Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: update L1 CloudFormation resource definitions #29569

Merged
merged 1 commit into from
Mar 21, 2024

Conversation

aws-cdk-automation
Copy link
Collaborator

Updates the L1 CloudFormation resource definitions with the latest changes from @aws-cdk/aws-service-spec

L1 CloudFormation resource definition changes:

├[~] service aws-appconfig
│ └ resources
│    ├[~] resource AWS::AppConfig::ConfigurationProfile
│    │ └ types
│    │    └[~] type Validators
│    │      └  - documentation: A validator provides a syntactic or semantic check to ensure the configuration that you want to deploy functions as intended. To validate your application configuration data, you provide a schema or an AWS Lambda function that runs against the configuration. The configuration deployment or update can only proceed when the configuration data is valid.
│    │         + documentation: A validator provides a syntactic or semantic check to ensure the configuration that you want to deploy functions as intended. To validate your application configuration data, you provide a schema or an AWS Lambda function that runs against the configuration. The configuration deployment or update can only proceed when the configuration data is valid. For more information, see [About validators](https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-creating-configuration-profile.html#appconfig-creating-configuration-and-profile-validators) in the *AWS AppConfig User Guide* .
│    └[~] resource AWS::AppConfig::Deployment
│      └ properties
│         └ DynamicExtensionParameters: (documentation changed)
├[~] service aws-appintegrations
│ └ resources
│    └[+] resource AWS::AppIntegrations::Application
│      ├  name: Application
│      │  cloudFormationType: AWS::AppIntegrations::Application
│      │  documentation: Resource Type definition for AWS:AppIntegrations::Application
│      │  tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│      ├ properties
│      │  ├Name: string (required)
│      │  ├Namespace: string
│      │  ├Description: string (required)
│      │  ├ApplicationSourceConfig: ApplicationSourceConfig (required)
│      │  └Tags: Array<tag>
│      ├ attributes
│      │  ├ApplicationArn: string
│      │  └Id: string
│      └ types
│         ├type ApplicationSourceConfig
│         │├  documentation: Application source config
│         ││  name: ApplicationSourceConfig
│         │└ properties
│         │   └ExternalUrlConfig: ExternalUrlConfig (required)
│         └type ExternalUrlConfig
│          ├  name: ExternalUrlConfig
│          └ properties
│             ├AccessUrl: string (required)
│             └ApprovedOrigins: Array<string> (required)
├[~] service aws-autoscaling
│ └ resources
│    └[~] resource AWS::AutoScaling::AutoScalingGroup
│      └ properties
│         └ NotificationConfiguration: (documentation changed)
├[~] service aws-backup
│ └ resources
│    ├[~] resource AWS::Backup::BackupPlan
│    │ └ types
│    │    └[~] type LifecycleResourceType
│    │      └ properties
│    │         └ OptInToArchiveForSupportedResources: (documentation changed)
│    ├[~] resource AWS::Backup::RestoreTestingPlan
│    │ └ properties
│    │    └ RestoreTestingPlanName: (documentation changed)
│    └[~] resource AWS::Backup::RestoreTestingSelection
│      └ properties
│         └ RestoreTestingPlanName: (documentation changed)
├[~] service aws-batch
│ └ resources
│    └[~] resource AWS::Batch::JobQueue
│      ├ properties
│      │  └ JobStateTimeLimitActions: (documentation changed)
│      └ types
│         └[~] type JobStateTimeLimitAction
│           ├  - documentation: undefined
│           │  + documentation: Specifies an action that AWS Batch will take after the job has remained at the head of the queue in the specified state for longer than the specified time.
│           └ properties
│              ├ Action: (documentation changed)
│              ├ MaxTimeSeconds: (documentation changed)
│              ├ Reason: (documentation changed)
│              └ State: (documentation changed)
├[~] service aws-cloudformation
│ └ resources
│    └[~] resource AWS::CloudFormation::TypeActivation
│      └  - documentation: Activates a public third-party extension, making it available for use in stack templates. For more information, see [Using public extensions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html) in the *AWS CloudFormation User Guide* .
│         Once you have activated a public third-party extension in your account and Region, use [`SetTypeConfiguration`](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) to specify configuration properties for the extension. For more information, see [Configuring extensions at the account level](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) in the *CloudFormation User Guide* .
│         + documentation: Activates a public third-party extension, making it available for use in stack templates. For more information, see [Using public extensions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html) in the *AWS CloudFormation User Guide* .
│         Once you have activated a public third-party extension in your account and Region, use [SetTypeConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) to specify configuration properties for the extension. For more information, see [Configuring extensions at the account level](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-private.html#registry-set-configuration) in the *CloudFormation User Guide* .
├[~] service aws-codeartifact
│ └ resources
│    └[+] resource AWS::CodeArtifact::PackageGroup
│      ├  name: PackageGroup
│      │  cloudFormationType: AWS::CodeArtifact::PackageGroup
│      │  documentation: The resource schema to create a CodeArtifact package group.
│      │  tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│      ├ properties
│      │  ├DomainName: string (required, immutable)
│      │  ├DomainOwner: string
│      │  ├Pattern: string (required, immutable)
│      │  ├ContactInfo: string
│      │  ├Description: string
│      │  ├OriginConfiguration: OriginConfiguration
│      │  └Tags: Array<tag>
│      ├ attributes
│      │  └Arn: string
│      └ types
│         ├type OriginConfiguration
│         │├  name: OriginConfiguration
│         │└ properties
│         │   └Restrictions: Restrictions (required)
│         ├type Restrictions
│         │├  name: Restrictions
│         │└ properties
│         │   ├Publish: RestrictionType
│         │   ├ExternalUpstream: RestrictionType
│         │   └InternalUpstream: RestrictionType
│         └type RestrictionType
│          ├  name: RestrictionType
│          └ properties
│             ├RestrictionMode: string (required)
│             └Repositories: Array<string>
├[~] service aws-codebuild
│ └ resources
│    └[~] resource AWS::CodeBuild::Project
│      └ types
│         └[~] type WebhookFilter
│           └ properties
│              └ Type: (documentation changed)
├[~] service aws-codepipeline
│ └ resources
│    └[~] resource AWS::CodePipeline::Pipeline
│      └ types
│         └[~] type ActionDeclaration
│           ├  - documentation: Represents information about an action declaration.
│           │  > Documentation for the `timeoutInMinutes` parameter in the `ActionDeclaration` is not yet available for CloudFormation and CDK resources in CodePipeline. For more information about the configurable timeout for manual approval actions, see the [ActionDeclaration](https://docs.aws.amazon.com/codepipeline/latest/APIReference/API_ActionDeclaration.html) in the CodePipeline API Reference.
│           │  + documentation: Represents information about an action declaration.
│           └ properties
│              └ TimeoutInMinutes: (documentation changed)
├[~] service aws-connect
│ └ resources
│    └[~] resource AWS::Connect::SecurityProfile
│      ├ properties
│      │  ├[+] AllowedAccessControlHierarchyGroupId: string
│      │  ├[+] Applications: Array<Application>
│      │  └[+] HierarchyRestrictedResources: Array<string>
│      ├ attributes
│      │  ├[+] LastModifiedRegion: string
│      │  └[+] LastModifiedTime: number
│      └ types
│         └[+] type Application
│           ├  documentation: A third-party application's metadata.
│           │  name: Application
│           └ properties
│              ├ApplicationPermissions: Array<string> (required)
│              └Namespace: string (required)
├[~] service aws-datasync
│ └ resources
│    └[~] resource AWS::DataSync::Task
│      ├ properties
│      │  └[+] ManifestConfig: ManifestConfig
│      └ types
│         ├[~] type Destination
│         │ └ properties
│         │    └ S3: - S3
│         │          + TaskReportConfigDestinationS3 ⇐ S3
│         ├[+] type ManifestConfig
│         │ ├  documentation: Configures a manifest, which is a list of files or objects that you want AWS DataSync to transfer. For more information and configuration examples, see [Specifying what DataSync transfers by using a manifest](https://docs.aws.amazon.com/datasync/latest/userguide/transferring-with-manifest.html) .
│         │ │  name: ManifestConfig
│         │ └ properties
│         │    ├Action: string
│         │    ├Format: string
│         │    └Source: Source (required)
│         ├[+] type ManifestConfigSourceS3
│         │ ├  documentation: Specifies the S3 bucket where you're hosting the manifest that you want AWS DataSync to use. For more information and configuration examples, see [Specifying what DataSync transfers by using a manifest](https://docs.aws.amazon.com/datasync/latest/userguide/transferring-with-manifest.html) .
│         │ │  name: ManifestConfigSourceS3
│         │ └ properties
│         │    ├ManifestObjectPath: string
│         │    ├BucketAccessRoleArn: string
│         │    ├S3BucketArn: string
│         │    └ManifestObjectVersionId: string
│         ├[~] type S3
│         │ ├  - documentation: Specifies the Amazon S3 bucket where DataSync uploads your [task report](https://docs.aws.amazon.com/datasync/latest/userguide/task-reports.html) .
│         │ │  + documentation: undefined
│         │ └ properties
│         │    ├ BucketAccessRoleArn: (documentation changed)
│         │    ├ S3BucketArn: (documentation changed)
│         │    └ Subdirectory: (documentation changed)
│         ├[+] type Source
│         │ ├  documentation: Specifies the manifest that you want AWS DataSync to use and where it's hosted. For more information and configuration examples, see [Specifying what DataSync transfers by using a manifest](https://docs.aws.amazon.com/datasync/latest/userguide/transferring-with-manifest.html) .
│         │ │  name: Source
│         │ └ properties
│         │    └S3: ManifestConfigSourceS3
│         └[+] type TaskReportConfigDestinationS3
│           ├  documentation: Specifies the Amazon S3 bucket where DataSync uploads your [task report](https://docs.aws.amazon.com/datasync/latest/userguide/task-reports.html) .
│           │  name: TaskReportConfigDestinationS3
│           └ properties
│              ├Subdirectory: string
│              ├BucketAccessRoleArn: string
│              └S3BucketArn: string
├[~] service aws-dms
│ └ resources
│    └[~] resource AWS::DMS::DataProvider
│      └ types
│         └[~] type PostgreSqlSettings
│           ├  - documentation: Provides information that defines a PostgreSQL endpoint.
│           │  + documentation: undefined
│           └ properties
│              ├ DatabaseName: (documentation changed)
│              ├ Port: (documentation changed)
│              └ ServerName: (documentation changed)
├[~] service aws-dynamodb
│ └ resources
│    ├[~] resource AWS::DynamoDB::GlobalTable
│    │ └ types
│    │    ├[~] type ReplicaSpecification
│    │    │ └ properties
│    │    │    ├[+] ReplicaStreamSpecification: ReplicaStreamSpecification
│    │    │    └[+] ResourcePolicy: ResourcePolicy
│    │    ├[+] type ReplicaStreamSpecification
│    │    │ ├  documentation: Represents the DynamoDB Streams configuration for a global table replica.
│    │    │ │  name: ReplicaStreamSpecification
│    │    │ └ properties
│    │    │    └ResourcePolicy: ResourcePolicy (required)
│    │    └[+] type ResourcePolicy
│    │      ├  documentation: Creates or updates a resource-based policy document that contains the permissions for DynamoDB resources, such as a table, its indexes, and stream. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource.
│    │      │  In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see [Using resource-based policies for DynamoDB](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html) and [Resource-based policy examples](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html) .
│    │      │  While defining resource-based policies in your CloudFormation templates, the following considerations apply:
│    │      │  - The maximum size supported for a resource-based policy document in JSON format is 20 KB. DynamoDB counts whitespaces when calculating the size of a policy against this limit.
│    │      │  - Resource-based policies don't support [drift detection](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html#) . If you update a policy outside of the CloudFormation stack template, you'll need to update the CloudFormation stack with the changes.
│    │      │  - Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CloudFormation template, the change won't be overwritten if there are no changes to the policy within the template.
│    │      │  For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DynamoDB won’t be synced with the policy in the template.
│    │      │  Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DynamoDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DynamoDB will be updated to match the one defined in the template.
│    │      │  - Within a resource-based policy, if the action for a DynamoDB service-linked role (SLR) to replicate data for a global table is denied, adding or deleting a replica will fail with an error.
│    │      │  - The [AWS ::DynamoDB::GlobalTable](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-globaltable.html) resource doesn't support creating a replica in the same stack update in Regions other than the Region where you deploy the stack update.
│    │      │  For a full list of all considerations, see [Resource-based policy considerations](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-considerations.html) .
│    │      │  name: ResourcePolicy
│    │      └ properties
│    │         └PolicyDocument: json (required)
│    └[~] resource AWS::DynamoDB::Table
│      ├ properties
│      │  └[+] ResourcePolicy: ResourcePolicy
│      └ types
│         ├[+] type ResourcePolicy
│         │ ├  documentation: Creates or updates a resource-based policy document that contains the permissions for DynamoDB resources, such as a table, its indexes, and stream. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource.
│         │ │  In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see [Using resource-based policies for DynamoDB](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html) and [Resource-based policy examples](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html) .
│         │ │  While defining resource-based policies in your CloudFormation templates, the following considerations apply:
│         │ │  - The maximum size supported for a resource-based policy document in JSON format is 20 KB. DynamoDB counts whitespaces when calculating the size of a policy against this limit.
│         │ │  - Resource-based policies don't support [drift detection](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html#) . If you update a policy outside of the CloudFormation stack template, you'll need to update the CloudFormation stack with the changes.
│         │ │  - Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CloudFormation template, the change won't be overwritten if there are no changes to the policy within the template.
│         │ │  For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DynamoDB won’t be synced with the policy in the template.
│         │ │  Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DynamoDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DynamoDB will be updated to match the one defined in the template.
│         │ │  For a full list of all considerations, see [Resource-based policy considerations](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-considerations.html) .
│         │ │  name: ResourcePolicy
│         │ └ properties
│         │    └PolicyDocument: json (required)
│         └[~] type StreamSpecification
│           └ properties
│              └[+] ResourcePolicy: ResourcePolicy
├[~] service aws-ec2
│ └ resources
│    ├[~] resource AWS::EC2::FlowLog
│    │ └ properties
│    │    └ DestinationOptions: (documentation changed)
│    ├[~] resource AWS::EC2::Instance
│    │ └ attributes
│    │    ├ AvailabilityZone: (documentation changed)
│    │    ├ InstanceId: (documentation changed)
│    │    └ VpcId: (documentation changed)
│    └[~] resource AWS::EC2::NetworkInterface
│      ├ properties
│      │  ├ GroupSet: (documentation changed)
│      │  ├ Ipv6AddressCount: (documentation changed)
│      │  ├ Ipv6Addresses: (documentation changed)
│      │  ├ PrivateIpAddress: (documentation changed)
│      │  ├ PrivateIpAddresses: (documentation changed)
│      │  └ Tags: (documentation changed)
│      └ attributes
│         ├ PrimaryIpv6Address: (documentation changed)
│         └[+] VpcId: string
├[~] service aws-eks
│ └ resources
│    └[~] resource AWS::EKS::Nodegroup
│      ├  - documentation: Creates a managed node group for an Amazon EKS cluster.
│      │  You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template. For more information about using launch templates, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) .
│      │  An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by AWS for an Amazon EKS cluster. For more information, see [Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) in the *Amazon EKS User Guide* .
│      │  > Windows AMI types are only supported for commercial AWS Regions that support Windows on Amazon EKS.
│      │  + documentation: Creates a managed node group for an Amazon EKS cluster.
│      │  You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template. For more information about using launch templates, see [Customizing managed nodes with launch templates](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) .
│      │  An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by AWS for an Amazon EKS cluster. For more information, see [Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) in the *Amazon EKS User Guide* .
│      │  > Windows AMI types are only supported for commercial AWS Regions that support Windows on Amazon EKS.
│      ├ properties
│      │  ├ AmiType: (documentation changed)
│      │  ├ DiskSize: (documentation changed)
│      │  ├ InstanceTypes: (documentation changed)
│      │  ├ LaunchTemplate: (documentation changed)
│      │  ├ NodeRole: (documentation changed)
│      │  ├ RemoteAccess: (documentation changed)
│      │  └ Subnets: (documentation changed)
│      └ types
│         └[~] type LaunchTemplateSpecification
│           └  - documentation: An object representing a node group launch template specification. The launch template can't include [`SubnetId`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html) , [`IamInstanceProfile`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html) , [`RequestSpotInstances`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotInstances.html) , [`HibernationOptions`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_HibernationOptionsRequest.html) , or [`TerminateInstances`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TerminateInstances.html) , or the node group deployment or update will fail. For more information about launch templates, see [`CreateLaunchTemplate`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html) in the Amazon EC2 API Reference. For more information about using launch templates with Amazon EKS, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* .
│              You must specify either the launch template ID or the launch template name in the request, but not both.
│              + documentation: An object representing a node group launch template specification. The launch template can't include [`SubnetId`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html) , [`IamInstanceProfile`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html) , [`RequestSpotInstances`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotInstances.html) , [`HibernationOptions`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_HibernationOptionsRequest.html) , or [`TerminateInstances`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TerminateInstances.html) , or the node group deployment or update will fail. For more information about launch templates, see [`CreateLaunchTemplate`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html) in the Amazon EC2 API Reference. For more information about using launch templates with Amazon EKS, see [Customizing managed nodes with launch templates](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* .
│              You must specify either the launch template ID or the launch template name in the request, but not both.
├[~] service aws-elasticache
│ └ resources
│    └[~] resource AWS::ElastiCache::ParameterGroup
│      └ attributes
│         └[+] CacheParameterGroupName: string
├[~] service aws-elasticloadbalancingv2
│ └ resources
│    └[~] resource AWS::ElasticLoadBalancingV2::LoadBalancer
│      └ types
│         └[~] type LoadBalancerAttribute
│           └ properties
│              └ Key: (documentation changed)
├[~] service aws-fis
│ └ resources
│    └[~] resource AWS::FIS::ExperimentTemplate
│      └ types
│         └[~] type ExperimentTemplateExperimentOptions
│           └ properties
│              └ AccountTargeting: - string
│                                  + string (immutable)
├[~] service aws-kafkaconnect
│ └ resources
│    ├[~] resource AWS::KafkaConnect::Connector
│    │ ├  - tagInformation: undefined
│    │ │  + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │ └ properties
│    │    └[+] Tags: Array<tag>
│    ├[+] resource AWS::KafkaConnect::CustomPlugin
│    │ ├  name: CustomPlugin
│    │ │  cloudFormationType: AWS::KafkaConnect::CustomPlugin
│    │ │  documentation: An example resource schema demonstrating some basic constructs and validation rules.
│    │ │  tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │ ├ properties
│    │ │  ├Name: string (required, immutable)
│    │ │  ├Description: string (immutable)
│    │ │  ├ContentType: string (required, immutable)
│    │ │  ├Location: CustomPluginLocation (required, immutable)
│    │ │  └Tags: Array<tag>
│    │ ├ attributes
│    │ │  ├CustomPluginArn: string
│    │ │  ├Revision: integer
│    │ │  └FileDescription: CustomPluginFileDescription
│    │ └ types
│    │    ├type CustomPluginFileDescription
│    │    │├  documentation: Details about the custom plugin file.
│    │    ││  name: CustomPluginFileDescription
│    │    │└ properties
│    │    │   ├FileMd5: string
│    │    │   └FileSize: integer
│    │    ├type CustomPluginLocation
│    │    │├  documentation: Information about the location of a custom plugin.
│    │    ││  name: CustomPluginLocation
│    │    │└ properties
│    │    │   └S3Location: S3Location (required)
│    │    └type S3Location
│    │     ├  documentation: The S3 bucket Amazon Resource Name (ARN), file key, and object version of the plugin file stored in Amazon S3.
│    │     │  name: S3Location
│    │     └ properties
│    │        ├BucketArn: string (required)
│    │        ├FileKey: string (required)
│    │        └ObjectVersion: string
│    └[+] resource AWS::KafkaConnect::WorkerConfiguration
│      ├  name: WorkerConfiguration
│      │  cloudFormationType: AWS::KafkaConnect::WorkerConfiguration
│      │  documentation: The configuration of the workers, which are the processes that run the connector logic.
│      │  tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│      ├ properties
│      │  ├Name: string (required, immutable)
│      │  ├Description: string (immutable)
│      │  ├PropertiesFileContent: string (required, immutable)
│      │  └Tags: Array<tag>
│      └ attributes
│         ├WorkerConfigurationArn: string
│         └Revision: integer
├[~] service aws-kendra
│ └ resources
│    ├[~] resource AWS::Kendra::DataSource
│    │ └ types
│    │    └[~] type S3DataSourceConfiguration
│    │      └ properties
│    │         ├ ExclusionPatterns: (documentation changed)
│    │         └ InclusionPatterns: (documentation changed)
│    ├[~] resource AWS::Kendra::Faq
│    │ └ properties
│    │    └ LanguageCode: (documentation changed)
│    └[~] resource AWS::Kendra::Index
│      └ types
│         └[~] type Relevance
│           └ properties
│              ├ Freshness: (documentation changed)
│              └ RankOrder: (documentation changed)
├[~] service aws-kinesisanalyticsv2
│ └ resources
│    ├[~] resource AWS::KinesisAnalyticsV2::Application
│    │ └ types
│    │    ├[~] type ApplicationConfiguration
│    │    │ └ properties
│    │    │    └ SqlApplicationConfiguration: (documentation changed)
│    │    ├[~] type CSVMappingParameters
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, provides additional mapping information when the record format uses delimiters, such as CSV. For example, the following sample records use CSV format, where the records use the *'\n'* as the row delimiter and a comma (",") as the column delimiter:
│    │    │    `"name1", "address1"`
│    │    │    `"name2", "address2"`
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, provides additional mapping information when the record format uses delimiters, such as CSV. For example, the following sample records use CSV format, where the records use the *'\n'* as the row delimiter and a comma (",") as the column delimiter:
│    │    │    `"name1", "address1"`
│    │    │    `"name2", "address2"`
│    │    ├[~] type Input
│    │    │ ├  - documentation: When you configure the application input for a SQL-based Managed Service for Apache Flink application, you specify the streaming source, the in-application stream name that is created, and the mapping between the two.
│    │    │ │  + documentation: When you configure the application input for a SQL-based Kinesis Data Analytics application, you specify the streaming source, the in-application stream name that is created, and the mapping between the two.
│    │    │ └ properties
│    │    │    └ NamePrefix: (documentation changed)
│    │    ├[~] type InputLambdaProcessor
│    │    │ └  - documentation: An object that contains the Amazon Resource Name (ARN) of the Amazon Lambda function that is used to preprocess records in the stream in a SQL-based Managed Service for Apache Flink application.
│    │    │    + documentation: An object that contains the Amazon Resource Name (ARN) of the Amazon Lambda function that is used to preprocess records in the stream in a SQL-based Kinesis Data Analytics application.
│    │    ├[~] type InputParallelism
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the number of in-application streams to create for a given streaming source.
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the number of in-application streams to create for a given streaming source.
│    │    ├[~] type InputSchema
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the format of the data in the streaming source, and how each data element maps to corresponding columns created in the in-application stream.
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the format of the data in the streaming source, and how each data element maps to corresponding columns created in the in-application stream.
│    │    ├[~] type JSONMappingParameters
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, provides additional mapping information when JSON is the record format on the streaming source.
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, provides additional mapping information when JSON is the record format on the streaming source.
│    │    ├[~] type KinesisFirehoseInput
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, identifies a Kinesis Data Firehose delivery stream as the streaming source. You provide the delivery stream's Amazon Resource Name (ARN).
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, identifies a Kinesis Data Firehose delivery stream as the streaming source. You provide the delivery stream's Amazon Resource Name (ARN).
│    │    ├[~] type MappingParameters
│    │    │ └  - documentation: When you configure a SQL-based Managed Service for Apache Flink application's input at the time of creating or updating an application, provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source.
│    │    │    + documentation: When you configure a SQL-based Kinesis Data Analytics application's input at the time of creating or updating an application, provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source.
│    │    ├[~] type RecordColumn
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream.
│    │    │    Also used to describe the format of the reference data source.
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream.
│    │    │    Also used to describe the format of the reference data source.
│    │    ├[~] type RecordFormat
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the record format and relevant mapping information that should be applied to schematize the records on the stream.
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the record format and relevant mapping information that should be applied to schematize the records on the stream.
│    │    └[~] type SqlApplicationConfiguration
│    │      └  - documentation: Describes the inputs, outputs, and reference data sources for a SQL-based Managed Service for Apache Flink application.
│    │         + documentation: Describes the inputs, outputs, and reference data sources for a SQL-based Kinesis Data Analytics application.
│    ├[~] resource AWS::KinesisAnalyticsV2::ApplicationOutput
│    │ ├ properties
│    │ │  └ Output: (documentation changed)
│    │ └ types
│    │    ├[~] type DestinationSchema
│    │    │ └  - documentation: Describes the data format when records are written to the destination in a SQL-based Managed Service for Apache Flink application.
│    │    │    + documentation: Describes the data format when records are written to the destination in a SQL-based Kinesis Data Analytics application.
│    │    ├[~] type KinesisFirehoseOutput
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, when configuring application output, identifies a Kinesis Data Firehose delivery stream as the destination. You provide the stream Amazon Resource Name (ARN) of the delivery stream.
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, when configuring application output, identifies a Kinesis Data Firehose delivery stream as the destination. You provide the stream Amazon Resource Name (ARN) of the delivery stream.
│    │    ├[~] type KinesisStreamsOutput
│    │    │ └  - documentation: When you configure a SQL-based Managed Service for Apache Flink application's output, identifies a Kinesis data stream as the destination. You provide the stream Amazon Resource Name (ARN).
│    │    │    + documentation: When you configure a SQL-based Kinesis Data Analytics application's output, identifies a Kinesis data stream as the destination. You provide the stream Amazon Resource Name (ARN).
│    │    ├[~] type LambdaOutput
│    │    │ └  - documentation: When you configure a SQL-based Managed Service for Apache Flink application's output, identifies an Amazon Lambda function as the destination. You provide the function Amazon Resource Name (ARN) of the Lambda function.
│    │    │    + documentation: When you configure a SQL-based Kinesis Data Analytics application's output, identifies an Amazon Lambda function as the destination. You provide the function Amazon Resource Name (ARN) of the Lambda function.
│    │    └[~] type Output
│    │      └  - documentation: Describes a SQL-based Managed Service for Apache Flink application's output configuration, in which you identify an in-application stream and a destination where you want the in-application stream data to be written. The destination can be a Kinesis data stream or a Kinesis Data Firehose delivery stream.
│    │         + documentation: Describes a SQL-based Kinesis Data Analytics application's output configuration, in which you identify an in-application stream and a destination where you want the in-application stream data to be written. The destination can be a Kinesis data stream or a Kinesis Data Firehose delivery stream.
│    └[~] resource AWS::KinesisAnalyticsV2::ApplicationReferenceDataSource
│      ├  - documentation: Adds a reference data source to an existing SQL-based Managed Service for Apache Flink application.
│      │  Managed Service for Apache Flink reads reference data (that is, an Amazon S3 object) and creates an in-application table within your application. In the request, you provide the source (S3 bucket name and object key name), name of the in-application table to create, and the necessary mapping information that describes how data in an Amazon S3 object maps to columns in the resulting in-application table.
│      │  + documentation: Adds a reference data source to an existing SQL-based Kinesis Data Analytics application.
│      │  Kinesis Data Analytics reads reference data (that is, an Amazon S3 object) and creates an in-application table within your application. In the request, you provide the source (S3 bucket name and object key name), name of the in-application table to create, and the necessary mapping information that describes how data in an Amazon S3 object maps to columns in the resulting in-application table.
│      ├ properties
│      │  └ ReferenceDataSource: (documentation changed)
│      └ types
│         ├[~] type CSVMappingParameters
│         │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, provides additional mapping information when the record format uses delimiters, such as CSV. For example, the following sample records use CSV format, where the records use the *'\n'* as the row delimiter and a comma (",") as the column delimiter:
│         │    `"name1", "address1"`
│         │    `"name2", "address2"`
│         │    + documentation: For a SQL-based Kinesis Data Analytics application, provides additional mapping information when the record format uses delimiters, such as CSV. For example, the following sample records use CSV format, where the records use the *'\n'* as the row delimiter and a comma (",") as the column delimiter:
│         │    `"name1", "address1"`
│         │    `"name2", "address2"`
│         ├[~] type JSONMappingParameters
│         │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, provides additional mapping information when JSON is the record format on the streaming source.
│         │    + documentation: For a SQL-based Kinesis Data Analytics application, provides additional mapping information when JSON is the record format on the streaming source.
│         ├[~] type MappingParameters
│         │ └  - documentation: When you configure a SQL-based Managed Service for Apache Flink application's input at the time of creating or updating an application, provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source.
│         │    + documentation: When you configure a SQL-based Kinesis Data Analytics application's input at the time of creating or updating an application, provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source.
│         ├[~] type RecordColumn
│         │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream.
│         │    Also used to describe the format of the reference data source.
│         │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream.
│         │    Also used to describe the format of the reference data source.
│         ├[~] type RecordFormat
│         │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the record format and relevant mapping information that should be applied to schematize the records on the stream.
│         │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the record format and relevant mapping information that should be applied to schematize the records on the stream.
│         ├[~] type ReferenceDataSource
│         │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the reference data source by providing the source information (Amazon S3 bucket name and object key name), the resulting in-application table name that is created, and the necessary schema to map the data elements in the Amazon S3 object to the in-application table.
│         │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the reference data source by providing the source information (Amazon S3 bucket name and object key name), the resulting in-application table name that is created, and the necessary schema to map the data elements in the Amazon S3 object to the in-application table.
│         └[~] type ReferenceSchema
│           └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the format of the data in the streaming source, and how each data element maps to corresponding columns created in the in-application stream.
│              + documentation: For a SQL-based Kinesis Data Analytics application, describes the format of the data in the streaming source, and how each data element maps to corresponding columns created in the in-application stream.
├[~] service aws-pinpoint
│ └ resources
│    └[~] resource AWS::Pinpoint::EmailChannel
│      └ properties
│         └[+] OrchestrationSendingRoleArn: string
├[~] service aws-rds
│ └ resources
│    └[~] resource AWS::RDS::DBCluster
│      └ properties
│         └ EngineMode: (documentation changed)
├[~] service aws-resiliencehub
│ └ resources
│    └[~] resource AWS::ResilienceHub::ResiliencyPolicy
│      ├ properties
│      │  └ Policy: - Map<string, FailurePolicy> (required)
│      │            + PolicyMap ⇐ Map<string, FailurePolicy> (required)
│      └ types
│         └[+] type PolicyMap
│           ├  name: PolicyMap
│           └ properties
│              ├AZ: FailurePolicy (required)
│              ├Hardware: FailurePolicy (required)
│              ├Software: FailurePolicy (required)
│              └Region: FailurePolicy
├[~] service aws-securityhub
│ └ resources
│    ├[+] resource AWS::SecurityHub::DelegatedAdmin
│    │ ├  name: DelegatedAdmin
│    │ │  cloudFormationType: AWS::SecurityHub::DelegatedAdmin
│    │ │  documentation: The AWS::SecurityHub::DelegatedAdmin resource represents the AWS Security Hub delegated admin account in your organization. One delegated admin resource is allowed to create for the organization in each region in which you configure the AdminAccountId.
│    │ ├ properties
│    │ │  └AdminAccountId: string (required, immutable)
│    │ └ attributes
│    │    ├DelegatedAdminIdentifier: string
│    │    └Status: string
│    ├[+] resource AWS::SecurityHub::Insight
│    │ ├  name: Insight
│    │ │  cloudFormationType: AWS::SecurityHub::Insight
│    │ │  documentation: The AWS::SecurityHub::Insight resource represents the AWS Security Hub Insight in your account. An AWS Security Hub insight is a collection of related findings.
│    │ ├ properties
│    │ │  ├Name: string (required)
│    │ │  ├Filters: AwsSecurityFindingFilters (required)
│    │ │  └GroupByAttribute: string (required)
│    │ ├ attributes
│    │ │  └InsightArn: string
│    │ └ types
│    │    ├type AwsSecurityFindingFilters
│    │    │├  documentation: A collection of filters that are applied to all active findings aggregated by AWS Security Hub.
│    │    ││  name: AwsSecurityFindingFilters
│    │    │└ properties
│    │    │   ├ProductArn: Array<StringFilter>
│    │    │   ├AwsAccountId: Array<StringFilter>
│    │    │   ├AwsAccountName: Array<StringFilter>
│    │    │   ├Id: Array<StringFilter>
│    │    │   ├GeneratorId: Array<StringFilter>
│    │    │   ├Type: Array<StringFilter>
│    │    │   ├Region: Array<StringFilter>
│    │    │   ├SeverityLabel: Array<StringFilter>
│    │    │   ├Title: Array<StringFilter>
│    │    │   ├Description: Array<StringFilter>
│    │    │   ├RecommendationText: Array<StringFilter>
│    │    │   ├SourceUrl: Array<StringFilter>
│    │    │   ├ProductFields: Array<MapFilter>
│    │    │   ├ProductName: Array<StringFilter>
│    │    │   ├CompanyName: Array<StringFilter>
│    │    │   ├UserDefinedFields: Array<MapFilter>
│    │    │   ├MalwareName: Array<StringFilter>
│    │    │   ├MalwareType: Array<StringFilter>
│    │    │   ├MalwarePath: Array<StringFilter>
│    │    │   ├MalwareState: Array<StringFilter>
│    │    │   ├NetworkDirection: Array<StringFilter>
│    │    │   ├NetworkProtocol: Array<StringFilter>
│    │    │   ├NetworkSourceIpV4: Array<IpFilter>
│    │    │   ├NetworkSourceIpV6: Array<IpFilter>
│    │    │   ├NetworkSourceDomain: Array<StringFilter>
│    │    │   ├NetworkSourceMac: Array<StringFilter>
│    │    │   ├NetworkDestinationIpV4: Array<IpFilter>
│    │    │   ├NetworkDestinationIpV6: Array<IpFilter>
│    │    │   ├NetworkDestinationDomain: Array<StringFilter>
│    │    │   ├ProcessName: Array<StringFilter>
│    │    │   ├ProcessPath: Array<StringFilter>
│    │    │   ├ThreatIntelIndicatorType: Array<StringFilter>
│    │    │   ├ThreatIntelIndicatorValue: Array<StringFilter>
│    │    │   ├ThreatIntelIndicatorCategory: Array<StringFilter>
│    │    │   ├ThreatIntelIndicatorSource: Array<StringFilter>
│    │    │   ├ThreatIntelIndicatorSourceUrl: Array<StringFilter>
│    │    │   ├ResourceType: Array<StringFilter>
│    │    │   ├ResourceId: Array<StringFilter>
│    │    │   ├ResourcePartition: Array<StringFilter>
│    │    │   ├ResourceRegion: Array<StringFilter>
│    │    │   ├ResourceTags: Array<MapFilter>
│    │    │   ├ResourceAwsEc2InstanceType: Array<StringFilter>
│    │    │   ├ResourceAwsEc2InstanceImageId: Array<StringFilter>
│    │    │   ├ResourceAwsEc2InstanceIpV4Addresses: Array<IpFilter>
│    │    │   ├ResourceAwsEc2InstanceIpV6Addresses: Array<IpFilter>
│    │    │   ├ResourceAwsEc2InstanceKeyName: Array<StringFilter>
│    │    │   ├ResourceAwsEc2InstanceIamInstanceProfileArn: Array<StringFilter>
│    │    │   ├ResourceAwsEc2InstanceVpcId: Array<StringFilter>
│    │    │   ├ResourceAwsEc2InstanceSubnetId: Array<StringFilter>
│    │    │   ├ResourceAwsS3BucketOwnerId: Array<StringFilter>
│    │    │   ├ResourceAwsS3BucketOwnerName: Array<StringFilter>
│    │    │   ├ResourceAwsIamAccessKeyStatus: Array<StringFilter>
│    │    │   ├ResourceContainerName: Array<StringFilter>
│    │    │   ├ResourceContainerImageId: Array<StringFilter>
│    │    │   ├ResourceContainerImageName: Array<StringFilter>
│    │    │   ├ResourceDetailsOther: Array<MapFilter>
│    │    │   ├ComplianceStatus: Array<StringFilter>
│    │    │   ├VerificationState: Array<StringFilter>
│    │    │   ├WorkflowState: Array<StringFilter>
│    │    │   ├WorkflowStatus: Array<StringFilter>
│    │    │   ├RecordState: Array<StringFilter>
│    │    │   ├RelatedFindingsProductArn: Array<StringFilter>
│    │    │   ├RelatedFindingsId: Array<StringFilter>
│    │    │   ├ResourceApplicationArn: Array<StringFilter>
│    │    │   ├ResourceApplicationName: Array<StringFilter>
│    │    │   ├NoteText: Array<StringFilter>
│    │    │   ├NoteUpdatedBy: Array<StringFilter>
│    │    │   ├Sample: Array<BooleanFilter>
│    │    │   ├ComplianceAssociatedStandardsId: Array<StringFilter>
│    │    │   ├ComplianceSecurityControlId: Array<StringFilter>
│    │    │   ├ComplianceSecurityControlParametersName: Array<StringFilter>
│    │    │   ├ComplianceSecurityControlParametersValue: Array<StringFilter>
│    │    │   ├FindingProviderFieldsRelatedFindingsId: Array<StringFilter>
│    │    │   ├FindingProviderFieldsRelatedFindingsProductArn: Array<StringFilter>
│    │    │   ├FindingProviderFieldsSeverityLabel: Array<StringFilter>
│    │    │   ├FindingProviderFieldsSeverityOriginal: Array<StringFilter>
│    │    │   ├FindingProviderFieldsTypes: Array<StringFilter>
│    │    │   ├ResourceAwsIamAccessKeyPrincipalName: Array<StringFilter>
│    │    │   ├ResourceAwsIamUserUserName: Array<StringFilter>
│    │    │   ├VulnerabilitiesExploitAvailable: Array<StringFilter>
│    │    │   └VulnerabilitiesFixAvailable: Array<StringFilter>
│    │    ├type StringFilter
│    │    │├  documentation: A string filter for filtering AWS Security Hub findings.
│    │    ││  name: StringFilter
│    │    │└ properties
│    │    │   ├Comparison: string (required)
│    │    │   └Value: string (required)
│    │    ├type MapFilter
│    │    │├  documentation: A map filter for filtering AWS Security Hub findings.
│    │    ││  name: MapFilter
│    │    │└ properties
│    │    │   ├Comparison: string (required)
│    │    │   ├Key: string (required)
│    │    │   └Value: string (required)
│    │    ├type IpFilter
│    │    │├  documentation: The IP filter for querying findings.
│    │    ││  name: IpFilter
│    │    │└ properties
│    │    │   └Cidr: string
│    │    └type BooleanFilter
│    │     ├  documentation: Boolean filter for querying findings.
│    │     │  name: BooleanFilter
│    │     └ properties
│    │        └Value: boolean (required)
│    └[+] resource AWS::SecurityHub::ProductSubscription
│      ├  name: ProductSubscription
│      │  cloudFormationType: AWS::SecurityHub::ProductSubscription
│      │  documentation: The AWS::SecurityHub::ProductSubscription resource represents a subscription to a service that is allowed to generate findings for your Security Hub account. One product subscription resource is created for each product enabled.
│      ├ properties
│      │  └ProductArn: string (required, immutable)
│      └ attributes
│         └ProductSubscriptionArn: string
└[~] service aws-wafv2
  └ resources
     ├[~] resource AWS::WAFv2::RuleGroup
     │ └ types
     │    ├[~] type Body
     │    │ └ properties
     │    │    └ OversizeHandling: (documentation changed)
     │    ├[~] type FieldToMatch
     │    │ └ properties
     │    │    ├ Body: (documentation changed)
     │    │    └ JsonBody: (documentation changed)
     │    └[~] type JsonBody
     │      └ properties
     │         └ OversizeHandling: (documentation changed)
     └[~] resource AWS::WAFv2::WebACL
       ├ properties
       │  └ AssociationConfig: (documentation changed)
       └ types
          ├[~] type AssociationConfig
          │ ├  - documentation: Specifies custom configurations for the associations between the web ACL and protected resources.
          │ │  Use this to customize the maximum size of the request body that your protected resources forward to AWS WAF for inspection. You can customize this setting for CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resources. The default setting is 16 KB (16,384 bytes).
          │ │  > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . 
          │ │  For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
          │ │  + documentation: Specifies custom configurations for the associations between the web ACL and protected resources.
          │ │  Use this to customize the maximum size of the request body that your protected resources forward to AWS WAF for inspection. You can customize this setting for CloudFront. The default setting is 16 KB (16,384 bytes).
          │ │  > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . 
          │ │  For regional resources, the limit is fixed at 8 KB (8,192 bytes).
          │ └ properties
          │    └ RequestBody: (documentation changed)
          ├[~] type Body
          │ └ properties
          │    └ OversizeHandling: (documentation changed)
          ├[~] type FieldToMatch
          │ └ properties
          │    ├ Body: (documentation changed)
          │    └ JsonBody: (documentation changed)
          ├[~] type JsonBody
          │ └ properties
          │    └ OversizeHandling: (documentation changed)
          └[~] type RequestBodyAssociatedResourceTypeConfig
            └  - documentation: Customizes the maximum size of the request body that your protected CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access resources forward to AWS WAF for inspection. The default size is 16 KB (16,384 bytes). You can change the setting for any of the available resource types.
               > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . 
               Example JSON: `{ "API_GATEWAY": "KB_48", "APP_RUNNER_SERVICE": "KB_32" }`
               For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
               This is used in the `AssociationConfig` of the web ACL.
               + documentation: Customizes the maximum size of the request body that your protected CloudFront resources forward to AWS WAF for inspection. The default size is 16 KB (16,384 bytes).
               > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . 
               Example JSON: `{ "API_GATEWAY": "KB_48", "APP_RUNNER_SERVICE": "KB_32" }`
               For regional resources, the limit is fixed at 8 KB (8,192 bytes).
               This is used in the `AssociationConfig` of the web ACL.

Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
@aws-cdk-automation aws-cdk-automation added auto-approve contribution/core This is a PR that came from AWS. dependencies This issue is a problem in a dependency or a pull request that updates a dependency file. pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes pr-linter/exempt-integ-test The PR linter will not require integ test changes labels Mar 21, 2024
@aws-cdk-automation aws-cdk-automation requested a review from a team March 21, 2024 14:59
@github-actions github-actions bot added the p2 label Mar 21, 2024
@aws-cdk-automation aws-cdk-automation requested a review from a team March 21, 2024 14:59
@aws-cdk-automation
Copy link
Collaborator Author

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 423f731
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

Copy link
Contributor

mergify bot commented Mar 21, 2024

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit c9fb4f7 into main Mar 21, 2024
38 checks passed
@mergify mergify bot deleted the automation/spec-update branch March 21, 2024 15:27
jun1-t pushed a commit to jun1-t/aws-cdk that referenced this pull request Mar 23, 2024
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`

**L1 CloudFormation resource definition changes:**
```
├[~] service aws-appconfig
│ └ resources
│    ├[~] resource AWS::AppConfig::ConfigurationProfile
│    │ └ types
│    │    └[~] type Validators
│    │      └  - documentation: A validator provides a syntactic or semantic check to ensure the configuration that you want to deploy functions as intended. To validate your application configuration data, you provide a schema or an AWS Lambda function that runs against the configuration. The configuration deployment or update can only proceed when the configuration data is valid.
│    │         + documentation: A validator provides a syntactic or semantic check to ensure the configuration that you want to deploy functions as intended. To validate your application configuration data, you provide a schema or an AWS Lambda function that runs against the configuration. The configuration deployment or update can only proceed when the configuration data is valid. For more information, see [About validators](https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-creating-configuration-profile.html#appconfig-creating-configuration-and-profile-validators) in the *AWS AppConfig User Guide* .
│    └[~] resource AWS::AppConfig::Deployment
│      └ properties
│         └ DynamicExtensionParameters: (documentation changed)
├[~] service aws-appintegrations
│ └ resources
│    └[+] resource AWS::AppIntegrations::Application
│      ├  name: Application
│      │  cloudFormationType: AWS::AppIntegrations::Application
│      │  documentation: Resource Type definition for AWS:AppIntegrations::Application
│      │  tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│      ├ properties
│      │  ├Name: string (required)
│      │  ├Namespace: string
│      │  ├Description: string (required)
│      │  ├ApplicationSourceConfig: ApplicationSourceConfig (required)
│      │  └Tags: Array<tag>
│      ├ attributes
│      │  ├ApplicationArn: string
│      │  └Id: string
│      └ types
│         ├type ApplicationSourceConfig
│         │├  documentation: Application source config
│         ││  name: ApplicationSourceConfig
│         │└ properties
│         │   └ExternalUrlConfig: ExternalUrlConfig (required)
│         └type ExternalUrlConfig
│          ├  name: ExternalUrlConfig
│          └ properties
│             ├AccessUrl: string (required)
│             └ApprovedOrigins: Array<string> (required)
├[~] service aws-autoscaling
│ └ resources
│    └[~] resource AWS::AutoScaling::AutoScalingGroup
│      └ properties
│         └ NotificationConfiguration: (documentation changed)
├[~] service aws-backup
│ └ resources
│    ├[~] resource AWS::Backup::BackupPlan
│    │ └ types
│    │    └[~] type LifecycleResourceType
│    │      └ properties
│    │         └ OptInToArchiveForSupportedResources: (documentation changed)
│    ├[~] resource AWS::Backup::RestoreTestingPlan
│    │ └ properties
│    │    └ RestoreTestingPlanName: (documentation changed)
│    └[~] resource AWS::Backup::RestoreTestingSelection
│      └ properties
│         └ RestoreTestingPlanName: (documentation changed)
├[~] service aws-batch
│ └ resources
│    └[~] resource AWS::Batch::JobQueue
│      ├ properties
│      │  └ JobStateTimeLimitActions: (documentation changed)
│      └ types
│         └[~] type JobStateTimeLimitAction
│           ├  - documentation: undefined
│           │  + documentation: Specifies an action that AWS Batch will take after the job has remained at the head of the queue in the specified state for longer than the specified time.
│           └ properties
│              ├ Action: (documentation changed)
│              ├ MaxTimeSeconds: (documentation changed)
│              ├ Reason: (documentation changed)
│              └ State: (documentation changed)
├[~] service aws-cloudformation
│ └ resources
│    └[~] resource AWS::CloudFormation::TypeActivation
│      └  - documentation: Activates a public third-party extension, making it available for use in stack templates. For more information, see [Using public extensions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html) in the *AWS CloudFormation User Guide* .
│         Once you have activated a public third-party extension in your account and Region, use [`SetTypeConfiguration`](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) to specify configuration properties for the extension. For more information, see [Configuring extensions at the account level](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) in the *CloudFormation User Guide* .
│         + documentation: Activates a public third-party extension, making it available for use in stack templates. For more information, see [Using public extensions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html) in the *AWS CloudFormation User Guide* .
│         Once you have activated a public third-party extension in your account and Region, use [SetTypeConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) to specify configuration properties for the extension. For more information, see [Configuring extensions at the account level](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-private.html#registry-set-configuration) in the *CloudFormation User Guide* .
├[~] service aws-codeartifact
│ └ resources
│    └[+] resource AWS::CodeArtifact::PackageGroup
│      ├  name: PackageGroup
│      │  cloudFormationType: AWS::CodeArtifact::PackageGroup
│      │  documentation: The resource schema to create a CodeArtifact package group.
│      │  tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│      ├ properties
│      │  ├DomainName: string (required, immutable)
│      │  ├DomainOwner: string
│      │  ├Pattern: string (required, immutable)
│      │  ├ContactInfo: string
│      │  ├Description: string
│      │  ├OriginConfiguration: OriginConfiguration
│      │  └Tags: Array<tag>
│      ├ attributes
│      │  └Arn: string
│      └ types
│         ├type OriginConfiguration
│         │├  name: OriginConfiguration
│         │└ properties
│         │   └Restrictions: Restrictions (required)
│         ├type Restrictions
│         │├  name: Restrictions
│         │└ properties
│         │   ├Publish: RestrictionType
│         │   ├ExternalUpstream: RestrictionType
│         │   └InternalUpstream: RestrictionType
│         └type RestrictionType
│          ├  name: RestrictionType
│          └ properties
│             ├RestrictionMode: string (required)
│             └Repositories: Array<string>
├[~] service aws-codebuild
│ └ resources
│    └[~] resource AWS::CodeBuild::Project
│      └ types
│         └[~] type WebhookFilter
│           └ properties
│              └ Type: (documentation changed)
├[~] service aws-codepipeline
│ └ resources
│    └[~] resource AWS::CodePipeline::Pipeline
│      └ types
│         └[~] type ActionDeclaration
│           ├  - documentation: Represents information about an action declaration.
│           │  > Documentation for the `timeoutInMinutes` parameter in the `ActionDeclaration` is not yet available for CloudFormation and CDK resources in CodePipeline. For more information about the configurable timeout for manual approval actions, see the [ActionDeclaration](https://docs.aws.amazon.com/codepipeline/latest/APIReference/API_ActionDeclaration.html) in the CodePipeline API Reference.
│           │  + documentation: Represents information about an action declaration.
│           └ properties
│              └ TimeoutInMinutes: (documentation changed)
├[~] service aws-connect
│ └ resources
│    └[~] resource AWS::Connect::SecurityProfile
│      ├ properties
│      │  ├[+] AllowedAccessControlHierarchyGroupId: string
│      │  ├[+] Applications: Array<Application>
│      │  └[+] HierarchyRestrictedResources: Array<string>
│      ├ attributes
│      │  ├[+] LastModifiedRegion: string
│      │  └[+] LastModifiedTime: number
│      └ types
│         └[+] type Application
│           ├  documentation: A third-party application's metadata.
│           │  name: Application
│           └ properties
│              ├ApplicationPermissions: Array<string> (required)
│              └Namespace: string (required)
├[~] service aws-datasync
│ └ resources
│    └[~] resource AWS::DataSync::Task
│      ├ properties
│      │  └[+] ManifestConfig: ManifestConfig
│      └ types
│         ├[~] type Destination
│         │ └ properties
│         │    └ S3: - S3
│         │          + TaskReportConfigDestinationS3 ⇐ S3
│         ├[+] type ManifestConfig
│         │ ├  documentation: Configures a manifest, which is a list of files or objects that you want AWS DataSync to transfer. For more information and configuration examples, see [Specifying what DataSync transfers by using a manifest](https://docs.aws.amazon.com/datasync/latest/userguide/transferring-with-manifest.html) .
│         │ │  name: ManifestConfig
│         │ └ properties
│         │    ├Action: string
│         │    ├Format: string
│         │    └Source: Source (required)
│         ├[+] type ManifestConfigSourceS3
│         │ ├  documentation: Specifies the S3 bucket where you're hosting the manifest that you want AWS DataSync to use. For more information and configuration examples, see [Specifying what DataSync transfers by using a manifest](https://docs.aws.amazon.com/datasync/latest/userguide/transferring-with-manifest.html) .
│         │ │  name: ManifestConfigSourceS3
│         │ └ properties
│         │    ├ManifestObjectPath: string
│         │    ├BucketAccessRoleArn: string
│         │    ├S3BucketArn: string
│         │    └ManifestObjectVersionId: string
│         ├[~] type S3
│         │ ├  - documentation: Specifies the Amazon S3 bucket where DataSync uploads your [task report](https://docs.aws.amazon.com/datasync/latest/userguide/task-reports.html) .
│         │ │  + documentation: undefined
│         │ └ properties
│         │    ├ BucketAccessRoleArn: (documentation changed)
│         │    ├ S3BucketArn: (documentation changed)
│         │    └ Subdirectory: (documentation changed)
│         ├[+] type Source
│         │ ├  documentation: Specifies the manifest that you want AWS DataSync to use and where it's hosted. For more information and configuration examples, see [Specifying what DataSync transfers by using a manifest](https://docs.aws.amazon.com/datasync/latest/userguide/transferring-with-manifest.html) .
│         │ │  name: Source
│         │ └ properties
│         │    └S3: ManifestConfigSourceS3
│         └[+] type TaskReportConfigDestinationS3
│           ├  documentation: Specifies the Amazon S3 bucket where DataSync uploads your [task report](https://docs.aws.amazon.com/datasync/latest/userguide/task-reports.html) .
│           │  name: TaskReportConfigDestinationS3
│           └ properties
│              ├Subdirectory: string
│              ├BucketAccessRoleArn: string
│              └S3BucketArn: string
├[~] service aws-dms
│ └ resources
│    └[~] resource AWS::DMS::DataProvider
│      └ types
│         └[~] type PostgreSqlSettings
│           ├  - documentation: Provides information that defines a PostgreSQL endpoint.
│           │  + documentation: undefined
│           └ properties
│              ├ DatabaseName: (documentation changed)
│              ├ Port: (documentation changed)
│              └ ServerName: (documentation changed)
├[~] service aws-dynamodb
│ └ resources
│    ├[~] resource AWS::DynamoDB::GlobalTable
│    │ └ types
│    │    ├[~] type ReplicaSpecification
│    │    │ └ properties
│    │    │    ├[+] ReplicaStreamSpecification: ReplicaStreamSpecification
│    │    │    └[+] ResourcePolicy: ResourcePolicy
│    │    ├[+] type ReplicaStreamSpecification
│    │    │ ├  documentation: Represents the DynamoDB Streams configuration for a global table replica.
│    │    │ │  name: ReplicaStreamSpecification
│    │    │ └ properties
│    │    │    └ResourcePolicy: ResourcePolicy (required)
│    │    └[+] type ResourcePolicy
│    │      ├  documentation: Creates or updates a resource-based policy document that contains the permissions for DynamoDB resources, such as a table, its indexes, and stream. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource.
│    │      │  In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see [Using resource-based policies for DynamoDB](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html) and [Resource-based policy examples](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html) .
│    │      │  While defining resource-based policies in your CloudFormation templates, the following considerations apply:
│    │      │  - The maximum size supported for a resource-based policy document in JSON format is 20 KB. DynamoDB counts whitespaces when calculating the size of a policy against this limit.
│    │      │  - Resource-based policies don't support [drift detection](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html#) . If you update a policy outside of the CloudFormation stack template, you'll need to update the CloudFormation stack with the changes.
│    │      │  - Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CloudFormation template, the change won't be overwritten if there are no changes to the policy within the template.
│    │      │  For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DynamoDB won’t be synced with the policy in the template.
│    │      │  Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DynamoDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DynamoDB will be updated to match the one defined in the template.
│    │      │  - Within a resource-based policy, if the action for a DynamoDB service-linked role (SLR) to replicate data for a global table is denied, adding or deleting a replica will fail with an error.
│    │      │  - The [AWS ::DynamoDB::GlobalTable](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-globaltable.html) resource doesn't support creating a replica in the same stack update in Regions other than the Region where you deploy the stack update.
│    │      │  For a full list of all considerations, see [Resource-based policy considerations](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-considerations.html) .
│    │      │  name: ResourcePolicy
│    │      └ properties
│    │         └PolicyDocument: json (required)
│    └[~] resource AWS::DynamoDB::Table
│      ├ properties
│      │  └[+] ResourcePolicy: ResourcePolicy
│      └ types
│         ├[+] type ResourcePolicy
│         │ ├  documentation: Creates or updates a resource-based policy document that contains the permissions for DynamoDB resources, such as a table, its indexes, and stream. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource.
│         │ │  In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see [Using resource-based policies for DynamoDB](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html) and [Resource-based policy examples](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html) .
│         │ │  While defining resource-based policies in your CloudFormation templates, the following considerations apply:
│         │ │  - The maximum size supported for a resource-based policy document in JSON format is 20 KB. DynamoDB counts whitespaces when calculating the size of a policy against this limit.
│         │ │  - Resource-based policies don't support [drift detection](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html#) . If you update a policy outside of the CloudFormation stack template, you'll need to update the CloudFormation stack with the changes.
│         │ │  - Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CloudFormation template, the change won't be overwritten if there are no changes to the policy within the template.
│         │ │  For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DynamoDB won’t be synced with the policy in the template.
│         │ │  Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DynamoDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DynamoDB will be updated to match the one defined in the template.
│         │ │  For a full list of all considerations, see [Resource-based policy considerations](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-considerations.html) .
│         │ │  name: ResourcePolicy
│         │ └ properties
│         │    └PolicyDocument: json (required)
│         └[~] type StreamSpecification
│           └ properties
│              └[+] ResourcePolicy: ResourcePolicy
├[~] service aws-ec2
│ └ resources
│    ├[~] resource AWS::EC2::FlowLog
│    │ └ properties
│    │    └ DestinationOptions: (documentation changed)
│    ├[~] resource AWS::EC2::Instance
│    │ └ attributes
│    │    ├ AvailabilityZone: (documentation changed)
│    │    ├ InstanceId: (documentation changed)
│    │    └ VpcId: (documentation changed)
│    └[~] resource AWS::EC2::NetworkInterface
│      ├ properties
│      │  ├ GroupSet: (documentation changed)
│      │  ├ Ipv6AddressCount: (documentation changed)
│      │  ├ Ipv6Addresses: (documentation changed)
│      │  ├ PrivateIpAddress: (documentation changed)
│      │  ├ PrivateIpAddresses: (documentation changed)
│      │  └ Tags: (documentation changed)
│      └ attributes
│         ├ PrimaryIpv6Address: (documentation changed)
│         └[+] VpcId: string
├[~] service aws-eks
│ └ resources
│    └[~] resource AWS::EKS::Nodegroup
│      ├  - documentation: Creates a managed node group for an Amazon EKS cluster.
│      │  You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template. For more information about using launch templates, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) .
│      │  An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by AWS for an Amazon EKS cluster. For more information, see [Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) in the *Amazon EKS User Guide* .
│      │  > Windows AMI types are only supported for commercial AWS Regions that support Windows on Amazon EKS.
│      │  + documentation: Creates a managed node group for an Amazon EKS cluster.
│      │  You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template. For more information about using launch templates, see [Customizing managed nodes with launch templates](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) .
│      │  An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by AWS for an Amazon EKS cluster. For more information, see [Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) in the *Amazon EKS User Guide* .
│      │  > Windows AMI types are only supported for commercial AWS Regions that support Windows on Amazon EKS.
│      ├ properties
│      │  ├ AmiType: (documentation changed)
│      │  ├ DiskSize: (documentation changed)
│      │  ├ InstanceTypes: (documentation changed)
│      │  ├ LaunchTemplate: (documentation changed)
│      │  ├ NodeRole: (documentation changed)
│      │  ├ RemoteAccess: (documentation changed)
│      │  └ Subnets: (documentation changed)
│      └ types
│         └[~] type LaunchTemplateSpecification
│           └  - documentation: An object representing a node group launch template specification. The launch template can't include [`SubnetId`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html) , [`IamInstanceProfile`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html) , [`RequestSpotInstances`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotInstances.html) , [`HibernationOptions`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_HibernationOptionsRequest.html) , or [`TerminateInstances`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TerminateInstances.html) , or the node group deployment or update will fail. For more information about launch templates, see [`CreateLaunchTemplate`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html) in the Amazon EC2 API Reference. For more information about using launch templates with Amazon EKS, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* .
│              You must specify either the launch template ID or the launch template name in the request, but not both.
│              + documentation: An object representing a node group launch template specification. The launch template can't include [`SubnetId`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html) , [`IamInstanceProfile`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html) , [`RequestSpotInstances`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotInstances.html) , [`HibernationOptions`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_HibernationOptionsRequest.html) , or [`TerminateInstances`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TerminateInstances.html) , or the node group deployment or update will fail. For more information about launch templates, see [`CreateLaunchTemplate`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html) in the Amazon EC2 API Reference. For more information about using launch templates with Amazon EKS, see [Customizing managed nodes with launch templates](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* .
│              You must specify either the launch template ID or the launch template name in the request, but not both.
├[~] service aws-elasticache
│ └ resources
│    └[~] resource AWS::ElastiCache::ParameterGroup
│      └ attributes
│         └[+] CacheParameterGroupName: string
├[~] service aws-elasticloadbalancingv2
│ └ resources
│    └[~] resource AWS::ElasticLoadBalancingV2::LoadBalancer
│      └ types
│         └[~] type LoadBalancerAttribute
│           └ properties
│              └ Key: (documentation changed)
├[~] service aws-fis
│ └ resources
│    └[~] resource AWS::FIS::ExperimentTemplate
│      └ types
│         └[~] type ExperimentTemplateExperimentOptions
│           └ properties
│              └ AccountTargeting: - string
│                                  + string (immutable)
├[~] service aws-kafkaconnect
│ └ resources
│    ├[~] resource AWS::KafkaConnect::Connector
│    │ ├  - tagInformation: undefined
│    │ │  + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │ └ properties
│    │    └[+] Tags: Array<tag>
│    ├[+] resource AWS::KafkaConnect::CustomPlugin
│    │ ├  name: CustomPlugin
│    │ │  cloudFormationType: AWS::KafkaConnect::CustomPlugin
│    │ │  documentation: An example resource schema demonstrating some basic constructs and validation rules.
│    │ │  tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │ ├ properties
│    │ │  ├Name: string (required, immutable)
│    │ │  ├Description: string (immutable)
│    │ │  ├ContentType: string (required, immutable)
│    │ │  ├Location: CustomPluginLocation (required, immutable)
│    │ │  └Tags: Array<tag>
│    │ ├ attributes
│    │ │  ├CustomPluginArn: string
│    │ │  ├Revision: integer
│    │ │  └FileDescription: CustomPluginFileDescription
│    │ └ types
│    │    ├type CustomPluginFileDescription
│    │    │├  documentation: Details about the custom plugin file.
│    │    ││  name: CustomPluginFileDescription
│    │    │└ properties
│    │    │   ├FileMd5: string
│    │    │   └FileSize: integer
│    │    ├type CustomPluginLocation
│    │    │├  documentation: Information about the location of a custom plugin.
│    │    ││  name: CustomPluginLocation
│    │    │└ properties
│    │    │   └S3Location: S3Location (required)
│    │    └type S3Location
│    │     ├  documentation: The S3 bucket Amazon Resource Name (ARN), file key, and object version of the plugin file stored in Amazon S3.
│    │     │  name: S3Location
│    │     └ properties
│    │        ├BucketArn: string (required)
│    │        ├FileKey: string (required)
│    │        └ObjectVersion: string
│    └[+] resource AWS::KafkaConnect::WorkerConfiguration
│      ├  name: WorkerConfiguration
│      │  cloudFormationType: AWS::KafkaConnect::WorkerConfiguration
│      │  documentation: The configuration of the workers, which are the processes that run the connector logic.
│      │  tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│      ├ properties
│      │  ├Name: string (required, immutable)
│      │  ├Description: string (immutable)
│      │  ├PropertiesFileContent: string (required, immutable)
│      │  └Tags: Array<tag>
│      └ attributes
│         ├WorkerConfigurationArn: string
│         └Revision: integer
├[~] service aws-kendra
│ └ resources
│    ├[~] resource AWS::Kendra::DataSource
│    │ └ types
│    │    └[~] type S3DataSourceConfiguration
│    │      └ properties
│    │         ├ ExclusionPatterns: (documentation changed)
│    │         └ InclusionPatterns: (documentation changed)
│    ├[~] resource AWS::Kendra::Faq
│    │ └ properties
│    │    └ LanguageCode: (documentation changed)
│    └[~] resource AWS::Kendra::Index
│      └ types
│         └[~] type Relevance
│           └ properties
│              ├ Freshness: (documentation changed)
│              └ RankOrder: (documentation changed)
├[~] service aws-kinesisanalyticsv2
│ └ resources
│    ├[~] resource AWS::KinesisAnalyticsV2::Application
│    │ └ types
│    │    ├[~] type ApplicationConfiguration
│    │    │ └ properties
│    │    │    └ SqlApplicationConfiguration: (documentation changed)
│    │    ├[~] type CSVMappingParameters
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, provides additional mapping information when the record format uses delimiters, such as CSV. For example, the following sample records use CSV format, where the records use the *'\n'* as the row delimiter and a comma (",") as the column delimiter:
│    │    │    `"name1", "address1"`
│    │    │    `"name2", "address2"`
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, provides additional mapping information when the record format uses delimiters, such as CSV. For example, the following sample records use CSV format, where the records use the *'\n'* as the row delimiter and a comma (",") as the column delimiter:
│    │    │    `"name1", "address1"`
│    │    │    `"name2", "address2"`
│    │    ├[~] type Input
│    │    │ ├  - documentation: When you configure the application input for a SQL-based Managed Service for Apache Flink application, you specify the streaming source, the in-application stream name that is created, and the mapping between the two.
│    │    │ │  + documentation: When you configure the application input for a SQL-based Kinesis Data Analytics application, you specify the streaming source, the in-application stream name that is created, and the mapping between the two.
│    │    │ └ properties
│    │    │    └ NamePrefix: (documentation changed)
│    │    ├[~] type InputLambdaProcessor
│    │    │ └  - documentation: An object that contains the Amazon Resource Name (ARN) of the Amazon Lambda function that is used to preprocess records in the stream in a SQL-based Managed Service for Apache Flink application.
│    │    │    + documentation: An object that contains the Amazon Resource Name (ARN) of the Amazon Lambda function that is used to preprocess records in the stream in a SQL-based Kinesis Data Analytics application.
│    │    ├[~] type InputParallelism
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the number of in-application streams to create for a given streaming source.
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the number of in-application streams to create for a given streaming source.
│    │    ├[~] type InputSchema
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the format of the data in the streaming source, and how each data element maps to corresponding columns created in the in-application stream.
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the format of the data in the streaming source, and how each data element maps to corresponding columns created in the in-application stream.
│    │    ├[~] type JSONMappingParameters
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, provides additional mapping information when JSON is the record format on the streaming source.
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, provides additional mapping information when JSON is the record format on the streaming source.
│    │    ├[~] type KinesisFirehoseInput
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, identifies a Kinesis Data Firehose delivery stream as the streaming source. You provide the delivery stream's Amazon Resource Name (ARN).
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, identifies a Kinesis Data Firehose delivery stream as the streaming source. You provide the delivery stream's Amazon Resource Name (ARN).
│    │    ├[~] type MappingParameters
│    │    │ └  - documentation: When you configure a SQL-based Managed Service for Apache Flink application's input at the time of creating or updating an application, provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source.
│    │    │    + documentation: When you configure a SQL-based Kinesis Data Analytics application's input at the time of creating or updating an application, provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source.
│    │    ├[~] type RecordColumn
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream.
│    │    │    Also used to describe the format of the reference data source.
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream.
│    │    │    Also used to describe the format of the reference data source.
│    │    ├[~] type RecordFormat
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the record format and relevant mapping information that should be applied to schematize the records on the stream.
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the record format and relevant mapping information that should be applied to schematize the records on the stream.
│    │    └[~] type SqlApplicationConfiguration
│    │      └  - documentation: Describes the inputs, outputs, and reference data sources for a SQL-based Managed Service for Apache Flink application.
│    │         + documentation: Describes the inputs, outputs, and reference data sources for a SQL-based Kinesis Data Analytics application.
│    ├[~] resource AWS::KinesisAnalyticsV2::ApplicationOutput
│    │ ├ properties
│    │ │  └ Output: (documentation changed)
│    │ └ types
│    │    ├[~] type DestinationSchema
│    │    │ └  - documentation: Describes the data format when records are written to the destination in a SQL-based Managed Service for Apache Flink application.
│    │    │    + documentation: Describes the data format when records are written to the destination in a SQL-based Kinesis Data Analytics application.
│    │    ├[~] type KinesisFirehoseOutput
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, when configuring application output, identifies a Kinesis Data Firehose delivery stream as the destination. You provide the stream Amazon Resource Name (ARN) of the delivery stream.
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, when configuring application output, identifies a Kinesis Data Firehose delivery stream as the destination. You provide the stream Amazon Resource Name (ARN) of the delivery stream.
│    │    ├[~] type KinesisStreamsOutput
│    │    │ └  - documentation: When you configure a SQL-based Managed Service for Apache Flink application's output, identifies a Kinesis data stream as the destination. You provide the stream Amazon Resource Name (ARN).
│    │    │    + documentation: When you configure a SQL-based Kinesis Data Analytics application's output, identifies a Kinesis data stream as the destination. You provide the stream Amazon Resource Name (ARN).
│    │    ├[~] type LambdaOutput
│    │    │ └  - documentation: When you configure a SQL-based Managed Service for Apache Flink application's output, identifies an Amazon Lambda function as the destination. You provide the function Amazon Resource Name (ARN) of the Lambda function.
│    │    │    + documentation: When you configure a SQL-based Kinesis Data Analytics application's output, identifies an Amazon Lambda function as the destination. You provide the function Amazon Resource Name (ARN) of the Lambda function.
│    │    └[~] type Output
│    │      └  - documentation: Describes a SQL-based Managed Service for Apache Flink application's output configuration, in which you identify an in-application stream and a destination where you want the in-application stream data to be written. The destination can be a Kinesis data stream or a Kinesis Data Firehose delivery stream.
│    │         + documentation: Describes a SQL-based Kinesis Data Analytics application's output configuration, in which you identify an in-application stream and a destination where you want the in-application stream data to be written. The destination can be a Kinesis data stream or a Kinesis Data Firehose delivery stream.
│    └[~] resource AWS::KinesisAnalyticsV2::ApplicationReferenceDataSource
│      ├  - documentation: Adds a reference data source to an existing SQL-based Managed Service for Apache Flink application.
│      │  Managed Service for Apache Flink reads reference data (that is, an Amazon S3 object) and creates an in-application table within your application. In the request, you provide the source (S3 bucket name and object key name), name of the in-application table to create, and the necessary mapping information that describes how data in an Amazon S3 object maps to columns in the resulting in-application table.
│      │  + documentation: Adds a reference data source to an existing SQL-based Kinesis Data Analytics application.
│      │  Kinesis Data Analytics reads reference data (that is, an Amazon S3 object) and creates an in-application table within your application. In the request, you provide the source (S3 bucket name and object key name), name of the in-application table to create, and the necessary mapping information that describes how data in an Amazon S3 object maps to columns in the resulting in-application table.
│      ├ properties
│      │  └ ReferenceDataSource: (documentation changed)
│      └ types
│         ├[~] type CSVMappingParameters
│         │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, provides additional mapping information when the record format uses delimiters, such as CSV. For example, the following sample records use CSV format, where the records use the *'\n'* as the row delimiter and a comma (",") as the column delimiter:
│         │    `"name1", "address1"`
│         │    `"name2", "address2"`
│         │    + documentation: For a SQL-based Kinesis Data Analytics application, provides additional mapping information when the record format uses delimiters, such as CSV. For example, the following sample records use CSV format, where the records use the *'\n'* as the row delimiter and a comma (",") as the column delimiter:
│         │    `"name1", "address1"`
│         │    `"name2", "address2"`
│         ├[~] type JSONMappingParameters
│         │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, provides additional mapping information when JSON is the record format on the streaming source.
│         │    + documentation: For a SQL-based Kinesis Data Analytics application, provides additional mapping information when JSON is the record format on the streaming source.
│         ├[~] type MappingParameters
│         │ └  - documentation: When you configure a SQL-based Managed Service for Apache Flink application's input at the time of creating or updating an application, provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source.
│         │    + documentation: When you configure a SQL-based Kinesis Data Analytics application's input at the time of creating or updating an application, provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source.
│         ├[~] type RecordColumn
│         │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream.
│         │    Also used to describe the format of the reference data source.
│         │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream.
│         │    Also used to describe the format of the reference data source.
│         ├[~] type RecordFormat
│         │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the record format and relevant mapping information that should be applied to schematize the records on the stream.
│         │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the record format and relevant mapping information that should be applied to schematize the records on the stream.
│         ├[~] type ReferenceDataSource
│         │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the reference data source by providing the source information (Amazon S3 bucket name and object key name), the resulting in-application table name that is created, and the necessary schema to map the data elements in the Amazon S3 object to the in-application table.
│         │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the reference data source by providing the source information (Amazon S3 bucket name and object key name), the resulting in-application table name that is created, and the necessary schema to map the data elements in the Amazon S3 object to the in-application table.
│         └[~] type ReferenceSchema
│           └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the format of the data in the streaming source, and how each data element maps to corresponding columns created in the in-application stream.
│              + documentation: For a SQL-based Kinesis Data Analytics application, describes the format of the data in the streaming source, and how each data element maps to corresponding columns created in the in-application stream.
├[~] service aws-pinpoint
│ └ resources
│    └[~] resource AWS::Pinpoint::EmailChannel
│      └ properties
│         └[+] OrchestrationSendingRoleArn: string
├[~] service aws-rds
│ └ resources
│    └[~] resource AWS::RDS::DBCluster
│      └ properties
│         └ EngineMode: (documentation changed)
├[~] service aws-resiliencehub
│ └ resources
│    └[~] resource AWS::ResilienceHub::ResiliencyPolicy
│      ├ properties
│      │  └ Policy: - Map<string, FailurePolicy> (required)
│      │            + PolicyMap ⇐ Map<string, FailurePolicy> (required)
│      └ types
│         └[+] type PolicyMap
│           ├  name: PolicyMap
│           └ properties
│              ├AZ: FailurePolicy (required)
│              ├Hardware: FailurePolicy (required)
│              ├Software: FailurePolicy (required)
│              └Region: FailurePolicy
├[~] service aws-securityhub
│ └ resources
│    ├[+] resource AWS::SecurityHub::DelegatedAdmin
│    │ ├  name: DelegatedAdmin
│    │ │  cloudFormationType: AWS::SecurityHub::DelegatedAdmin
│    │ │  documentation: The AWS::SecurityHub::DelegatedAdmin resource represents the AWS Security Hub delegated admin account in your organization. One delegated admin resource is allowed to create for the organization in each region in which you configure the AdminAccountId.
│    │ ├ properties
│    │ │  └AdminAccountId: string (required, immutable)
│    │ └ attributes
│    │    ├DelegatedAdminIdentifier: string
│    │    └Status: string
│    ├[+] resource AWS::SecurityHub::Insight
│    │ ├  name: Insight
│    │ │  cloudFormationType: AWS::SecurityHub::Insight
│    │ │  documentation: The AWS::SecurityHub::Insight resource represents the AWS Security Hub Insight in your account. An AWS Security Hub insight is a collection of related findings.
│    │ ├ properties
│    │ │  ├Name: string (required)
│    │ │  ├Filters: AwsSecurityFindingFilters (required)
│    │ │  └GroupByAttribute: string (required)
│    │ ├ attributes
│    │ │  └InsightArn: string
│    │ └ types
│    │    ├type AwsSecurityFindingFilters
│    │    │├  documentation: A collection of filters that are applied to all active findings aggregated by AWS Security Hub.
│    │    ││  name: AwsSecurityFindingFilters
│    │    │└ properties
│    │    │   ├ProductArn: Array<StringFilter>
│    │    │   ├AwsAccountId: Array<StringFilter>
│    │    │   ├AwsAccountName: Array<StringFilter>
│    │    │   ├Id: Array<StringFilter>
│    │    │   ├GeneratorId: Array<StringFilter>
│    │    │   ├Type: Array<StringFilter>
│    │    │   ├Region: Array<StringFilter>
│    │    │   ├SeverityLabel: Array<StringFilter>
│    │    │   ├Title: Array<StringFilter>
│    │    │   ├Description: Array<StringFilter>
│    │    │   ├RecommendationText: Array<StringFilter>
│    │    │   ├SourceUrl: Array<StringFilter>
│    │    │   ├ProductFields: Array<MapFilter>
│    │    │   ├ProductName: Array<StringFilter>
│    │    │   ├CompanyName: Array<StringFilter>
│    │    │   ├UserDefinedFields: Array<MapFilter>
│    │    │   ├MalwareName: Array<StringFilter>
│    │    │   ├MalwareType: Array<StringFilter>
│    │    │   ├MalwarePath: Array<StringFilter>
│    │    │   ├MalwareState: Array<StringFilter>
│    │    │   ├NetworkDirection: Array<StringFilter>
│    │    │   ├NetworkProtocol: Array<StringFilter>
│    │    │   ├NetworkSourceIpV4: Array<IpFilter>
│    │    │   ├NetworkSourceIpV6: Array<IpFilter>
│    │    │   ├NetworkSourceDomain: Array<StringFilter>
│    │    │   ├NetworkSourceMac: Array<StringFilter>
│    │    │   ├NetworkDestinationIpV4: Array<IpFilter>
│    │    │   ├NetworkDestinationIpV6: Array<IpFilter>
│    │    │   ├NetworkDestinationDomain: Array<StringFilter>
│    │    │   ├ProcessName: Array<StringFilter>
│    │    │   ├ProcessPath: Array<StringFilter>
│    │    │   ├ThreatIntelIndicatorType: Array<StringFilter>
│    │    │   ├ThreatIntelIndicatorValue: Array<StringFilter>
│    │    │   ├ThreatIntelIndicatorCategory: Array<StringFilter>
│    │    │   ├ThreatIntelIndicatorSource: Array<StringFilter>
│    │    │   ├ThreatIntelIndicatorSourceUrl: Array<StringFilter>
│    │    │   ├ResourceType: Array<StringFilter>
│    │    │   ├ResourceId: Array<StringFilter>
│    │    │   ├ResourcePartition: Array<StringFilter>
│    │    │   ├ResourceRegion: Array<StringFilter>
│    │    │   ├ResourceTags: Array<MapFilter>
│    │    │   ├ResourceAwsEc2InstanceType: Array<StringFilter>
│    │    │   ├ResourceAwsEc2InstanceImageId: Array<StringFilter>
│    │    │   ├ResourceAwsEc2InstanceIpV4Addresses: Array<IpFilter>
│    │    │   ├ResourceAwsEc2InstanceIpV6Addresses: Array<IpFilter>
│    │    │   ├ResourceAwsEc2InstanceKeyName: Array<StringFilter>
│    │    │   ├ResourceAwsEc2InstanceIamInstanceProfileArn: Array<StringFilter>
│    │    │   ├ResourceAwsEc2InstanceVpcId: Array<StringFilter>
│    │    │   ├ResourceAwsEc2InstanceSubnetId: Array<StringFilter>
│    │    │   ├ResourceAwsS3BucketOwnerId: Array<StringFilter>
│    │    │   ├ResourceAwsS3BucketOwnerName: Array<StringFilter>
│    │    │   ├ResourceAwsIamAccessKeyStatus: Array<StringFilter>
│    │    │   ├ResourceContainerName: Array<StringFilter>
│    │    │   ├ResourceContainerImageId: Array<StringFilter>
│    │    │   ├ResourceContainerImageName: Array<StringFilter>
│    │    │   ├ResourceDetailsOther: Array<MapFilter>
│    │    │   ├ComplianceStatus: Array<StringFilter>
│    │    │   ├VerificationState: Array<StringFilter>
│    │    │   ├WorkflowState: Array<StringFilter>
│    │    │   ├WorkflowStatus: Array<StringFilter>
│    │    │   ├RecordState: Array<StringFilter>
│    │    │   ├RelatedFindingsProductArn: Array<StringFilter>
│    │    │   ├RelatedFindingsId: Array<StringFilter>
│    │    │   ├ResourceApplicationArn: Array<StringFilter>
│    │    │   ├ResourceApplicationName: Array<StringFilter>
│    │    │   ├NoteText: Array<StringFilter>
│    │    │   ├NoteUpdatedBy: Array<StringFilter>
│    │    │   ├Sample: Array<BooleanFilter>
│    │    │   ├ComplianceAssociatedStandardsId: Array<StringFilter>
│    │    │   ├ComplianceSecurityControlId: Array<StringFilter>
│    │    │   ├ComplianceSecurityControlParametersName: Array<StringFilter>
│    │    │   ├ComplianceSecurityControlParametersValue: Array<StringFilter>
│    │    │   ├FindingProviderFieldsRelatedFindingsId: Array<StringFilter>
│    │    │   ├FindingProviderFieldsRelatedFindingsProductArn: Array<StringFilter>
│    │    │   ├FindingProviderFieldsSeverityLabel: Array<StringFilter>
│    │    │   ├FindingProviderFieldsSeverityOriginal: Array<StringFilter>
│    │    │   ├FindingProviderFieldsTypes: Array<StringFilter>
│    │    │   ├ResourceAwsIamAccessKeyPrincipalName: Array<StringFilter>
│    │    │   ├ResourceAwsIamUserUserName: Array<StringFilter>
│    │    │   ├VulnerabilitiesExploitAvailable: Array<StringFilter>
│    │    │   └VulnerabilitiesFixAvailable: Array<StringFilter>
│    │    ├type StringFilter
│    │    │├  documentation: A string filter for filtering AWS Security Hub findings.
│    │    ││  name: StringFilter
│    │    │└ properties
│    │    │   ├Comparison: string (required)
│    │    │   └Value: string (required)
│    │    ├type MapFilter
│    │    │├  documentation: A map filter for filtering AWS Security Hub findings.
│    │    ││  name: MapFilter
│    │    │└ properties
│    │    │   ├Comparison: string (required)
│    │    │   ├Key: string (required)
│    │    │   └Value: string (required)
│    │    ├type IpFilter
│    │    │├  documentation: The IP filter for querying findings.
│    │    ││  name: IpFilter
│    │    │└ properties
│    │    │   └Cidr: string
│    │    └type BooleanFilter
│    │     ├  documentation: Boolean filter for querying findings.
│    │     │  name: BooleanFilter
│    │     └ properties
│    │        └Value: boolean (required)
│    └[+] resource AWS::SecurityHub::ProductSubscription
│      ├  name: ProductSubscription
│      │  cloudFormationType: AWS::SecurityHub::ProductSubscription
│      │  documentation: The AWS::SecurityHub::ProductSubscription resource represents a subscription to a service that is allowed to generate findings for your Security Hub account. One product subscription resource is created for each product enabled.
│      ├ properties
│      │  └ProductArn: string (required, immutable)
│      └ attributes
│         └ProductSubscriptionArn: string
└[~] service aws-wafv2
  └ resources
     ├[~] resource AWS::WAFv2::RuleGroup
     │ └ types
     │    ├[~] type Body
     │    │ └ properties
     │    │    └ OversizeHandling: (documentation changed)
     │    ├[~] type FieldToMatch
     │    │ └ properties
     │    │    ├ Body: (documentation changed)
     │    │    └ JsonBody: (documentation changed)
     │    └[~] type JsonBody
     │      └ properties
     │         └ OversizeHandling: (documentation changed)
     └[~] resource AWS::WAFv2::WebACL
       ├ properties
       │  └ AssociationConfig: (documentation changed)
       └ types
          ├[~] type AssociationConfig
          │ ├  - documentation: Specifies custom configurations for the associations between the web ACL and protected resources.
          │ │  Use this to customize the maximum size of the request body that your protected resources forward to AWS WAF for inspection. You can customize this setting for CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resources. The default setting is 16 KB (16,384 bytes).
          │ │  > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . 
          │ │  For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
          │ │  + documentation: Specifies custom configurations for the associations between the web ACL and protected resources.
          │ │  Use this to customize the maximum size of the request body that your protected resources forward to AWS WAF for inspection. You can customize this setting for CloudFront. The default setting is 16 KB (16,384 bytes).
          │ │  > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . 
          │ │  For regional resources, the limit is fixed at 8 KB (8,192 bytes).
          │ └ properties
          │    └ RequestBody: (documentation changed)
          ├[~] type Body
          │ └ properties
          │    └ OversizeHandling: (documentation changed)
          ├[~] type FieldToMatch
          │ └ properties
          │    ├ Body: (documentation changed)
          │    └ JsonBody: (documentation changed)
          ├[~] type JsonBody
          │ └ properties
          │    └ OversizeHandling: (documentation changed)
          └[~] type RequestBodyAssociatedResourceTypeConfig
            └  - documentation: Customizes the maximum size of the request body that your protected CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access resources forward to AWS WAF for inspection. The default size is 16 KB (16,384 bytes). You can change the setting for any of the available resource types.
               > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . 
               Example JSON: `{ "API_GATEWAY": "KB_48", "APP_RUNNER_SERVICE": "KB_32" }`
               For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
               This is used in the `AssociationConfig` of the web ACL.
               + documentation: Customizes the maximum size of the request body that your protected CloudFront resources forward to AWS WAF for inspection. The default size is 16 KB (16,384 bytes).
               > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . 
               Example JSON: `{ "API_GATEWAY": "KB_48", "APP_RUNNER_SERVICE": "KB_32" }`
               For regional resources, the limit is fixed at 8 KB (8,192 bytes).
               This is used in the `AssociationConfig` of the web ACL.
```
ahammond pushed a commit to ahammond/aws-cdk that referenced this pull request Mar 26, 2024
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`

**L1 CloudFormation resource definition changes:**
```
├[~] service aws-appconfig
│ └ resources
│    ├[~] resource AWS::AppConfig::ConfigurationProfile
│    │ └ types
│    │    └[~] type Validators
│    │      └  - documentation: A validator provides a syntactic or semantic check to ensure the configuration that you want to deploy functions as intended. To validate your application configuration data, you provide a schema or an AWS Lambda function that runs against the configuration. The configuration deployment or update can only proceed when the configuration data is valid.
│    │         + documentation: A validator provides a syntactic or semantic check to ensure the configuration that you want to deploy functions as intended. To validate your application configuration data, you provide a schema or an AWS Lambda function that runs against the configuration. The configuration deployment or update can only proceed when the configuration data is valid. For more information, see [About validators](https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-creating-configuration-profile.html#appconfig-creating-configuration-and-profile-validators) in the *AWS AppConfig User Guide* .
│    └[~] resource AWS::AppConfig::Deployment
│      └ properties
│         └ DynamicExtensionParameters: (documentation changed)
├[~] service aws-appintegrations
│ └ resources
│    └[+] resource AWS::AppIntegrations::Application
│      ├  name: Application
│      │  cloudFormationType: AWS::AppIntegrations::Application
│      │  documentation: Resource Type definition for AWS:AppIntegrations::Application
│      │  tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│      ├ properties
│      │  ├Name: string (required)
│      │  ├Namespace: string
│      │  ├Description: string (required)
│      │  ├ApplicationSourceConfig: ApplicationSourceConfig (required)
│      │  └Tags: Array<tag>
│      ├ attributes
│      │  ├ApplicationArn: string
│      │  └Id: string
│      └ types
│         ├type ApplicationSourceConfig
│         │├  documentation: Application source config
│         ││  name: ApplicationSourceConfig
│         │└ properties
│         │   └ExternalUrlConfig: ExternalUrlConfig (required)
│         └type ExternalUrlConfig
│          ├  name: ExternalUrlConfig
│          └ properties
│             ├AccessUrl: string (required)
│             └ApprovedOrigins: Array<string> (required)
├[~] service aws-autoscaling
│ └ resources
│    └[~] resource AWS::AutoScaling::AutoScalingGroup
│      └ properties
│         └ NotificationConfiguration: (documentation changed)
├[~] service aws-backup
│ └ resources
│    ├[~] resource AWS::Backup::BackupPlan
│    │ └ types
│    │    └[~] type LifecycleResourceType
│    │      └ properties
│    │         └ OptInToArchiveForSupportedResources: (documentation changed)
│    ├[~] resource AWS::Backup::RestoreTestingPlan
│    │ └ properties
│    │    └ RestoreTestingPlanName: (documentation changed)
│    └[~] resource AWS::Backup::RestoreTestingSelection
│      └ properties
│         └ RestoreTestingPlanName: (documentation changed)
├[~] service aws-batch
│ └ resources
│    └[~] resource AWS::Batch::JobQueue
│      ├ properties
│      │  └ JobStateTimeLimitActions: (documentation changed)
│      └ types
│         └[~] type JobStateTimeLimitAction
│           ├  - documentation: undefined
│           │  + documentation: Specifies an action that AWS Batch will take after the job has remained at the head of the queue in the specified state for longer than the specified time.
│           └ properties
│              ├ Action: (documentation changed)
│              ├ MaxTimeSeconds: (documentation changed)
│              ├ Reason: (documentation changed)
│              └ State: (documentation changed)
├[~] service aws-cloudformation
│ └ resources
│    └[~] resource AWS::CloudFormation::TypeActivation
│      └  - documentation: Activates a public third-party extension, making it available for use in stack templates. For more information, see [Using public extensions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html) in the *AWS CloudFormation User Guide* .
│         Once you have activated a public third-party extension in your account and Region, use [`SetTypeConfiguration`](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) to specify configuration properties for the extension. For more information, see [Configuring extensions at the account level](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) in the *CloudFormation User Guide* .
│         + documentation: Activates a public third-party extension, making it available for use in stack templates. For more information, see [Using public extensions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html) in the *AWS CloudFormation User Guide* .
│         Once you have activated a public third-party extension in your account and Region, use [SetTypeConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) to specify configuration properties for the extension. For more information, see [Configuring extensions at the account level](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-private.html#registry-set-configuration) in the *CloudFormation User Guide* .
├[~] service aws-codeartifact
│ └ resources
│    └[+] resource AWS::CodeArtifact::PackageGroup
│      ├  name: PackageGroup
│      │  cloudFormationType: AWS::CodeArtifact::PackageGroup
│      │  documentation: The resource schema to create a CodeArtifact package group.
│      │  tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│      ├ properties
│      │  ├DomainName: string (required, immutable)
│      │  ├DomainOwner: string
│      │  ├Pattern: string (required, immutable)
│      │  ├ContactInfo: string
│      │  ├Description: string
│      │  ├OriginConfiguration: OriginConfiguration
│      │  └Tags: Array<tag>
│      ├ attributes
│      │  └Arn: string
│      └ types
│         ├type OriginConfiguration
│         │├  name: OriginConfiguration
│         │└ properties
│         │   └Restrictions: Restrictions (required)
│         ├type Restrictions
│         │├  name: Restrictions
│         │└ properties
│         │   ├Publish: RestrictionType
│         │   ├ExternalUpstream: RestrictionType
│         │   └InternalUpstream: RestrictionType
│         └type RestrictionType
│          ├  name: RestrictionType
│          └ properties
│             ├RestrictionMode: string (required)
│             └Repositories: Array<string>
├[~] service aws-codebuild
│ └ resources
│    └[~] resource AWS::CodeBuild::Project
│      └ types
│         └[~] type WebhookFilter
│           └ properties
│              └ Type: (documentation changed)
├[~] service aws-codepipeline
│ └ resources
│    └[~] resource AWS::CodePipeline::Pipeline
│      └ types
│         └[~] type ActionDeclaration
│           ├  - documentation: Represents information about an action declaration.
│           │  > Documentation for the `timeoutInMinutes` parameter in the `ActionDeclaration` is not yet available for CloudFormation and CDK resources in CodePipeline. For more information about the configurable timeout for manual approval actions, see the [ActionDeclaration](https://docs.aws.amazon.com/codepipeline/latest/APIReference/API_ActionDeclaration.html) in the CodePipeline API Reference.
│           │  + documentation: Represents information about an action declaration.
│           └ properties
│              └ TimeoutInMinutes: (documentation changed)
├[~] service aws-connect
│ └ resources
│    └[~] resource AWS::Connect::SecurityProfile
│      ├ properties
│      │  ├[+] AllowedAccessControlHierarchyGroupId: string
│      │  ├[+] Applications: Array<Application>
│      │  └[+] HierarchyRestrictedResources: Array<string>
│      ├ attributes
│      │  ├[+] LastModifiedRegion: string
│      │  └[+] LastModifiedTime: number
│      └ types
│         └[+] type Application
│           ├  documentation: A third-party application's metadata.
│           │  name: Application
│           └ properties
│              ├ApplicationPermissions: Array<string> (required)
│              └Namespace: string (required)
├[~] service aws-datasync
│ └ resources
│    └[~] resource AWS::DataSync::Task
│      ├ properties
│      │  └[+] ManifestConfig: ManifestConfig
│      └ types
│         ├[~] type Destination
│         │ └ properties
│         │    └ S3: - S3
│         │          + TaskReportConfigDestinationS3 ⇐ S3
│         ├[+] type ManifestConfig
│         │ ├  documentation: Configures a manifest, which is a list of files or objects that you want AWS DataSync to transfer. For more information and configuration examples, see [Specifying what DataSync transfers by using a manifest](https://docs.aws.amazon.com/datasync/latest/userguide/transferring-with-manifest.html) .
│         │ │  name: ManifestConfig
│         │ └ properties
│         │    ├Action: string
│         │    ├Format: string
│         │    └Source: Source (required)
│         ├[+] type ManifestConfigSourceS3
│         │ ├  documentation: Specifies the S3 bucket where you're hosting the manifest that you want AWS DataSync to use. For more information and configuration examples, see [Specifying what DataSync transfers by using a manifest](https://docs.aws.amazon.com/datasync/latest/userguide/transferring-with-manifest.html) .
│         │ │  name: ManifestConfigSourceS3
│         │ └ properties
│         │    ├ManifestObjectPath: string
│         │    ├BucketAccessRoleArn: string
│         │    ├S3BucketArn: string
│         │    └ManifestObjectVersionId: string
│         ├[~] type S3
│         │ ├  - documentation: Specifies the Amazon S3 bucket where DataSync uploads your [task report](https://docs.aws.amazon.com/datasync/latest/userguide/task-reports.html) .
│         │ │  + documentation: undefined
│         │ └ properties
│         │    ├ BucketAccessRoleArn: (documentation changed)
│         │    ├ S3BucketArn: (documentation changed)
│         │    └ Subdirectory: (documentation changed)
│         ├[+] type Source
│         │ ├  documentation: Specifies the manifest that you want AWS DataSync to use and where it's hosted. For more information and configuration examples, see [Specifying what DataSync transfers by using a manifest](https://docs.aws.amazon.com/datasync/latest/userguide/transferring-with-manifest.html) .
│         │ │  name: Source
│         │ └ properties
│         │    └S3: ManifestConfigSourceS3
│         └[+] type TaskReportConfigDestinationS3
│           ├  documentation: Specifies the Amazon S3 bucket where DataSync uploads your [task report](https://docs.aws.amazon.com/datasync/latest/userguide/task-reports.html) .
│           │  name: TaskReportConfigDestinationS3
│           └ properties
│              ├Subdirectory: string
│              ├BucketAccessRoleArn: string
│              └S3BucketArn: string
├[~] service aws-dms
│ └ resources
│    └[~] resource AWS::DMS::DataProvider
│      └ types
│         └[~] type PostgreSqlSettings
│           ├  - documentation: Provides information that defines a PostgreSQL endpoint.
│           │  + documentation: undefined
│           └ properties
│              ├ DatabaseName: (documentation changed)
│              ├ Port: (documentation changed)
│              └ ServerName: (documentation changed)
├[~] service aws-dynamodb
│ └ resources
│    ├[~] resource AWS::DynamoDB::GlobalTable
│    │ └ types
│    │    ├[~] type ReplicaSpecification
│    │    │ └ properties
│    │    │    ├[+] ReplicaStreamSpecification: ReplicaStreamSpecification
│    │    │    └[+] ResourcePolicy: ResourcePolicy
│    │    ├[+] type ReplicaStreamSpecification
│    │    │ ├  documentation: Represents the DynamoDB Streams configuration for a global table replica.
│    │    │ │  name: ReplicaStreamSpecification
│    │    │ └ properties
│    │    │    └ResourcePolicy: ResourcePolicy (required)
│    │    └[+] type ResourcePolicy
│    │      ├  documentation: Creates or updates a resource-based policy document that contains the permissions for DynamoDB resources, such as a table, its indexes, and stream. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource.
│    │      │  In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see [Using resource-based policies for DynamoDB](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html) and [Resource-based policy examples](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html) .
│    │      │  While defining resource-based policies in your CloudFormation templates, the following considerations apply:
│    │      │  - The maximum size supported for a resource-based policy document in JSON format is 20 KB. DynamoDB counts whitespaces when calculating the size of a policy against this limit.
│    │      │  - Resource-based policies don't support [drift detection](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html#) . If you update a policy outside of the CloudFormation stack template, you'll need to update the CloudFormation stack with the changes.
│    │      │  - Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CloudFormation template, the change won't be overwritten if there are no changes to the policy within the template.
│    │      │  For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DynamoDB won’t be synced with the policy in the template.
│    │      │  Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DynamoDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DynamoDB will be updated to match the one defined in the template.
│    │      │  - Within a resource-based policy, if the action for a DynamoDB service-linked role (SLR) to replicate data for a global table is denied, adding or deleting a replica will fail with an error.
│    │      │  - The [AWS ::DynamoDB::GlobalTable](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-globaltable.html) resource doesn't support creating a replica in the same stack update in Regions other than the Region where you deploy the stack update.
│    │      │  For a full list of all considerations, see [Resource-based policy considerations](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-considerations.html) .
│    │      │  name: ResourcePolicy
│    │      └ properties
│    │         └PolicyDocument: json (required)
│    └[~] resource AWS::DynamoDB::Table
│      ├ properties
│      │  └[+] ResourcePolicy: ResourcePolicy
│      └ types
│         ├[+] type ResourcePolicy
│         │ ├  documentation: Creates or updates a resource-based policy document that contains the permissions for DynamoDB resources, such as a table, its indexes, and stream. Resource-based policies let you define access permissions by specifying who has access to each resource, and the actions they are allowed to perform on each resource.
│         │ │  In a CloudFormation template, you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to DynamoDB . For more information about resource-based policies, see [Using resource-based policies for DynamoDB](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html) and [Resource-based policy examples](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html) .
│         │ │  While defining resource-based policies in your CloudFormation templates, the following considerations apply:
│         │ │  - The maximum size supported for a resource-based policy document in JSON format is 20 KB. DynamoDB counts whitespaces when calculating the size of a policy against this limit.
│         │ │  - Resource-based policies don't support [drift detection](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html#) . If you update a policy outside of the CloudFormation stack template, you'll need to update the CloudFormation stack with the changes.
│         │ │  - Resource-based policies don't support out-of-band changes. If you add, update, or delete a policy outside of the CloudFormation template, the change won't be overwritten if there are no changes to the policy within the template.
│         │ │  For example, say that your template contains a resource-based policy, which you later update outside of the template. If you don't make any changes to the policy in the template, the updated policy in DynamoDB won’t be synced with the policy in the template.
│         │ │  Conversely, say that your template doesn’t contain a resource-based policy, but you add a policy outside of the template. This policy won’t be removed from DynamoDB as long as you don’t add it to the template. When you add a policy to the template and update the stack, the existing policy in DynamoDB will be updated to match the one defined in the template.
│         │ │  For a full list of all considerations, see [Resource-based policy considerations](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-considerations.html) .
│         │ │  name: ResourcePolicy
│         │ └ properties
│         │    └PolicyDocument: json (required)
│         └[~] type StreamSpecification
│           └ properties
│              └[+] ResourcePolicy: ResourcePolicy
├[~] service aws-ec2
│ └ resources
│    ├[~] resource AWS::EC2::FlowLog
│    │ └ properties
│    │    └ DestinationOptions: (documentation changed)
│    ├[~] resource AWS::EC2::Instance
│    │ └ attributes
│    │    ├ AvailabilityZone: (documentation changed)
│    │    ├ InstanceId: (documentation changed)
│    │    └ VpcId: (documentation changed)
│    └[~] resource AWS::EC2::NetworkInterface
│      ├ properties
│      │  ├ GroupSet: (documentation changed)
│      │  ├ Ipv6AddressCount: (documentation changed)
│      │  ├ Ipv6Addresses: (documentation changed)
│      │  ├ PrivateIpAddress: (documentation changed)
│      │  ├ PrivateIpAddresses: (documentation changed)
│      │  └ Tags: (documentation changed)
│      └ attributes
│         ├ PrimaryIpv6Address: (documentation changed)
│         └[+] VpcId: string
├[~] service aws-eks
│ └ resources
│    └[~] resource AWS::EKS::Nodegroup
│      ├  - documentation: Creates a managed node group for an Amazon EKS cluster.
│      │  You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template. For more information about using launch templates, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) .
│      │  An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by AWS for an Amazon EKS cluster. For more information, see [Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) in the *Amazon EKS User Guide* .
│      │  > Windows AMI types are only supported for commercial AWS Regions that support Windows on Amazon EKS.
│      │  + documentation: Creates a managed node group for an Amazon EKS cluster.
│      │  You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template. For more information about using launch templates, see [Customizing managed nodes with launch templates](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) .
│      │  An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by AWS for an Amazon EKS cluster. For more information, see [Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) in the *Amazon EKS User Guide* .
│      │  > Windows AMI types are only supported for commercial AWS Regions that support Windows on Amazon EKS.
│      ├ properties
│      │  ├ AmiType: (documentation changed)
│      │  ├ DiskSize: (documentation changed)
│      │  ├ InstanceTypes: (documentation changed)
│      │  ├ LaunchTemplate: (documentation changed)
│      │  ├ NodeRole: (documentation changed)
│      │  ├ RemoteAccess: (documentation changed)
│      │  └ Subnets: (documentation changed)
│      └ types
│         └[~] type LaunchTemplateSpecification
│           └  - documentation: An object representing a node group launch template specification. The launch template can't include [`SubnetId`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html) , [`IamInstanceProfile`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html) , [`RequestSpotInstances`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotInstances.html) , [`HibernationOptions`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_HibernationOptionsRequest.html) , or [`TerminateInstances`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TerminateInstances.html) , or the node group deployment or update will fail. For more information about launch templates, see [`CreateLaunchTemplate`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html) in the Amazon EC2 API Reference. For more information about using launch templates with Amazon EKS, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* .
│              You must specify either the launch template ID or the launch template name in the request, but not both.
│              + documentation: An object representing a node group launch template specification. The launch template can't include [`SubnetId`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html) , [`IamInstanceProfile`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IamInstanceProfile.html) , [`RequestSpotInstances`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotInstances.html) , [`HibernationOptions`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_HibernationOptionsRequest.html) , or [`TerminateInstances`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TerminateInstances.html) , or the node group deployment or update will fail. For more information about launch templates, see [`CreateLaunchTemplate`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html) in the Amazon EC2 API Reference. For more information about using launch templates with Amazon EKS, see [Customizing managed nodes with launch templates](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) in the *Amazon EKS User Guide* .
│              You must specify either the launch template ID or the launch template name in the request, but not both.
├[~] service aws-elasticache
│ └ resources
│    └[~] resource AWS::ElastiCache::ParameterGroup
│      └ attributes
│         └[+] CacheParameterGroupName: string
├[~] service aws-elasticloadbalancingv2
│ └ resources
│    └[~] resource AWS::ElasticLoadBalancingV2::LoadBalancer
│      └ types
│         └[~] type LoadBalancerAttribute
│           └ properties
│              └ Key: (documentation changed)
├[~] service aws-fis
│ └ resources
│    └[~] resource AWS::FIS::ExperimentTemplate
│      └ types
│         └[~] type ExperimentTemplateExperimentOptions
│           └ properties
│              └ AccountTargeting: - string
│                                  + string (immutable)
├[~] service aws-kafkaconnect
│ └ resources
│    ├[~] resource AWS::KafkaConnect::Connector
│    │ ├  - tagInformation: undefined
│    │ │  + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │ └ properties
│    │    └[+] Tags: Array<tag>
│    ├[+] resource AWS::KafkaConnect::CustomPlugin
│    │ ├  name: CustomPlugin
│    │ │  cloudFormationType: AWS::KafkaConnect::CustomPlugin
│    │ │  documentation: An example resource schema demonstrating some basic constructs and validation rules.
│    │ │  tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │ ├ properties
│    │ │  ├Name: string (required, immutable)
│    │ │  ├Description: string (immutable)
│    │ │  ├ContentType: string (required, immutable)
│    │ │  ├Location: CustomPluginLocation (required, immutable)
│    │ │  └Tags: Array<tag>
│    │ ├ attributes
│    │ │  ├CustomPluginArn: string
│    │ │  ├Revision: integer
│    │ │  └FileDescription: CustomPluginFileDescription
│    │ └ types
│    │    ├type CustomPluginFileDescription
│    │    │├  documentation: Details about the custom plugin file.
│    │    ││  name: CustomPluginFileDescription
│    │    │└ properties
│    │    │   ├FileMd5: string
│    │    │   └FileSize: integer
│    │    ├type CustomPluginLocation
│    │    │├  documentation: Information about the location of a custom plugin.
│    │    ││  name: CustomPluginLocation
│    │    │└ properties
│    │    │   └S3Location: S3Location (required)
│    │    └type S3Location
│    │     ├  documentation: The S3 bucket Amazon Resource Name (ARN), file key, and object version of the plugin file stored in Amazon S3.
│    │     │  name: S3Location
│    │     └ properties
│    │        ├BucketArn: string (required)
│    │        ├FileKey: string (required)
│    │        └ObjectVersion: string
│    └[+] resource AWS::KafkaConnect::WorkerConfiguration
│      ├  name: WorkerConfiguration
│      │  cloudFormationType: AWS::KafkaConnect::WorkerConfiguration
│      │  documentation: The configuration of the workers, which are the processes that run the connector logic.
│      │  tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│      ├ properties
│      │  ├Name: string (required, immutable)
│      │  ├Description: string (immutable)
│      │  ├PropertiesFileContent: string (required, immutable)
│      │  └Tags: Array<tag>
│      └ attributes
│         ├WorkerConfigurationArn: string
│         └Revision: integer
├[~] service aws-kendra
│ └ resources
│    ├[~] resource AWS::Kendra::DataSource
│    │ └ types
│    │    └[~] type S3DataSourceConfiguration
│    │      └ properties
│    │         ├ ExclusionPatterns: (documentation changed)
│    │         └ InclusionPatterns: (documentation changed)
│    ├[~] resource AWS::Kendra::Faq
│    │ └ properties
│    │    └ LanguageCode: (documentation changed)
│    └[~] resource AWS::Kendra::Index
│      └ types
│         └[~] type Relevance
│           └ properties
│              ├ Freshness: (documentation changed)
│              └ RankOrder: (documentation changed)
├[~] service aws-kinesisanalyticsv2
│ └ resources
│    ├[~] resource AWS::KinesisAnalyticsV2::Application
│    │ └ types
│    │    ├[~] type ApplicationConfiguration
│    │    │ └ properties
│    │    │    └ SqlApplicationConfiguration: (documentation changed)
│    │    ├[~] type CSVMappingParameters
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, provides additional mapping information when the record format uses delimiters, such as CSV. For example, the following sample records use CSV format, where the records use the *'\n'* as the row delimiter and a comma (",") as the column delimiter:
│    │    │    `"name1", "address1"`
│    │    │    `"name2", "address2"`
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, provides additional mapping information when the record format uses delimiters, such as CSV. For example, the following sample records use CSV format, where the records use the *'\n'* as the row delimiter and a comma (",") as the column delimiter:
│    │    │    `"name1", "address1"`
│    │    │    `"name2", "address2"`
│    │    ├[~] type Input
│    │    │ ├  - documentation: When you configure the application input for a SQL-based Managed Service for Apache Flink application, you specify the streaming source, the in-application stream name that is created, and the mapping between the two.
│    │    │ │  + documentation: When you configure the application input for a SQL-based Kinesis Data Analytics application, you specify the streaming source, the in-application stream name that is created, and the mapping between the two.
│    │    │ └ properties
│    │    │    └ NamePrefix: (documentation changed)
│    │    ├[~] type InputLambdaProcessor
│    │    │ └  - documentation: An object that contains the Amazon Resource Name (ARN) of the Amazon Lambda function that is used to preprocess records in the stream in a SQL-based Managed Service for Apache Flink application.
│    │    │    + documentation: An object that contains the Amazon Resource Name (ARN) of the Amazon Lambda function that is used to preprocess records in the stream in a SQL-based Kinesis Data Analytics application.
│    │    ├[~] type InputParallelism
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the number of in-application streams to create for a given streaming source.
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the number of in-application streams to create for a given streaming source.
│    │    ├[~] type InputSchema
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the format of the data in the streaming source, and how each data element maps to corresponding columns created in the in-application stream.
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the format of the data in the streaming source, and how each data element maps to corresponding columns created in the in-application stream.
│    │    ├[~] type JSONMappingParameters
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, provides additional mapping information when JSON is the record format on the streaming source.
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, provides additional mapping information when JSON is the record format on the streaming source.
│    │    ├[~] type KinesisFirehoseInput
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, identifies a Kinesis Data Firehose delivery stream as the streaming source. You provide the delivery stream's Amazon Resource Name (ARN).
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, identifies a Kinesis Data Firehose delivery stream as the streaming source. You provide the delivery stream's Amazon Resource Name (ARN).
│    │    ├[~] type MappingParameters
│    │    │ └  - documentation: When you configure a SQL-based Managed Service for Apache Flink application's input at the time of creating or updating an application, provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source.
│    │    │    + documentation: When you configure a SQL-based Kinesis Data Analytics application's input at the time of creating or updating an application, provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source.
│    │    ├[~] type RecordColumn
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream.
│    │    │    Also used to describe the format of the reference data source.
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream.
│    │    │    Also used to describe the format of the reference data source.
│    │    ├[~] type RecordFormat
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the record format and relevant mapping information that should be applied to schematize the records on the stream.
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the record format and relevant mapping information that should be applied to schematize the records on the stream.
│    │    └[~] type SqlApplicationConfiguration
│    │      └  - documentation: Describes the inputs, outputs, and reference data sources for a SQL-based Managed Service for Apache Flink application.
│    │         + documentation: Describes the inputs, outputs, and reference data sources for a SQL-based Kinesis Data Analytics application.
│    ├[~] resource AWS::KinesisAnalyticsV2::ApplicationOutput
│    │ ├ properties
│    │ │  └ Output: (documentation changed)
│    │ └ types
│    │    ├[~] type DestinationSchema
│    │    │ └  - documentation: Describes the data format when records are written to the destination in a SQL-based Managed Service for Apache Flink application.
│    │    │    + documentation: Describes the data format when records are written to the destination in a SQL-based Kinesis Data Analytics application.
│    │    ├[~] type KinesisFirehoseOutput
│    │    │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, when configuring application output, identifies a Kinesis Data Firehose delivery stream as the destination. You provide the stream Amazon Resource Name (ARN) of the delivery stream.
│    │    │    + documentation: For a SQL-based Kinesis Data Analytics application, when configuring application output, identifies a Kinesis Data Firehose delivery stream as the destination. You provide the stream Amazon Resource Name (ARN) of the delivery stream.
│    │    ├[~] type KinesisStreamsOutput
│    │    │ └  - documentation: When you configure a SQL-based Managed Service for Apache Flink application's output, identifies a Kinesis data stream as the destination. You provide the stream Amazon Resource Name (ARN).
│    │    │    + documentation: When you configure a SQL-based Kinesis Data Analytics application's output, identifies a Kinesis data stream as the destination. You provide the stream Amazon Resource Name (ARN).
│    │    ├[~] type LambdaOutput
│    │    │ └  - documentation: When you configure a SQL-based Managed Service for Apache Flink application's output, identifies an Amazon Lambda function as the destination. You provide the function Amazon Resource Name (ARN) of the Lambda function.
│    │    │    + documentation: When you configure a SQL-based Kinesis Data Analytics application's output, identifies an Amazon Lambda function as the destination. You provide the function Amazon Resource Name (ARN) of the Lambda function.
│    │    └[~] type Output
│    │      └  - documentation: Describes a SQL-based Managed Service for Apache Flink application's output configuration, in which you identify an in-application stream and a destination where you want the in-application stream data to be written. The destination can be a Kinesis data stream or a Kinesis Data Firehose delivery stream.
│    │         + documentation: Describes a SQL-based Kinesis Data Analytics application's output configuration, in which you identify an in-application stream and a destination where you want the in-application stream data to be written. The destination can be a Kinesis data stream or a Kinesis Data Firehose delivery stream.
│    └[~] resource AWS::KinesisAnalyticsV2::ApplicationReferenceDataSource
│      ├  - documentation: Adds a reference data source to an existing SQL-based Managed Service for Apache Flink application.
│      │  Managed Service for Apache Flink reads reference data (that is, an Amazon S3 object) and creates an in-application table within your application. In the request, you provide the source (S3 bucket name and object key name), name of the in-application table to create, and the necessary mapping information that describes how data in an Amazon S3 object maps to columns in the resulting in-application table.
│      │  + documentation: Adds a reference data source to an existing SQL-based Kinesis Data Analytics application.
│      │  Kinesis Data Analytics reads reference data (that is, an Amazon S3 object) and creates an in-application table within your application. In the request, you provide the source (S3 bucket name and object key name), name of the in-application table to create, and the necessary mapping information that describes how data in an Amazon S3 object maps to columns in the resulting in-application table.
│      ├ properties
│      │  └ ReferenceDataSource: (documentation changed)
│      └ types
│         ├[~] type CSVMappingParameters
│         │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, provides additional mapping information when the record format uses delimiters, such as CSV. For example, the following sample records use CSV format, where the records use the *'\n'* as the row delimiter and a comma (",") as the column delimiter:
│         │    `"name1", "address1"`
│         │    `"name2", "address2"`
│         │    + documentation: For a SQL-based Kinesis Data Analytics application, provides additional mapping information when the record format uses delimiters, such as CSV. For example, the following sample records use CSV format, where the records use the *'\n'* as the row delimiter and a comma (",") as the column delimiter:
│         │    `"name1", "address1"`
│         │    `"name2", "address2"`
│         ├[~] type JSONMappingParameters
│         │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, provides additional mapping information when JSON is the record format on the streaming source.
│         │    + documentation: For a SQL-based Kinesis Data Analytics application, provides additional mapping information when JSON is the record format on the streaming source.
│         ├[~] type MappingParameters
│         │ └  - documentation: When you configure a SQL-based Managed Service for Apache Flink application's input at the time of creating or updating an application, provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source.
│         │    + documentation: When you configure a SQL-based Kinesis Data Analytics application's input at the time of creating or updating an application, provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source.
│         ├[~] type RecordColumn
│         │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream.
│         │    Also used to describe the format of the reference data source.
│         │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream.
│         │    Also used to describe the format of the reference data source.
│         ├[~] type RecordFormat
│         │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the record format and relevant mapping information that should be applied to schematize the records on the stream.
│         │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the record format and relevant mapping information that should be applied to schematize the records on the stream.
│         ├[~] type ReferenceDataSource
│         │ └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the reference data source by providing the source information (Amazon S3 bucket name and object key name), the resulting in-application table name that is created, and the necessary schema to map the data elements in the Amazon S3 object to the in-application table.
│         │    + documentation: For a SQL-based Kinesis Data Analytics application, describes the reference data source by providing the source information (Amazon S3 bucket name and object key name), the resulting in-application table name that is created, and the necessary schema to map the data elements in the Amazon S3 object to the in-application table.
│         └[~] type ReferenceSchema
│           └  - documentation: For a SQL-based Managed Service for Apache Flink application, describes the format of the data in the streaming source, and how each data element maps to corresponding columns created in the in-application stream.
│              + documentation: For a SQL-based Kinesis Data Analytics application, describes the format of the data in the streaming source, and how each data element maps to corresponding columns created in the in-application stream.
├[~] service aws-pinpoint
│ └ resources
│    └[~] resource AWS::Pinpoint::EmailChannel
│      └ properties
│         └[+] OrchestrationSendingRoleArn: string
├[~] service aws-rds
│ └ resources
│    └[~] resource AWS::RDS::DBCluster
│      └ properties
│         └ EngineMode: (documentation changed)
├[~] service aws-resiliencehub
│ └ resources
│    └[~] resource AWS::ResilienceHub::ResiliencyPolicy
│      ├ properties
│      │  └ Policy: - Map<string, FailurePolicy> (required)
│      │            + PolicyMap ⇐ Map<string, FailurePolicy> (required)
│      └ types
│         └[+] type PolicyMap
│           ├  name: PolicyMap
│           └ properties
│              ├AZ: FailurePolicy (required)
│              ├Hardware: FailurePolicy (required)
│              ├Software: FailurePolicy (required)
│              └Region: FailurePolicy
├[~] service aws-securityhub
│ └ resources
│    ├[+] resource AWS::SecurityHub::DelegatedAdmin
│    │ ├  name: DelegatedAdmin
│    │ │  cloudFormationType: AWS::SecurityHub::DelegatedAdmin
│    │ │  documentation: The AWS::SecurityHub::DelegatedAdmin resource represents the AWS Security Hub delegated admin account in your organization. One delegated admin resource is allowed to create for the organization in each region in which you configure the AdminAccountId.
│    │ ├ properties
│    │ │  └AdminAccountId: string (required, immutable)
│    │ └ attributes
│    │    ├DelegatedAdminIdentifier: string
│    │    └Status: string
│    ├[+] resource AWS::SecurityHub::Insight
│    │ ├  name: Insight
│    │ │  cloudFormationType: AWS::SecurityHub::Insight
│    │ │  documentation: The AWS::SecurityHub::Insight resource represents the AWS Security Hub Insight in your account. An AWS Security Hub insight is a collection of related findings.
│    │ ├ properties
│    │ │  ├Name: string (required)
│    │ │  ├Filters: AwsSecurityFindingFilters (required)
│    │ │  └GroupByAttribute: string (required)
│    │ ├ attributes
│    │ │  └InsightArn: string
│    │ └ types
│    │    ├type AwsSecurityFindingFilters
│    │    │├  documentation: A collection of filters that are applied to all active findings aggregated by AWS Security Hub.
│    │    ││  name: AwsSecurityFindingFilters
│    │    │└ properties
│    │    │   ├ProductArn: Array<StringFilter>
│    │    │   ├AwsAccountId: Array<StringFilter>
│    │    │   ├AwsAccountName: Array<StringFilter>
│    │    │   ├Id: Array<StringFilter>
│    │    │   ├GeneratorId: Array<StringFilter>
│    │    │   ├Type: Array<StringFilter>
│    │    │   ├Region: Array<StringFilter>
│    │    │   ├SeverityLabel: Array<StringFilter>
│    │    │   ├Title: Array<StringFilter>
│    │    │   ├Description: Array<StringFilter>
│    │    │   ├RecommendationText: Array<StringFilter>
│    │    │   ├SourceUrl: Array<StringFilter>
│    │    │   ├ProductFields: Array<MapFilter>
│    │    │   ├ProductName: Array<StringFilter>
│    │    │   ├CompanyName: Array<StringFilter>
│    │    │   ├UserDefinedFields: Array<MapFilter>
│    │    │   ├MalwareName: Array<StringFilter>
│    │    │   ├MalwareType: Array<StringFilter>
│    │    │   ├MalwarePath: Array<StringFilter>
│    │    │   ├MalwareState: Array<StringFilter>
│    │    │   ├NetworkDirection: Array<StringFilter>
│    │    │   ├NetworkProtocol: Array<StringFilter>
│    │    │   ├NetworkSourceIpV4: Array<IpFilter>
│    │    │   ├NetworkSourceIpV6: Array<IpFilter>
│    │    │   ├NetworkSourceDomain: Array<StringFilter>
│    │    │   ├NetworkSourceMac: Array<StringFilter>
│    │    │   ├NetworkDestinationIpV4: Array<IpFilter>
│    │    │   ├NetworkDestinationIpV6: Array<IpFilter>
│    │    │   ├NetworkDestinationDomain: Array<StringFilter>
│    │    │   ├ProcessName: Array<StringFilter>
│    │    │   ├ProcessPath: Array<StringFilter>
│    │    │   ├ThreatIntelIndicatorType: Array<StringFilter>
│    │    │   ├ThreatIntelIndicatorValue: Array<StringFilter>
│    │    │   ├ThreatIntelIndicatorCategory: Array<StringFilter>
│    │    │   ├ThreatIntelIndicatorSource: Array<StringFilter>
│    │    │   ├ThreatIntelIndicatorSourceUrl: Array<StringFilter>
│    │    │   ├ResourceType: Array<StringFilter>
│    │    │   ├ResourceId: Array<StringFilter>
│    │    │   ├ResourcePartition: Array<StringFilter>
│    │    │   ├ResourceRegion: Array<StringFilter>
│    │    │   ├ResourceTags: Array<MapFilter>
│    │    │   ├ResourceAwsEc2InstanceType: Array<StringFilter>
│    │    │   ├ResourceAwsEc2InstanceImageId: Array<StringFilter>
│    │    │   ├ResourceAwsEc2InstanceIpV4Addresses: Array<IpFilter>
│    │    │   ├ResourceAwsEc2InstanceIpV6Addresses: Array<IpFilter>
│    │    │   ├ResourceAwsEc2InstanceKeyName: Array<StringFilter>
│    │    │   ├ResourceAwsEc2InstanceIamInstanceProfileArn: Array<StringFilter>
│    │    │   ├ResourceAwsEc2InstanceVpcId: Array<StringFilter>
│    │    │   ├ResourceAwsEc2InstanceSubnetId: Array<StringFilter>
│    │    │   ├ResourceAwsS3BucketOwnerId: Array<StringFilter>
│    │    │   ├ResourceAwsS3BucketOwnerName: Array<StringFilter>
│    │    │   ├ResourceAwsIamAccessKeyStatus: Array<StringFilter>
│    │    │   ├ResourceContainerName: Array<StringFilter>
│    │    │   ├ResourceContainerImageId: Array<StringFilter>
│    │    │   ├ResourceContainerImageName: Array<StringFilter>
│    │    │   ├ResourceDetailsOther: Array<MapFilter>
│    │    │   ├ComplianceStatus: Array<StringFilter>
│    │    │   ├VerificationState: Array<StringFilter>
│    │    │   ├WorkflowState: Array<StringFilter>
│    │    │   ├WorkflowStatus: Array<StringFilter>
│    │    │   ├RecordState: Array<StringFilter>
│    │    │   ├RelatedFindingsProductArn: Array<StringFilter>
│    │    │   ├RelatedFindingsId: Array<StringFilter>
│    │    │   ├ResourceApplicationArn: Array<StringFilter>
│    │    │   ├ResourceApplicationName: Array<StringFilter>
│    │    │   ├NoteText: Array<StringFilter>
│    │    │   ├NoteUpdatedBy: Array<StringFilter>
│    │    │   ├Sample: Array<BooleanFilter>
│    │    │   ├ComplianceAssociatedStandardsId: Array<StringFilter>
│    │    │   ├ComplianceSecurityControlId: Array<StringFilter>
│    │    │   ├ComplianceSecurityControlParametersName: Array<StringFilter>
│    │    │   ├ComplianceSecurityControlParametersValue: Array<StringFilter>
│    │    │   ├FindingProviderFieldsRelatedFindingsId: Array<StringFilter>
│    │    │   ├FindingProviderFieldsRelatedFindingsProductArn: Array<StringFilter>
│    │    │   ├FindingProviderFieldsSeverityLabel: Array<StringFilter>
│    │    │   ├FindingProviderFieldsSeverityOriginal: Array<StringFilter>
│    │    │   ├FindingProviderFieldsTypes: Array<StringFilter>
│    │    │   ├ResourceAwsIamAccessKeyPrincipalName: Array<StringFilter>
│    │    │   ├ResourceAwsIamUserUserName: Array<StringFilter>
│    │    │   ├VulnerabilitiesExploitAvailable: Array<StringFilter>
│    │    │   └VulnerabilitiesFixAvailable: Array<StringFilter>
│    │    ├type StringFilter
│    │    │├  documentation: A string filter for filtering AWS Security Hub findings.
│    │    ││  name: StringFilter
│    │    │└ properties
│    │    │   ├Comparison: string (required)
│    │    │   └Value: string (required)
│    │    ├type MapFilter
│    │    │├  documentation: A map filter for filtering AWS Security Hub findings.
│    │    ││  name: MapFilter
│    │    │└ properties
│    │    │   ├Comparison: string (required)
│    │    │   ├Key: string (required)
│    │    │   └Value: string (required)
│    │    ├type IpFilter
│    │    │├  documentation: The IP filter for querying findings.
│    │    ││  name: IpFilter
│    │    │└ properties
│    │    │   └Cidr: string
│    │    └type BooleanFilter
│    │     ├  documentation: Boolean filter for querying findings.
│    │     │  name: BooleanFilter
│    │     └ properties
│    │        └Value: boolean (required)
│    └[+] resource AWS::SecurityHub::ProductSubscription
│      ├  name: ProductSubscription
│      │  cloudFormationType: AWS::SecurityHub::ProductSubscription
│      │  documentation: The AWS::SecurityHub::ProductSubscription resource represents a subscription to a service that is allowed to generate findings for your Security Hub account. One product subscription resource is created for each product enabled.
│      ├ properties
│      │  └ProductArn: string (required, immutable)
│      └ attributes
│         └ProductSubscriptionArn: string
└[~] service aws-wafv2
  └ resources
     ├[~] resource AWS::WAFv2::RuleGroup
     │ └ types
     │    ├[~] type Body
     │    │ └ properties
     │    │    └ OversizeHandling: (documentation changed)
     │    ├[~] type FieldToMatch
     │    │ └ properties
     │    │    ├ Body: (documentation changed)
     │    │    └ JsonBody: (documentation changed)
     │    └[~] type JsonBody
     │      └ properties
     │         └ OversizeHandling: (documentation changed)
     └[~] resource AWS::WAFv2::WebACL
       ├ properties
       │  └ AssociationConfig: (documentation changed)
       └ types
          ├[~] type AssociationConfig
          │ ├  - documentation: Specifies custom configurations for the associations between the web ACL and protected resources.
          │ │  Use this to customize the maximum size of the request body that your protected resources forward to AWS WAF for inspection. You can customize this setting for CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resources. The default setting is 16 KB (16,384 bytes).
          │ │  > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . 
          │ │  For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
          │ │  + documentation: Specifies custom configurations for the associations between the web ACL and protected resources.
          │ │  Use this to customize the maximum size of the request body that your protected resources forward to AWS WAF for inspection. You can customize this setting for CloudFront. The default setting is 16 KB (16,384 bytes).
          │ │  > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . 
          │ │  For regional resources, the limit is fixed at 8 KB (8,192 bytes).
          │ └ properties
          │    └ RequestBody: (documentation changed)
          ├[~] type Body
          │ └ properties
          │    └ OversizeHandling: (documentation changed)
          ├[~] type FieldToMatch
          │ └ properties
          │    ├ Body: (documentation changed)
          │    └ JsonBody: (documentation changed)
          ├[~] type JsonBody
          │ └ properties
          │    └ OversizeHandling: (documentation changed)
          └[~] type RequestBodyAssociatedResourceTypeConfig
            └  - documentation: Customizes the maximum size of the request body that your protected CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access resources forward to AWS WAF for inspection. The default size is 16 KB (16,384 bytes). You can change the setting for any of the available resource types.
               > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . 
               Example JSON: `{ "API_GATEWAY": "KB_48", "APP_RUNNER_SERVICE": "KB_32" }`
               For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
               This is used in the `AssociationConfig` of the web ACL.
               + documentation: Customizes the maximum size of the request body that your protected CloudFront resources forward to AWS WAF for inspection. The default size is 16 KB (16,384 bytes).
               > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . 
               Example JSON: `{ "API_GATEWAY": "KB_48", "APP_RUNNER_SERVICE": "KB_32" }`
               For regional resources, the limit is fixed at 8 KB (8,192 bytes).
               This is used in the `AssociationConfig` of the web ACL.
```
@aws aws locked as resolved and limited conversation to collaborators Jul 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
auto-approve contribution/core This is a PR that came from AWS. dependencies This issue is a problem in a dependency or a pull request that updates a dependency file. p2 pr-linter/exempt-integ-test The PR linter will not require integ test changes pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant