Skip to content

feat: update L1 CloudFormation resource definitions#36799

Merged
mergify[bot] merged 3 commits intomainfrom
automation/spec-update
Jan 28, 2026
Merged

feat: update L1 CloudFormation resource definitions#36799
mergify[bot] merged 3 commits intomainfrom
automation/spec-update

Conversation

@aws-cdk-automation
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation commented Jan 26, 2026

Updates the L1 CloudFormation resource definitions with the latest changes from @aws-cdk/aws-service-spec

L1 CloudFormation resource definition changes:

├[~] service aws-autoscaling
│ └ resources
│    └[~]  resource AWS::AutoScaling::AutoScalingGroup
│       └ properties
│          └[+] DeletionProtection: string
├[~] service aws-backup
│ └ resources
│    ├[~]  resource AWS::Backup::BackupPlan
│    │  └ types
│    │     ├[~] type BackupPlanResourceType
│    │     │ └ properties
│    │     │    └[+] ScanSettings: Array<ScanSettingResourceType>
│    │     ├[~] type BackupRuleResourceType
│    │     │ └ properties
│    │     │    └[+] ScanActions: Array<ScanActionResourceType>
│    │     ├[+]  type ScanActionResourceType
│    │     │  ├      name: ScanActionResourceType
│    │     │  └ properties
│    │     │     ├ MalwareScanner: string
│    │     │     └ ScanMode: string
│    │     └[+]  type ScanSettingResourceType
│    │        ├      name: ScanSettingResourceType
│    │        └ properties
│    │           ├ MalwareScanner: string
│    │           ├ ResourceTypes: Array<string>
│    │           └ ScannerRoleArn: string
│    └[+]  resource AWS::Backup::TieringConfiguration
│       ├      name: TieringConfiguration
│       │      cloudFormationType: AWS::Backup::TieringConfiguration
│       │      documentation: Resource Type definition for AWS::Backup::TieringConfiguration
│       │      tagInformation: {"tagPropertyName":"TieringConfigurationTags","variant":"map"}
│       │      primaryIdentifier: ["TieringConfigurationName"]
│       ├ properties
│       │  ├ TieringConfigurationName: string (required, immutable)
│       │  ├ BackupVaultName: string (required)
│       │  ├ ResourceSelection: Array<ResourceSelection> (required)
│       │  └ TieringConfigurationTags: Map<string, string>
│       ├ attributes
│       │  ├ TieringConfigurationArn: string
│       │  ├ CreationTime: string
│       │  └ LastUpdatedTime: string
│       └ types
│          └ type ResourceSelection
│            ├      name: ResourceSelection
│            └ properties
│               ├ Resources: Array<string> (required)
│               ├ TieringDownSettingsInDays: integer (required)
│               └ ResourceType: string (required)
├[~] service aws-bedrockagentcore
│ └ resources
│    └[~]  resource AWS::BedrockAgentCore::Runtime
│       └ types
│          ├[+]  type AuthorizingClaimMatchValueType
│          │  ├      documentation: The value or values in the custom claim to match and relationship of match
│          │  │      name: AuthorizingClaimMatchValueType
│          │  └ properties
│          │     ├ ClaimMatchOperator: string (required)
│          │     └ ClaimMatchValue: ClaimMatchValueType (required)
│          ├[+]  type ClaimMatchValueType
│          │  ├      documentation: The value or values in the custom claim to match for
│          │  │      name: ClaimMatchValueType
│          │  └ properties
│          │     ├ MatchValueString: string
│          │     └ MatchValueStringList: Array<string>
│          ├[+]  type CustomClaimValidationType
│          │  ├      documentation: Required custom claim
│          │  │      name: CustomClaimValidationType
│          │  └ properties
│          │     ├ AuthorizingClaimMatchValue: AuthorizingClaimMatchValueType (required)
│          │     ├ InboundTokenClaimName: string (required)
│          │     └ InboundTokenClaimValueType: string (required)
│          └[~] type CustomJWTAuthorizerConfiguration
│            └ properties
│               ├[+] AllowedScopes: Array<string>
│               └[+] CustomClaims: Array<CustomClaimValidationType>
├[~] service aws-emrcontainers
│ └ resources
│    ├[+]  resource AWS::EMRContainers::Endpoint
│    │  ├      name: Endpoint
│    │  │      cloudFormationType: AWS::EMRContainers::Endpoint
│    │  │      documentation: Resource Schema of AWS::EMRContainers::Endpoint Type
│    │  │      tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │  │      primaryIdentifier: ["Arn"]
│    │  ├ properties
│    │  │  ├ Name: string (immutable)
│    │  │  ├ VirtualClusterId: string (required, immutable)
│    │  │  ├ Type: string (required, immutable)
│    │  │  ├ ReleaseLabel: string (required, immutable)
│    │  │  ├ ExecutionRoleArn: string (required, immutable)
│    │  │  ├ ConfigurationOverrides: ConfigurationOverrides (immutable)
│    │  │  └ Tags: Array<tag>
│    │  ├ attributes
│    │  │  ├ Arn: string
│    │  │  ├ Id: string
│    │  │  ├ ServerUrl: string
│    │  │  ├ State: string
│    │  │  ├ StateDetails: string
│    │  │  ├ FailureReason: string
│    │  │  ├ CreatedAt: string
│    │  │  ├ SecurityGroup: string
│    │  │  └ CertificateAuthority: Certificate
│    │  └ types
│    │     ├ type Certificate
│    │     │ ├      name: Certificate
│    │     │ └ properties
│    │     │    ├ CertificateArn: string
│    │     │    └ CertificateData: string
│    │     ├ type CloudWatchMonitoringConfiguration
│    │     │ ├      name: CloudWatchMonitoringConfiguration
│    │     │ └ properties
│    │     │    ├ LogGroupName: string (required)
│    │     │    └ LogStreamNamePrefix: string
│    │     ├ type ConfigurationOverrides
│    │     │ ├      name: ConfigurationOverrides
│    │     │ └ properties
│    │     │    ├ ApplicationConfiguration: Array<EMREKSConfiguration>
│    │     │    └ MonitoringConfiguration: MonitoringConfiguration
│    │     ├ type ContainerLogRotationConfiguration
│    │     │ ├      name: ContainerLogRotationConfiguration
│    │     │ └ properties
│    │     │    ├ RotationSize: string (required)
│    │     │    └ MaxFilesToKeep: integer (required)
│    │     ├ type EMREKSConfiguration
│    │     │ ├      name: EMREKSConfiguration
│    │     │ └ properties
│    │     │    ├ Classification: string (required)
│    │     │    ├ Properties: Map<string, string>
│    │     │    └ Configurations: Array<EMREKSConfiguration>
│    │     ├ type MonitoringConfiguration
│    │     │ ├      name: MonitoringConfiguration
│    │     │ └ properties
│    │     │    ├ PersistentAppUI: string
│    │     │    ├ ContainerLogRotationConfiguration: ContainerLogRotationConfiguration
│    │     │    ├ CloudWatchMonitoringConfiguration: CloudWatchMonitoringConfiguration
│    │     │    └ S3MonitoringConfiguration: S3MonitoringConfiguration
│    │     └ type S3MonitoringConfiguration
│    │       ├      name: S3MonitoringConfiguration
│    │       └ properties
│    │          └ LogUri: string (required)
│    └[+]  resource AWS::EMRContainers::SecurityConfiguration
│       ├      name: SecurityConfiguration
│       │      cloudFormationType: AWS::EMRContainers::SecurityConfiguration
│       │      documentation: Resource Schema of AWS::EMRContainers::SecurityConfiguration Type
│       │      tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│       │      primaryIdentifier: ["Arn"]
│       ├ properties
│       │  ├ Name: string (immutable)
│       │  ├ ContainerProvider: ContainerProvider (immutable)
│       │  ├ SecurityConfigurationData: SecurityConfigurationData (required, immutable)
│       │  └ Tags: Array<tag>
│       ├ attributes
│       │  ├ Arn: string
│       │  └ Id: string
│       └ types
│          ├ type AtRestEncryptionConfiguration
│          │ ├      documentation: At-rest encryption configuration.
│          │ │      name: AtRestEncryptionConfiguration
│          │ └ properties
│          │    ├ S3EncryptionConfiguration: S3EncryptionConfiguration
│          │    └ LocalDiskEncryptionConfiguration: LocalDiskEncryptionConfiguration
│          ├ type AuthenticationConfiguration
│          │ ├      documentation: Authentication configuration for the security configuration.
│          │ │      name: AuthenticationConfiguration
│          │ └ properties
│          │    ├ IdentityCenterConfiguration: IdentityCenterConfiguration
│          │    └ IAMConfiguration: IAMConfiguration
│          ├ type AuthorizationConfiguration
│          │ ├      documentation: Authorization configuration for the security configuration.
│          │ │      name: AuthorizationConfiguration
│          │ └ properties
│          │    └ LakeFormationConfiguration: LakeFormationConfiguration
│          ├ type ContainerInfo
│          │ ├      documentation: Container information.
│          │ │      name: ContainerInfo
│          │ └ properties
│          │    └ EksInfo: EksInfo
│          ├ type ContainerProvider
│          │ ├      documentation: Container provider information.
│          │ │      name: ContainerProvider
│          │ └ properties
│          │    ├ Type: string (required)
│          │    ├ Id: string (required)
│          │    └ Info: ContainerInfo
│          ├ type EksInfo
│          │ ├      documentation: EKS information.
│          │ │      name: EksInfo
│          │ └ properties
│          │    └ Namespace: string
│          ├ type EncryptionConfiguration
│          │ ├      documentation: Encryption configuration for the security configuration.
│          │ │      name: EncryptionConfiguration
│          │ └ properties
│          │    ├ InTransitEncryptionConfiguration: InTransitEncryptionConfiguration
│          │    └ AtRestEncryptionConfiguration: AtRestEncryptionConfiguration
│          ├ type IAMConfiguration
│          │ ├      documentation: IAM configuration.
│          │ │      name: IAMConfiguration
│          │ └ properties
│          │    └ SystemRole: string
│          ├ type IdentityCenterConfiguration
│          │ ├      documentation: Identity Center configuration.
│          │ │      name: IdentityCenterConfiguration
│          │ └ properties
│          │    ├ EnableIdentityCenter: boolean
│          │    ├ IdentityCenterApplicationAssignmentRequired: boolean
│          │    └ IdentityCenterInstanceARN: string
│          ├ type InTransitEncryptionConfiguration
│          │ ├      documentation: In-transit encryption configuration.
│          │ │      name: InTransitEncryptionConfiguration
│          │ └ properties
│          │    └ TLSCertificateConfiguration: TLSCertificateConfiguration
│          ├ type LakeFormationConfiguration
│          │ ├      documentation: Lake Formation configuration.
│          │ │      name: LakeFormationConfiguration
│          │ └ properties
│          │    ├ AuthorizedSessionTagValue: string
│          │    ├ SecureNamespaceInfo: SecureNamespaceInfo
│          │    ├ QueryEngineRoleArn: string
│          │    └ QueryAccessControlEnabled: boolean
│          ├ type LocalDiskEncryptionConfiguration
│          │ ├      documentation: Local disk encryption configuration.
│          │ │      name: LocalDiskEncryptionConfiguration
│          │ └ properties
│          │    ├ EncryptionKeyProviderType: string
│          │    └ AwsKmsKeyId: string
│          ├ type S3EncryptionConfiguration
│          │ ├      documentation: S3 encryption configuration.
│          │ │      name: S3EncryptionConfiguration
│          │ └ properties
│          │    ├ EncryptionOption: string
│          │    └ KMSKeyId: string
│          ├ type SecureNamespaceInfo
│          │ ├      documentation: Secure namespace information for Lake Formation.
│          │ │      name: SecureNamespaceInfo
│          │ └ properties
│          │    ├ ClusterId: string
│          │    └ Namespace: string
│          ├ type SecurityConfigurationData
│          │ ├      documentation: Security configuration data containing encryption and authorization settings.
│          │ │      name: SecurityConfigurationData
│          │ └ properties
│          │    ├ AuthorizationConfiguration: AuthorizationConfiguration
│          │    ├ AuthenticationConfiguration: AuthenticationConfiguration
│          │    └ EncryptionConfiguration: EncryptionConfiguration
│          └ type TLSCertificateConfiguration
│            ├      documentation: TLS certificate configuration for in-transit encryption.
│            │      name: TLSCertificateConfiguration
│            └ properties
│               ├ CertificateProviderType: string
│               ├ PublicKeySecretArn: string
│               └ PrivateKeySecretArn: string
├[~] service aws-iot
│ └ resources
│    └[~]  resource AWS::IoT::Logging
│       ├ properties
│       │  └[+] EventConfigurations: Array<EventConfiguration>
│       └ types
│          └[+]  type EventConfiguration
│             ├      documentation: Configuration for event-based logging that specifies which event types to log and their logging settings. Used for account-level logging overrides.
│             │      name: EventConfiguration
│             └ properties
│                ├ EventType: string (required)
│                ├ LogLevel: string
│                └ LogDestination: string
├[+] service aws-mwaaserverless
│ ├      capitalized: MWAAServerless
│ │      cloudFormationNamespace: AWS::MWAAServerless
│ │      name: aws-mwaaserverless
│ │      shortName: mwaaserverless
│ └ resources
│    └ resource AWS::MWAAServerless::Workflow
│      ├      name: Workflow
│      │      cloudFormationType: AWS::MWAAServerless::Workflow
│      │      documentation: Resource Type definition for AWS::MWAAServerless::Workflow resource
│      │      tagInformation: {"tagPropertyName":"Tags","variant":"map"}
│      │      primaryIdentifier: ["WorkflowArn"]
│      ├ properties
│      │  ├ Name: string (immutable)
│      │  ├ Description: string
│      │  ├ DefinitionS3Location: S3Location (required)
│      │  ├ RoleArn: string (required)
│      │  ├ EncryptionConfiguration: EncryptionConfiguration (immutable)
│      │  ├ LoggingConfiguration: LoggingConfiguration
│      │  ├ NetworkConfiguration: NetworkConfiguration
│      │  ├ Tags: Map<string, string>
│      │  └ TriggerMode: string
│      ├ attributes
│      │  ├ WorkflowArn: string
│      │  ├ WorkflowVersion: string
│      │  ├ CreatedAt: string
│      │  ├ ModifiedAt: string
│      │  ├ WorkflowStatus: string
│      │  └ ScheduleConfiguration: ScheduleConfiguration
│      └ types
│         ├ type EncryptionConfiguration
│         │ ├      name: EncryptionConfiguration
│         │ └ properties
│         │    ├ Type: string (required)
│         │    └ KmsKeyId: string
│         ├ type LoggingConfiguration
│         │ ├      name: LoggingConfiguration
│         │ └ properties
│         │    └ LogGroupName: string (required)
│         ├ type NetworkConfiguration
│         │ ├      name: NetworkConfiguration
│         │ └ properties
│         │    ├ SecurityGroupIds: Array<string>
│         │    └ SubnetIds: Array<string>
│         ├ type S3Location
│         │ ├      name: S3Location
│         │ └ properties
│         │    ├ Bucket: string (required)
│         │    ├ ObjectKey: string (required)
│         │    └ VersionId: string
│         └ type ScheduleConfiguration
│           ├      name: ScheduleConfiguration
│           └ properties
│              └ CronExpression: string
├[~] service aws-opensearchserverless
│ └ resources
│    └[~]  resource AWS::OpenSearchServerless::Collection
│       ├ properties
│       │  ├ CollectionGroupName: (documentation changed)
│       │  └ EncryptionConfig: (documentation changed)
│       └ types
│          └[~] type EncryptionConfig
│            ├      - documentation: The configuration to encrypt the collection
│            │      + documentation: Encryption settings for the collection
│            └ properties
│               ├ AWSOwnedKey: (documentation changed)
│               └ KmsKeyArn: (documentation changed)
└[~] service aws-rds
  └ resources
     └[~]  resource AWS::RDS::DBInstance
        ├ properties
        │  └ AdditionalStorageVolumes: (documentation changed)
        └ types
           └[~] type AdditionalStorageVolume
             └ properties
                ├ StorageThroughput: (documentation changed)
                ├ StorageType: (documentation changed)
                └ VolumeName: (documentation changed)

@aws-cdk-automation @github-actions
feat: update L1 CloudFormation resource definitions
85f7b32 
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
@aws-cdk-automation aws-cdk-automation added contribution/core This is a PR that came from AWS. dependencies This issue is a problem in a dependency or a pull request that updates a dependency file. pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes pr-linter/exempt-integ-test The PR linter will not require integ test changes labels Jan 26, 2026
@aws-cdk-automation aws-cdk-automation requested review from a team January 26, 2026 10:29
@github-actions github-actions bot added the p2 label Jan 26, 2026
@pahud pahud mentioned this pull request Jan 26, 2026
Open
@ozelalisen ozelalisen self-assigned this Jan 27, 2026
@aws-cdk-automation aws-cdk-automation added the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Jan 27, 2026
@mergify
Copy link
Contributor

mergify bot commented Jan 28, 2026

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify
Copy link
Contributor

mergify bot commented Jan 28, 2026
edited
Loading

Merge Queue Status

✅ The pull request has been merged at 9872451

This pull request spent 41 minutes 11 seconds in the queue, including 41 minutes 1 second running CI.
The checks were run in-place.

Required conditions to merge

@mergify
Copy link
Contributor

mergify bot commented Jan 28, 2026

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 7ecd0a9 into main Jan 28, 2026
17 of 18 checks passed
@mergify mergify bot deleted the automation/spec-update branch January 28, 2026 10:23
@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2026

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 28, 2026
@aws-cdk-automation aws-cdk-automation removed the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Jan 28, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@ozelalisen ozelalisen ozelalisen approved these changes

Assignees

@ozelalisen ozelalisen

Labels

contribution/core This is a PR that came from AWS. dependencies This issue is a problem in a dependency or a pull request that updates a dependency file. p2 pr-linter/exempt-integ-test The PR linter will not require integ test changes pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aws-cdk-automation @ozelalisen