diff --git a/.github/workflows/code-health.yaml b/.github/workflows/code-health.yaml
index 4b1620813..718e8bd44 100644
--- a/.github/workflows/code-health.yaml
+++ b/.github/workflows/code-health.yaml
@@ -18,6 +18,12 @@ jobs:
       run: | 
         cd cfn-resources
         go build -v ./...
+    - name: Install CloudFormation CLI
+      run: pip install cloudformation-cli cloudformation-cli-go-plugin
+    - name: Generate purls for all resources
+      run: make gen-purls
+    - name: Check purls for all resources
+      run: make check-purls
   mock-generation:
     runs-on: ubuntu-latest
     steps:
diff --git a/.github/workflows/contract-testing.yaml b/.github/workflows/contract-testing.yaml
index 90b2cbb73..57dc0d8dd 100644
--- a/.github/workflows/contract-testing.yaml
+++ b/.github/workflows/contract-testing.yaml
@@ -36,45 +36,62 @@ jobs:
    - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
      id: filter
      with:
+      predicate-quantifier: 'every'
       filters: |
         access-list-api-key:
           - 'cfn-resources/access-list-api-key/**'
+          - '!cfn-resources/access-list-api-key/compliance/**'
         alert-configuration:
           - 'cfn-resources/alert-configuration/**'
+          - '!cfn-resources/alert-configuration/compliance/**'
         api-key:
           - 'cfn-resources/api-key/**'
+          - '!cfn-resources/api-key/compliance/**'
         auditing:
           - 'cfn-resources/auditing/**'
+          - '!cfn-resources/auditing/compliance/**'
         cloud-backup-restore-jobs:
           - 'cfn-resources/cloud-backup-restore-jobs/**'
+          - '!cfn-resources/cloud-backup-restore-jobs/compliance/**'
         cluster-outage-simulation:
           - 'cfn-resources/cluster-outage-simulation/**'
+          - '!cfn-resources/cluster-outage-simulation/compliance/**'
         federated-database-instance:
           - 'cfn-resources/federated-database-instance/**'
+          - '!cfn-resources/federated-database-instance/compliance/**'
         federated-query-limit:
           - 'cfn-resources/federated-query-limit/**'
+          - '!cfn-resources/federated-query-limit/compliance/**'
         online-archive:
           - 'cfn-resources/online-archive/**'
+          - '!cfn-resources/online-archive/compliance/**'
         organization:
           - 'cfn-resources/organization/**'
+          - '!cfn-resources/organization/compliance/**'
         private-endpoint-aws:
           - 'cfn-resources/private-endpoint-aws/**'
+          - '!cfn-resources/private-endpoint-aws/compliance/**'
         private-endpoint-service:
           - 'cfn-resources/private-endpoint-service/**'
+          - '!cfn-resources/private-endpoint-service/compliance/**'
         privatelink-endpoint-service-data-federation-online-archive:
           - 'cfn-resources/privatelink-endpoint-service-data-federation-online-archive/**'
+          - '!cfn-resources/privatelink-endpoint-service-data-federation-online-archive/compliance/**'
         project:
           - 'cfn-resources/project/**'
+          - '!cfn-resources/project/compliance/**'
         resource-policy:
           - 'cfn-resources/resource-policy/**'
+          - '!cfn-resources/resource-policy/compliance/**'
         search-deployment:
           - 'cfn-resources/search-deployment/**'
-        serverless-private-endpoint:
-          - 'cfn-resources/serverless-private-endpoint/**'
+          - '!cfn-resources/search-deployment/compliance/**'
         stream-connection:
           - 'cfn-resources/stream-connection/**'
+          - '!cfn-resources/stream-connection/compliance/**'
         stream-instance:
           - 'cfn-resources/stream-instance/**'
+          - '!cfn-resources/stream-instance/compliance/**'
   access-list-api-key:
     needs: change-detection
     if: ${{ needs.change-detection.outputs.access-list-api-key == 'true' }}
@@ -729,48 +746,6 @@ jobs:
 
           cat inputs/inputs_1_create.json
 
-          make run-contract-testing
-          make delete-test-resources
-  serverless-private-endpoint:
-    needs: change-detection
-    if: ${{ needs.change-detection.outputs.  serverless-private-endpoint == 'true' }}
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5
-        with:
-          go-version-file: 'cfn-resources/go.mod'
-      - name: setup Atlas CLI
-        uses: mongodb/atlas-github-action@15663d068c40a8582d881560961fce9d45e0df9a
-      - uses: aws-actions/setup-sam@819220f63fb333a9a394dd0a5cab2d8303fd17e2
-        with:
-          use-installer: true
-      - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_TEST_ENV }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_TEST_ENV }}
-          aws-region: eu-west-1
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
-        with:
-          python-version: '3.9'
-          cache: 'pip' # caching pip dependencies
-      - run: pip install cloudformation-cli cloudformation-cli-go-plugin
-      - name: Run the Contract test
-        shell: bash
-        env:
-          MONGODB_ATLAS_PUBLIC_API_KEY: ${{ secrets.CLOUD_DEV_PUBLIC_KEY }}
-          MONGODB_ATLAS_PRIVATE_API_KEY: ${{ secrets.CLOUD_DEV_PRIVATE_KEY }}
-          MONGODB_ATLAS_ORG_ID: ${{ secrets.CLOUD_DEV_ORG_ID }}
-          MONGODB_ATLAS_TEAM_ID: 641490b0207f4d22f4d8f2fd
-          MONGODB_ATLAS_OPS_MANAGER_URL: https://cloud-dev.mongodb.com/
-          MONGODB_ATLAS_PROFILE: cfn-cloud-dev-github-action
-        run: |
-          pushd cfn-resources/serverless-private-endpoint
-          make create-test-resources
-          
-          cat inputs/inputs_1_create.json
-          cat inputs/inputs_1_update.json
-          
           make run-contract-testing
           make delete-test-resources
   stream-connection:
diff --git a/Makefile b/Makefile
index 8cd9b44b1..0eb2c3cba 100644
--- a/Makefile
+++ b/Makefile
@@ -63,3 +63,10 @@ generate-mocks: # uses mockery to generate mocks in folder `cfn-resources/testut
 generate-resource-versions-markdown: 
 	(cd cfn-resources && go run tool/markdown-generator/*.go)
 
+.PHONY: gen-purls
+gen-purls:
+	./scripts/generate-purls.sh
+
+.PHONY: check-purls
+check-purls:
+	./scripts/check-purls.sh
diff --git a/cfn-resources/access-list-api-key/compliance/purls.txt b/cfn-resources/access-list-api-key/compliance/purls.txt
new file mode 100644
index 000000000..e9fd7bdbd
--- /dev/null
+++ b/cfn-resources/access-list-api-key/compliance/purls.txt
@@ -0,0 +1,19 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go-v2@v1.36.3
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/aws/smithy-go@v1.22.3
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/alert-configuration/compliance/purls.txt b/cfn-resources/alert-configuration/compliance/purls.txt
new file mode 100644
index 000000000..d40a8d148
--- /dev/null
+++ b/cfn-resources/alert-configuration/compliance/purls.txt
@@ -0,0 +1,18 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/github.com/spf13/cast@v1.9.2
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/api-key/compliance/purls.txt b/cfn-resources/api-key/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/api-key/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/auditing/compliance/purls.txt b/cfn-resources/auditing/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/auditing/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/cloud-backup-restore-jobs/compliance/purls.txt b/cfn-resources/cloud-backup-restore-jobs/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/cloud-backup-restore-jobs/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/cloud-backup-schedule/compliance/purls.txt b/cfn-resources/cloud-backup-schedule/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/cloud-backup-schedule/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/cloud-backup-snapshot-export-bucket/cmd/resource/config.go b/cfn-resources/cloud-backup-snapshot-export-bucket/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/cloud-backup-snapshot-export-bucket/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/cloud-backup-snapshot-export-bucket/compliance/purls.txt b/cfn-resources/cloud-backup-snapshot-export-bucket/compliance/purls.txt
new file mode 100644
index 000000000..e9fd7bdbd
--- /dev/null
+++ b/cfn-resources/cloud-backup-snapshot-export-bucket/compliance/purls.txt
@@ -0,0 +1,19 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go-v2@v1.36.3
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/aws/smithy-go@v1.22.3
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/cloud-backup-snapshot-export-bucket/docs/README.md b/cfn-resources/cloud-backup-snapshot-export-bucket/docs/README.md
index ee22d7b3e..ac61576c6 100644
--- a/cfn-resources/cloud-backup-snapshot-export-bucket/docs/README.md
+++ b/cfn-resources/cloud-backup-snapshot-export-bucket/docs/README.md
@@ -61,9 +61,9 @@ _Required_: Yes
 
 _Type_: String
 
-_Minimum_: <code>24</code>
+_Minimum Length_: <code>24</code>
 
-_Maximum_: <code>24</code>
+_Maximum Length_: <code>24</code>
 
 _Pattern_: <code>^([a-f0-9]{24})$</code>
 
@@ -77,9 +77,9 @@ _Required_: Yes
 
 _Type_: String
 
-_Minimum_: <code>24</code>
+_Minimum Length_: <code>24</code>
 
-_Maximum_: <code>24</code>
+_Maximum Length_: <code>24</code>
 
 _Pattern_: <code>^([a-f0-9]{24})$</code>
 
diff --git a/cfn-resources/cloud-backup-snapshot-export-bucket/resource-role.yaml b/cfn-resources/cloud-backup-snapshot-export-bucket/resource-role.yaml
index 206e0482b..720333f75 100644
--- a/cfn-resources/cloud-backup-snapshot-export-bucket/resource-role.yaml
+++ b/cfn-resources/cloud-backup-snapshot-export-bucket/resource-role.yaml
@@ -15,6 +15,13 @@ Resources:
             Principal:
               Service: resources.cloudformation.amazonaws.com
             Action: sts:AssumeRole
+            Condition:
+              StringEquals:
+                aws:SourceAccount:
+                  Ref: AWS::AccountId
+              StringLike:
+                aws:SourceArn:
+                  Fn::Sub: arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:type/resource/MongoDB-Atlas-CloudBackupSnapshotExportBucket/*
       Path: "/"
       Policies:
         - PolicyName: ResourceTypePolicy
@@ -23,27 +30,7 @@ Resources:
             Statement:
               - Effect: Allow
                 Action:
-                - "secretsmanager:CreateSecret"
-                - "secretsmanager:DescribeSecret"
                 - "secretsmanager:GetSecretValue"
-                - "secretsmanager:PutSecretValue"
-                - "secretsmanager:UpdateSecretVersionStage"
-                - "ec2:CreateVpcEndpoint"
-                - "ec2:DeleteVpcEndpoints"
-                - "cloudformation:CreateResource"
-                - "cloudformation:DeleteResource"
-                - "cloudformation:GetResource"
-                - "cloudformation:GetResourceRequestStatus"
-                - "cloudformation:ListResources"
-                - "cloudformation:UpdateResource"
-                - "iam:AttachRolePolicy"
-                - "iam:CreateRole"
-                - "iam:DeleteRole"
-                - "iam:GetRole"
-                - "iam:GetRolePolicy"
-                - "iam:ListAttachedRolePolicies"
-                - "iam:ListRolePolicies"
-                - "iam:PutRolePolicy"
                 Resource: "*"
 Outputs:
   ExecutionRoleArn:
diff --git a/cfn-resources/cloud-backup-snapshot/cmd/resource/config.go b/cfn-resources/cloud-backup-snapshot/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/cloud-backup-snapshot/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/cloud-backup-snapshot/compliance/purls.txt b/cfn-resources/cloud-backup-snapshot/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/cloud-backup-snapshot/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/cluster-outage-simulation/cmd/resource/config.go b/cfn-resources/cluster-outage-simulation/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/cluster-outage-simulation/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/cluster-outage-simulation/compliance/purls.txt b/cfn-resources/cluster-outage-simulation/compliance/purls.txt
new file mode 100644
index 000000000..d40a8d148
--- /dev/null
+++ b/cfn-resources/cluster-outage-simulation/compliance/purls.txt
@@ -0,0 +1,18 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/github.com/spf13/cast@v1.9.2
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/cluster-outage-simulation/resource-role.yaml b/cfn-resources/cluster-outage-simulation/resource-role.yaml
index c3bb2b124..0b261d022 100644
--- a/cfn-resources/cluster-outage-simulation/resource-role.yaml
+++ b/cfn-resources/cluster-outage-simulation/resource-role.yaml
@@ -15,6 +15,13 @@ Resources:
             Principal:
               Service: resources.cloudformation.amazonaws.com
             Action: sts:AssumeRole
+            Condition:
+              StringEquals:
+                aws:SourceAccount:
+                  Ref: AWS::AccountId
+              StringLike:
+                aws:SourceArn:
+                  Fn::Sub: arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:type/resource/MongoDB-Atlas-ClusterOutageSimulation/*
       Path: "/"
       Policies:
         - PolicyName: ResourceTypePolicy
@@ -23,7 +30,7 @@ Resources:
             Statement:
               - Effect: Allow
                 Action:
-                  - "secretsmanager:GetSecretValue"
+                - "secretsmanager:GetSecretValue"
                 Resource: "*"
 Outputs:
   ExecutionRoleArn:
diff --git a/cfn-resources/cluster/compliance/purls.txt b/cfn-resources/cluster/compliance/purls.txt
new file mode 100644
index 000000000..d40a8d148
--- /dev/null
+++ b/cfn-resources/cluster/compliance/purls.txt
@@ -0,0 +1,18 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/github.com/spf13/cast@v1.9.2
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/custom-db-role/compliance/purls.txt b/cfn-resources/custom-db-role/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/custom-db-role/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/custom-dns-configuration-cluster-aws/cmd/resource/config.go b/cfn-resources/custom-dns-configuration-cluster-aws/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/custom-dns-configuration-cluster-aws/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/custom-dns-configuration-cluster-aws/compliance/purls.txt b/cfn-resources/custom-dns-configuration-cluster-aws/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/custom-dns-configuration-cluster-aws/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/custom-dns-configuration-cluster-aws/resource-role.yaml b/cfn-resources/custom-dns-configuration-cluster-aws/resource-role.yaml
index 87ec5ce9a..93a51f508 100644
--- a/cfn-resources/custom-dns-configuration-cluster-aws/resource-role.yaml
+++ b/cfn-resources/custom-dns-configuration-cluster-aws/resource-role.yaml
@@ -15,6 +15,13 @@ Resources:
             Principal:
               Service: resources.cloudformation.amazonaws.com
             Action: sts:AssumeRole
+            Condition:
+              StringEquals:
+                aws:SourceAccount:
+                  Ref: AWS::AccountId
+              StringLike:
+                aws:SourceArn:
+                  Fn::Sub: arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:type/resource/MongoDB-Atlas-CustomDnsConfigurationClusterAws/*
       Path: "/"
       Policies:
         - PolicyName: ResourceTypePolicy
diff --git a/cfn-resources/data-lake-pipeline/compliance/purls.txt b/cfn-resources/data-lake-pipeline/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/data-lake-pipeline/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/database-user/compliance/purls.txt b/cfn-resources/database-user/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/database-user/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/datalakes/cmd/resource/config.go b/cfn-resources/datalakes/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/datalakes/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/datalakes/compliance/purls.txt b/cfn-resources/datalakes/compliance/purls.txt
new file mode 100644
index 000000000..d40a8d148
--- /dev/null
+++ b/cfn-resources/datalakes/compliance/purls.txt
@@ -0,0 +1,18 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/github.com/spf13/cast@v1.9.2
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/datalakes/docs/README.md b/cfn-resources/datalakes/docs/README.md
index 2d34dc07b..b384e6273 100644
--- a/cfn-resources/datalakes/docs/README.md
+++ b/cfn-resources/datalakes/docs/README.md
@@ -75,9 +75,9 @@ _Required_: No
 
 _Type_: String
 
-_Minimum_: <code>24</code>
+_Minimum Length_: <code>24</code>
 
-_Maximum_: <code>24</code>
+_Maximum Length_: <code>24</code>
 
 _Pattern_: <code>^([a-f0-9]{24})$</code>
 
diff --git a/cfn-resources/datalakes/docs/datalakeawscloudproviderconfigview.md b/cfn-resources/datalakes/docs/datalakeawscloudproviderconfigview.md
index 081b3fb89..3506e3f2b 100644
--- a/cfn-resources/datalakes/docs/datalakeawscloudproviderconfigview.md
+++ b/cfn-resources/datalakes/docs/datalakeawscloudproviderconfigview.md
@@ -46,9 +46,9 @@ _Required_: No
 
 _Type_: String
 
-_Minimum_: <code>20</code>
+_Minimum Length_: <code>20</code>
 
-_Maximum_: <code>2048</code>
+_Maximum Length_: <code>2048</code>
 
 _Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
 
diff --git a/cfn-resources/datalakes/resource-role.yaml b/cfn-resources/datalakes/resource-role.yaml
index 4ac0bfcdd..d36876bfe 100644
--- a/cfn-resources/datalakes/resource-role.yaml
+++ b/cfn-resources/datalakes/resource-role.yaml
@@ -15,6 +15,13 @@ Resources:
             Principal:
               Service: resources.cloudformation.amazonaws.com
             Action: sts:AssumeRole
+            Condition:
+              StringEquals:
+                aws:SourceAccount:
+                  Ref: AWS::AccountId
+              StringLike:
+                aws:SourceArn:
+                  Fn::Sub: arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:type/resource/MongoDB-Atlas-DataLakes/*
       Path: "/"
       Policies:
         - PolicyName: ResourceTypePolicy
@@ -24,22 +31,6 @@ Resources:
               - Effect: Allow
                 Action:
                 - "secretsmanager:GetSecretValue"
-                - "ec2:CreateVpcEndpoint"
-                - "ec2:DeleteVpcEndpoints"
-                - "cloudformation:CreateResource"
-                - "cloudformation:DeleteResource"
-                - "cloudformation:GetResource"
-                - "cloudformation:GetResourceRequestStatus"
-                - "cloudformation:ListResources"
-                - "cloudformation:UpdateResource"
-                - "iam:AttachRolePolicy"
-                - "iam:CreateRole"
-                - "iam:DeleteRole"
-                - "iam:GetRole"
-                - "iam:GetRolePolicy"
-                - "iam:ListAttachedRolePolicies"
-                - "iam:ListRolePolicies"
-                - "iam:PutRolePolicy"
                 Resource: "*"
 Outputs:
   ExecutionRoleArn:
diff --git a/cfn-resources/encryption-at-rest/compliance/purls.txt b/cfn-resources/encryption-at-rest/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/encryption-at-rest/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/federated-database-instance/cmd/resource/config.go b/cfn-resources/federated-database-instance/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/federated-database-instance/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/federated-database-instance/compliance/purls.txt b/cfn-resources/federated-database-instance/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/federated-database-instance/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/federated-database-instance/resource-role.yaml b/cfn-resources/federated-database-instance/resource-role.yaml
index 87ec5ce9a..9edd81d76 100644
--- a/cfn-resources/federated-database-instance/resource-role.yaml
+++ b/cfn-resources/federated-database-instance/resource-role.yaml
@@ -15,6 +15,13 @@ Resources:
             Principal:
               Service: resources.cloudformation.amazonaws.com
             Action: sts:AssumeRole
+            Condition:
+              StringEquals:
+                aws:SourceAccount:
+                  Ref: AWS::AccountId
+              StringLike:
+                aws:SourceArn:
+                  Fn::Sub: arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:type/resource/MongoDB-Atlas-FederatedDatabaseInstance/*
       Path: "/"
       Policies:
         - PolicyName: ResourceTypePolicy
diff --git a/cfn-resources/federated-query-limit/compliance/purls.txt b/cfn-resources/federated-query-limit/compliance/purls.txt
new file mode 100644
index 000000000..d40a8d148
--- /dev/null
+++ b/cfn-resources/federated-query-limit/compliance/purls.txt
@@ -0,0 +1,18 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/github.com/spf13/cast@v1.9.2
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/federated-query-limit/docs/README.md b/cfn-resources/federated-query-limit/docs/README.md
index 330656e2b..6bba255a1 100644
--- a/cfn-resources/federated-query-limit/docs/README.md
+++ b/cfn-resources/federated-query-limit/docs/README.md
@@ -117,10 +117,6 @@ For more information about using the `Fn::GetAtt` intrinsic function, see [Fn::G
 
 Amount that indicates the current usage of the limit.
 
-#### DefaultLimit
-
-Default value of the limit.
-
 #### LastModifiedDate
 
 Only used for Data Federation limits. Timestamp that indicates when this usage limit was last modified. This field uses the ISO 8601 timestamp format in UTC.
diff --git a/cfn-resources/federated-settings-org-role-mapping/cmd/resource/config.go b/cfn-resources/federated-settings-org-role-mapping/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/federated-settings-org-role-mapping/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/federated-settings-org-role-mapping/compliance/purls.txt b/cfn-resources/federated-settings-org-role-mapping/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/federated-settings-org-role-mapping/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/federated-settings-org-role-mapping/docs/README.md b/cfn-resources/federated-settings-org-role-mapping/docs/README.md
index 5e35b6334..b012a4ac9 100644
--- a/cfn-resources/federated-settings-org-role-mapping/docs/README.md
+++ b/cfn-resources/federated-settings-org-role-mapping/docs/README.md
@@ -50,13 +50,13 @@ _Update requires_: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/l
 
 Unique human-readable label that identifies the identity provider group to whichthis role mapping applies.
 
-_Required_: No
+_Required_: Yes
 
 _Type_: String
 
-_Minimum_: <code>1</code>
+_Minimum Length_: <code>1</code>
 
-_Maximum_: <code>200</code>
+_Maximum Length_: <code>200</code>
 
 _Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
 
@@ -68,9 +68,9 @@ _Required_: Yes
 
 _Type_: String
 
-_Minimum_: <code>24</code>
+_Minimum Length_: <code>24</code>
 
-_Maximum_: <code>24</code>
+_Maximum Length_: <code>24</code>
 
 _Pattern_: <code>^([a-f0-9]{24})$</code>
 
@@ -84,9 +84,9 @@ _Required_: Yes
 
 _Type_: String
 
-_Minimum_: <code>24</code>
+_Minimum Length_: <code>24</code>
 
-_Maximum_: <code>24</code>
+_Maximum Length_: <code>24</code>
 
 _Pattern_: <code>^([a-f0-9]{24})$</code>
 
diff --git a/cfn-resources/federated-settings-org-role-mapping/resource-role.yaml b/cfn-resources/federated-settings-org-role-mapping/resource-role.yaml
index 87ec5ce9a..fdf24492a 100644
--- a/cfn-resources/federated-settings-org-role-mapping/resource-role.yaml
+++ b/cfn-resources/federated-settings-org-role-mapping/resource-role.yaml
@@ -15,6 +15,13 @@ Resources:
             Principal:
               Service: resources.cloudformation.amazonaws.com
             Action: sts:AssumeRole
+            Condition:
+              StringEquals:
+                aws:SourceAccount:
+                  Ref: AWS::AccountId
+              StringLike:
+                aws:SourceArn:
+                  Fn::Sub: arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:type/resource/MongoDB-Atlas-FederatedSettingsOrgRoleMapping/*
       Path: "/"
       Policies:
         - PolicyName: ResourceTypePolicy
diff --git a/cfn-resources/global-cluster-config/cmd/resource/config.go b/cfn-resources/global-cluster-config/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/global-cluster-config/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/global-cluster-config/compliance/purls.txt b/cfn-resources/global-cluster-config/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/global-cluster-config/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/global-cluster-config/resource-role.yaml b/cfn-resources/global-cluster-config/resource-role.yaml
index 206e0482b..3737b2bbc 100644
--- a/cfn-resources/global-cluster-config/resource-role.yaml
+++ b/cfn-resources/global-cluster-config/resource-role.yaml
@@ -15,6 +15,13 @@ Resources:
             Principal:
               Service: resources.cloudformation.amazonaws.com
             Action: sts:AssumeRole
+            Condition:
+              StringEquals:
+                aws:SourceAccount:
+                  Ref: AWS::AccountId
+              StringLike:
+                aws:SourceArn:
+                  Fn::Sub: arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:type/resource/MongoDB-Atlas-GlobalClusterConfig/*
       Path: "/"
       Policies:
         - PolicyName: ResourceTypePolicy
@@ -23,27 +30,7 @@ Resources:
             Statement:
               - Effect: Allow
                 Action:
-                - "secretsmanager:CreateSecret"
-                - "secretsmanager:DescribeSecret"
                 - "secretsmanager:GetSecretValue"
-                - "secretsmanager:PutSecretValue"
-                - "secretsmanager:UpdateSecretVersionStage"
-                - "ec2:CreateVpcEndpoint"
-                - "ec2:DeleteVpcEndpoints"
-                - "cloudformation:CreateResource"
-                - "cloudformation:DeleteResource"
-                - "cloudformation:GetResource"
-                - "cloudformation:GetResourceRequestStatus"
-                - "cloudformation:ListResources"
-                - "cloudformation:UpdateResource"
-                - "iam:AttachRolePolicy"
-                - "iam:CreateRole"
-                - "iam:DeleteRole"
-                - "iam:GetRole"
-                - "iam:GetRolePolicy"
-                - "iam:ListAttachedRolePolicies"
-                - "iam:ListRolePolicies"
-                - "iam:PutRolePolicy"
                 Resource: "*"
 Outputs:
   ExecutionRoleArn:
diff --git a/cfn-resources/ldap-configuration/cmd/resource/config.go b/cfn-resources/ldap-configuration/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/ldap-configuration/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/ldap-configuration/compliance/purls.txt b/cfn-resources/ldap-configuration/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/ldap-configuration/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/ldap-verify/cmd/resource/config.go b/cfn-resources/ldap-verify/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/ldap-verify/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/ldap-verify/compliance/purls.txt b/cfn-resources/ldap-verify/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/ldap-verify/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/maintenance-window/cmd/resource/config.go b/cfn-resources/maintenance-window/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/maintenance-window/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/maintenance-window/compliance/purls.txt b/cfn-resources/maintenance-window/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/maintenance-window/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/network-container/cmd/resource/config.go b/cfn-resources/network-container/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/network-container/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/network-container/compliance/purls.txt b/cfn-resources/network-container/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/network-container/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/network-peering/cmd/resource/config.go b/cfn-resources/network-peering/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/network-peering/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/network-peering/compliance/purls.txt b/cfn-resources/network-peering/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/network-peering/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/network-peering/resource-role.yaml b/cfn-resources/network-peering/resource-role.yaml
index 87ec5ce9a..06ab8c979 100644
--- a/cfn-resources/network-peering/resource-role.yaml
+++ b/cfn-resources/network-peering/resource-role.yaml
@@ -15,6 +15,13 @@ Resources:
             Principal:
               Service: resources.cloudformation.amazonaws.com
             Action: sts:AssumeRole
+            Condition:
+              StringEquals:
+                aws:SourceAccount:
+                  Ref: AWS::AccountId
+              StringLike:
+                aws:SourceArn:
+                  Fn::Sub: arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:type/resource/MongoDB-Atlas-NetworkPeering/*
       Path: "/"
       Policies:
         - PolicyName: ResourceTypePolicy
diff --git a/cfn-resources/online-archive/Makefile b/cfn-resources/online-archive/Makefile
index a63d470a2..296ff567e 100644
--- a/cfn-resources/online-archive/Makefile
+++ b/cfn-resources/online-archive/Makefile
@@ -1,4 +1,4 @@
-.PHONY: build debug clean create-test-resources delete-test-resources run-contract-testing
+.PHONY: build test clean
 tags=logging callback metrics scheduler
 cgo=0
 goos=linux
diff --git a/cfn-resources/online-archive/compliance/purls.txt b/cfn-resources/online-archive/compliance/purls.txt
new file mode 100644
index 000000000..d40a8d148
--- /dev/null
+++ b/cfn-resources/online-archive/compliance/purls.txt
@@ -0,0 +1,18 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/github.com/spf13/cast@v1.9.2
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/online-archive/test/cfn-test-create-inputs.sh b/cfn-resources/online-archive/test/cfn-test-create-inputs.sh
index 4dd01a4dc..cd3fa83b7 100755
--- a/cfn-resources/online-archive/test/cfn-test-create-inputs.sh
+++ b/cfn-resources/online-archive/test/cfn-test-create-inputs.sh
@@ -33,7 +33,7 @@ echo -e "=====\nrun this command to clean up\n=====\nmongocli iam projects delet
 ClusterName="${projectName}"
 
 # shellcheck disable=SC2086
-atlas clusters create "${ClusterName}" --projectId ${projectId} --backup --provider AWS --region US_EAST_1 --members 3 --tier M10 --mdbVersion 5.0 --diskSizeGB 10 --output=json
+atlas clusters create "${ClusterName}" --projectId ${projectId} --backup --provider AWS --region US_EAST_1 --members 3 --tier M10 --mdbVersion 8.0 --diskSizeGB 10 --output=json
 atlas clusters watch "${ClusterName}" --projectId "${projectId}"
 echo -e "Created Cluster \"${ClusterName}\""
 
diff --git a/cfn-resources/org-invitation/cmd/main.go b/cfn-resources/org-invitation/cmd/main.go
index 6e97ec61e..c09571a4f 100644
--- a/cfn-resources/org-invitation/cmd/main.go
+++ b/cfn-resources/org-invitation/cmd/main.go
@@ -1,17 +1,3 @@
-// Copyright 2023 MongoDB Inc
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
 // Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
 package main
 
diff --git a/cfn-resources/org-invitation/cmd/resource/config.go b/cfn-resources/org-invitation/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/org-invitation/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/org-invitation/cmd/resource/model.go b/cfn-resources/org-invitation/cmd/resource/model.go
index 17edb742a..06a101126 100644
--- a/cfn-resources/org-invitation/cmd/resource/model.go
+++ b/cfn-resources/org-invitation/cmd/resource/model.go
@@ -1,17 +1,3 @@
-// Copyright 2023 MongoDB Inc
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
 // Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
 // Updates to this type are made my editing the schema file and executing the 'generate' command.
 package resource
diff --git a/cfn-resources/org-invitation/compliance/purls.txt b/cfn-resources/org-invitation/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/org-invitation/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/org-invitation/resource-role.yaml b/cfn-resources/org-invitation/resource-role.yaml
index 8ffeb54fc..f30b8ebf3 100644
--- a/cfn-resources/org-invitation/resource-role.yaml
+++ b/cfn-resources/org-invitation/resource-role.yaml
@@ -9,21 +9,28 @@ Resources:
     Properties:
       MaxSessionDuration: 8400
       AssumeRolePolicyDocument:
-        Version: "2012-10-17"
+        Version: '2012-10-17'
         Statement:
           - Effect: Allow
             Principal:
               Service: resources.cloudformation.amazonaws.com
             Action: sts:AssumeRole
+            Condition:
+              StringEquals:
+                aws:SourceAccount:
+                  Ref: AWS::AccountId
+              StringLike:
+                aws:SourceArn:
+                  Fn::Sub: arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:type/resource/MongoDB-Atlas-OrgInvitation/*
       Path: "/"
       Policies:
         - PolicyName: ResourceTypePolicy
           PolicyDocument:
-            Version: "2012-10-17"
+            Version: '2012-10-17'
             Statement:
               - Effect: Allow
                 Action:
-                  - "secretsmanager:GetSecretValue"
+                - "secretsmanager:GetSecretValue"
                 Resource: "*"
 Outputs:
   ExecutionRoleArn:
diff --git a/cfn-resources/organization/cmd/resource/config.go b/cfn-resources/organization/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/organization/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/organization/compliance/purls.txt b/cfn-resources/organization/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/organization/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/private-endpoint-adl/compliance/purls.txt b/cfn-resources/private-endpoint-adl/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/private-endpoint-adl/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/private-endpoint-aws/compliance/purls.txt b/cfn-resources/private-endpoint-aws/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/private-endpoint-aws/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/private-endpoint-regional-mode/compliance/purls.txt b/cfn-resources/private-endpoint-regional-mode/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/private-endpoint-regional-mode/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/private-endpoint-service/compliance/purls.txt b/cfn-resources/private-endpoint-service/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/private-endpoint-service/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/private-endpoint/cmd/resource/config.go b/cfn-resources/private-endpoint/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/private-endpoint/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/private-endpoint/compliance/purls.txt b/cfn-resources/private-endpoint/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/private-endpoint/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/private-endpoint/resource-role.yaml b/cfn-resources/private-endpoint/resource-role.yaml
index 959fd9ca4..bdf2bdd66 100644
--- a/cfn-resources/private-endpoint/resource-role.yaml
+++ b/cfn-resources/private-endpoint/resource-role.yaml
@@ -15,6 +15,13 @@ Resources:
             Principal:
               Service: resources.cloudformation.amazonaws.com
             Action: sts:AssumeRole
+            Condition:
+              StringEquals:
+                aws:SourceAccount:
+                  Ref: AWS::AccountId
+              StringLike:
+                aws:SourceArn:
+                  Fn::Sub: arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:type/resource/MongoDB-Atlas-PrivateEndpoint/*
       Path: "/"
       Policies:
         - PolicyName: ResourceTypePolicy
diff --git a/cfn-resources/privatelink-endpoint-service-data-federation-online-archive/compliance/purls.txt b/cfn-resources/privatelink-endpoint-service-data-federation-online-archive/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/privatelink-endpoint-service-data-federation-online-archive/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/project-invitation/cmd/resource/config.go b/cfn-resources/project-invitation/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/project-invitation/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/project-invitation/compliance/purls.txt b/cfn-resources/project-invitation/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/project-invitation/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/project-ip-access-list/cmd/resource/config.go b/cfn-resources/project-ip-access-list/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/project-ip-access-list/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/project-ip-access-list/compliance/purls.txt b/cfn-resources/project-ip-access-list/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/project-ip-access-list/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/project-ip-access-list/makebuild b/cfn-resources/project-ip-access-list/makebuild
index 780491493..a59b4784c 100644
--- a/cfn-resources/project-ip-access-list/makebuild
+++ b/cfn-resources/project-ip-access-list/makebuild
@@ -4,4 +4,4 @@
 .PHONY: build
 build:
 	cfn generate
-	env GOOS=linux go build -ldflags="-s -w" -tags="$(TAGS)" -o bin/handler cmd/main.go
+	env GOARCH=amd64 GOOS=linux go build -ldflags="-s -w" -tags="lambda.norpc,$(TAGS)" -o bin/bootstrap cmd/main.go
diff --git a/cfn-resources/project-ip-access-list/resource-role.yaml b/cfn-resources/project-ip-access-list/resource-role.yaml
index 87ec5ce9a..d24fe9758 100644
--- a/cfn-resources/project-ip-access-list/resource-role.yaml
+++ b/cfn-resources/project-ip-access-list/resource-role.yaml
@@ -15,6 +15,13 @@ Resources:
             Principal:
               Service: resources.cloudformation.amazonaws.com
             Action: sts:AssumeRole
+            Condition:
+              StringEquals:
+                aws:SourceAccount:
+                  Ref: AWS::AccountId
+              StringLike:
+                aws:SourceArn:
+                  Fn::Sub: arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:type/resource/MongoDB-Atlas-ProjectIpAccessList/*
       Path: "/"
       Policies:
         - PolicyName: ResourceTypePolicy
diff --git a/cfn-resources/project/compliance/purls.txt b/cfn-resources/project/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/project/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/resource-policy/compliance/purls.txt b/cfn-resources/resource-policy/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/resource-policy/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/search-deployment/compliance/purls.txt b/cfn-resources/search-deployment/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/search-deployment/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/search-index/cmd/resource/config.go b/cfn-resources/search-index/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/search-index/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/search-index/compliance/purls.txt b/cfn-resources/search-index/compliance/purls.txt
new file mode 100644
index 000000000..d40a8d148
--- /dev/null
+++ b/cfn-resources/search-index/compliance/purls.txt
@@ -0,0 +1,18 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/github.com/spf13/cast@v1.9.2
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/serverless-instance/compliance/purls.txt b/cfn-resources/serverless-instance/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/serverless-instance/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/serverless-private-endpoint/compliance/purls.txt b/cfn-resources/serverless-private-endpoint/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/serverless-private-endpoint/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/stream-connection/compliance/purls.txt b/cfn-resources/stream-connection/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/stream-connection/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/stream-instance/compliance/purls.txt b/cfn-resources/stream-instance/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/stream-instance/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/teams/cmd/resource/config.go b/cfn-resources/teams/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/teams/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/teams/compliance/purls.txt b/cfn-resources/teams/compliance/purls.txt
new file mode 100644
index 000000000..d40a8d148
--- /dev/null
+++ b/cfn-resources/teams/compliance/purls.txt
@@ -0,0 +1,18 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/github.com/spf13/cast@v1.9.2
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/third-party-integration/cmd/main.go b/cfn-resources/third-party-integration/cmd/main.go
index 6d3ac4778..3618091e9 100644
--- a/cfn-resources/third-party-integration/cmd/main.go
+++ b/cfn-resources/third-party-integration/cmd/main.go
@@ -1,17 +1,3 @@
-// Copyright 2023 MongoDB Inc
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
 // Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
 package main
 
diff --git a/cfn-resources/third-party-integration/cmd/resource/config.go b/cfn-resources/third-party-integration/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/third-party-integration/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/third-party-integration/cmd/resource/model.go b/cfn-resources/third-party-integration/cmd/resource/model.go
index 8bfd41ac6..60db25168 100644
--- a/cfn-resources/third-party-integration/cmd/resource/model.go
+++ b/cfn-resources/third-party-integration/cmd/resource/model.go
@@ -1,17 +1,3 @@
-// Copyright 2023 MongoDB Inc
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
 // Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
 // Updates to this type are made my editing the schema file and executing the 'generate' command.
 package resource
diff --git a/cfn-resources/third-party-integration/compliance/purls.txt b/cfn-resources/third-party-integration/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/third-party-integration/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/trigger/cmd/main.go b/cfn-resources/trigger/cmd/main.go
index e5cc16416..1a2a5e2fa 100644
--- a/cfn-resources/trigger/cmd/main.go
+++ b/cfn-resources/trigger/cmd/main.go
@@ -1,17 +1,3 @@
-// Copyright 2023 MongoDB Inc
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
 // Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
 package main
 
diff --git a/cfn-resources/trigger/compliance/purls.txt b/cfn-resources/trigger/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/trigger/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/cfn-resources/trigger/docs/README.md b/cfn-resources/trigger/docs/README.md
index c4e58a609..5cbe74cc8 100644
--- a/cfn-resources/trigger/docs/README.md
+++ b/cfn-resources/trigger/docs/README.md
@@ -1,6 +1,6 @@
 # MongoDB::Atlas::Trigger
 
-View and manage your application's [triggers](https://www.mongodb.com/docs/atlas/app-services/triggers/overview/).
+View and manage your application's triggers: https://www.mongodb.com/docs/atlas/app-services/triggers/
 
 ## Syntax
 
diff --git a/cfn-resources/x509-authentication-database-user/cmd/resource/config.go b/cfn-resources/x509-authentication-database-user/cmd/resource/config.go
new file mode 100644
index 000000000..4d9eb7831
--- /dev/null
+++ b/cfn-resources/x509-authentication-database-user/cmd/resource/config.go
@@ -0,0 +1,19 @@
+// Code generated by 'cfn generate', changes will be undone by the next invocation. DO NOT EDIT.
+// Updates to this type are made my editing the schema file and executing the 'generate' command.
+package resource
+
+import "github.com/aws-cloudformation/cloudformation-cli-go-plugin/cfn/handler"
+
+// TypeConfiguration is autogenerated from the json schema
+type TypeConfiguration struct {
+}
+
+// Configuration returns a resource's configuration.
+func Configuration(req handler.Request) (*TypeConfiguration, error) {
+	// Populate the type configuration
+	typeConfig := &TypeConfiguration{}
+	if err := req.UnmarshalTypeConfig(typeConfig); err != nil {
+		return typeConfig, err
+	}
+	return typeConfig, nil
+}
diff --git a/cfn-resources/x509-authentication-database-user/compliance/purls.txt b/cfn-resources/x509-authentication-database-user/compliance/purls.txt
new file mode 100644
index 000000000..56b707c9c
--- /dev/null
+++ b/cfn-resources/x509-authentication-database-user/compliance/purls.txt
@@ -0,0 +1,17 @@
+pkg:golang/../vendor/go.mongodb.org/atlas-sdk/v20231115014@(devel)
+pkg:golang/github.com/aws-cloudformation/cloudformation-cli-go-plugin@v1.2.0
+pkg:golang/github.com/aws/aws-lambda-go@v1.37.0
+pkg:golang/github.com/aws/aws-sdk-go@v1.55.7
+pkg:golang/github.com/google/go-querystring@v1.1.0
+pkg:golang/github.com/jmespath/go-jmespath@v0.4.0
+pkg:golang/github.com/mongodb-forks/digest@v1.1.0
+pkg:golang/github.com/mongodb-labs/go-client-mongodb-atlas-app-services@v1.0.0
+pkg:golang/github.com/mongodb/mongodbatlas-cloudformation-resources@(devel)
+pkg:golang/github.com/rs/xid@v1.6.0
+pkg:golang/github.com/segmentio/ksuid@v1.0.4
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115002@v20231115002.1.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20231115014@v20231115014.0.0
+pkg:golang/go.mongodb.org/atlas-sdk/v20250312002@v20250312002.0.0
+pkg:golang/go.mongodb.org/atlas@v0.37.0
+pkg:golang/golang.org/x/oauth2@v0.28.0
+pkg:golang/gopkg.in/validator.v2@v2.0.1
diff --git a/scripts/check-purls.sh b/scripts/check-purls.sh
new file mode 100755
index 000000000..4ef6d0d2f
--- /dev/null
+++ b/scripts/check-purls.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if ! git diff --quiet --exit-code cfn-resources/**/compliance/purls.txt; then
+	echo "cfn-resources/**/compliance/purls.txt is out of date. Please run 'make gen-purls' and commit the result."
+	git --no-pager diff cfn-resources/**/compliance/purls.txt
+	exit 1
+fi
diff --git a/scripts/generate-purls.sh b/scripts/generate-purls.sh
new file mode 100755
index 000000000..f96b4fe07
--- /dev/null
+++ b/scripts/generate-purls.sh
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Loop over all resource directories in cfn-resources, skipping autogen
+for resource_dir in cfn-resources/*; do
+	if [ "$resource_dir" = "cfn-resources/autogen" ]; then
+		continue
+	fi
+	if [ -d "$resource_dir" ] && [ -f "$resource_dir/Makefile" ]; then
+		resource=$(basename "$resource_dir")
+		compliance_dir="$resource_dir/compliance"
+		bin_dir="$resource_dir/bin"
+		binary="$bin_dir/bootstrap"
+
+		echo "==> Building $resource"
+		mkdir -p "$compliance_dir"
+		(cd "$resource_dir" && make build)
+
+		if [ ! -f "$binary" ]; then
+			echo "No built binary found at $binary for $resource. Skipping purl generation."
+			continue
+		fi
+
+		purl_file="$compliance_dir/purls.txt"
+		echo "==> Generating purls for $resource"
+		go version -m "$binary" | awk '$1 == "dep" || $1 == "=>" { print "pkg:golang/" $2 "@" $3 }' | LC_ALL=C sort | uniq >"$purl_file"
+		echo "Generated $purl_file"
+	fi
+
+done