Skip to content

feat: update L1 CloudFormation resource definitions #36799

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
aws-cdk-automation wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: update L1 CloudFormation resource definitions #36799

aws-cdk-automation wants to merge 1 commit into from
+77 −20

Conversation

@aws-cdk-automation
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation commented Jan 26, 2026

Updates the L1 CloudFormation resource definitions with the latest changes from @aws-cdk/aws-service-spec

L1 CloudFormation resource definition changes:

├[~] service aws-autoscaling
│ └ resources
│    └[~]  resource AWS::AutoScaling::AutoScalingGroup
│       └ properties
│          └[+] DeletionProtection: string
├[~] service aws-backup
│ └ resources
│    ├[~]  resource AWS::Backup::BackupPlan
│    │  └ types
│    │     ├[~] type BackupPlanResourceType
│    │     │ └ properties
│    │     │    └[+] ScanSettings: Array<ScanSettingResourceType>
│    │     ├[~] type BackupRuleResourceType
│    │     │ └ properties
│    │     │    └[+] ScanActions: Array<ScanActionResourceType>
│    │     ├[+]  type ScanActionResourceType
│    │     │  ├      name: ScanActionResourceType
│    │     │  └ properties
│    │     │     ├ MalwareScanner: string
│    │     │     └ ScanMode: string
│    │     └[+]  type ScanSettingResourceType
│    │        ├      name: ScanSettingResourceType
│    │        └ properties
│    │           ├ MalwareScanner: string
│    │           ├ ResourceTypes: Array<string>
│    │           └ ScannerRoleArn: string
│    └[+]  resource AWS::Backup::TieringConfiguration
│       ├      name: TieringConfiguration
│       │      cloudFormationType: AWS::Backup::TieringConfiguration
│       │      documentation: Resource Type definition for AWS::Backup::TieringConfiguration
│       │      tagInformation: {"tagPropertyName":"TieringConfigurationTags","variant":"map"}
│       │      primaryIdentifier: ["TieringConfigurationName"]
│       ├ properties
│       │  ├ TieringConfigurationName: string (required, immutable)
│       │  ├ BackupVaultName: string (required)
│       │  ├ ResourceSelection: Array<ResourceSelection> (required)
│       │  └ TieringConfigurationTags: Map<string, string>
│       ├ attributes
│       │  ├ TieringConfigurationArn: string
│       │  ├ CreationTime: string
│       │  └ LastUpdatedTime: string
│       └ types
│          └ type ResourceSelection
│            ├      name: ResourceSelection
│            └ properties
│               ├ Resources: Array<string> (required)
│               ├ TieringDownSettingsInDays: integer (required)
│               └ ResourceType: string (required)
├[~] service aws-bedrockagentcore
│ └ resources
│    └[~]  resource AWS::BedrockAgentCore::Runtime
│       └ types
│          ├[+]  type AuthorizingClaimMatchValueType
│          │  ├      documentation: The value or values in the custom claim to match and relationship of match
│          │  │      name: AuthorizingClaimMatchValueType
│          │  └ properties
│          │     ├ ClaimMatchOperator: string (required)
│          │     └ ClaimMatchValue: ClaimMatchValueType (required)
│          ├[+]  type ClaimMatchValueType
│          │  ├      documentation: The value or values in the custom claim to match for
│          │  │      name: ClaimMatchValueType
│          │  └ properties
│          │     ├ MatchValueString: string
│          │     └ MatchValueStringList: Array<string>
│          ├[+]  type CustomClaimValidationType
│          │  ├      documentation: Required custom claim
│          │  │      name: CustomClaimValidationType
│          │  └ properties
│          │     ├ AuthorizingClaimMatchValue: AuthorizingClaimMatchValueType (required)
│          │     ├ InboundTokenClaimName: string (required)
│          │     └ InboundTokenClaimValueType: string (required)
│          └[~] type CustomJWTAuthorizerConfiguration
│            └ properties
│               ├[+] AllowedScopes: Array<string>
│               └[+] CustomClaims: Array<CustomClaimValidationType>
├[~] service aws-emrcontainers
│ └ resources
│    ├[+]  resource AWS::EMRContainers::Endpoint
│    │  ├      name: Endpoint
│    │  │      cloudFormationType: AWS::EMRContainers::Endpoint
│    │  │      documentation: Resource Schema of AWS::EMRContainers::Endpoint Type
│    │  │      tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │  │      primaryIdentifier: ["Arn"]
│    │  ├ properties
│    │  │  ├ Name: string (immutable)
│    │  │  ├ VirtualClusterId: string (required, immutable)
│    │  │  ├ Type: string (required, immutable)
│    │  │  ├ ReleaseLabel: string (required, immutable)
│    │  │  ├ ExecutionRoleArn: string (required, immutable)
│    │  │  ├ ConfigurationOverrides: ConfigurationOverrides (immutable)
│    │  │  └ Tags: Array<tag>
│    │  ├ attributes
│    │  │  ├ Arn: string
│    │  │  ├ Id: string
│    │  │  ├ ServerUrl: string
│    │  │  ├ State: string
│    │  │  ├ StateDetails: string
│    │  │  ├ FailureReason: string
│    │  │  ├ CreatedAt: string
│    │  │  ├ SecurityGroup: string
│    │  │  └ CertificateAuthority: Certificate
│    │  └ types
│    │     ├ type Certificate
│    │     │ ├      name: Certificate
│    │     │ └ properties
│    │     │    ├ CertificateArn: string
│    │     │    └ CertificateData: string
│    │     ├ type CloudWatchMonitoringConfiguration
│    │     │ ├      name: CloudWatchMonitoringConfiguration
│    │     │ └ properties
│    │     │    ├ LogGroupName: string (required)
│    │     │    └ LogStreamNamePrefix: string
│    │     ├ type ConfigurationOverrides
│    │     │ ├      name: ConfigurationOverrides
│    │     │ └ properties
│    │     │    ├ ApplicationConfiguration: Array<EMREKSConfiguration>
│    │     │    └ MonitoringConfiguration: MonitoringConfiguration
│    │     ├ type ContainerLogRotationConfiguration
│    │     │ ├      name: ContainerLogRotationConfiguration
│    │     │ └ properties
│    │     │    ├ RotationSize: string (required)
│    │     │    └ MaxFilesToKeep: integer (required)
│    │     ├ type EMREKSConfiguration
│    │     │ ├      name: EMREKSConfiguration
│    │     │ └ properties
│    │     │    ├ Classification: string (required)
│    │     │    ├ Properties: Map<string, string>
│    │     │    └ Configurations: Array<EMREKSConfiguration>
│    │     ├ type MonitoringConfiguration
│    │     │ ├      name: MonitoringConfiguration
│    │     │ └ properties
│    │     │    ├ PersistentAppUI: string
│    │     │    ├ ContainerLogRotationConfiguration: ContainerLogRotationConfiguration
│    │     │    ├ CloudWatchMonitoringConfiguration: CloudWatchMonitoringConfiguration
│    │     │    └ S3MonitoringConfiguration: S3MonitoringConfiguration
│    │     └ type S3MonitoringConfiguration
│    │       ├      name: S3MonitoringConfiguration
│    │       └ properties
│    │          └ LogUri: string (required)
│    └[+]  resource AWS::EMRContainers::SecurityConfiguration
│       ├      name: SecurityConfiguration
│       │      cloudFormationType: AWS::EMRContainers::SecurityConfiguration
│       │      documentation: Resource Schema of AWS::EMRContainers::SecurityConfiguration Type
│       │      tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│       │      primaryIdentifier: ["Arn"]
│       ├ properties
│       │  ├ Name: string (immutable)
│       │  ├ ContainerProvider: ContainerProvider (immutable)
│       │  ├ SecurityConfigurationData: SecurityConfigurationData (required, immutable)
│       │  └ Tags: Array<tag>
│       ├ attributes
│       │  ├ Arn: string
│       │  └ Id: string
│       └ types
│          ├ type AtRestEncryptionConfiguration
│          │ ├      documentation: At-rest encryption configuration.
│          │ │      name: AtRestEncryptionConfiguration
│          │ └ properties
│          │    ├ S3EncryptionConfiguration: S3EncryptionConfiguration
│          │    └ LocalDiskEncryptionConfiguration: LocalDiskEncryptionConfiguration
│          ├ type AuthenticationConfiguration
│          │ ├      documentation: Authentication configuration for the security configuration.
│          │ │      name: AuthenticationConfiguration
│          │ └ properties
│          │    ├ IdentityCenterConfiguration: IdentityCenterConfiguration
│          │    └ IAMConfiguration: IAMConfiguration
│          ├ type AuthorizationConfiguration
│          │ ├      documentation: Authorization configuration for the security configuration.
│          │ │      name: AuthorizationConfiguration
│          │ └ properties
│          │    └ LakeFormationConfiguration: LakeFormationConfiguration
│          ├ type ContainerInfo
│          │ ├      documentation: Container information.
│          │ │      name: ContainerInfo
│          │ └ properties
│          │    └ EksInfo: EksInfo
│          ├ type ContainerProvider
│          │ ├      documentation: Container provider information.
│          │ │      name: ContainerProvider
│          │ └ properties
│          │    ├ Type: string (required)
│          │    ├ Id: string (required)
│          │    └ Info: ContainerInfo
│          ├ type EksInfo
│          │ ├      documentation: EKS information.
│          │ │      name: EksInfo
│          │ └ properties
│          │    └ Namespace: string
│          ├ type EncryptionConfiguration
│          │ ├      documentation: Encryption configuration for the security configuration.
│          │ │      name: EncryptionConfiguration
│          │ └ properties
│          │    ├ InTransitEncryptionConfiguration: InTransitEncryptionConfiguration
│          │    └ AtRestEncryptionConfiguration: AtRestEncryptionConfiguration
│          ├ type IAMConfiguration
│          │ ├      documentation: IAM configuration.
│          │ │      name: IAMConfiguration
│          │ └ properties
│          │    └ SystemRole: string
│          ├ type IdentityCenterConfiguration
│          │ ├      documentation: Identity Center configuration.
│          │ │      name: IdentityCenterConfiguration
│          │ └ properties
│          │    ├ EnableIdentityCenter: boolean
│          │    ├ IdentityCenterApplicationAssignmentRequired: boolean
│          │    └ IdentityCenterInstanceARN: string
│          ├ type InTransitEncryptionConfiguration
│          │ ├      documentation: In-transit encryption configuration.
│          │ │      name: InTransitEncryptionConfiguration
│          │ └ properties
│          │    └ TLSCertificateConfiguration: TLSCertificateConfiguration
│          ├ type LakeFormationConfiguration
│          │ ├      documentation: Lake Formation configuration.
│          │ │      name: LakeFormationConfiguration
│          │ └ properties
│          │    ├ AuthorizedSessionTagValue: string
│          │    ├ SecureNamespaceInfo: SecureNamespaceInfo
│          │    ├ QueryEngineRoleArn: string
│          │    └ QueryAccessControlEnabled: boolean
│          ├ type LocalDiskEncryptionConfiguration
│          │ ├      documentation: Local disk encryption configuration.
│          │ │      name: LocalDiskEncryptionConfiguration
│          │ └ properties
│          │    ├ EncryptionKeyProviderType: string
│          │    └ AwsKmsKeyId: string
│          ├ type S3EncryptionConfiguration
│          │ ├      documentation: S3 encryption configuration.
│          │ │      name: S3EncryptionConfiguration
│          │ └ properties
│          │    ├ EncryptionOption: string
│          │    └ KMSKeyId: string
│          ├ type SecureNamespaceInfo
│          │ ├      documentation: Secure namespace information for Lake Formation.
│          │ │      name: SecureNamespaceInfo
│          │ └ properties
│          │    ├ ClusterId: string
│          │    └ Namespace: string
│          ├ type SecurityConfigurationData
│          │ ├      documentation: Security configuration data containing encryption and authorization settings.
│          │ │      name: SecurityConfigurationData
│          │ └ properties
│          │    ├ AuthorizationConfiguration: AuthorizationConfiguration
│          │    ├ AuthenticationConfiguration: AuthenticationConfiguration
│          │    └ EncryptionConfiguration: EncryptionConfiguration
│          └ type TLSCertificateConfiguration
│            ├      documentation: TLS certificate configuration for in-transit encryption.
│            │      name: TLSCertificateConfiguration
│            └ properties
│               ├ CertificateProviderType: string
│               ├ PublicKeySecretArn: string
│               └ PrivateKeySecretArn: string
├[~] service aws-iot
│ └ resources
│    └[~]  resource AWS::IoT::Logging
│       ├ properties
│       │  └[+] EventConfigurations: Array<EventConfiguration>
│       └ types
│          └[+]  type EventConfiguration
│             ├      documentation: Configuration for event-based logging that specifies which event types to log and their logging settings. Used for account-level logging overrides.
│             │      name: EventConfiguration
│             └ properties
│                ├ EventType: string (required)
│                ├ LogLevel: string
│                └ LogDestination: string
├[+] service aws-mwaaserverless
│ ├      capitalized: MWAAServerless
│ │      cloudFormationNamespace: AWS::MWAAServerless
│ │      name: aws-mwaaserverless
│ │      shortName: mwaaserverless
│ └ resources
│    └ resource AWS::MWAAServerless::Workflow
│      ├      name: Workflow
│      │      cloudFormationType: AWS::MWAAServerless::Workflow
│      │      documentation: Resource Type definition for AWS::MWAAServerless::Workflow resource
│      │      tagInformation: {"tagPropertyName":"Tags","variant":"map"}
│      │      primaryIdentifier: ["WorkflowArn"]
│      ├ properties
│      │  ├ Name: string (immutable)
│      │  ├ Description: string
│      │  ├ DefinitionS3Location: S3Location (required)
│      │  ├ RoleArn: string (required)
│      │  ├ EncryptionConfiguration: EncryptionConfiguration (immutable)
│      │  ├ LoggingConfiguration: LoggingConfiguration
│      │  ├ NetworkConfiguration: NetworkConfiguration
│      │  ├ Tags: Map<string, string>
│      │  └ TriggerMode: string
│      ├ attributes
│      │  ├ WorkflowArn: string
│      │  ├ WorkflowVersion: string
│      │  ├ CreatedAt: string
│      │  ├ ModifiedAt: string
│      │  ├ WorkflowStatus: string
│      │  └ ScheduleConfiguration: ScheduleConfiguration
│      └ types
│         ├ type EncryptionConfiguration
│         │ ├      name: EncryptionConfiguration
│         │ └ properties
│         │    ├ Type: string (required)
│         │    └ KmsKeyId: string
│         ├ type LoggingConfiguration
│         │ ├      name: LoggingConfiguration
│         │ └ properties
│         │    └ LogGroupName: string (required)
│         ├ type NetworkConfiguration
│         │ ├      name: NetworkConfiguration
│         │ └ properties
│         │    ├ SecurityGroupIds: Array<string>
│         │    └ SubnetIds: Array<string>
│         ├ type S3Location
│         │ ├      name: S3Location
│         │ └ properties
│         │    ├ Bucket: string (required)
│         │    ├ ObjectKey: string (required)
│         │    └ VersionId: string
│         └ type ScheduleConfiguration
│           ├      name: ScheduleConfiguration
│           └ properties
│              └ CronExpression: string
├[~] service aws-opensearchserverless
│ └ resources
│    └[~]  resource AWS::OpenSearchServerless::Collection
│       ├ properties
│       │  ├ CollectionGroupName: (documentation changed)
│       │  └ EncryptionConfig: (documentation changed)
│       └ types
│          └[~] type EncryptionConfig
│            ├      - documentation: The configuration to encrypt the collection
│            │      + documentation: Encryption settings for the collection
│            └ properties
│               ├ AWSOwnedKey: (documentation changed)
│               └ KmsKeyArn: (documentation changed)
└[~] service aws-rds
  └ resources
     └[~]  resource AWS::RDS::DBInstance
        ├ properties
        │  └ AdditionalStorageVolumes: (documentation changed)
        └ types
           └[~] type AdditionalStorageVolume
             └ properties
                ├ StorageThroughput: (documentation changed)
                ├ StorageType: (documentation changed)
                └ VolumeName: (documentation changed)

@aws-cdk-automation @github-actions
feat: update L1 CloudFormation resource definitions
85f7b32 
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
@aws-cdk-automation aws-cdk-automation added contribution/core This is a PR that came from AWS. dependencies This issue is a problem in a dependency or a pull request that updates a dependency file. pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes pr-linter/exempt-integ-test The PR linter will not require integ test changes labels Jan 26, 2026
@aws-cdk-automation aws-cdk-automation requested review from a team January 26, 2026 10:29
@github-actions github-actions bot added the p2 label Jan 26, 2026
@pahud pahud mentioned this pull request Jan 26, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

contribution/core This is a PR that came from AWS. dependencies This issue is a problem in a dependency or a pull request that updates a dependency file. p2 pr-linter/exempt-integ-test The PR linter will not require integ test changes pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aws-cdk-automation