feat: update L1 CloudFormation resource definitions

[aws-cdk-automation]

Updates the L1 CloudFormation resource definitions with the latest changes from @aws-cdk/aws-service-spec

L1 CloudFormation resource definition changes:

├[~] service aws-apigateway
│ └ resources
│    └[~]  resource AWS::ApiGateway::Method
│       └ types
│          └[~] type Integration
│            └ properties
│               └[+] ResponseTransferMode: string (default="BUFFERED")
├[+] service aws-bedrockagentcore
│ ├      capitalized: BedrockAgentCore
│ │      cloudFormationNamespace: AWS::BedrockAgentCore
│ │      name: aws-bedrockagentcore
│ │      shortName: bedrockagentcore
│ └ resources
│    ├ resource AWS::BedrockAgentCore::BrowserCustom
│    │ ├      name: BrowserCustom
│    │ │      cloudFormationType: AWS::BedrockAgentCore::BrowserCustom
│    │ │      documentation: Resource definition for AWS::BedrockAgentCore::BrowserCustom
│    │ │      tagInformation: {"tagPropertyName":"Tags","variant":"map"}
│    │ ├ properties
│    │ │  ├ Name: string (required, immutable)
│    │ │  ├ Description: string (immutable)
│    │ │  ├ NetworkConfiguration: BrowserNetworkConfiguration (required, immutable)
│    │ │  ├ RecordingConfig: RecordingConfig (immutable)
│    │ │  ├ ExecutionRoleArn: string (immutable)
│    │ │  └ Tags: Map<string, string>
│    │ ├ attributes
│    │ │  ├ BrowserId: string
│    │ │  ├ BrowserArn: string
│    │ │  ├ Status: string
│    │ │  ├ CreatedAt: string
│    │ │  └ LastUpdatedAt: string
│    │ └ types
│    │    ├ type BrowserNetworkConfiguration
│    │    │ ├      documentation: Network configuration for browser
│    │    │ │      name: BrowserNetworkConfiguration
│    │    │ └ properties
│    │    │    └ NetworkMode: string (required)
│    │    ├ type RecordingConfig
│    │    │ ├      documentation: Recording configuration for browser
│    │    │ │      name: RecordingConfig
│    │    │ └ properties
│    │    │    ├ Enabled: boolean (default=false)
│    │    │    └ S3Location: S3Location
│    │    └ type S3Location
│    │      ├      documentation: S3 Location Configuration
│    │      │      name: S3Location
│    │      └ properties
│    │         ├ Bucket: string (required)
│    │         └ Prefix: string (required)
│    ├ resource AWS::BedrockAgentCore::CodeInterpreterCustom
│    │ ├      name: CodeInterpreterCustom
│    │ │      cloudFormationType: AWS::BedrockAgentCore::CodeInterpreterCustom
│    │ │      documentation: Resource definition for AWS::BedrockAgentCore::CodeInterpreterCustom
│    │ │      tagInformation: {"tagPropertyName":"Tags","variant":"map"}
│    │ ├ properties
│    │ │  ├ Name: string (required, immutable)
│    │ │  ├ Description: string (immutable)
│    │ │  ├ ExecutionRoleArn: string (immutable)
│    │ │  ├ NetworkConfiguration: CodeInterpreterNetworkConfiguration (required, immutable)
│    │ │  └ Tags: Map<string, string>
│    │ ├ attributes
│    │ │  ├ CodeInterpreterId: string
│    │ │  ├ CodeInterpreterArn: string
│    │ │  ├ Status: string
│    │ │  ├ CreatedAt: string
│    │ │  └ LastUpdatedAt: string
│    │ └ types
│    │    └ type CodeInterpreterNetworkConfiguration
│    │      ├      documentation: Network configuration for code interpreter
│    │      │      name: CodeInterpreterNetworkConfiguration
│    │      └ properties
│    │         └ NetworkMode: string (required)
│    ├ resource AWS::BedrockAgentCore::Runtime
│    │ ├      name: Runtime
│    │ │      cloudFormationType: AWS::BedrockAgentCore::Runtime
│    │ │      documentation: Resource Type definition for AWS::BedrockAgentCore::Runtime
│    │ │      tagInformation: {"tagPropertyName":"Tags","variant":"map"}
│    │ ├ properties
│    │ │  ├ AgentRuntimeName: string (required, immutable)
│    │ │  ├ Description: string
│    │ │  ├ AgentRuntimeArtifact: AgentRuntimeArtifact (required)
│    │ │  ├ RoleArn: string (required)
│    │ │  ├ NetworkConfiguration: NetworkConfiguration (required)
│    │ │  ├ ProtocolConfiguration: string
│    │ │  ├ EnvironmentVariables: Map<string, string>
│    │ │  ├ AuthorizerConfiguration: AuthorizerConfiguration
│    │ │  └ Tags: Map<string, string>
│    │ ├ attributes
│    │ │  ├ AgentRuntimeArn: string
│    │ │  ├ AgentRuntimeId: string
│    │ │  ├ AgentRuntimeVersion: string
│    │ │  ├ Status: string
│    │ │  ├ CreatedAt: string
│    │ │  ├ LastUpdatedAt: string
│    │ │  └ WorkloadIdentityDetails: WorkloadIdentityDetails
│    │ └ types
│    │    ├ type AgentRuntimeArtifact
│    │    │ ├      name: AgentRuntimeArtifact
│    │    │ └ properties
│    │    │    └ ContainerConfiguration: ContainerConfiguration
│    │    ├ type AuthorizerConfiguration
│    │    │ ├      documentation: Configuration for the authorizer
│    │    │ │      name: AuthorizerConfiguration
│    │    │ └ properties
│    │    │    └ CustomJWTAuthorizer: CustomJWTAuthorizerConfiguration
│    │    ├ type ContainerConfiguration
│    │    │ ├      name: ContainerConfiguration
│    │    │ └ properties
│    │    │    └ ContainerUri: string (required)
│    │    ├ type CustomJWTAuthorizerConfiguration
│    │    │ ├      documentation: Configuration for custom JWT authorizer
│    │    │ │      name: CustomJWTAuthorizerConfiguration
│    │    │ └ properties
│    │    │    ├ DiscoveryUrl: string (required)
│    │    │    ├ AllowedAudience: Array<string>
│    │    │    └ AllowedClients: Array<string>
│    │    ├ type NetworkConfiguration
│    │    │ ├      name: NetworkConfiguration
│    │    │ └ properties
│    │    │    └ NetworkMode: string (required)
│    │    └ type WorkloadIdentityDetails
│    │      ├      documentation: Configuration for workload identity
│    │      │      name: WorkloadIdentityDetails
│    │      └ properties
│    │         └ WorkloadIdentityArn: string (required)
│    └ resource AWS::BedrockAgentCore::RuntimeEndpoint
│      ├      name: RuntimeEndpoint
│      │      cloudFormationType: AWS::BedrockAgentCore::RuntimeEndpoint
│      │      documentation: Resource definition for AWS::BedrockAgentCore::RuntimeEndpoint
│      │      tagInformation: {"tagPropertyName":"Tags","variant":"map"}
│      ├ properties
│      │  ├ AgentRuntimeId: string (required, immutable)
│      │  ├ Name: string (required, immutable)
│      │  ├ AgentRuntimeVersion: string (immutable)
│      │  ├ Description: string
│      │  └ Tags: Map<string, string>
│      └ attributes
│         ├ Id: string
│         ├ AgentRuntimeEndpointArn: string
│         ├ AgentRuntimeArn: string
│         ├ Status: string
│         ├ CreatedAt: string
│         ├ LastUpdatedAt: string
│         ├ FailureReason: string
│         ├ TargetVersion: string
│         └ LiveVersion: string
├[~] service aws-cur
│ └ resources
│    └[~]  resource AWS::CUR::ReportDefinition
│       ├      - tagInformation: undefined
│       │      + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│       └ properties
│          └[+] Tags: Array<tag>
├[~] service aws-datasync
│ └ resources
│    └[~]  resource AWS::DataSync::LocationSMB
│       ├ properties
│       │  ├[+] CmkSecretConfig: CmkSecretConfig
│       │  └[+] CustomSecretConfig: CustomSecretConfig
│       ├ attributes
│       │  ├[+] CmkSecretConfig.SecretArn: string
│       │  └[+] ManagedSecretConfig: ManagedSecretConfig
│       └ types
│          ├[+]  type CmkSecretConfig
│          │  ├      documentation: Specifies configuration information for a DataSync-managed secret, such as a password or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed AWS KMS key.
│          │  │      name: CmkSecretConfig
│          │  └ properties
│          │     ├ SecretArn: string
│          │     └ KmsKeyArn: string
│          ├[+]  type CustomSecretConfig
│          │  ├      documentation: Specifies configuration information for a customer-managed secret, such as a password or set of credentials that DataSync uses to access a specific transfer location, and an IAM role that DataSync can assume and access the customer-managed secret.
│          │  │      name: CustomSecretConfig
│          │  └ properties
│          │     ├ SecretArn: string (required)
│          │     └ SecretAccessRoleArn: string (required)
│          └[+]  type ManagedSecretConfig
│             ├      documentation: Specifies configuration information for a DataSync-managed secret, such as a password or set of credentials that DataSync uses to access a specific transfer location. DataSync uses the default AWS-managed KMS key to encrypt this secret in AWS Secrets Manager.
│             │      name: ManagedSecretConfig
│             └ properties
│                └ SecretArn: string (required)
├[~] service aws-datazone
│ └ resources
│    ├[+]  resource AWS::DataZone::FormType
│    │  ├      name: FormType
│    │  │      cloudFormationType: AWS::DataZone::FormType
│    │  │      documentation: Create and manage form types in Amazon Datazone
│    │  ├ properties
│    │  │  ├ DomainIdentifier: string (required, immutable)
│    │  │  ├ Model: Model (required)
│    │  │  ├ Description: string
│    │  │  ├ Name: string (required, immutable)
│    │  │  ├ OwningProjectIdentifier: string (required)
│    │  │  └ Status: string
│    │  ├ attributes
│    │  │  ├ DomainId: string
│    │  │  ├ OwningProjectId: string
│    │  │  ├ Revision: string
│    │  │  ├ FormTypeIdentifier: string
│    │  │  ├ CreatedAt: string
│    │  │  └ CreatedBy: string
│    │  └ types
│    │     └ type Model
│    │       ├      documentation: Indicates the smithy model of the API.
│    │       │      name: Model
│    │       └ properties
│    │          └ Smithy: string
│    ├[~]  resource AWS::DataZone::Owner
│    │  └ attributes
│    │     ├[+] OwnerIdentifier: string
│    │     └[+] OwnerType: string
│    └[~]  resource AWS::DataZone::ProjectMembership
│       └ attributes
│          ├[+] MemberIdentifier: string
│          └[+] MemberIdentifierType: string
├[~] service aws-ec2
│ └ resources
│    ├[~]  resource AWS::EC2::NetworkInterfaceAttachment
│    │  └ properties
│    │     └ EnaQueueCount: (documentation changed)
│    ├[~]  resource AWS::EC2::VPC
│    │  └      - documentation: Specifies a virtual private cloud (VPC).
│    │         To add an IPv6 CIDR block to the VPC, see [AWS::EC2::VPCCidrBlock](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpccidrblock.html) .
│    │         For more information, see [Virtual private clouds (VPC)](https://docs.aws.amazon.com/vpc/latest/userguide/configure-your-vpc.html) in the *Amazon VPC User Guide* .
│    │         + documentation: Specifies a virtual private cloud (VPC).
│    │         A VPC must have an associated IPv4 CIDR block. You can specify an IPv4 CIDR block or an IPAM-allocated IPv4 CIDR block. To associate an IPv6 CIDR block with the VPC, see [AWS::EC2::VPCCidrBlock](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpccidrblock.html) .
│    │         For more information, see [Virtual private clouds (VPC)](https://docs.aws.amazon.com/vpc/latest/userguide/configure-your-vpc.html) in the *Amazon VPC User Guide* .
│    └[~]  resource AWS::EC2::VPCCidrBlock
│       └      - documentation: Associates a CIDR block with your VPC.
│              You can optionally request an IPv6 CIDR block for the VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP).
│              For more information, see [VPC CIDR blocks](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html) in the *Amazon VPC User Guide* .
│              + documentation: Associates a CIDR block with your VPC.
│              A VPC must have an associated IPv4 CIDR block. You can optionally associate additional IPv4 CIDR blocks with a VPC. You can optionally associate an IPv6 CIDR block with a VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP).
│              For more information, see [VPC CIDR blocks](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html) in the *Amazon VPC User Guide* .
├[~] service aws-gamelift
│ └ resources
│    ├[~]  resource AWS::GameLift::ContainerFleet
│    │  └ types
│    │     └[~] type LocationCapacity
│    │       └ properties
│    │          └ DesiredEC2Instances: - integer (required)
│    │                                 + integer
│    │                                 (documentation changed)
│    └[~]  resource AWS::GameLift::Fleet
│       └ types
│          └[~] type LocationCapacity
│            └ properties
│               └ DesiredEC2Instances: - integer (required)
│                                      + integer
├[~] service aws-lambda
│ └ resources
│    └[~]  resource AWS::Lambda::Permission
│       └ properties
│          └[+] InvokedViaFunctionUrl: boolean (immutable)
├[~] service aws-medialive
│ └ resources
│    └[~]  resource AWS::MediaLive::Channel
│       └ types
│          ├[+]  type AdditionalDestinations
│          │  ├      name: AdditionalDestinations
│          │  └ properties
│          │     └ Destination: OutputLocationRef
│          ├[~] type BurnInDestinationSettings
│          │ └ properties
│          │    └[+] SubtitleRows: string
│          ├[~] type CmafIngestGroupSettings
│          │ └ properties
│          │    └[+] AdditionalDestinations: Array<AdditionalDestinations>
│          ├[~] type DvbSubDestinationSettings
│          │ └ properties
│          │    └[+] SubtitleRows: string
│          └[~] type OutputSettings
│            └ properties
│               └ MediaPackageOutputSettings: - json ⇐ MediaPackageOutputSettings
│                                             + MediaPackageOutputSettings
├[~] service aws-networkmanager
│ └ resources
│    ├[~]  resource AWS::NetworkManager::ConnectAttachment
│    │  └ attributes
│    │     └[+] LastModificationErrors: Array<string>
│    ├[~]  resource AWS::NetworkManager::ConnectPeer
│    │  └ attributes
│    │     └ LastModificationErrors: (documentation changed)
│    ├[~]  resource AWS::NetworkManager::DirectConnectGatewayAttachment
│    │  └ attributes
│    │     └[+] LastModificationErrors: Array<string>
│    ├[~]  resource AWS::NetworkManager::SiteToSiteVpnAttachment
│    │  └ attributes
│    │     └[+] LastModificationErrors: Array<string>
│    ├[~]  resource AWS::NetworkManager::TransitGatewayPeering
│    │  └ attributes
│    │     └[+] LastModificationErrors: Array<string>
│    ├[~]  resource AWS::NetworkManager::TransitGatewayRouteTableAttachment
│    │  └ attributes
│    │     └[+] LastModificationErrors: Array<string>
│    └[~]  resource AWS::NetworkManager::VpcAttachment
│       └ attributes
│          └[+] LastModificationErrors: Array<string>
├[~] service aws-omics
│ └ resources
│    ├[~]  resource AWS::Omics::Workflow
│    │  ├ properties
│    │  │  ├[+] ContainerRegistryMap: ContainerRegistryMap (immutable)
│    │  │  └[+] ContainerRegistryMapUri: string (immutable)
│    │  └ types
│    │     ├[+]  type ContainerRegistryMap
│    │     │  ├      documentation: Use a container registry map to specify mappings between the ECR private repository and one or more upstream registries. For more information, see [Container images](https://docs.aws.amazon.com/omics/latest/dev/workflows-ecr.html) in the *AWS HealthOmics User Guide* .
│    │     │  │      name: ContainerRegistryMap
│    │     │  └ properties
│    │     │     ├ RegistryMappings: Array<RegistryMapping>
│    │     │     └ ImageMappings: Array<ImageMapping>
│    │     ├[+]  type ImageMapping
│    │     │  ├      documentation: Specifies image mappings that workflow tasks can use. For example, you can replace all the task references of a public image to use an equivalent image in your private ECR repository. You can use image mappings with upstream registries that don't support pull through cache. You need to manually synchronize the upstream registry with your private repository.
│    │     │  │      name: ImageMapping
│    │     │  └ properties
│    │     │     ├ SourceImage: string
│    │     │     └ DestinationImage: string
│    │     └[+]  type RegistryMapping
│    │        ├      documentation: If you are using the ECR pull through cache feature, the registry mapping maps between the ECR repository and the upstream registry where container images are pulled and synchronized.
│    │        │      name: RegistryMapping
│    │        └ properties
│    │           ├ UpstreamRegistryUrl: string
│    │           ├ EcrRepositoryPrefix: string
│    │           ├ UpstreamRepositoryPrefix: string
│    │           └ EcrAccountId: string
│    └[~]  resource AWS::Omics::WorkflowVersion
│       ├ properties
│       │  ├[+] ContainerRegistryMap: ContainerRegistryMap (immutable)
│       │  └[+] ContainerRegistryMapUri: string (immutable)
│       └ types
│          ├[+]  type ContainerRegistryMap
│          │  ├      documentation: Use a container registry map to specify mappings between the ECR private repository and one or more upstream registries. For more information, see [Container images](https://docs.aws.amazon.com/omics/latest/dev/workflows-ecr.html) in the *AWS HealthOmics User Guide* .
│          │  │      name: ContainerRegistryMap
│          │  └ properties
│          │     ├ RegistryMappings: Array<RegistryMapping>
│          │     └ ImageMappings: Array<ImageMapping>
│          ├[+]  type ImageMapping
│          │  ├      documentation: Specifies image mappings that workflow tasks can use. For example, you can replace all the task references of a public image to use an equivalent image in your private ECR repository. You can use image mappings with upstream registries that don't support pull through cache. You need to manually synchronize the upstream registry with your private repository.
│          │  │      name: ImageMapping
│          │  └ properties
│          │     ├ SourceImage: string
│          │     └ DestinationImage: string
│          └[+]  type RegistryMapping
│             ├      documentation: If you are using the ECR pull through cache feature, the registry mapping maps between the ECR repository and the upstream registry where container images are pulled and synchronized.
│             │      name: RegistryMapping
│             └ properties
│                ├ UpstreamRegistryUrl: string
│                ├ EcrRepositoryPrefix: string
│                ├ UpstreamRepositoryPrefix: string
│                └ EcrAccountId: string
├[~] service aws-opensearchservice
│ └ resources
│    └[~]  resource AWS::OpenSearchService::Domain
│       └ types
│          └[~] type AdvancedSecurityOptionsInput
│            └ properties
│               └ IAMFederationOptions: (documentation changed)
├[~] service aws-quicksight
│ └ resources
│    └[~]  resource AWS::QuickSight::Dashboard
│       └ types
│          ├[~] type DashboardPublishOptions
│          │ └ properties
│          │    ├[+] DataStoriesSharingOption: DataStoriesSharingOption
│          │    └[+] ExecutiveSummaryOption: ExecutiveSummaryOption
│          ├[+]  type DataStoriesSharingOption
│          │  ├      documentation: Executive summary option.
│          │  │      name: DataStoriesSharingOption
│          │  └ properties
│          │     └ AvailabilityStatus: string
│          └[+]  type ExecutiveSummaryOption
│             ├      documentation: Data stories sharing option.
│             │      name: ExecutiveSummaryOption
│             └ properties
│                └ AvailabilityStatus: string
├[~] service aws-rds
│ └ resources
│    ├[~]  resource AWS::RDS::DBCluster
│    │  └ properties
│    │     └ MasterUserAuthenticationType: (documentation changed)
│    ├[~]  resource AWS::RDS::DBInstance
│    │  └ properties
│    │     └ MasterUserAuthenticationType: (documentation changed)
│    ├[~]  resource AWS::RDS::DBProxy
│    │  └ properties
│    │     ├ Auth: - Array<AuthFormat> (required)
│    │     │       + Array<AuthFormat>
│    │     ├[+] DefaultAuthScheme: string
│    │     ├[+] EndpointNetworkType: string (immutable)
│    │     └[+] TargetConnectionNetworkType: string (immutable)
│    └[~]  resource AWS::RDS::DBProxyEndpoint
│       └ properties
│          └[+] EndpointNetworkType: string (immutable)
└[~] service aws-servicecatalog
  └ resources
     ├[~]  resource AWS::ServiceCatalog::PortfolioPrincipalAssociation
     └[~]  resource AWS::ServiceCatalog::PortfolioProductAssociation

[alvazjor]

No backwards incompatible changes for L1s in this PR

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.