuEw3/l4tBZ1mePJXRZzBHcP5q4h/Q4AGJ9jrBtCqSks9EAoX2kTlgjkU4fg==
+"@aws-cdk/service-spec-types@^0.0.153":
+  version "0.0.153"
+  resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.153.tgz#fe23190d04f523b6f78d5e50873136b393265600"
+  integrity sha512-VQlCukkOMa+InEIkK25qjKGO5ugzFUHzwST8xe+tjQVqWdyGYpllzqj3Kdns7KBkEOht74wVxJwize2ZlGgXmg==
   dependencies:
     "@cdklabs/tskb" "^0.0.3"
 
@@ -4424,7 +4404,7 @@
   dependencies:
     tslib "^2.4.0"
 
-"@types/aws-lambda@^8.10.136", "@types/aws-lambda@^8.10.150":
+"@types/aws-lambda@^8.10.150":
   version "8.10.150"
   resolved "https://registry.npmjs.org/@types/aws-lambda/-/aws-lambda-8.10.150.tgz#4998b238750ec389a326a7cdb625808834036bd3"
   integrity sha512-AX+AbjH/rH5ezX1fbK8onC/a+HyQHo7QGmvoxAE42n22OsciAxvZoZNEr22tbXs8WfP1nIsBjKDpgPm3HjOZbA==
@@ -4631,13 +4611,6 @@
   dependencies:
     undici-types "~5.26.4"
 
-"@types/node@^18.11.19":
-  version "18.19.113"
-  resolved "https://registry.npmjs.org/@types/node/-/node-18.19.113.tgz#f48df552584e47fb4a8bc0b39e1377112be105de"
-  integrity sha512-TmSTE9vyebJ9vSEiU+P+0Sp4F5tMgjiEOZaQUW6wA3ODvi6uBgkHQ+EsIu0pbiKvf9QHEvyRCiaz03rV0b+IaA==
-  dependencies:
-    undici-types "~5.26.4"
-
 "@types/normalize-package-data@^2.4.0":
   version "2.4.4"
   resolved "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz#56e2cc26c397c038fab0e3a917a12d5c5909e901"
@@ -5239,33 +5212,6 @@ available-typed-arrays@^1.0.7:
   dependencies:
     possible-typed-array-names "^1.0.0"
 
-aws-cdk-lib@^2.188.0:
-  version "2.202.0"
-  resolved "https://registry.npmjs.org/aws-cdk-lib/-/aws-cdk-lib-2.202.0.tgz#5cae32d08e6072cc49e6cb090471a1292efdd867"
-  integrity sha512-JDycQoE8AxUAeCFXFoCx6FGvR78e6W9zYxPgmfW/uPPbntyNCXXBqwyAYo17RGS/lr0RO3zqD/oCBZSNU2e/Yg==
-  dependencies:
-    "@aws-cdk/asset-awscli-v1" "2.2.240"
-    "@aws-cdk/asset-node-proxy-agent-v6" "^2.1.0"
-    "@aws-cdk/cloud-assembly-schema" "^44.2.0"
-    "@balena/dockerignore" "^1.0.2"
-    case "1.6.3"
-    fs-extra "^11.3.0"
-    ignore "^5.3.2"
-    jsonschema "^1.5.0"
-    mime-types "^2.1.35"
-    minimatch "^3.1.2"
-    punycode "^2.3.1"
-    semver "^7.7.2"
-    table "^6.9.0"
-    yaml "1.10.2"
-
-aws-cdk@2.1007.0:
-  version "2.1007.0"
-  resolved "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.1007.0.tgz#cdeca2bd3a4a628c73c9dab3ac37f29d3f63b223"
-  integrity sha512-/UOYOTGWUm+pP9qxg03tID5tL6euC+pb+xo0RBue+xhnUWwj/Bbsw6DbqbpOPMrNzTUxmM723/uMEQmM6S26dw==
-  optionalDependencies:
-    fsevents "2.3.2"
-
 aws-cdk@2.1020.2:
   version "2.1020.2"
   resolved "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.1020.2.tgz#7e0a4113666a6d162cf40b6b1ebf9e310c22dd44"
@@ -5665,11 +5611,6 @@ cdk-generate-synthetic-examples@^0.2.26:
     jsii-reflect "^1.112.0"
     yargs "^17.7.2"
 
-cdk-nag@2.28.13:
-  version "2.28.13"
-  resolved "https://registry.npmjs.org/cdk-nag/-/cdk-nag-2.28.13.tgz#bef1b6c65496d99ef2e110f1a28f5260f9efef80"
-  integrity sha512-f+fteEq09+N7H2heqls0NcTC+MFcXl6fztEjjpKK0qTo5eFAKmDekEHLRGY5LX8v/JlueoVyhttsjaULNwnoSg==
-
 cdk8s-plus-27@2.9.5:
   version "2.9.5"
   resolved "https://registry.npmjs.org/cdk8s-plus-27/-/cdk8s-plus-27-2.9.5.tgz#a2d7942a7aba001c0a07705627314d780cde7265"
@@ -12831,7 +12772,7 @@ ts-api-utils@^2.1.0:
   resolved "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-2.1.0.tgz#595f7094e46eed364c13fd23e75f9513d29baf91"
   integrity sha512-CUgTZL1irw8u29bzrOD/nH85jqyc74D6SshFgujOIA7osm2Rz7dYH77agkx7H4FBNxDq7Cjf+IjaX/8zwFW+ZQ==
 
-ts-jest@^29, ts-jest@^29.2.5, ts-jest@^29.4.0:
+ts-jest@^29, ts-jest@^29.4.0:
   version "29.4.0"
   resolved "https://registry.npmjs.org/ts-jest/-/ts-jest-29.4.0.tgz#bef0ee98d94c83670af7462a1617bf2367a83740"
   integrity sha512-d423TJMnJGu80/eSgfQ5w/R+0zFJvdtTxwtF9KzFFunOpSeD+79lHJQIiAhluJoyGRbvj9NZJsl9WjCUo0ND7Q==
@@ -13066,11 +13007,6 @@ typescript@~5.5.0, typescript@~5.5.4:
   resolved "https://registry.npmjs.org/typescript/-/typescript-5.5.4.tgz#d9852d6c82bad2d2eda4fd74a5762a8f5909e9ba"
   integrity sha512-Mtq29sKDAEYP7aljRgtPOpTvOfbwRWlS6dPRzwjdE+C0R4brX/GUyhHSecbHMFLNBLcJIPt9nl9yG5TZ1weH+Q==
 
-typescript@~5.6.3:
-  version "5.6.3"
-  resolved "https://registry.npmjs.org/typescript/-/typescript-5.6.3.tgz#5f3449e31c9d94febb17de03cc081dd56d81db5b"
-  integrity sha512-hjcS1mhfuyi4WW8IWtjP7brDrG2cuDZukyrYrSauoXGNgx0S7zceP07adYkJycEr56BOUTNPzbInooiN3fn1qw==
-
 typescript@~5.7:
   version "5.7.3"
   resolved "https://registry.npmjs.org/typescript/-/typescript-5.7.3.tgz#919b44a7dbb8583a9b856d162be24a54bf80073e"
