feat(cloudformation): update L1 CloudFormation resource definitions (#34839)

aws-cdk-automation · web-flow · commit 4c75889fb44e · 2025-06-27T17:01:29.000Z
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`

**L1 CloudFormation resource definition changes:**
```
├[~] service aws-accessanalyzer
│ └ resources
│    └[~]  resource AWS::AccessAnalyzer::Analyzer
│       ├ properties
│       │  └ Type: (documentation changed)
│       └ types
│          ├[~] type AnalyzerConfiguration
│          │ └ properties
│          │    └ InternalAccessConfiguration: (documentation changed)
│          ├[~] type InternalAccessAnalysisRuleCriteria
│          │ └ properties
│          │    ├ AccountIds: (documentation changed)
│          │    └ ResourceTypes: (documentation changed)
│          └[~] type InternalAccessConfiguration
│            └ properties
│               └ InternalAccessAnalysisRule: (documentation changed)
├[+] service aws-aiops
│ ├      capitalized: AIOps
│ │      cloudFormationNamespace: AWS::AIOps
│ │      name: aws-aiops
│ │      shortName: aiops
│ └ resources
│    └ resource AWS::AIOps::InvestigationGroup
│      ├      name: InvestigationGroup
│      │      cloudFormationType: AWS::AIOps::InvestigationGroup
│      │      documentation: Definition of AWS::AIOps::InvestigationGroup Resource Type
│      │      tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│      ├ properties
│      │  ├ RoleArn: string
│      │  ├ Name: string (required, immutable)
│      │  ├ RetentionInDays: integer (immutable)
│      │  ├ EncryptionConfig: EncryptionConfigMap
│      │  ├ InvestigationGroupPolicy: string
│      │  ├ IsCloudTrailEventHistoryEnabled: boolean
│      │  ├ TagKeyBoundaries: Array&lt;string&gt;
│      │  ├ ChatbotNotificationChannels: Array&lt;ChatbotNotificationChannel&gt;
│      │  ├ CrossAccountConfigurations: Array&lt;CrossAccountConfiguration&gt;
│      │  └ Tags: Array&lt;tag&gt;
│      ├ attributes
│      │  ├ CreatedBy: string
│      │  ├ CreatedAt: string
│      │  ├ LastModifiedBy: string
│      │  ├ LastModifiedAt: string
│      │  └ Arn: string
│      └ types
│         ├ type ChatbotNotificationChannel
│         │ ├      name: ChatbotNotificationChannel
│         │ └ properties
│         │    ├ SNSTopicArn: string
│         │    └ ChatConfigurationArns: Array&lt;string&gt;
│         ├ type CrossAccountConfiguration
│         │ ├      name: CrossAccountConfiguration
│         │ └ properties
│         │    └ SourceRoleArn: string
│         └ type EncryptionConfigMap
│           ├      name: EncryptionConfigMap
│           └ properties
│              ├ EncryptionConfigurationType: string
│              └ KmsKeyId: string
├[~] service aws-arczonalshift
│ └ resources
│    └[~]  resource AWS::ARCZonalShift::ZonalAutoshiftConfiguration
│       ├      - documentation: The zonal autoshift configuration for a resource includes the practice run configuration and the status for running autoshifts, zonal autoshift status. When a resource has a practice run configuation, Route 53 ARC starts weekly zonal shifts for the resource, to shift traffic away from an Availability Zone. Weekly practice runs help you to make sure that your application can continue to operate normally with the loss of one Availability Zone.
│       │      You can update the zonal autoshift autoshift status to enable or disable zonal autoshift. When zonal autoshift is `ENABLED` , you authorize AWS to shift away resource traffic for an application from an Availability Zone during events, on your behalf, to help reduce time to recovery. Traffic is also shifted away for the required weekly practice runs.
│       │      + documentation: The zonal autoshift configuration for a resource includes the practice run configuration and the status for running autoshifts, zonal autoshift status. When a resource has a practice run configuation, ARC starts weekly zonal shifts for the resource, to shift traffic away from an Availability Zone. Weekly practice runs help you to make sure that your application can continue to operate normally with the loss of one Availability Zone.
│       │      You can update the zonal autoshift autoshift status to enable or disable zonal autoshift. When zonal autoshift is `ENABLED` , you authorize AWS to shift away resource traffic for an application from an Availability Zone during events, on your behalf, to help reduce time to recovery. Traffic is also shifted away for the required weekly practice runs.
│       ├ properties
│       │  └ ResourceIdentifier: (documentation changed)
│       └ types
│          ├[~] type ControlCondition
│          │ └      - documentation: A control condition is an alarm that you specify for a practice run. When you configure practice runs with zonal autoshift for a resource, you specify Amazon CloudWatch alarms, which you create in CloudWatch to use with the practice run. The alarms that you specify are an *outcome alarm* , to monitor application health during practice runs and, optionally, a *blocking alarm* , to block practice runs from starting or to interrupt a practice run in progress.
│          │        Control condition alarms do not apply for autoshifts.
│          │        For more information, see [Considerations when you configure zonal autoshift](https://docs.aws.amazon.com/r53recovery/latest/dg/arc-zonal-autoshift.considerations.html) in the Route 53 ARC Developer Guide.
│          │        + documentation: A control condition is an alarm that you specify for a practice run. When you configure practice runs with zonal autoshift for a resource, you specify Amazon CloudWatch alarms, which you create in CloudWatch to use with the practice run. The alarms that you specify are an *outcome alarm* , to monitor application health during practice runs and, optionally, a *blocking alarm* , to block practice runs from starting or to interrupt a practice run in progress.
│          │        Control condition alarms do not apply for autoshifts.
│          │        For more information, see [Considerations when you configure zonal autoshift](https://docs.aws.amazon.com/r53recovery/latest/dg/arc-zonal-autoshift.considerations.html) in the ARC Developer Guide.
│          └[~] type PracticeRunConfiguration
│            ├      - documentation: A practice run configuration for a resource includes the Amazon CloudWatch alarms that you've specified for a practice run, as well as any blocked dates or blocked windows for the practice run.
│            │      When a resource has a practice run configuation, Route 53 ARC starts weekly zonal shifts for the resource, to shift traffic away from an Availability Zone. Weekly practice runs help you to make sure that your application can continue to operate normally with the loss of one Availability Zone.
│            │      You can update or delete a practice run configuration. When you delete a practice run configuration, zonal autoshift is disabled for the resource. A practice run configuration is required when zonal autoshift is enabled.
│            │      + documentation: A practice run configuration for a resource includes the Amazon CloudWatch alarms that you've specified for a practice run, as well as any blocked dates or blocked windows for the practice run.
│            │      When a resource has a practice run configuation, ARC starts weekly zonal shifts for the resource, to shift traffic away from an Availability Zone. Weekly practice runs help you to make sure that your application can continue to operate normally with the loss of one Availability Zone.
│            │      You can update or delete a practice run configuration. When you delete a practice run configuration, zonal autoshift is disabled for the resource. A practice run configuration is required when zonal autoshift is enabled.
│            └ properties
│               └ BlockedWindows: (documentation changed)
├[~] service aws-b2bi
│ └ resources
│    ├[~]  resource AWS::B2BI::Partnership
│    │  └ types
│    │     ├[~] type CapabilityOptions
│    │     │ └ properties
│    │     │    └[+] InboundEdi: InboundEdiOptions
│    │     ├[+]  type InboundEdiOptions
│    │     │  ├      name: InboundEdiOptions
│    │     │  └ properties
│    │     │     └ X12: X12InboundEdiOptions
│    │     ├[+]  type WrapOptions
│    │     │  ├      name: WrapOptions
│    │     │  └ properties
│    │     │     ├ WrapBy: string
│    │     │     ├ LineTerminator: string
│    │     │     └ LineLength: number
│    │     ├[+]  type X12AcknowledgmentOptions
│    │     │  ├      name: X12AcknowledgmentOptions
│    │     │  └ properties
│    │     │     ├ FunctionalAcknowledgment: string (required)
│    │     │     └ TechnicalAcknowledgment: string (required)
│    │     ├[+]  type X12ControlNumbers
│    │     │  ├      name: X12ControlNumbers
│    │     │  └ properties
│    │     │     ├ StartingInterchangeControlNumber: number
│    │     │     ├ StartingFunctionalGroupControlNumber: number
│    │     │     └ StartingTransactionSetControlNumber: number
│    │     ├[~] type X12Envelope
│    │     │ └ properties
│    │     │    └[+] WrapOptions: WrapOptions
│    │     ├[+]  type X12InboundEdiOptions
│    │     │  ├      name: X12InboundEdiOptions
│    │     │  └ properties
│    │     │     └ AcknowledgmentOptions: X12AcknowledgmentOptions
│    │     └[~] type X12OutboundEdiHeaders
│    │       └ properties
│    │          ├[+] ControlNumbers: X12ControlNumbers
│    │          └[+] Gs05TimeFormat: string
│    └[~]  resource AWS::B2BI::Transformer
│       └ types
│          ├[+]  type AdvancedOptions
│          │  ├      name: AdvancedOptions
│          │  └ properties
│          │     └ X12: X12AdvancedOptions
│          ├[~] type InputConversion
│          │ └ properties
│          │    └[+] AdvancedOptions: AdvancedOptions
│          ├[+]  type X12AdvancedOptions
│          │  ├      name: X12AdvancedOptions
│          │  └ properties
│          │     └ SplitOptions: X12SplitOptions
│          └[+]  type X12SplitOptions
│             ├      name: X12SplitOptions
│             └ properties
│                └ SplitBy: string
├[~] service aws-batch
│ └ resources
│    └[~]  resource AWS::Batch::ComputeEnvironment
│       └ types
│          ├[~] type Ec2ConfigurationObject
│          │ └ properties
│          │    └ ImageType: (documentation changed)
│          ├[~] type LaunchTemplateSpecification
│          │ └ properties
│          │    └[+] UserdataType: string
│          └[~] type LaunchTemplateSpecificationOverride
│            └ properties
│               └[+] UserdataType: string
├[~] service aws-bedrock
│ └ resources
│    └[~]  resource AWS::Bedrock::Guardrail
│       ├      - documentation: Creates a guardrail to block topics and to implement safeguards for your generative AI applications.
│       │      You can configure the following policies in a guardrail to avoid undesirable and harmful content, filter out denied topics and words, and remove sensitive information for privacy protection.
│       │      - *Content filters* - Adjust filter strengths to block input prompts or model responses containing harmful content.
│       │      - *Denied topics* - Define a set of topics that are undesirable in the context of your application. These topics will be blocked if detected in user queries or model responses.
│       │      - *Word filters* - Configure filters to block undesirable words, phrases, and profanity. Such words can include offensive terms, competitor names etc.
│       │      - *Sensitive information filters* - Block or mask sensitive information such as personally identifiable information (PII) or custom regex in user inputs and model responses.
│       │      In addition to the above policies, you can also configure the messages to be returned to the user if a user input or model response is in violation of the policies defined in the guardrail.
│       │      For more information, see [Amazon Bedrock Guardrails](https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html) in the *Amazon Bedrock User Guide* .
│       │      + documentation: Creates a guardrail to detect and filter harmful content in your generative AI application.
│       │      Amazon Bedrock Guardrails provides the following safeguards (also known as policies) to detect and filter harmful content:
│       │      - *Content filters* - Detect and filter harmful text or image content in input prompts or model responses. Filtering is done based on detection of certain predefined harmful content categories: Hate, Insults, Sexual, Violence, Misconduct and Prompt Attack. You also can adjust the filter strength for each of these categories.
│       │      - *Denied topics* - Define a set of topics that are undesirable in the context of your application. The filter will help block them if detected in user queries or model responses.
│       │      - *Word filters* - Configure filters to help block undesirable words, phrases, and profanity (exact match). Such words can include offensive terms, competitor names, etc.
│       │      - *Sensitive information filters* - Configure filters to help block or mask sensitive information, such as personally identifiable information (PII), or custom regex in user inputs and model responses. Blocking or masking is done based on probabilistic detection of sensitive information in standard formats in entities such as SSN number, Date of Birth, address, etc. This also allows configuring regular expression based detection of patterns for identifiers.
│       │      - *Contextual grounding check* - Help detect and filter hallucinations in model responses based on grounding in a source and relevance to the user query.
│       │      For more information, see [How Amazon Bedrock Guardrails works](https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-how.html) .
│       ├ properties
│       │  └[+] CrossRegionConfig: GuardrailCrossRegionConfig
│       └ types
│          └[+]  type GuardrailCrossRegionConfig
│             ├      documentation: The system-defined guardrail profile that you're using with your guardrail. Guardrail profiles define the destination AWS Regions where guardrail inference requests can be automatically routed. Using guardrail profiles helps maintain guardrail performance and reliability when demand increases.
│             │      For more information, see the [Amazon Bedrock User Guide](https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-cross-region.html) .
│             │      name: GuardrailCrossRegionConfig
│             └ properties
│                └ GuardrailProfileArn: string (required)
├[~] service aws-cloudformation
│ └ resources
│    ├[~]  resource AWS::CloudFormation::GuardHook
│    │  └ types
│    │     └[~] type S3Location
│    │       └ properties
│    │          └ Uri: (documentation changed)
│    ├[~]  resource AWS::CloudFormation::HookVersion
│    │  └ properties
│    │     └ SchemaHandlerPackage: (documentation changed)
│    ├[~]  resource AWS::CloudFormation::ModuleVersion
│    │  └ properties
│    │     └ ModulePackage: (documentation changed)
│    ├[~]  resource AWS::CloudFormation::ResourceVersion
│    │  └ properties
│    │     └ SchemaHandlerPackage: (documentation changed)
│    ├[~]  resource AWS::CloudFormation::Stack
│    │  └ properties
│    │     └ TemplateURL: (documentation changed)
│    ├[~]  resource AWS::CloudFormation::StackSet
│    │  └ properties
│    │     ├ TemplateBody: (documentation changed)
│    │     └ TemplateURL: (documentation changed)
│    └[~]  resource AWS::CloudFormation::WaitCondition
│       └ properties
│          └ Handle: (documentation changed)
├[~] service aws-cloudfront
│ └ resources
│    ├[~]  resource AWS::CloudFront::Distribution
│    │  └ types
│    │     ├[~] type CustomOriginConfig
│    │     │ └ properties
│    │     │    ├ OriginKeepaliveTimeout: (documentation changed)
│    │     │    ├ OriginReadTimeout: (documentation changed)
│    │     │    └ OriginSSLProtocols: (documentation changed)
│    │     ├[~] type Origin
│    │     │ └ properties
│    │     │    └[+] ResponseCompletionTimeout: integer
│    │     ├[~] type S3OriginConfig
│    │     │ └ properties
│    │     │    └[+] OriginReadTimeout: integer (default=30)
│    │     └[~] type VpcOriginConfig
│    │       └ properties
│    │          ├ OriginKeepaliveTimeout: (documentation changed)
│    │          └ OriginReadTimeout: (documentation changed)
│    └[~]  resource AWS::CloudFront::VpcOrigin
│       └ types
│          └[~] type VpcOriginEndpointConfig
│            └ properties
│               └ OriginSSLProtocols: (documentation changed)
├[~] service aws-connectcampaignsv2
│ └ resources
│    └[~]  resource AWS::ConnectCampaignsV2::Campaign
│       └ types
│          └[~] type CommunicationLimitsConfig
│            └ properties
│               └[+] InstanceLimitsHandling: string
├[~] service aws-datazone
│ └ resources
│    └[~]  resource AWS::DataZone::ProjectProfile
│       └ types
│          └[~] type EnvironmentConfigurationParametersDetails
│            └ properties
│               └[+] SsmPath: string
├[~] service aws-deadline
│ └ resources
│    └[~]  resource AWS::Deadline::Fleet
│       └ types
│          └[~] type AcceleratorSelection
│            └ properties
│               └ Runtime: (documentation changed)
├[~] service aws-dsql
│ └ resources
│    └[~]  resource AWS::DSQL::Cluster
│       ├ properties
│       │  └[+] KmsEncryptionKey: string
│       ├ attributes
│       │  └[+] EncryptionDetails: EncryptionDetails
│       └ types
│          └[+]  type EncryptionDetails
│             ├      documentation: Configuration details about encryption for the cluster including the AWS KMS key ARN, encryption type, and encryption status.
│             │      name: EncryptionDetails
│             └ properties
│                ├ EncryptionStatus: string
│                ├ EncryptionType: string
│                └ KmsKeyArn: string
├[~] service aws-ec2
│ └ resources
│    ├[~]  resource AWS::EC2::NetworkInterfacePermission
│    │  └      - documentation: Specifies a permission for an Amazon EC2 network interface. For example, you can grant an AWS authorized partner account permission to attach the specified network interface to an instance in their account.
│    │         + documentation: Specifies a permission for the network interface, For example, you can grant an AWS -authorized account permission to attach the network interface to an instance in their account.
│    └[~]  resource AWS::EC2::TrafficMirrorFilterRule
│       └ attributes
│          └[+] TrafficMirrorFilterRuleId: string
├[~] service aws-ecs
│ └ resources
│    ├[~]  resource AWS::ECS::Service
│    │  └ types
│    │     └[~] type LogConfiguration
│    │       └ properties
│    │          └ Options: (documentation changed)
│    └[~]  resource AWS::ECS::TaskDefinition
│       ├ properties
│       │  └ InferenceAccelerators: - Array&lt;InferenceAccelerator&gt; (immutable)
│       │                           + Array&lt;InferenceAccelerator&gt; (deprecated=WARN, immutable)
│       └ types
│          ├[~] type ContainerDefinition
│          │ └ properties
│          │    └ Image: (documentation changed)
│          └[~] type LogConfiguration
│            └ properties
│               └ Options: (documentation changed)
├[~] service aws-elasticloadbalancingv2
│ └ resources
│    └[~]  resource AWS::ElasticLoadBalancingV2::Listener
│       └ properties
│          └ Certificates: (documentation changed)
├[~] service aws-emrserverless
│ └ resources
│    └[~]  resource AWS::EMRServerless::Application
│       ├ properties
│       │  └[+] IdentityCenterConfiguration: IdentityCenterConfiguration
│       └ types
│          └[+]  type IdentityCenterConfiguration
│             ├      documentation: The IAM IdentityCenter configuration for trusted-identity-propagation on this application. Supported with release labels emr-7.8.0 and above.
│             │      name: IdentityCenterConfiguration
│             └ properties
│                └ IdentityCenterInstanceArn: string
├[~] service aws-fsx
│ └ resources
│    └[+]  resource AWS::FSx::S3AccessPointAttachment
│       ├      name: S3AccessPointAttachment
│       │      cloudFormationType: AWS::FSx::S3AccessPointAttachment
│       │      documentation: Resource type definition for AWS::FSx::S3AccessPointAttachment
│       ├ properties
│       │  ├ Name: string (required, immutable)
│       │  ├ Type: string (required, immutable)
│       │  ├ OpenZFSConfiguration: S3AccessPointOpenZFSConfiguration (required, immutable)
│       │  └ S3AccessPoint: S3AccessPoint (immutable)
│       ├ attributes
│       │  ├ S3AccessPoint.ResourceARN: string
│       │  └ S3AccessPoint.Alias: string
│       └ types
│          ├ type FileSystemGID
│          │ ├      name: FileSystemGID
│          │ └ properties
│          │    └ Gid: number (required)
│          ├ type OpenZFSFileSystemIdentity
│          │ ├      name: OpenZFSFileSystemIdentity
│          │ └ properties
│          │    ├ Type: string (required)
│          │    └ PosixUser: OpenZFSPosixFileSystemUser (required)
│          ├ type OpenZFSPosixFileSystemUser
│          │ ├      name: OpenZFSPosixFileSystemUser
│          │ └ properties
│          │    ├ Uid: number (required)
│          │    ├ Gid: number (required)
│          │    └ SecondaryGids: Array&lt;FileSystemGID&gt;
│          ├ type S3AccessPoint
│          │ ├      name: S3AccessPoint
│          │ └ properties
│          │    ├ ResourceARN: string
│          │    ├ Alias: string
│          │    ├ VpcConfiguration: S3AccessPointVpcConfiguration
│          │    └ Policy: json | string
│          ├ type S3AccessPointOpenZFSConfiguration
│          │ ├      name: S3AccessPointOpenZFSConfiguration
│          │ └ properties
│          │    ├ VolumeId: string (required)
│          │    └ FileSystemIdentity: OpenZFSFileSystemIdentity (required)
│          └ type S3AccessPointVpcConfiguration
│            ├      name: S3AccessPointVpcConfiguration
│            └ properties
│               └ VpcId: string (required)
├[~] service aws-inspectorv2
│ └ resources
│    └[~]  resource AWS::InspectorV2::Filter
│       └ properties
│          └ Tags: (documentation changed)
├[~] service aws-kendra
│ └ resources
│    └[~]  resource AWS::Kendra::DataSource
│       └ types
│          ├[~] type DataSourceConfiguration
│          │ └ properties
│          │    └ TemplateConfiguration: (documentation changed)
│          └[~] type TemplateConfiguration
│            ├      - documentation: undefined
│            │      + documentation: Provides a template for the configuration information to connect to your data source.
│            └ properties
│               └ Template: - string (required)
│                           + json ⇐ string (required)
│                           (documentation changed)
├[~] service aws-lambda
│ └ resources
│    └[~]  resource AWS::Lambda::EventSourceMapping
│       └ types
│          ├[~] type AmazonManagedKafkaEventSourceConfig
│          │ └ properties
│          │    └ SchemaRegistryConfig: (documentation changed)
│          ├[~] type SchemaRegistryAccessConfig
│          │ ├      - documentation: undefined
│          │ │      + documentation: Specific access configuration settings that tell Lambda how to authenticate with your schema registry.
│          │ │      If you're working with an AWS Glue schema registry, don't provide authentication details in this object. Instead, ensure that your execution role has the required permissions for Lambda to access your cluster.
│          │ │      If you're working with a Confluent schema registry, choose the authentication method in the `Type` field, and provide the AWS Secrets Manager secret ARN in the `URI` field.
│          │ └ properties
│          │    ├ Type: (documentation changed)
│          │    └ URI: (documentation changed)
│          ├[~] type SchemaRegistryConfig
│          │ ├      - documentation: undefined
│          │ │      + documentation: Specific configuration settings for a Kafka schema registry.
│          │ └ properties
│          │    ├ AccessConfigs: (documentation changed)
│          │    ├ EventRecordFormat: (documentation changed)
│          │    ├ SchemaRegistryURI: (documentation changed)
│          │    └ SchemaValidationConfigs: (documentation changed)
│          ├[~] type SchemaValidationConfig
│          │ ├      - documentation: undefined
│          │ │      + documentation: Specific schema validation configuration settings that tell Lambda the message attributes you want to validate and filter using your schema registry.
│          │ └ properties
│          │    └ Attribute: (documentation changed)
│          └[~] type SelfManagedKafkaEventSourceConfig
│            └ properties
│               └ SchemaRegistryConfig: (documentation changed)
├[~] service aws-lex
│ └ resources
│    └[~]  resource AWS::Lex::Bot
│       └ types
│          ├[~] type BotLocale
│          │ └ properties
│          │    └[+] GenerativeAISettings: GenerativeAISettings
│          ├[+]  type BuildtimeSettings
│          │  ├      name: BuildtimeSettings
│          │  └ properties
│          │     ├ DescriptiveBotBuilderSpecification: DescriptiveBotBuilderSpecification
│          │     └ SampleUtteranceGenerationSpecification: SampleUtteranceGenerationSpecification
│          ├[+]  type DescriptiveBotBuilderSpecification
│          │  ├      name: DescriptiveBotBuilderSpecification
│          │  └ properties
│          │     ├ Enabled: boolean (required)
│          │     └ BedrockModelSpecification: BedrockModelSpecification
│          ├[+]  type GenerativeAISettings
│          │  ├      name: GenerativeAISettings
│          │  └ properties
│          │     ├ BuildtimeSettings: BuildtimeSettings
│          │     └ RuntimeSettings: RuntimeSettings
│          ├[+]  type NluImprovementSpecification
│          │  ├      name: NluImprovementSpecification
│          │  └ properties
│          │     └ Enabled: boolean (required)
│          ├[+]  type RuntimeSettings
│          │  ├      name: RuntimeSettings
│          │  └ properties
│          │     ├ NluImprovementSpecification: NluImprovementSpecification
│          │     └ SlotResolutionImprovementSpecification: SlotResolutionImprovementSpecification
│          ├[+]  type SampleUtteranceGenerationSpecification
│          │  ├      name: SampleUtteranceGenerationSpecification
│          │  └ properties
│          │     ├ Enabled: boolean (required)
│          │     └ BedrockModelSpecification: BedrockModelSpecification
│          └[+]  type SlotResolutionImprovementSpecification
│             ├      name: SlotResolutionImprovementSpecification
│             └ properties
│                ├ Enabled: boolean (required)
│                └ BedrockModelSpecification: BedrockModelSpecification
├[~] service aws-logs
│ └ resources
│    └[~]  resource AWS::Logs::Transformer
│       └ types
│          ├[+]  type ParseToOCSF
│          │  ├      documentation: This processor converts logs into [Open Cybersecurity Schema Framework (OCSF)](https://docs.aws.amazon.com/https://ocsf.io) events.
│          │  │      For more information about this processor including examples, see [parseToOSCF](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parseToOCSF) in the *CloudWatch Logs User Guide* .
│          │  │      name: ParseToOCSF
│          │  └ properties
│          │     ├ Source: string
│          │     ├ EventSource: string (required)
│          │     └ OcsfVersion: string (required)
│          └[~] type Processor
│            └ properties
│               └[+] ParseToOCSF: ParseToOCSF
├[~] service aws-mediatailor
│ └ resources
│    └[~]  resource AWS::MediaTailor::PlaybackConfiguration
│       └ properties
│          └[+] InsertionMode: string
├[~] service aws-mpa
│ └ resources
│    ├[~]  resource AWS::MPA::ApprovalTeam
│    │  ├      - documentation: Resource Type definition for AWS::MPA::ApprovalTeam.
│    │  │      + documentation: Creates a new approval team. For more information, see [Approval team](https://docs.aws.amazon.com/mpa/latest/userguide/mpa-concepts.html) in the *Multi-party approval User Guide* .
│    │  ├ properties
│    │  │  ├ ApprovalStrategy: (documentation changed)
│    │  │  ├ Approvers: (documentation changed)
│    │  │  ├ Description: (documentation changed)
│    │  │  ├ Name: (documentation changed)
│    │  │  ├ Policies: (documentation changed)
│    │  │  └ Tags: (documentation changed)
│    │  ├ attributes
│    │  │  ├ Arn: (documentation changed)
│    │  │  ├ CreationTime: (documentation changed)
│    │  │  ├ LastUpdateTime: (documentation changed)
│    │  │  ├ NumberOfApprovers: (documentation changed)
│    │  │  ├ Status: (documentation changed)
│    │  │  ├ StatusCode: (documentation changed)
│    │  │  ├ StatusMessage: (documentation changed)
│    │  │  ├ UpdateSessionArn: (documentation changed)
│    │  │  └ VersionId: (documentation changed)
│    │  └ types
│    │     ├[~] type ApprovalStrategy
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Strategy for how an approval team grants approval.
│    │     │ └ properties
│    │     │    └ MofN: (documentation changed)
│    │     ├[~] type Approver
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Contains details for an approver.
│    │     │ └ properties
│    │     │    ├ ApproverId: (documentation changed)
│    │     │    ├ PrimaryIdentityId: (documentation changed)
│    │     │    ├ PrimaryIdentitySourceArn: (documentation changed)
│    │     │    ├ PrimaryIdentityStatus: (documentation changed)
│    │     │    └ ResponseTime: (documentation changed)
│    │     ├[~] type MofNApprovalStrategy
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Strategy for how an approval team grants approval.
│    │     │ └ properties
│    │     │    └ MinApprovalsRequired: (documentation changed)
│    │     └[~] type Policy
│    │       └      - documentation: undefined
│    │              + documentation: Contains details for a policy. Policies define what operations a team that define the permissions for team resources.
│    └[~]  resource AWS::MPA::IdentitySource
│       ├      - documentation: Resource Type definition for AWS::MPA::IdentitySource.
│       │      + documentation: Creates a new identity source. For more information, see [Identity Source](https://docs.aws.amazon.com/mpa/latest/userguide/mpa-concepts.html) in the *Multi-party approval User Guide* .
│       ├ properties
│       │  ├ IdentitySourceParameters: (documentation changed)
│       │  └ Tags: (documentation changed)
│       ├ attributes
│       │  ├ CreationTime: (documentation changed)
│       │  ├ IdentitySourceArn: (documentation changed)
│       │  ├ IdentitySourceParameters.IamIdentityCenter.ApprovalPortalUrl: (documentation changed)
│       │  ├ IdentitySourceType: (documentation changed)
│       │  ├ Status: (documentation changed)
│       │  ├ StatusCode: (documentation changed)
│       │  └ StatusMessage: (documentation changed)
│       └ types
│          ├[~] type IamIdentityCenter
│          │ ├      - documentation: undefined
│          │ │      + documentation: AWS IAM Identity Center credentials. For more information see, [AWS IAM Identity Center](https://docs.aws.amazon.com/identity-center/) .
│          │ └ properties
│          │    ├ ApprovalPortalUrl: (documentation changed)
│          │    ├ InstanceArn: (documentation changed)
│          │    └ Region: (documentation changed)
│          └[~] type IdentitySourceParameters
│            ├      - documentation: undefined
│            │      + documentation: Contains details for the resource that provides identities to the identity source. For example, an IAM Identity Center instance.
│            └ properties
│               └ IamIdentityCenter: (documentation changed)
├[~] service aws-networkmanager
│ └ resources
│    └[~]  resource AWS::NetworkManager::VpcAttachment
│       └ types
│          └[~] type VpcOptions
│            └ properties
│               ├[+] DnsSupport: boolean (default=true)
│               └[+] SecurityGroupReferencingSupport: boolean (default=true)
├[~] service aws-redshiftserverless
│ └ resources
│    └[+]  resource AWS::RedshiftServerless::Snapshot
│       ├      name: Snapshot
│       │      cloudFormationType: AWS::RedshiftServerless::Snapshot
│       │      documentation: Resource Type definition for AWS::RedshiftServerless::Snapshot Resource Type.
│       │      tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│       ├ properties
│       │  ├ SnapshotName: string (required, immutable)
│       │  ├ NamespaceName: string (immutable)
│       │  ├ RetentionPeriod: integer
│       │  └ Tags: Array&lt;tag&gt; (immutable)
│       ├ attributes
│       │  ├ Snapshot: Snapshot
│       │  ├ OwnerAccount: string
│       │  ├ Snapshot.SnapshotName: string
│       │  ├ Snapshot.NamespaceName: string
│       │  ├ Snapshot.NamespaceArn: string
│       │  ├ Snapshot.SnapshotArn: string
│       │  ├ Snapshot.SnapshotCreateTime: string
│       │  ├ Snapshot.Status: string
│       │  ├ Snapshot.AdminUsername: string
│       │  ├ Snapshot.KmsKeyId: string
│       │  ├ Snapshot.OwnerAccount: string
│       │  └ Snapshot.RetentionPeriod: integer
│       └ types
│          └ type Snapshot
│            ├      name: Snapshot
│            └ properties
│               ├ NamespaceArn: string
│               ├ NamespaceName: string
│               ├ SnapshotName: string
│               ├ SnapshotCreateTime: string
│               ├ Status: string
│               ├ AdminUsername: string
│               ├ KmsKeyId: string
│               ├ OwnerAccount: string
│               ├ RetentionPeriod: integer
│               └ SnapshotArn: string
├[~] service aws-route53resolver
│ └ resources
│    ├[~]  resource AWS::Route53Resolver::ResolverEndpoint
│    │  └ properties
│    │     ├ Direction: (documentation changed)
│    │     └ Protocols: (documentation changed)
│    └[~]  resource AWS::Route53Resolver::ResolverRule
│       ├ properties
│       │  ├[+] DelegationRecord: string
│       │  └ RuleType: (documentation changed)
│       └ attributes
│          └ TargetIps: (documentation changed)
├[~] service aws-s3
│ └ resources
│    └[~]  resource AWS::S3::Bucket
│       └ types
│          └[~] type ReplicationDestination
│            └ properties
│               └ StorageClass: (documentation changed)
├[~] service aws-s3tables
│ └ resources
│    └[+]  resource AWS::S3Tables::Namespace
│       ├      name: Namespace
│       │      cloudFormationType: AWS::S3Tables::Namespace
│       │      documentation: Creates a namespace. A namespace is a logical grouping of tables within your table bucket, which you can use to organize tables. For more information, see [Create a namespace](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-namespace-create.html) in the *Amazon Simple Storage Service User Guide* .
│       │      - **Permissions** - You must have the `s3tables:CreateNamespace` permission to use this operation.
│       └ properties
│          ├ TableBucketARN: string (required, immutable)
│          └ Namespace: string (required, immutable)
├[~] service aws-securityhub
│ └ resources
│    ├[~]  resource AWS::SecurityHub::AggregatorV2
│    │  ├      - documentation: The AWS::SecurityHub::AggregatorV2 resource represents the AWS Security Hub AggregatorV2 in your account. One aggregatorv2 resource is created for each account in non opt-in region in which you configure region linking mode.
│    │  │      + documentation: Enables aggregation across AWS Regions . This API is in private preview and subject to change.
│    │  ├ properties
│    │  │  ├ LinkedRegions: (documentation changed)
│    │  │  ├ RegionLinkingMode: (documentation changed)
│    │  │  └ Tags: (documentation changed)
│    │  └ attributes
│    │     ├ AggregationRegion: (documentation changed)
│    │     └ AggregatorV2Arn: (documentation changed)
│    ├[~]  resource AWS::SecurityHub::AutomationRuleV2
│    │  ├      - documentation: Resource schema for AWS::SecurityHub::AutomationRuleV2
│    │  │      + documentation: Creates a V2 automation rule. This API is in private preview and subject to change.
│    │  ├ properties
│    │  │  ├ Actions: (documentation changed)
│    │  │  ├ Criteria: (documentation changed)
│    │  │  ├ Description: (documentation changed)
│    │  │  ├ RuleName: (documentation changed)
│    │  │  ├ RuleOrder: (documentation changed)
│    │  │  ├ RuleStatus: (documentation changed)
│    │  │  └ Tags: (documentation changed)
│    │  ├ attributes
│    │  │  ├ CreatedAt: (documentation changed)
│    │  │  ├ RuleArn: (documentation changed)
│    │  │  ├ RuleId: (documentation changed)
│    │  │  └ UpdatedAt: (documentation changed)
│    │  └ types
│    │     ├[~] type AutomationRulesActionV2
│    │     │ ├      - documentation: Allows you to configure automated responses
│    │     │ │      + documentation: Allows you to configure automated responses.
│    │     │ └ properties
│    │     │    ├ ExternalIntegrationConfiguration: (documentation changed)
│    │     │    ├ FindingFieldsUpdate: (documentation changed)
│    │     │    └ Type: (documentation changed)
│    │     ├[~] type AutomationRulesFindingFieldsUpdateV2
│    │     │ ├      - documentation: The changes to be applied to fields in a security finding when an automation rule is triggered
│    │     │ │      + documentation: Allows you to define the structure for modifying specific fields in security findings.
│    │     │ └ properties
│    │     │    ├ Comment: (documentation changed)
│    │     │    ├ SeverityId: (documentation changed)
│    │     │    └ StatusId: (documentation changed)
│    │     ├[~] type BooleanFilter
│    │     │ ├      - documentation: Boolean filter for querying findings
│    │     │ │      + documentation: Boolean filter for querying findings.
│    │     │ └ properties
│    │     │    └ Value: (documentation changed)
│    │     ├[~] type CompositeFilter
│    │     │ ├      - documentation: Enables the creation of filtering criteria for security findings
│    │     │ │      + documentation: Enables the creation of filtering criteria for security findings.
│    │     │ └ properties
│    │     │    ├ BooleanFilters: (documentation changed)
│    │     │    ├ DateFilters: (documentation changed)
│    │     │    ├ MapFilters: (documentation changed)
│    │     │    ├ NumberFilters: (documentation changed)
│    │     │    ├ Operator: (documentation changed)
│    │     │    └ StringFilters: (documentation changed)
│    │     ├[~] type Criteria
│    │     │ ├      - documentation: Defines the parameters and conditions used to evaluate and filter security findings
│    │     │ │      + documentation: The filtering type and configuration of the automation rule.
│    │     │ └ properties
│    │     │    └ OcsfFindingCriteria: (documentation changed)
│    │     ├[~] type DateFilter
│    │     │ ├      - documentation: A date filter for querying findings
│    │     │ │      + documentation: A date filter for querying findings.
│    │     │ └ properties
│    │     │    ├ DateRange: (documentation changed)
│    │     │    ├ End: (documentation changed)
│    │     │    └ Start: (documentation changed)
│    │     ├[~] type DateRange
│    │     │ ├      - documentation: A date range for the date filter
│    │     │ │      + documentation: A date range for the date filter.
│    │     │ └ properties
│    │     │    ├ Unit: (documentation changed)
│    │     │    └ Value: (documentation changed)
│    │     ├[~] type ExternalIntegrationConfiguration
│    │     │ ├      - documentation: The settings for integrating automation rule actions with external systems or service
│    │     │ │      + documentation: The settings for integrating automation rule actions with external systems or service.
│    │     │ └ properties
│    │     │    └ ConnectorArn: (documentation changed)
│    │     ├[~] type MapFilter
│    │     │ ├      - documentation: A map filter for filtering findings
│    │     │ │      + documentation: A map filter for filtering AWS Security Hub findings. Each map filter provides the field to check for, the value to check for, and the comparison operator.
│    │     │ └ properties
│    │     │    ├ Comparison: (documentation changed)
│    │     │    ├ Key: (documentation changed)
│    │     │    └ Value: (documentation changed)
│    │     ├[~] type NumberFilter
│    │     │ ├      - documentation: A number filter for querying findings
│    │     │ │      + documentation: A number filter for querying findings.
│    │     │ └ properties
│    │     │    ├ Eq: (documentation changed)
│    │     │    ├ Gte: (documentation changed)
│    │     │    └ Lte: (documentation changed)
│    │     ├[~] type OcsfBooleanFilter
│    │     │ ├      - documentation: Enables filtering of security findings based on boolean field values in OCSF
│    │     │ │      + documentation: Enables filtering of security findings based on boolean field values in OCSF.
│    │     │ └ properties
│    │     │    ├ FieldName: (documentation changed)
│    │     │    └ Filter: (documentation changed)
│    │     ├[~] type OcsfDateFilter
│    │     │ ├      - documentation: Enables filtering of security findings based on date and timestamp fields in OCSF
│    │     │ │      + documentation: Enables filtering of security findings based on date and timestamp fields in OCSF.
│    │     │ └ properties
│    │     │    ├ FieldName: (documentation changed)
│    │     │    └ Filter: (documentation changed)
│    │     ├[~] type OcsfFindingFilters
│    │     │ ├      - documentation: The filtering conditions that align with OCSF standards
│    │     │ │      + documentation: Specifies the filtering criteria for security findings using OCSF.
│    │     │ └ properties
│    │     │    ├ CompositeFilters: (documentation changed)
│    │     │    └ CompositeOperator: (documentation changed)
│    │     ├[~] type OcsfMapFilter
│    │     │ ├      - documentation: Enables filtering of security findings based on map field values in OCSF
│    │     │ │      + documentation: Enables filtering of security findings based on map field values in OCSF.
│    │     │ └ properties
│    │     │    ├ FieldName: (documentation changed)
│    │     │    └ Filter: (documentation changed)
│    │     ├[~] type OcsfNumberFilter
│    │     │ ├      - documentation: Enables filtering of security findings based on numerical field values in OCSF
│    │     │ │      + documentation: Enables filtering of security findings based on numerical field values in OCSF.
│    │     │ └ properties
│    │     │    ├ FieldName: (documentation changed)
│    │     │    └ Filter: (documentation changed)
│    │     ├[~] type OcsfStringFilter
│    │     │ ├      - documentation: Enables filtering of security findings based on string field values in OCSF
│    │     │ │      + documentation: Enables filtering of security findings based on string field values in OCSF.
│    │     │ └ properties
│    │     │    ├ FieldName: (documentation changed)
│    │     │    └ Filter: (documentation changed)
│    │     └[~] type StringFilter
│    │       ├      - documentation: A string filter for filtering findings
│    │       │      + documentation: A string filter for filtering AWS Security Hub findings.
│    │       └ properties
│    │          ├ Comparison: (documentation changed)
│    │          └ Value: (documentation changed)
│    └[+]  resource AWS::SecurityHub::HubV2
│       ├      name: HubV2
│       │      cloudFormationType: AWS::SecurityHub::HubV2
│       │      documentation: Returns details about the service resource in your account. This API is in private preview and subject to change.
│       │      tagInformation: {"tagPropertyName":"Tags","variant":"map"}
│       ├ properties
│       │  └ Tags: Map&lt;string, string&gt;
│       └ attributes
│          ├ HubV2Arn: string
│          └ SubscribedAt: string
├[~] service aws-synthetics
│ └ resources
│    └[~]  resource AWS::Synthetics::Canary
│       └ types
│          └[~] type RunConfig
│            └ properties
│               └ EphemeralStorage: (documentation changed)
├[~] service aws-vpclattice
│ └ resources
│    └[~]  resource AWS::VpcLattice::Service
│       └ properties
│          └ DnsEntry: (documentation changed)
└[+] service aws-workspacesinstances
  ├      capitalized: WorkspacesInstances
  │      cloudFormationNamespace: AWS::WorkspacesInstances
  │      name: aws-workspacesinstances
  │      shortName: workspacesinstances
  └ resources
     ├ resource AWS::WorkspacesInstances::Volume
     │ ├      name: Volume
     │ │      cloudFormationType: AWS::WorkspacesInstances::Volume
     │ │      documentation: Resource Type definition for AWS::WorkspacesInstances::Volume - Manages WorkSpaces Volume resources
     │ ├ properties
     │ │  ├ AvailabilityZone: string (required, immutable)
     │ │  ├ Encrypted: boolean (immutable)
     │ │  ├ Iops: integer (immutable)
     │ │  ├ KmsKeyId: string (immutable)
     │ │  ├ SizeInGB: integer (immutable)
     │ │  ├ SnapshotId: string (immutable)
     │ │  ├ Throughput: integer (immutable)
     │ │  ├ VolumeType: string (immutable)
     │ │  └ TagSpecifications: Array&lt;TagSpecification&gt; (immutable)
     │ ├ attributes
     │ │  └ VolumeId: string
     │ └ types
     │    └ type TagSpecification
     │      ├      name: TagSpecification
     │      └ properties
     │         ├ ResourceType: string
     │         └ Tags: Array&lt;tag&gt;
     ├ resource AWS::WorkspacesInstances::VolumeAssociation
     │ ├      name: VolumeAssociation
     │ │      cloudFormationType: AWS::WorkspacesInstances::VolumeAssociation
     │ │      documentation: Resource Type definition for AWS::WorkspacesInstances::VolumeAssociation
     │ └ properties
     │    ├ WorkspaceInstanceId: string (required, immutable)
     │    ├ VolumeId: string (required, immutable)
     │    ├ Device: string (required, immutable)
     │    └ DisassociateMode: string
     └ resource AWS::WorkspacesInstances::WorkspaceInstance
       ├      name: WorkspaceInstance
       │      cloudFormationType: AWS::WorkspacesInstances::WorkspaceInstance
       │      documentation: Resource Type definition for AWS::WorkspacesInstances::WorkspaceInstance
       │      tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
       ├ properties
       │  ├ ManagedInstance: ManagedInstance (immutable)
       │  └ Tags: Array&lt;tag&gt;
       ├ attributes
       │  ├ WorkspaceInstanceId: string
       │  ├ ProvisionState: string
       │  ├ EC2ManagedInstance: EC2ManagedInstance
       │  └ EC2ManagedInstance.InstanceId: string
       └ types
          ├ type BlockDeviceMapping
          │ ├      name: BlockDeviceMapping
          │ └ properties
          │    ├ DeviceName: string
          │    ├ Ebs: EbsBlockDevice
          │    ├ NoDevice: string
          │    └ VirtualName: string
          ├ type CpuOptionsRequest
          │ ├      name: CpuOptionsRequest
          │ └ properties
          │    ├ CoreCount: integer
          │    └ ThreadsPerCore: integer
          ├ type CreditSpecificationRequest
          │ ├      name: CreditSpecificationRequest
          │ └ properties
          │    └ CpuCredits: string
          ├ type EbsBlockDevice
          │ ├      name: EbsBlockDevice
          │ └ properties
          │    ├ VolumeType: string
          │    ├ Encrypted: boolean
          │    ├ KmsKeyId: string
          │    ├ Iops: integer
          │    ├ Throughput: integer
          │    └ VolumeSize: integer
          ├ type EC2ManagedInstance
          │ ├      name: EC2ManagedInstance
          │ └ properties
          │    └ InstanceId: string
          ├ type EnclaveOptionsRequest
          │ ├      name: EnclaveOptionsRequest
          │ └ properties
          │    └ Enabled: boolean
          ├ type HibernationOptionsRequest
          │ ├      name: HibernationOptionsRequest
          │ └ properties
          │    └ Configured: boolean
          ├ type IamInstanceProfileSpecification
          │ ├      name: IamInstanceProfileSpecification
          │ └ properties
          │    └ Name: string
          ├ type InstanceMaintenanceOptionsRequest
          │ ├      name: InstanceMaintenanceOptionsRequest
          │ └ properties
          │    └ AutoRecovery: string
          ├ type InstanceMetadataOptionsRequest
          │ ├      name: InstanceMetadataOptionsRequest
          │ └ properties
          │    ├ HttpEndpoint: string
          │    ├ HttpProtocolIpv6: string
          │    ├ HttpPutResponseHopLimit: integer
          │    ├ HttpTokens: string
          │    └ InstanceMetadataTags: string
          ├ type InstanceNetworkInterfaceSpecification
          │ ├      name: InstanceNetworkInterfaceSpecification
          │ └ properties
          │    ├ Description: string
          │    ├ DeviceIndex: integer
          │    ├ Groups: Array&lt;string&gt;
          │    └ SubnetId: string
          ├ type InstanceNetworkPerformanceOptionsRequest
          │ ├      name: InstanceNetworkPerformanceOptionsRequest
          │ └ properties
          │    └ BandwidthWeighting: string
          ├ type ManagedInstance
          │ ├      name: ManagedInstance
          │ └ properties
          │    ├ BlockDeviceMappings: Array&lt;BlockDeviceMapping&gt;
          │    ├ CpuOptions: CpuOptionsRequest
          │    ├ CreditSpecification: CreditSpecificationRequest
          │    ├ DisableApiStop: boolean
          │    ├ EbsOptimized: boolean
          │    ├ EnclaveOptions: EnclaveOptionsRequest
          │    ├ HibernationOptions: HibernationOptionsRequest
          │    ├ IamInstanceProfile: IamInstanceProfileSpecification
          │    ├ ImageId: string (required)
          │    ├ InstanceType: string (required)
          │    ├ KeyName: string
          │    ├ MaintenanceOptions: InstanceMaintenanceOptionsRequest
          │    ├ MetadataOptions: InstanceMetadataOptionsRequest
          │    ├ Monitoring: RunInstancesMonitoringEnabled
          │    ├ NetworkInterfaces: Array&lt;InstanceNetworkInterfaceSpecification&gt;
          │    ├ NetworkPerformanceOptions: InstanceNetworkPerformanceOptionsRequest
          │    ├ Placement: Placement
          │    ├ PrivateDnsNameOptions: PrivateDnsNameOptionsRequest
          │    ├ TagSpecifications: Array&lt;TagSpecification&gt;
          │    └ UserData: string
          ├ type Placement
          │ ├      name: Placement
          │ └ properties
          │    ├ AvailabilityZone: string
          │    ├ GroupName: string
          │    └ Tenancy: string
          ├ type PrivateDnsNameOptionsRequest
          │ ├      name: PrivateDnsNameOptionsRequest
          │ └ properties
          │    ├ HostnameType: string
          │    ├ EnableResourceNameDnsARecord: boolean
          │    └ EnableResourceNameDnsAAAARecord: boolean
          ├ type RunInstancesMonitoringEnabled
          │ ├      name: RunInstancesMonitoringEnabled
          │ └ properties
          │    └ Enabled: boolean
          └ type TagSpecification
            ├      name: TagSpecification
            └ properties
               ├ ResourceType: string
               └ Tags: Array&lt;tag&gt;
```

BREAKING CHANGE: Some L1 resources experienced breaking changes due to updated CloudFormation resources. Please check the notes for each specific module for more information.

 - ***aws-cdk-lib.aws_kendra.CfnDataSource.TemplateConfigurationProperty***: `template` property here has changed from `string` to `json`
diff --git a/packages/aws-cdk-lib/aws-aiops/.jsiirc.json b/packages/aws-cdk-lib/aws-aiops/.jsiirc.json
@@ -0,0 +1,13 @@
+{
+  "targets": {
+    "java": {
+      "package": "software.amazon.awscdk.services.aiops"
+    },
+    "dotnet": {
+      "package": "Amazon.CDK.AWS.AIOps"
+    },
+    "python": {
+      "module": "aws_cdk.aws_aiops"
+    }
+  }
+}
diff --git a/packages/aws-cdk-lib/aws-aiops/README.md b/packages/aws-cdk-lib/aws-aiops/README.md
@@ -0,0 +1,39 @@
+# AWS::AIOps Construct Library
+<!--BEGIN STABILITY BANNER-->
+
+---
+
+![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge)
+
+> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use.
+>
+> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib
+
+---
+
+<!--END STABILITY BANNER-->
+
+This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.
+
+```ts nofixture
+import * as aiops from 'aws-cdk-lib/aws-aiops';
+```
+
+<!--BEGIN CFNONLY DISCLAIMER-->
+
+There are no official hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. Here are some suggestions on how to proceed:
+
+- Search [Construct Hub for AIOps construct libraries](https://constructs.dev/search?q=aiops)
+- Use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::AIOps resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_AIOps.html) directly.
+
+
+<!--BEGIN CFNONLY DISCLAIMER-->
+
+There are no hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. 
+However, you can still use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, and use this service exactly as you would using CloudFormation directly.
+
+For more information on the resources and properties available for this service, see the [CloudFormation documentation for AWS::AIOps](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_AIOps.html).
+
+(Read the [CDK Contributing Guide](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and submit an RFC if you are interested in contributing to this construct library.)
+
+<!--END CFNONLY DISCLAIMER-->
diff --git a/packages/aws-cdk-lib/aws-aiops/index.ts b/packages/aws-cdk-lib/aws-aiops/index.ts
@@ -0,0 +1 @@
+export * from './lib';
diff --git a/packages/aws-cdk-lib/aws-aiops/lib/index.ts b/packages/aws-cdk-lib/aws-aiops/lib/index.ts
@@ -0,0 +1,2 @@
+// AWS::AIOps Cloudformation Resources
+export * from './aiops.generated';
diff --git a/packages/aws-cdk-lib/aws-workspacesinstances/.jsiirc.json b/packages/aws-cdk-lib/aws-workspacesinstances/.jsiirc.json
@@ -0,0 +1,13 @@
+{
+  "targets": {
+    "java": {
+      "package": "software.amazon.awscdk.services.workspacesinstances"
+    },
+    "dotnet": {
+      "package": "Amazon.CDK.AWS.WorkspacesInstances"
+    },
+    "python": {
+      "module": "aws_cdk.aws_workspacesinstances"
+    }
+  }
+}
diff --git a/packages/aws-cdk-lib/aws-workspacesinstances/README.md b/packages/aws-cdk-lib/aws-workspacesinstances/README.md
@@ -0,0 +1,39 @@
+# AWS::WorkspacesInstances Construct Library
+<!--BEGIN STABILITY BANNER-->
+
+---
+
+![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge)
+
+> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use.
+>
+> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib
+
+---
+
+<!--END STABILITY BANNER-->
+
+This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.
+
+```ts nofixture
+import * as workspacesinstances from 'aws-cdk-lib/aws-workspacesinstances';
+```
+
+<!--BEGIN CFNONLY DISCLAIMER-->
+
+There are no official hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. Here are some suggestions on how to proceed:
+
+- Search [Construct Hub for WorkspacesInstances construct libraries](https://constructs.dev/search?q=workspacesinstances)
+- Use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::WorkspacesInstances resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_WorkspacesInstances.html) directly.
+
+
+<!--BEGIN CFNONLY DISCLAIMER-->
+
+There are no hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. 
+However, you can still use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, and use this service exactly as you would using CloudFormation directly.
+
+For more information on the resources and properties available for this service, see the [CloudFormation documentation for AWS::WorkspacesInstances](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_WorkspacesInstances.html).
+
+(Read the [CDK Contributing Guide](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and submit an RFC if you are interested in contributing to this construct library.)
+
+<!--END CFNONLY DISCLAIMER-->
diff --git a/packages/aws-cdk-lib/aws-workspacesinstances/index.ts b/packages/aws-cdk-lib/aws-workspacesinstances/index.ts
@@ -0,0 +1 @@
+export * from './lib';
diff --git a/packages/aws-cdk-lib/aws-workspacesinstances/lib/index.ts b/packages/aws-cdk-lib/aws-workspacesinstances/lib/index.ts
@@ -0,0 +1,2 @@
+// AWS::WorkspacesInstances Cloudformation Resources
+export * from './workspacesinstances.generated';
diff --git a/packages/aws-cdk-lib/index.ts b/packages/aws-cdk-lib/index.ts
@@ -3,6 +3,7 @@ export * as assertions from './assertions';
 export * as assets from './assets';
 export * as aws_accessanalyzer from './aws-accessanalyzer';
 export * as aws_acmpca from './aws-acmpca';
+export * as aws_aiops from './aws-aiops';
 export * as aws_amazonmq from './aws-amazonmq';
 export * as aws_amplify from './aws-amplify';
 export * as aws_amplifyuibuilder from './aws-amplifyuibuilder';
@@ -282,6 +283,7 @@ export * as aws_wafregional from './aws-wafregional';
 export * as aws_wafv2 from './aws-wafv2';
 export * as aws_wisdom from './aws-wisdom';
 export * as aws_workspaces from './aws-workspaces';
+export * as aws_workspacesinstances from './aws-workspacesinstances';
 export * as aws_workspacesthinclient from './aws-workspacesthinclient';
 export * as aws_workspacesweb from './aws-workspacesweb';
 export * as aws_xray from './aws-xray';
diff --git a/packages/aws-cdk-lib/package.json b/packages/aws-cdk-lib/package.json
@@ -136,7 +136,7 @@
   },
   "devDependencies": {
     "@aws-cdk/lambda-layer-kubectl-v31": "^2.1.0",
-    "@aws-cdk/aws-service-spec": "^0.1.83",
+    "@aws-cdk/aws-service-spec": "^0.1.84",
     "@aws-cdk/cdk-build-tools": "0.0.0",
     "@aws-cdk/custom-resource-handlers": "0.0.0",
     "@aws-cdk/pkglint": "0.0.0",
@@ -217,6 +217,7 @@
     "./assets": "./assets/index.js",
     "./aws-accessanalyzer": "./aws-accessanalyzer/index.js",
     "./aws-acmpca": "./aws-acmpca/index.js",
+    "./aws-aiops": "./aws-aiops/index.js",
     "./aws-amazonmq": "./aws-amazonmq/index.js",
     "./aws-amplify": "./aws-amplify/index.js",
     "./aws-amplifyuibuilder": "./aws-amplifyuibuilder/index.js",
@@ -499,6 +500,7 @@
     "./aws-wafv2": "./aws-wafv2/index.js",
     "./aws-wisdom": "./aws-wisdom/index.js",
     "./aws-workspaces": "./aws-workspaces/index.js",
+    "./aws-workspacesinstances": "./aws-workspacesinstances/index.js",
     "./aws-workspacesthinclient": "./aws-workspacesthinclient/index.js",
     "./aws-workspacesweb": "./aws-workspacesweb/index.js",
     "./aws-xray": "./aws-xray/index.js",
diff --git a/packages/aws-cdk-lib/scripts/scope-map.json b/packages/aws-cdk-lib/scripts/scope-map.json
@@ -8,6 +8,9 @@
   "aws-acmpca": [
     "AWS::ACMPCA"
   ],
+  "aws-aiops": [
+    "AWS::AIOps"
+  ],
   "aws-amazonmq": [
     "AWS::AmazonMQ"
   ],
@@ -765,6 +768,9 @@
   "aws-workspaces": [
     "AWS::WorkSpaces"
   ],
+  "aws-workspacesinstances": [
+    "AWS::WorkspacesInstances"
+  ],
   "aws-workspacesthinclient": [
     "AWS::WorkSpacesThinClient"
   ],
diff --git a/tools/@aws-cdk/spec2cdk/package.json b/tools/@aws-cdk/spec2cdk/package.json
@@ -32,9 +32,9 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-cdk/aws-service-spec": "^0.1.83",
+    "@aws-cdk/aws-service-spec": "^0.1.84",
     "@aws-cdk/service-spec-importers": "^0.0.82",
-    "@aws-cdk/service-spec-types": "^0.0.149",
+    "@aws-cdk/service-spec-types": "^0.0.150",
     "@cdklabs/tskb": "^0.0.3",
     "@cdklabs/typewriter": "^0.0.5",
     "camelcase": "^6",
diff --git a/yarn.lock b/yarn.lock
@@ -66,12 +66,12 @@
     "@aws-cdk/service-spec-types" "^0.0.148"
     "@cdklabs/tskb" "^0.0.3"
 
-"@aws-cdk/aws-service-spec@^0.1.83":
-  version "0.1.83"
-  resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.1.83.tgz#fba5aa14fd4ca476db91fdfb0521ce05207a879b"
-  integrity sha512-N3Em28zPdSg5GPORsK8QAD+J6P1qs9E/QwiSU0lnOGXw4lXWo/kbmyx0J50gJlIOSSKu5yHrCtozqJox51F2oA==
+"@aws-cdk/aws-service-spec@^0.1.84":
+  version "0.1.84"
+  resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.1.84.tgz#520b4d69365bed901813fac1821750d899f6cc7e"
+  integrity sha512-anurRdTvmebg3VhHeXDE7c039jJqVZNBtDvnxmbmjENDLch+jmu7uxIx0DXRLT7201raR7BKA28/nQh2srCzNA==
   dependencies:
-    "@aws-cdk/service-spec-types" "^0.0.149"
+    "@aws-cdk/service-spec-types" "^0.0.150"
     "@cdklabs/tskb" "^0.0.3"
 
 "@aws-cdk/cloud-assembly-schema@^44.8.0":
@@ -152,10 +152,10 @@
   dependencies:
     "@cdklabs/tskb" "^0.0.3"
 
-"@aws-cdk/service-spec-types@^0.0.149":
-  version "0.0.149"
-  resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.149.tgz#30d0ed92cc1f94a5daea25354c61b77cd2365469"
-  integrity sha512-floRx9TBqiPa37EtZTW5uMhRmJDYdq+HJpCswQz9CsOIPIimkZXUeb6+/1g3+zsJVsb3pIj0kzCE+9civSUwKA==
+"@aws-cdk/service-spec-types@^0.0.150":
+  version "0.0.150"
+  resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.150.tgz#3a42559d9f81663f089b7ac518116c33a726c5ff"
+  integrity sha512-s/hDl+Q+ste5xtriLBxKFreH3GfG9YFBsxpvz+oYEjMtc9ILrtVPcUqcU3SonprRdgDNkuB8Kghecp5iRBTgpA==
   dependencies:
     "@cdklabs/tskb" "^0.0.3"
 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+// AWS::AIOps Cloudformation Resources`
	`2`	`+export * from './aiops.generated';`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+// AWS::WorkspacesInstances Cloudformation Resources`
	`2`	`+export * from './workspacesinstances.generated';`