Skip to content

feat: update L1 CloudFormation resource definitions #35712

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 10, 2025
Merged

feat: update L1 CloudFormation resource definitions #35712

merged 2 commits into from
Oct 10, 2025

Conversation

@aws-cdk-automation
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation commented Oct 10, 2025

Updates the L1 CloudFormation resource definitions with the latest changes from @aws-cdk/aws-service-spec

L1 CloudFormation resource definition changes:

├[~] service aws-backup
│ └ resources
│    └[~]  resource AWS::Backup::LogicallyAirGappedBackupVault
│       └      - arnTemplate: undefined
│              + arnTemplate: arn:${Partition}:backup:${Region}:${Account}:backup-vault:${BackupVaultName}
├[~] service aws-bedrockagentcore
│ └ resources
│    └[+]  resource AWS::BedrockAgentCore::Memory
│       ├      name: Memory
│       │      cloudFormationType: AWS::BedrockAgentCore::Memory
│       │      documentation: Resource Type definition for AWS::BedrockAgentCore::Memory
│       │      tagInformation: {"tagPropertyName":"Tags","variant":"map"}
│       ├ properties
│       │  ├ Name: string (required, immutable)
│       │  ├ Description: string
│       │  ├ EncryptionKeyArn: string (immutable)
│       │  ├ MemoryExecutionRoleArn: string
│       │  ├ EventExpiryDuration: integer (required)
│       │  ├ MemoryStrategies: Array<MemoryStrategy>
│       │  └ Tags: Map<string, string>
│       ├ attributes
│       │  ├ MemoryArn: string
│       │  ├ MemoryId: string
│       │  ├ Status: string
│       │  ├ CreatedAt: string
│       │  ├ UpdatedAt: string
│       │  └ FailureReason: string
│       └ types
│          ├ type CustomConfigurationInput
│          │ ├      name: CustomConfigurationInput
│          │ └ properties
│          │    ├ SemanticOverride: SemanticOverride
│          │    ├ SummaryOverride: SummaryOverride
│          │    └ UserPreferenceOverride: UserPreferenceOverride
│          ├ type CustomMemoryStrategy
│          │ ├      name: CustomMemoryStrategy
│          │ └ properties
│          │    ├ Name: string (required)
│          │    ├ Description: string
│          │    ├ Namespaces: Array<string>
│          │    ├ Configuration: CustomConfigurationInput
│          │    ├ StrategyId: string
│          │    ├ Type: string
│          │    ├ Status: string
│          │    ├ CreatedAt: string
│          │    └ UpdatedAt: string
│          ├ type MemoryStrategy
│          │ ├      name: MemoryStrategy
│          │ └ properties
│          │    ├ SemanticMemoryStrategy: SemanticMemoryStrategy
│          │    ├ SummaryMemoryStrategy: SummaryMemoryStrategy
│          │    ├ UserPreferenceMemoryStrategy: UserPreferenceMemoryStrategy
│          │    └ CustomMemoryStrategy: CustomMemoryStrategy
│          ├ type SemanticMemoryStrategy
│          │ ├      name: SemanticMemoryStrategy
│          │ └ properties
│          │    ├ Name: string (required)
│          │    ├ Description: string
│          │    ├ Namespaces: Array<string>
│          │    ├ StrategyId: string
│          │    ├ Type: string
│          │    ├ Status: string
│          │    ├ CreatedAt: string
│          │    └ UpdatedAt: string
│          ├ type SemanticOverride
│          │ ├      name: SemanticOverride
│          │ └ properties
│          │    ├ Extraction: SemanticOverrideExtractionConfigurationInput
│          │    └ Consolidation: SemanticOverrideConsolidationConfigurationInput
│          ├ type SemanticOverrideConsolidationConfigurationInput
│          │ ├      name: SemanticOverrideConsolidationConfigurationInput
│          │ └ properties
│          │    ├ AppendToPrompt: string (required)
│          │    └ ModelId: string (required)
│          ├ type SemanticOverrideExtractionConfigurationInput
│          │ ├      name: SemanticOverrideExtractionConfigurationInput
│          │ └ properties
│          │    ├ AppendToPrompt: string (required)
│          │    └ ModelId: string (required)
│          ├ type SummaryMemoryStrategy
│          │ ├      name: SummaryMemoryStrategy
│          │ └ properties
│          │    ├ Name: string (required)
│          │    ├ Description: string
│          │    ├ Namespaces: Array<string>
│          │    ├ StrategyId: string
│          │    ├ Type: string
│          │    ├ Status: string
│          │    ├ CreatedAt: string
│          │    └ UpdatedAt: string
│          ├ type SummaryOverride
│          │ ├      name: SummaryOverride
│          │ └ properties
│          │    └ Consolidation: SummaryOverrideConsolidationConfigurationInput
│          ├ type SummaryOverrideConsolidationConfigurationInput
│          │ ├      name: SummaryOverrideConsolidationConfigurationInput
│          │ └ properties
│          │    ├ AppendToPrompt: string (required)
│          │    └ ModelId: string (required)
│          ├ type UserPreferenceMemoryStrategy
│          │ ├      name: UserPreferenceMemoryStrategy
│          │ └ properties
│          │    ├ Name: string (required)
│          │    ├ Description: string
│          │    ├ Namespaces: Array<string>
│          │    ├ StrategyId: string
│          │    ├ Type: string
│          │    ├ Status: string
│          │    ├ CreatedAt: string
│          │    └ UpdatedAt: string
│          ├ type UserPreferenceOverride
│          │ ├      name: UserPreferenceOverride
│          │ └ properties
│          │    ├ Extraction: UserPreferenceOverrideExtractionConfigurationInput
│          │    └ Consolidation: UserPreferenceOverrideConsolidationConfigurationInput
│          ├ type UserPreferenceOverrideConsolidationConfigurationInput
│          │ ├      name: UserPreferenceOverrideConsolidationConfigurationInput
│          │ └ properties
│          │    ├ AppendToPrompt: string (required)
│          │    └ ModelId: string (required)
│          └ type UserPreferenceOverrideExtractionConfigurationInput
│            ├      name: UserPreferenceOverrideExtractionConfigurationInput
│            └ properties
│               ├ AppendToPrompt: string (required)
│               └ ModelId: string (required)
├[~] service aws-chatbot
│ └ resources
│    └[~]  resource AWS::Chatbot::SlackChannelConfiguration
│       └      - arnTemplate: arn:${Partition}:chatbot::${Account}:chat-configuration/slack-channel/${ConfigurationName}
│              + arnTemplate: arn:${Partition}:chatbot::${Account}:chat-configuration/${ConfigurationType}/${ChatbotConfigurationName}
├[~] service aws-datasync
│ └ resources
│    ├[~]  resource AWS::DataSync::LocationAzureBlob
│    │  └      - arnTemplate: undefined
│    │         + arnTemplate: arn:${Partition}:datasync:${Region}:${AccountId}:location/${LocationId}
│    ├[~]  resource AWS::DataSync::LocationEFS
│    │  └      - arnTemplate: undefined
│    │         + arnTemplate: arn:${Partition}:datasync:${Region}:${AccountId}:location/${LocationId}
│    ├[~]  resource AWS::DataSync::LocationFSxLustre
│    │  └      - arnTemplate: undefined
│    │         + arnTemplate: arn:${Partition}:datasync:${Region}:${AccountId}:location/${LocationId}
│    ├[~]  resource AWS::DataSync::LocationFSxONTAP
│    │  └      - arnTemplate: undefined
│    │         + arnTemplate: arn:${Partition}:datasync:${Region}:${AccountId}:location/${LocationId}
│    ├[~]  resource AWS::DataSync::LocationFSxOpenZFS
│    │  └      - arnTemplate: undefined
│    │         + arnTemplate: arn:${Partition}:datasync:${Region}:${AccountId}:location/${LocationId}
│    ├[~]  resource AWS::DataSync::LocationFSxWindows
│    │  └      - arnTemplate: undefined
│    │         + arnTemplate: arn:${Partition}:datasync:${Region}:${AccountId}:location/${LocationId}
│    ├[~]  resource AWS::DataSync::LocationHDFS
│    │  └      - arnTemplate: undefined
│    │         + arnTemplate: arn:${Partition}:datasync:${Region}:${AccountId}:location/${LocationId}
│    ├[~]  resource AWS::DataSync::LocationNFS
│    │  └      - arnTemplate: undefined
│    │         + arnTemplate: arn:${Partition}:datasync:${Region}:${AccountId}:location/${LocationId}
│    ├[~]  resource AWS::DataSync::LocationObjectStorage
│    │  └      - arnTemplate: undefined
│    │         + arnTemplate: arn:${Partition}:datasync:${Region}:${AccountId}:location/${LocationId}
│    └[~]  resource AWS::DataSync::LocationS3
│       └      - arnTemplate: undefined
│              + arnTemplate: arn:${Partition}:datasync:${Region}:${AccountId}:location/${LocationId}
├[~] service aws-devicefarm
│ └ resources
│    └[~]  resource AWS::DeviceFarm::NetworkProfile
│       └      - arnTemplate: arn:${Partition}:devicefarm:${Region}:${Account}:networkprofile:${ProjectId}/${NetworkProfileId}
│              + arnTemplate: arn:${Partition}:devicefarm:${Region}:${Account}:networkprofile:${ResourceId}
├[~] service aws-directoryservice
│ └ resources
│    └[~]  resource AWS::DirectoryService::SimpleAD
│       └      - arnTemplate: undefined
│              + arnTemplate: arn:${Partition}:ds:${Region}:${Account}:directory/${DirectoryId}
├[~] service aws-ec2
│ └ resources
│    └[~]  resource AWS::EC2::TransitGatewayPeeringAttachment
│       └      - arnTemplate: undefined
│              + arnTemplate: arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-attachment/${TransitGatewayAttachmentId}
├[~] service aws-elasticloadbalancingv2
│ └ resources
│    ├[~]  resource AWS::ElasticLoadBalancingV2::ListenerRule
│    │  └      - arnTemplate: arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener-rule/${LoadBalancerType}/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}/${ListenerRuleId}
│    │         + arnTemplate: arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener-rule/net/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}/${ListenerRuleId}
│    └[~]  resource AWS::ElasticLoadBalancingV2::LoadBalancer
│       └      - arnTemplate: arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/${LoadBalancerType}/${LoadBalancerName}/${LoadBalancerId}
│              + arnTemplate: arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/net/${LoadBalancerName}/${LoadBalancerId}
├[~] service aws-events
│ └ resources
│    └[~]  resource AWS::Events::Rule
│       └      - arnTemplate: arn:${Partition}:events:${Region}:${Account}:rule/${EventBusName}/${RuleName}
│              + arnTemplate: arn:${Partition}:events:${Region}:${Account}:rule/[${EventBusName}/]${RuleName}
├[~] service aws-imagebuilder
│ └ resources
│    └[~]  resource AWS::ImageBuilder::Image
│       └      - arnTemplate: arn:${Partition}:imagebuilder:${Region}:${Account}:image/${ImageName}/${ImageVersion}
│              + arnTemplate: arn:${Partition}:imagebuilder:${Region}:${Account}:image/${ImageName}/${ImageVersion}/${ImageBuildVersion}
├[~] service aws-iot
│ └ resources
│    └[~]  resource AWS::IoT::DomainConfiguration
│       └      - arnTemplate: arn:${Partition}:iot:${Region}:${Account}:domainconfiguration/${DomainConfigurationName}/${Id}
│              + arnTemplate: arn:${Partition}:iot:${Region}:${Account}:domainconfiguration/${DomainConfigurationName}
├[~] service aws-iotsitewise
│ └ resources
│    ├[~]  resource AWS::IoTSiteWise::AccessPolicy
│    │  └      - documentation: Creates an access policy that grants the specified identity (IAM Identity Center user, IAM Identity Center group, or IAM user) access to the specified AWS IoT SiteWise Monitor portal or project resource.
│    │         > Support for access policies that use an SSO Group as the identity is not supported at this time.
│    │         + documentation: > The AWS IoT SiteWise Monitor feature will no longer be open to new customers starting November 7, 2025 . If you would like to use the AWS IoT SiteWise Monitor feature, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see [AWS IoT SiteWise Monitor availability change](https://docs.aws.amazon.com/iot-sitewise/latest/appguide/iotsitewise-monitor-availability-change.html) . 
│    │         Creates an access policy that grants the specified identity (IAM Identity Center user, IAM Identity Center group, or IAM user) access to the specified AWS IoT SiteWise Monitor portal or project resource.
│    │         > Support for access policies that use an SSO Group as the identity is not supported at this time.
│    ├[~]  resource AWS::IoTSiteWise::AssetModel
│    │  ├ properties
│    │  │  └ AssetModelType: (documentation changed)
│    │  └ types
│    │     ├[~] type EnforcedAssetModelInterfacePropertyMapping
│    │     │ ├      - documentation: Contains information about enforced interface property and asset model property
│    │     │ │      + documentation: Contains information about applied interface property and asset model property
│    │     │ └ properties
│    │     │    ├ AssetModelPropertyExternalId: (documentation changed)
│    │     │    ├ AssetModelPropertyLogicalId: (documentation changed)
│    │     │    └ InterfaceAssetModelPropertyExternalId: (documentation changed)
│    │     └[~] type EnforcedAssetModelInterfaceRelationship
│    │       ├      - documentation: Contains information about enforced interface hierarchy and asset model hierarchy
│    │       │      + documentation: Contains information about applied interface hierarchy and asset model hierarchy
│    │       └ properties
│    │          ├ InterfaceAssetModelId: (documentation changed)
│    │          └ PropertyMappings: (documentation changed)
│    ├[~]  resource AWS::IoTSiteWise::ComputationModel
│    │  ├      - documentation: Resource schema for AWS::IoTSiteWise::ComputationModel.
│    │  │      + documentation: Create a computation model with a configuration and data binding.
│    │  ├ properties
│    │  │  ├ ComputationModelConfiguration: (documentation changed)
│    │  │  ├ ComputationModelDataBinding: (documentation changed)
│    │  │  ├ ComputationModelDescription: (documentation changed)
│    │  │  └ Tags: (documentation changed)
│    │  ├ attributes
│    │  │  └ ComputationModelArn: (documentation changed)
│    │  └ types
│    │     ├[~] type AnomalyDetectionComputationModelConfiguration
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Contains the configuration for anomaly detection computation models.
│    │     │ └ properties
│    │     │    ├ InputProperties: (documentation changed)
│    │     │    └ ResultProperty: (documentation changed)
│    │     ├[~] type AssetModelPropertyBindingValue
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Contains information about an `assetModelProperty` binding value.
│    │     │ └ properties
│    │     │    ├ AssetModelId: (documentation changed)
│    │     │    └ PropertyId: (documentation changed)
│    │     ├[~] type AssetPropertyBindingValue
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: Represents a data binding value referencing a specific asset property. It's used to bind computation model variables to actual asset property values for processing.
│    │     │ └ properties
│    │     │    ├ AssetId: (documentation changed)
│    │     │    └ PropertyId: (documentation changed)
│    │     ├[~] type ComputationModelConfiguration
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: The configuration for the computation model.
│    │     │ └ properties
│    │     │    └ AnomalyDetection: (documentation changed)
│    │     └[~] type ComputationModelDataBindingValue
│    │       ├      - documentation: undefined
│    │       │      + documentation: Contains computation model data binding value information, which can be one of `assetModelProperty` , `list` .
│    │       └ properties
│    │          ├ AssetModelProperty: (documentation changed)
│    │          ├ AssetProperty: (documentation changed)
│    │          └ List: (documentation changed)
│    ├[~]  resource AWS::IoTSiteWise::Dashboard
│    │  └      - documentation: Creates a dashboard in an AWS IoT SiteWise Monitor project.
│    │         + documentation: > The AWS IoT SiteWise Monitor feature will no longer be open to new customers starting November 7, 2025 . If you would like to use the AWS IoT SiteWise Monitor feature, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see [AWS IoT SiteWise Monitor availability change](https://docs.aws.amazon.com/iot-sitewise/latest/appguide/iotsitewise-monitor-availability-change.html) . 
│    │         Creates a dashboard in an AWS IoT SiteWise Monitor project.
│    ├[~]  resource AWS::IoTSiteWise::Dataset
│    │  ├      - documentation: Resource schema for AWS::IoTSiteWise::Dataset.
│    │  │      + documentation: Creates a dataset to connect an external datasource.
│    │  ├ properties
│    │  │  ├ DatasetSource: (documentation changed)
│    │  │  └ Tags: (documentation changed)
│    │  ├ attributes
│    │  │  └ DatasetArn: (documentation changed)
│    │  └ types
│    │     ├[~] type DatasetSource
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: The data source for the dataset.
│    │     │ └ properties
│    │     │    └ SourceDetail: (documentation changed)
│    │     ├[~] type KendraSourceDetail
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: The source details for the Kendra dataset source.
│    │     │ └ properties
│    │     │    ├ KnowledgeBaseArn: (documentation changed)
│    │     │    └ RoleArn: (documentation changed)
│    │     └[~] type SourceDetail
│    │       ├      - documentation: undefined
│    │       │      + documentation: The details of the dataset source associated with the dataset.
│    │       └ properties
│    │          └ Kendra: (documentation changed)
│    ├[~]  resource AWS::IoTSiteWise::Portal
│    │  └      - documentation: Creates a portal, which can contain projects and dashboards. AWS IoT SiteWise Monitor uses IAM Identity Center or IAM to authenticate portal users and manage user permissions.
│    │         > Before you can sign in to a new portal, you must add at least one identity to that portal. For more information, see [Adding or removing portal administrators](https://docs.aws.amazon.com/iot-sitewise/latest/userguide/administer-portals.html#portal-change-admins) in the *AWS IoT SiteWise User Guide* .
│    │         + documentation: > The AWS IoT SiteWise Monitor feature will no longer be open to new customers starting November 7, 2025 . If you would like to use the AWS IoT SiteWise Monitor feature, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see [AWS IoT SiteWise Monitor availability change](https://docs.aws.amazon.com/iot-sitewise/latest/appguide/iotsitewise-monitor-availability-change.html) . 
│    │         Creates a portal, which can contain projects and dashboards. AWS IoT SiteWise Monitor uses IAM Identity Center or IAM to authenticate portal users and manage user permissions.
│    │         > Before you can sign in to a new portal, you must add at least one identity to that portal. For more information, see [Adding or removing portal administrators](https://docs.aws.amazon.com/iot-sitewise/latest/userguide/administer-portals.html#portal-change-admins) in the *AWS IoT SiteWise User Guide* .
│    └[~]  resource AWS::IoTSiteWise::Project
│       └      - documentation: Creates a project in the specified portal.
│              > Make sure that the project name and description don't contain confidential information.
│              + documentation: > The AWS IoT SiteWise Monitor feature will no longer be open to new customers starting November 7, 2025 . If you would like to use the AWS IoT SiteWise Monitor feature, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see [AWS IoT SiteWise Monitor availability change](https://docs.aws.amazon.com/iot-sitewise/latest/appguide/iotsitewise-monitor-availability-change.html) . 
│              Creates a project in the specified portal.
│              > Make sure that the project name and description don't contain confidential information.
├[~] service aws-iotwireless
│ └ resources
│    └[~]  resource AWS::IoTWireless::WirelessDeviceImportTask
│       └      - arnTemplate: arn:${Partition}:iotwireless:${Region}:${Account}:WirelessDeviceImportTask/${WirelessDeviceImportTaskId}
│              + arnTemplate: arn:${Partition}:iotwireless:${Region}:${Account}:ImportTask/${ImportTaskId}
├[~] service aws-kinesis
│ └ resources
│    └[~]  resource AWS::Kinesis::ResourcePolicy
│       └ properties
│          └ ResourceArn: (documentation changed)
├[~] service aws-lightsail
│ └ resources
│    └[~]  resource AWS::Lightsail::DiskSnapshot
│       ├      - documentation: Resource Type definition for AWS::Lightsail::DiskSnapshot
│       │      + documentation: Describes a block storage disk snapshot.
│       ├ properties
│       │  ├ DiskName: (documentation changed)
│       │  ├ DiskSnapshotName: (documentation changed)
│       │  └ Tags: (documentation changed)
│       └ attributes
│          ├ CreatedAt: (documentation changed)
│          ├ FromDiskName: (documentation changed)
│          ├ Progress: (documentation changed)
│          ├ ResourceType: (documentation changed)
│          ├ SizeInGb: (documentation changed)
│          └ SupportCode: (documentation changed)
├[~] service aws-m2
│ └ resources
│    ├[~]  resource AWS::M2::Deployment
│    │  └      - documentation: Creates and starts a deployment to deploy an application into a runtime environment.
│    │         + documentation: > AWS Mainframe Modernization Service (Managed Runtime Environment experience) will no longer be open to new customers starting on November 7, 2025. If you would like to use the service, please sign up prior to November 7, 2025. For capabilities similar to AWS Mainframe Modernization Service (Managed Runtime Environment experience) explore AWS Mainframe Modernization Service (Self-Managed Experience). Existing customers can continue to use the service as normal. For more information, see [AWS Mainframe Modernization availability change](https://docs.aws.amazon.com/m2/latest/userguide/mainframe-modernization-availability-change.html) . 
│    │         Creates and starts a deployment to deploy an application into a runtime environment.
│    └[~]  resource AWS::M2::Environment
│       ├ properties
│       │  ├ HighAvailabilityConfig: (documentation changed)
│       │  └ StorageConfigurations: (documentation changed)
│       └ types
│          ├[~] type EfsStorageConfiguration
│          │ └      - documentation: Defines the storage configuration for an Amazon EFS file system.
│          │        + documentation: > AWS Mainframe Modernization Service (Managed Runtime Environment experience) will no longer be open to new customers starting on November 7, 2025. If you would like to use the service, please sign up prior to November 7, 2025. For capabilities similar to AWS Mainframe Modernization Service (Managed Runtime Environment experience) explore AWS Mainframe Modernization Service (Self-Managed Experience). Existing customers can continue to use the service as normal. For more information, see [AWS Mainframe Modernization availability change](https://docs.aws.amazon.com/m2/latest/userguide/mainframe-modernization-availability-change.html) . 
│          │        Defines the storage configuration for an Amazon EFS file system.
│          ├[~] type FsxStorageConfiguration
│          │ └      - documentation: Defines the storage configuration for an Amazon FSx file system.
│          │        + documentation: > AWS Mainframe Modernization Service (Managed Runtime Environment experience) will no longer be open to new customers starting on November 7, 2025. If you would like to use the service, please sign up prior to November 7, 2025. For capabilities similar to AWS Mainframe Modernization Service (Managed Runtime Environment experience) explore AWS Mainframe Modernization Service (Self-Managed Experience). Existing customers can continue to use the service as normal. For more information, see [AWS Mainframe Modernization availability change](https://docs.aws.amazon.com/m2/latest/userguide/mainframe-modernization-availability-change.html) . 
│          │        Defines the storage configuration for an Amazon FSx file system.
│          ├[~] type HighAvailabilityConfig
│          │ └      - documentation: Defines the details of a high availability configuration.
│          │        + documentation: > AWS Mainframe Modernization Service (Managed Runtime Environment experience) will no longer be open to new customers starting on November 7, 2025. If you would like to use the service, please sign up prior to November 7, 2025. For capabilities similar to AWS Mainframe Modernization Service (Managed Runtime Environment experience) explore AWS Mainframe Modernization Service (Self-Managed Experience). Existing customers can continue to use the service as normal. For more information, see [AWS Mainframe Modernization availability change](https://docs.aws.amazon.com/m2/latest/userguide/mainframe-modernization-availability-change.html) . 
│          │        Defines the details of a high availability configuration.
│          └[~] type StorageConfiguration
│            └      - documentation: Defines the storage configuration for a runtime environment.
│                   + documentation: > AWS Mainframe Modernization Service (Managed Runtime Environment experience) will no longer be open to new customers starting on November 7, 2025. If you would like to use the service, please sign up prior to November 7, 2025. For capabilities similar to AWS Mainframe Modernization Service (Managed Runtime Environment experience) explore AWS Mainframe Modernization Service (Self-Managed Experience). Existing customers can continue to use the service as normal. For more information, see [AWS Mainframe Modernization availability change](https://docs.aws.amazon.com/m2/latest/userguide/mainframe-modernization-availability-change.html) . 
│                   Defines the storage configuration for a runtime environment.
├[~] service aws-networkmanager
│ └ resources
│    └[~]  resource AWS::NetworkManager::ConnectAttachment
│       └      - arnTemplate: undefined
│              + arnTemplate: arn:${Partition}:networkmanager::${Account}:attachment/${AttachmentId}
├[~] service aws-omics
│ └ resources
│    └[~]  resource AWS::Omics::AnnotationStore
│       └      - documentation: Creates an annotation store.
│              + documentation: > AWS HealthOmics variant stores and annotation stores will no longer be open to new customers starting November 7, 2025. If you would like to use variant stores or annotation stores, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see [AWS HealthOmics variant store and annotation store availability change](https://docs.aws.amazon.com/omics/latest/dev/variant-store-availability-change.html) . 
│              Creates an annotation store.
├[~] service aws-pcs
│ └ resources
│    ├[~]  resource AWS::PCS::Cluster
│    │  └ properties
│    │     └ SlurmConfiguration: - SlurmConfiguration (immutable)
│    │                           + SlurmConfiguration
│    └[~]  resource AWS::PCS::Queue
│       └ properties
│          └ SlurmConfiguration: (documentation changed)
├[~] service aws-pinpoint
│ └ resources
│    └[~]  resource AWS::Pinpoint::InAppTemplate
│       └      - arnTemplate: undefined
│              + arnTemplate: arn:${Partition}:mobiletargeting:${Region}:${Account}:templates/${TemplateName}/SMS
├[~] service aws-quicksight
│ └ resources
│    └[~]  resource AWS::QuickSight::Dashboard
│       └ types
│          ├[~] type DashboardPublishOptions
│          │ └ properties
│          │    └[+] QuickSuiteActionsOption: QuickSuiteActionsOption
│          └[+]  type QuickSuiteActionsOption
│             ├      name: QuickSuiteActionsOption
│             └ properties
│                └ AvailabilityStatus: string
├[~] service aws-redshift
│ └ resources
│    ├[~]  resource AWS::Redshift::ClusterSecurityGroup
│    │  └      - arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroup:${SecurityGroupName}
│    │         + arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroup:${SecurityGroupName}/ec2securitygroup/${Owner}/${Ec2SecurityGroupId}
│    └[~]  resource AWS::Redshift::ClusterSecurityGroupIngress
│       └      - arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroupingress:${SecurityGroupName}/ec2securitygroup/${Owner}/${Ece2SecuritygroupId}
│              + arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroupingress:${SecurityGroupName}/cidrip/${IpRange}
├[~] service aws-refactorspaces
│ └ resources
│    ├[~]  resource AWS::RefactorSpaces::Application
│    │  └      - documentation: Creates an AWS Migration Hub Refactor Spaces application. The account that owns the environment also owns the applications created inside the environment, regardless of the account that creates the application. Refactor Spaces provisions an Amazon API Gateway, API Gateway VPC link, and Network Load Balancer for the application proxy inside your account.
│    │         In environments created with a [CreateEnvironment:NetworkFabricType](https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/APIReference/API_CreateEnvironment.html#migrationhubrefactorspaces-CreateEnvironment-request-NetworkFabricType) of `NONE` you need to configure [VPC to VPC connectivity](https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/amazon-vpc-to-amazon-vpc-connectivity-options.html) between your service VPC and the application proxy VPC to route traffic through the application proxy to a service with a private URL endpoint. For more information, see [Create an application](https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/userguide/getting-started-create-application.html) in the *Refactor Spaces User Guide* .
│    │         + documentation: > AWS Migration Hub will no longer be open to new customers starting November 7, 2025. To continue using the service, sign up prior to November 7, 2025. For capabilities similar to AWS Migration Hub , explore [AWS Migration Hub](https://docs.aws.amazon.com/https://aws.amazon.com/transform) . 
│    │         Creates an AWS Migration Hub Refactor Spaces application. The account that owns the environment also owns the applications created inside the environment, regardless of the account that creates the application. Refactor Spaces provisions an Amazon API Gateway, API Gateway VPC link, and Network Load Balancer for the application proxy inside your account.
│    │         In environments created with a [CreateEnvironment:NetworkFabricType](https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/APIReference/API_CreateEnvironment.html#migrationhubrefactorspaces-CreateEnvironment-request-NetworkFabricType) of `NONE` you need to configure [VPC to VPC connectivity](https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/amazon-vpc-to-amazon-vpc-connectivity-options.html) between your service VPC and the application proxy VPC to route traffic through the application proxy to a service with a private URL endpoint. For more information, see [Create an application](https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/userguide/getting-started-create-application.html) in the *Refactor Spaces User Guide* .
│    ├[~]  resource AWS::RefactorSpaces::Environment
│    │  └      - documentation: Creates an AWS Migration Hub Refactor Spaces environment. The caller owns the environment resource, and all Refactor Spaces applications, services, and routes created within the environment. They are referred to as the *environment owner* . The environment owner has cross-account visibility and control of Refactor Spaces resources that are added to the environment by other accounts that the environment is shared with.
│    │         When creating an environment with a [CreateEnvironment:NetworkFabricType](https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/APIReference/API_CreateEnvironment.html#migrationhubrefactorspaces-CreateEnvironment-request-NetworkFabricType) of `TRANSIT_GATEWAY` , Refactor Spaces provisions a transit gateway to enable services in VPCs to communicate directly across accounts. If [CreateEnvironment:NetworkFabricType](https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/APIReference/API_CreateEnvironment.html#migrationhubrefactorspaces-CreateEnvironment-request-NetworkFabricType) is `NONE` , Refactor Spaces does not create a transit gateway and you must use your network infrastructure to route traffic to services with private URL endpoints.
│    │         + documentation: > AWS Migration Hub will no longer be open to new customers starting November 7, 2025. To continue using the service, sign up prior to November 7, 2025. For capabilities similar to AWS Migration Hub , explore [AWS Migration Hub](https://docs.aws.amazon.com/https://aws.amazon.com/transform) . 
│    │         Creates an AWS Migration Hub Refactor Spaces environment. The caller owns the environment resource, and all Refactor Spaces applications, services, and routes created within the environment. They are referred to as the *environment owner* . The environment owner has cross-account visibility and control of Refactor Spaces resources that are added to the environment by other accounts that the environment is shared with.
│    │         When creating an environment with a [CreateEnvironment:NetworkFabricType](https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/APIReference/API_CreateEnvironment.html#migrationhubrefactorspaces-CreateEnvironment-request-NetworkFabricType) of `TRANSIT_GATEWAY` , Refactor Spaces provisions a transit gateway to enable services in VPCs to communicate directly across accounts. If [CreateEnvironment:NetworkFabricType](https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/APIReference/API_CreateEnvironment.html#migrationhubrefactorspaces-CreateEnvironment-request-NetworkFabricType) is `NONE` , Refactor Spaces does not create a transit gateway and you must use your network infrastructure to route traffic to services with private URL endpoints.
│    └[~]  resource AWS::RefactorSpaces::Service
│       └      - documentation: Creates an AWS Migration Hub Refactor Spaces service. The account owner of the service is always the environment owner, regardless of which account in the environment creates the service. Services have either a URL endpoint in a virtual private cloud (VPC), or a Lambda function endpoint.
│              > If an AWS resource is launched in a service VPC, and you want it to be accessible to all of an environment’s services with VPCs and routes, apply the `RefactorSpacesSecurityGroup` to the resource. Alternatively, to add more cross-account constraints, apply your own security group.
│              + documentation: > AWS Migration Hub will no longer be open to new customers starting November 7, 2025. To continue using the service, sign up prior to November 7, 2025. For capabilities similar to AWS Migration Hub , explore [AWS Migration Hub](https://docs.aws.amazon.com/https://aws.amazon.com/transform) . 
│              Creates an AWS Migration Hub Refactor Spaces service. The account owner of the service is always the environment owner, regardless of which account in the environment creates the service. Services have either a URL endpoint in a virtual private cloud (VPC), or a Lambda function endpoint.
│              > If an AWS resource is launched in a service VPC, and you want it to be accessible to all of an environment’s services with VPCs and routes, apply the `RefactorSpacesSecurityGroup` to the resource. Alternatively, to add more cross-account constraints, apply your own security group.
└[~] service aws-s3objectlambda
  └ resources
     ├[~]  resource AWS::S3ObjectLambda::AccessPoint
     │  ├ properties
     │  │  └ ObjectLambdaConfiguration: (documentation changed)
     │  └ types
     │     ├[~] type Alias
     │     │ └      - documentation: The alias of an Object Lambda Access Point. For more information, see [How to use a bucket-style alias for your S3 bucket Object Lambda Access Point](https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-use.html#ol-access-points-alias) .
     │     │        + documentation: > Amazon S3 Object Lambda will no longer be open to new customers starting on 11/7/2025. If you would like to use the service, please sign up prior to 11/7/2025. For capabilities similar to S3 Object Lambda, learn more here - [Amazon S3 Object Lambda availability change](https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazons3-ol-change.html) . 
     │     │        The alias of an Object Lambda Access Point. For more information, see [How to use a bucket-style alias for your S3 bucket Object Lambda Access Point](https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-use.html#ol-access-points-alias) .
     │     ├[~] type ObjectLambdaConfiguration
     │     │ └      - documentation: A configuration used when creating an Object Lambda Access Point.
     │     │        + documentation: > Amazon S3 Object Lambda will no longer be open to new customers starting on 11/7/2025. If you would like to use the service, please sign up prior to 11/7/2025. For capabilities similar to S3 Object Lambda, learn more here - [Amazon S3 Object Lambda availability change](https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazons3-ol-change.html) . 
     │     │        A configuration used when creating an Object Lambda Access Point.
     │     └[~] type TransformationConfiguration
     │       └      - documentation: A configuration used when creating an Object Lambda Access Point transformation.
     │              + documentation: > Amazon S3 Object Lambda will no longer be open to new customers starting on 11/7/2025. If you would like to use the service, please sign up prior to 11/7/2025. For capabilities similar to S3 Object Lambda, learn more here - [Amazon S3 Object Lambda availability change](https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazons3-ol-change.html) . 
     │              A configuration used when creating an Object Lambda Access Point transformation.
     └[~]  resource AWS::S3ObjectLambda::AccessPointPolicy
        └ properties
           └ ObjectLambdaAccessPoint: (documentation changed)

@aws-cdk-automation @github-actions
feat: update L1 CloudFormation resource definitions
baff91e 
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
@aws-cdk-automation aws-cdk-automation added contribution/core This is a PR that came from AWS. dependencies This issue is a problem in a dependency or a pull request that updates a dependency file. pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes pr-linter/exempt-integ-test The PR linter will not require integ test changes labels Oct 10, 2025
@aws-cdk-automation aws-cdk-automation requested review from a team October 10, 2025 08:02
@github-actions github-actions bot added the p2 label Oct 10, 2025
@gasolima gasolima self-assigned this Oct 10, 2025
@gasolima gasolima added the pr/do-not-merge This PR should not be merged at this time. label Oct 10, 2025
@gasolima
Copy link
Contributor

gasolima commented Oct 10, 2025

The below 2 i believe they're problematic

 └[~]  resource AWS::Chatbot::SlackChannelConfiguration
│       └      - arnTemplate: arn:${Partition}:chatbot::${Account}:chat-configuration/slack-channel/${ConfigurationName}
│              + arnTemplate: arn:${Partition}:chatbot::${Account}:chat-configuration/${ConfigurationType}/${ChatbotConfigurationName}

├[~]  resource AWS::Redshift::ClusterSecurityGroup
│    │  └      - arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroup:${SecurityGroupName}
│    │         + arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroup:${SecurityGroupName}/ec2securitygroup/${Owner}/${Ec2SecurityGroupId}

Not sure about this one

│    └[~]  resource AWS::IoTWireless::WirelessDeviceImportTask
│       └      - arnTemplate: arn:${Partition}:iotwireless:${Region}:${Account}:WirelessDeviceImportTask/${WirelessDeviceImportTaskId}
│              + arnTemplate: arn:${Partition}:iotwireless:${Region}:${Account}:ImportTask/${ImportTaskId}

@mrgrain
Copy link
Contributor

mrgrain commented Oct 10, 2025

The below 2 i believe they're problematic

 └[~]  resource AWS::Chatbot::SlackChannelConfiguration
│       └      - arnTemplate: arn:${Partition}:chatbot::${Account}:chat-configuration/slack-channel/${ConfigurationName}
│              + arnTemplate: arn:${Partition}:chatbot::${Account}:chat-configuration/${ConfigurationType}/${ChatbotConfigurationName}

This might be a new feature. not sure.
https://docs.aws.amazon.com/chatbot/latest/adminguide/what-is.html
https://docs.aws.amazon.com/service-authorization/latest/reference/list_awschatbot.html

├[~]  resource AWS::Redshift::ClusterSecurityGroup
│    │  └      - arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroup:${SecurityGroupName}
│    │         + arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroup:${SecurityGroupName}/ec2securitygroup/${Owner}/${Ec2SecurityGroupId}

This is aligning to reality: https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonredshift.html

Not sure about this one

│    └[~]  resource AWS::IoTWireless::WirelessDeviceImportTask
│       └      - arnTemplate: arn:${Partition}:iotwireless:${Region}:${Account}:WirelessDeviceImportTask/${WirelessDeviceImportTaskId}
│              + arnTemplate: arn:${Partition}:iotwireless:${Region}:${Account}:ImportTask/${ImportTaskId}

Reality. WirelessDeviceImportTask does not seem to exist.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiotwireless.html

@otaviomacedo
Copy link
Contributor

otaviomacedo commented Oct 10, 2025

The below 2 i believe they're problematic

 └[~]  resource AWS::Chatbot::SlackChannelConfiguration
│       └      - arnTemplate: arn:${Partition}:chatbot::${Account}:chat-configuration/slack-channel/${ConfigurationName}
│              + arnTemplate: arn:${Partition}:chatbot::${Account}:chat-configuration/${ConfigurationType}/${ChatbotConfigurationName}

├[~]  resource AWS::Redshift::ClusterSecurityGroup
│    │  └      - arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroup:${SecurityGroupName}
│    │         + arnTemplate: arn:${Partition}:redshift:${Region}:${Account}:securitygroup:${SecurityGroupName}/ec2securitygroup/${Owner}/${Ec2SecurityGroupId}

Not sure about this one

│    └[~]  resource AWS::IoTWireless::WirelessDeviceImportTask
│       └      - arnTemplate: arn:${Partition}:iotwireless:${Region}:${Account}:WirelessDeviceImportTask/${WirelessDeviceImportTaskId}
│              + arnTemplate: arn:${Partition}:iotwireless:${Region}:${Account}:ImportTask/${ImportTaskId}

None of the corresponding L1 constructs currently have ARN based static factory methods. I'll investigate, but this is not a breaking change.

@gasolima gasolima removed the pr/do-not-merge This PR should not be merged at this time. label Oct 10, 2025
@mergify
Copy link
Contributor

mergify bot commented Oct 10, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot added the queued label Oct 10, 2025
@mergify
Copy link
Contributor

mergify bot commented Oct 10, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify
Copy link
Contributor

mergify bot commented Oct 10, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 27a8760 into main Oct 10, 2025
18 of 19 checks passed
@mergify mergify bot deleted the automation/spec-update branch October 10, 2025 14:15
@mergify mergify bot removed the queued label Oct 10, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Oct 10, 2025

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 10, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@gasolima gasolima gasolima approved these changes

Assignees

@gasolima gasolima

Labels

contribution/core This is a PR that came from AWS. dependencies This issue is a problem in a dependency or a pull request that updates a dependency file. p2 pr-linter/exempt-integ-test The PR linter will not require integ test changes pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@aws-cdk-automation @gasolima @mrgrain @otaviomacedo