feat: update L1 CloudFormation resource definitions

[aws-cdk-automation]

Updates the L1 CloudFormation resource definitions with the latest changes from @aws-cdk/aws-service-spec

L1 CloudFormation resource definition changes:

├[~] service aws-apigatewayv2
│ └ resources
│    └[~] resource AWS::ApiGatewayV2::DomainName
│      └ properties
│         └ DomainName: (documentation changed)
├[~] service aws-appflow
│ └ resources
│    ├[~] resource AWS::AppFlow::ConnectorProfile
│    │ └ types
│    │    ├[~] type SalesforceConnectorProfileCredentials
│    │    │ └ properties
│    │    │    └ OAuth2GrantType: (documentation changed)
│    │    ├[~] type SAPODataConnectorProfileProperties
│    │    │ └ properties
│    │    │    └ DisableSSO: (documentation changed)
│    │    └[~] type ServiceNowConnectorProfileCredentials
│    │      └ properties
│    │         └ OAuth2Credentials: (documentation changed)
│    └[~] resource AWS::AppFlow::Flow
│      └ types
│         ├[~] type SAPODataPaginationConfig
│         │ ├  - documentation: SAP Source connector page size
│         │ │  + documentation: Sets the page size for each *concurrent process* that transfers OData records from your SAP instance. A concurrent process is query that retrieves a batch of records as part of a flow run. Amazon AppFlow can run multiple concurrent processes in parallel to transfer data faster.
│         │ └ properties
│         │    └ maxPageSize: (documentation changed)
│         ├[~] type SAPODataParallelismConfig
│         │ ├  - documentation: SAP Source connector parallelism factor
│         │ │  + documentation: Sets the number of *concurrent processes* that transfer OData records from your SAP instance. A concurrent process is query that retrieves a batch of records as part of a flow run. Amazon AppFlow can run multiple concurrent processes in parallel to transfer data faster.
│         │ └ properties
│         │    └ maxParallelism: (documentation changed)
│         └[~] type SAPODataSourceProperties
│           └ properties
│              ├ paginationConfig: (documentation changed)
│              └ parallelismConfig: (documentation changed)
├[~] service aws-appsync
│ └ resources
│    └[~] resource AWS::AppSync::DataSource
│      ├ properties
│      │  └ ElasticsearchConfig: - ElasticsearchConfig
│      │                         + ElasticsearchConfig (deprecated=WARN)
│      │                         (documentation changed)
│      ├ attributes
│      │  └[-] Id: string
│      └ types
│         └[~] type ElasticsearchConfig
│           └  - documentation: The `ElasticsearchConfig` property type specifies the `AwsRegion` and `Endpoints` for an Amazon OpenSearch Service domain in your account for an AWS AppSync data source.
│              ElasticsearchConfig is a property of the [AWS::AppSync::DataSource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-datasource.html) property type.
│              As of September 2021, Amazon Elasticsearch Service is Amazon OpenSearch Service . This property is deprecated. For new data sources, use *OpenSearchServiceConfig* to specify an OpenSearch Service data source.
│              + documentation: undefined
├[~] service aws-autoscaling
│ └ resources
│    └[~] resource AWS::AutoScaling::AutoScalingGroup
│      ├ properties
│      │  └[+] TrafficSources: Array<TrafficSourceIdentifier>
│      └ types
│         └[+] type TrafficSourceIdentifier
│           ├  name: TrafficSourceIdentifier
│           └ properties
│              ├Type: string (required)
│              └Identifier: string (required)
├[~] service aws-codebuild
│ └ resources
│    └[~] resource AWS::CodeBuild::Fleet
│      └ properties
│         ├ ComputeType: (documentation changed)
│         ├ EnvironmentType: (documentation changed)
│         ├ FleetVpcConfig: (documentation changed)
│         └ ImageId: (documentation changed)
├[~] service aws-codepipeline
│ └ resources
│    └[~] resource AWS::CodePipeline::Pipeline
│      └ types
│         ├[~] type ActionDeclaration
│         │ └ properties
│         │    ├[+] Commands: Array<string>
│         │    └[+] OutputVariables: Array<string>
│         └[~] type OutputArtifact
│           └ properties
│              └[+] Files: Array<string>
├[~] service aws-cognito
│ └ resources
│    ├[~] resource AWS::Cognito::LogDeliveryConfiguration
│    │ ├  - documentation: The logging parameters of a user pool, as returned in the response to a [GetLogDeliveryConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetLogDeliveryConfiguration.html) request.
│    │ │  + documentation: Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and advanced security features user activity logs.
│    │ └ types
│    │    └[~] type CloudWatchLogsConfiguration
│    │      └  - documentation: Configuration for the CloudWatch log group destination of user pool detailed activity logging, or of user activity log export with advanced security features.
│    │         This data type is a request parameter of [SetLogDeliveryConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetLogDeliveryConfiguration.html) and a response parameter of [GetLogDeliveryConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetLogDeliveryConfiguration.html) .
│    │         + documentation: Configuration for the CloudWatch log group destination of user pool detailed activity logging, or of user activity log export with advanced security features.
│    ├[~] resource AWS::Cognito::UserPool
│    │ ├ properties
│    │ │  ├ AccountRecoverySetting: (documentation changed)
│    │ │  ├ AliasAttributes: (documentation changed)
│    │ │  ├ EmailVerificationMessage: (documentation changed)
│    │ │  ├ EmailVerificationSubject: (documentation changed)
│    │ │  ├ EnabledMfas: (documentation changed)
│    │ │  ├ Schema: (documentation changed)
│    │ │  ├ SmsAuthenticationMessage: (documentation changed)
│    │ │  ├ SmsVerificationMessage: (documentation changed)
│    │ │  ├ UsernameAttributes: (documentation changed)
│    │ │  └ UsernameConfiguration: (documentation changed)
│    │ ├ attributes
│    │ │  └ ProviderName: (documentation changed)
│    │ └ types
│    │    ├[~] type AccountRecoverySetting
│    │    │ ├  - documentation: Use this setting to define which verified available method a user can use to recover their password when they call `ForgotPassword` . It allows you to define a preferred method when a user has more than one method available. With this setting, SMS does not qualify for a valid password recovery mechanism if the user also has SMS MFA enabled. In the absence of this setting, Cognito uses the legacy behavior to determine the recovery method where SMS is preferred over email.
│    │    │ │  + documentation: The available verified method a user can use to recover their password when they call `ForgotPassword` . You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn't qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email.
│    │    │ └ properties
│    │    │    └ RecoveryMechanisms: (documentation changed)
│    │    ├[~] type AdminCreateUserConfig
│    │    │ ├  - documentation: The configuration for `AdminCreateUser` requests.
│    │    │ │  + documentation: The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.
│    │    │ │  This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) .
│    │    │ └ properties
│    │    │    └ InviteMessageTemplate: (documentation changed)
│    │    ├[~] type CustomEmailSender
│    │    │ ├  - documentation: A custom email sender AWS Lambda trigger.
│    │    │ │  + documentation: The configuration of a custom email sender Lambda trigger. This trigger routes all email notifications from a user pool to a Lambda function that delivers the message using custom logic.
│    │    │ └ properties
│    │    │    ├ LambdaArn: (documentation changed)
│    │    │    └ LambdaVersion: (documentation changed)
│    │    ├[~] type CustomSMSSender
│    │    │ ├  - documentation: A custom SMS sender AWS Lambda trigger.
│    │    │ │  + documentation: The configuration of a custom SMS sender Lambda trigger. This trigger routes all SMS notifications from a user pool to a Lambda function that delivers the message using custom logic.
│    │    │ └ properties
│    │    │    ├ LambdaArn: (documentation changed)
│    │    │    └ LambdaVersion: (documentation changed)
│    │    ├[~] type EmailConfiguration
│    │    │ └ properties
│    │    │    ├ ConfigurationSet: (documentation changed)
│    │    │    └ From: (documentation changed)
│    │    ├[~] type LambdaConfig
│    │    │ └ properties
│    │    │    ├ CustomEmailSender: (documentation changed)
│    │    │    ├ CustomSMSSender: (documentation changed)
│    │    │    └ KMSKeyID: (documentation changed)
│    │    ├[~] type RecoveryOption
│    │    │ ├  - documentation: A map containing a priority as a key, and recovery method name as a value.
│    │    │ │  + documentation: A recovery option for a user. The `AccountRecoverySettingType` data type is an array of this object. Each `RecoveryOptionType` has a priority property that determines whether it is a primary or secondary option.
│    │    │ │  For example, if `verified_email` has a priority of `1` and `verified_phone_number` has a priority of `2` , your user pool sends account-recovery messages to a verified email address but falls back to an SMS message if the user has a verified phone number. The `admin_only` option prevents self-service account recovery.
│    │    │ │  This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) .
│    │    │ └ properties
│    │    │    ├ Name: (documentation changed)
│    │    │    └ Priority: (documentation changed)
│    │    ├[~] type SchemaAttribute
│    │    │ └ properties
│    │    │    └ DeveloperOnlyAttribute: (documentation changed)
│    │    ├[~] type SmsConfiguration
│    │    │ ├  - documentation: The SMS configuration type that includes the settings the Cognito User Pool needs to call for the Amazon SNS service to send an SMS message from your AWS account . The Cognito User Pool makes the request to the Amazon SNS Service by using an IAM role that you provide for your AWS account .
│    │    │ │  + documentation: User pool configuration for delivery of SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account .
│    │    │ │  This data type is a request parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) , [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) , and a response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) , [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and [GetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUserPoolMfaConfig.html) .
│    │    │ └ properties
│    │    │    └ ExternalId: (documentation changed)
│    │    ├[~] type StringAttributeConstraints
│    │    │ └  - documentation: The `StringAttributeConstraints` property type defines the string attribute constraints of an Amazon Cognito user pool. `StringAttributeConstraints` is a subproperty of the [SchemaAttribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-schemaattribute.html) property type.
│    │    │    + documentation: The minimum and maximum length values of an attribute that is of the string type, for example `custom:department` .
│    │    │    This data type is part of [SchemaAttributeType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SchemaAttributeType.html) . It defines the length constraints on string-type attributes that you configure in [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and displays the length constraints of all string-type attributes in the response to [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html)
│    │    └[~] type UsernameConfiguration
│    │      └  - documentation: The `UsernameConfiguration` property type specifies case sensitivity on the username input for the selected sign-in option.
│    │         + documentation: Case sensitivity of the username input for the selected sign-in option. When case sensitivity is set to `False` (case insensitive), users can sign in with any combination of capital and lowercase letters. For example, `username` , `USERNAME` , or `UserName` , or for email, `[email protected]` or `[email protected]` . For most use cases, set case sensitivity to `False` (case insensitive) as a best practice. When usernames and email addresses are case insensitive, Amazon Cognito treats any variation in case as the same user, and prevents a case variation from being assigned to the same attribute for a different user.
│    │         This configuration is immutable after you set it. For more information, see [UsernameConfigurationType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html) .
│    ├[~] resource AWS::Cognito::UserPoolClient
│    │ ├ properties
│    │ │  ├ AccessTokenValidity: (documentation changed)
│    │ │  ├ IdTokenValidity: (documentation changed)
│    │ │  ├ PreventUserExistenceErrors: (documentation changed)
│    │ │  └ RefreshTokenValidity: (documentation changed)
│    │ └ types
│    │    └[~] type AnalyticsConfiguration
│    │      └ properties
│    │         └ ApplicationArn: (documentation changed)
│    ├[~] resource AWS::Cognito::UserPoolDomain
│    │ └ properties
│    │    ├ Domain: (documentation changed)
│    │    └ UserPoolId: (documentation changed)
│    ├[~] resource AWS::Cognito::UserPoolGroup
│    │ └  - documentation: A user pool group that you can add a user to.
│    │    + documentation: A user pool group. Contains details about the group and the way that it contributes to IAM role decisions with identity pools. Identity pools can make decisions about the IAM role to assign based on groups: users get credentials for the role associated with their highest-priority group.
│    │    This data type is a response parameter of [AdminListGroupsForUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListGroupsForUser.html) , [CreateGroup](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateGroup.html) , [GetGroup](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetGroup.html) , [ListGroups](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListGroups.html) , and [UpdateGroup](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateGroup.html) .
│    ├[~] resource AWS::Cognito::UserPoolResourceServer
│    │ └ properties
│    │    └ Identifier: (documentation changed)
│    ├[~] resource AWS::Cognito::UserPoolRiskConfigurationAttachment
│    │ └ properties
│    │    └ ClientId: (documentation changed)
│    ├[~] resource AWS::Cognito::UserPoolUICustomizationAttachment
│    │ ├  - documentation: The `AWS::Cognito::UserPoolUICustomizationAttachment` resource sets the UI customization information for a user pool's built-in app UI.
│    │ │  You can specify app UI customization settings for a single client (with a specific `clientId` ) or for all clients (by setting the `clientId` to `ALL` ). If you specify `ALL` , the default configuration is used for every client that has had no UI customization set previously. If you specify UI customization settings for a particular client, it no longer falls back to the `ALL` configuration.
│    │ │  > Before you create this resource, your user pool must have a domain associated with it. You can create an `AWS::Cognito::UserPoolDomain` resource first in this user pool. 
│    │ │  Setting a logo image isn't supported from AWS CloudFormation . Use the Amazon Cognito [SetUICustomization](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUICustomization.html#API_SetUICustomization_RequestSyntax) API operation to set the image.
│    │ │  + documentation: A container for the UI customization information for the hosted UI in a user pool.
│    │ │  This data type is a response parameter of [GetUICustomization](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html) .
│    │ └ properties
│    │    └ ClientId: (documentation changed)
│    ├[~] resource AWS::Cognito::UserPoolUser
│    │ └ properties
│    │    └ UserAttributes: (documentation changed)
│    └[~] resource AWS::Cognito::UserPoolUserToGroupAttachment
│      ├  - documentation: Adds the specified user to the specified group.
│      │  + documentation: Adds a user to a group. A user who is in a group can present a preferred-role claim to an identity pool, and populates a `cognito:groups` claim to their access and identity tokens.
│      │  > Amazon Cognito evaluates AWS Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
│      │  > 
│      │  > **Learn more** - [Signing AWS API Requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html)
│      │  > - [Using the Amazon Cognito user pools API and user pool endpoints](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html)
│      └ properties
│         └ Username: (documentation changed)
├[~] service aws-dms
│ └ resources
│    ├[~] resource AWS::DMS::DataProvider
│    │ ├ properties
│    │ │  └[+] Settings: Settings
│    │ └ types
│    │    ├[+] type MicrosoftSqlServerSettings
│    │    │ ├  documentation: Provides information that defines a Microsoft SQL Server endpoint.
│    │    │ │  name: MicrosoftSqlServerSettings
│    │    │ └ properties
│    │    │    ├ServerName: string (required)
│    │    │    ├Port: integer (required)
│    │    │    ├DatabaseName: string (required)
│    │    │    ├SslMode: string (required)
│    │    │    └CertificateArn: string
│    │    ├[+] type MySqlSettings
│    │    │ ├  documentation: Provides information that defines a MySQL endpoint.
│    │    │ │  name: MySqlSettings
│    │    │ └ properties
│    │    │    ├ServerName: string (required)
│    │    │    ├Port: integer (required)
│    │    │    ├SslMode: string (required)
│    │    │    └CertificateArn: string
│    │    ├[+] type OracleSettings
│    │    │ ├  documentation: Provides information that defines an Oracle endpoint.
│    │    │ │  name: OracleSettings
│    │    │ └ properties
│    │    │    ├ServerName: string (required)
│    │    │    ├Port: integer (required)
│    │    │    ├DatabaseName: string (required)
│    │    │    ├SslMode: string (required)
│    │    │    ├CertificateArn: string
│    │    │    ├AsmServer: string
│    │    │    ├SecretsManagerOracleAsmSecretId: string
│    │    │    ├SecretsManagerOracleAsmAccessRoleArn: string
│    │    │    ├SecretsManagerSecurityDbEncryptionSecretId: string
│    │    │    └SecretsManagerSecurityDbEncryptionAccessRoleArn: string
│    │    ├[+] type PostgreSqlSettings
│    │    │ ├  documentation: Provides information that defines a PostgreSQL endpoint.
│    │    │ │  name: PostgreSqlSettings
│    │    │ └ properties
│    │    │    ├ServerName: string (required)
│    │    │    ├Port: integer (required)
│    │    │    ├DatabaseName: string (required)
│    │    │    ├SslMode: string (required)
│    │    │    └CertificateArn: string
│    │    └[+] type Settings
│    │      ├  documentation: The property identifies the exact type of settings for the data provider.
│    │      │  name: Settings
│    │      └ properties
│    │         ├PostgreSqlSettings: PostgreSqlSettings
│    │         ├MySqlSettings: MySqlSettings
│    │         ├OracleSettings: OracleSettings
│    │         └MicrosoftSqlServerSettings: MicrosoftSqlServerSettings
│    └[~] resource AWS::DMS::ReplicationInstance
│      └ properties
│         └[+] NetworkType: string
├[~] service aws-ec2
│ └ resources
│    ├[~] resource AWS::EC2::CapacityReservation
│    │ └ properties
│    │    └[+] UnusedReservationBillingOwnerId: string
│    ├[~] resource AWS::EC2::EC2Fleet
│    │ └ types
│    │    └[~] type InstanceRequirementsRequest
│    │      ├  - documentation: The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.
│    │      │  You must specify `VCpuCount` and `MemoryMiB` . All other attributes are optional. Any unspecified optional attribute is set to its default.
│    │      │  When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values.
│    │      │  To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request:
│    │      │  - `AllowedInstanceTypes` - The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.
│    │      │  - `ExcludedInstanceTypes` - The instance types to exclude from the list, even if they match your specified attributes.
│    │      │  > If you specify `InstanceRequirements` , you can't specify `InstanceType` .
│    │      │  > 
│    │      │  > Attribute-based instance type selection is only supported when using Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan to use the launch template in the [launch instance wizard](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html) , or with the [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) API or [AWS::EC2::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) AWS CloudFormation resource, you can't specify `InstanceRequirements` . 
│    │      │  For more information, see [Attribute-based instance type selection for EC2 Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html) , [Attribute-based instance type selection for Spot Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html) , and [Spot placement score](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) in the *Amazon EC2 User Guide* .
│    │      │  + documentation: The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.
│    │      │  You must specify `VCpuCount` and `MemoryMiB` . All other attributes are optional. Any unspecified optional attribute is set to its default.
│    │      │  When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values.
│    │      │  To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request:
│    │      │  - `AllowedInstanceTypes` - The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.
│    │      │  - `ExcludedInstanceTypes` - The instance types to exclude from the list, even if they match your specified attributes.
│    │      │  > If you specify `InstanceRequirements` , you can't specify `InstanceType` .
│    │      │  > 
│    │      │  > Attribute-based instance type selection is only supported when using Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan to use the launch template in the [launch instance wizard](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html) , or with the [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) API or [AWS::EC2::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) AWS CloudFormation resource, you can't specify `InstanceRequirements` . 
│    │      │  For more information, see [Specify attributes for instance type selection for EC2 Fleet or Spot Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html) and [Spot placement score](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) in the *Amazon EC2 User Guide* .
│    │      └ properties
│    │         └ AcceleratorTypes: (documentation changed)
│    ├[~] resource AWS::EC2::Instance
│    │ └ properties
│    │    └ ElasticInferenceAccelerators: (documentation changed)
│    ├[~] resource AWS::EC2::InstanceConnectEndpoint
│    │ └  - documentation: Creates an EC2 Instance Connect Endpoint.
│    │    An EC2 Instance Connect Endpoint allows you to connect to an instance, without requiring the instance to have a public IPv4 address. For more information, see [Connect to your instances without requiring a public IPv4 address using EC2 Instance Connect Endpoint](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect-Endpoint.html) in the *Amazon EC2 User Guide* .
│    │    + documentation: Creates an EC2 Instance Connect Endpoint.
│    │    An EC2 Instance Connect Endpoint allows you to connect to an instance, without requiring the instance to have a public IPv4 address. For more information, see [Connect to your instances using EC2 Instance Connect Endpoint](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect-Endpoint.html) in the *Amazon EC2 User Guide* .
│    │    With the replacement update behavior, AWS CloudFormation usually creates the new resource first, changes references to point to the new resource, and then deletes the old resource. However, you can create only one EC2 Instance Connect Endpoint per VPC, so the replacement process fails. If you need to modify an EC2 Instance Connect Endpoint, you must replace the resource manually.
│    ├[~] resource AWS::EC2::LaunchTemplate
│    │ └ types
│    │    ├[~] type Ebs
│    │    │ └ properties
│    │    │    └ KmsKeyId: (documentation changed)
│    │    ├[~] type InstanceRequirements
│    │    │ ├  - documentation: The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.
│    │    │ │  You must specify `VCpuCount` and `MemoryMiB` . All other attributes are optional. Any unspecified optional attribute is set to its default.
│    │    │ │  When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values.
│    │    │ │  To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request:
│    │    │ │  - `AllowedInstanceTypes` - The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.
│    │    │ │  - `ExcludedInstanceTypes` - The instance types to exclude from the list, even if they match your specified attributes.
│    │    │ │  > If you specify `InstanceRequirements` , you can't specify `InstanceType` .
│    │    │ │  > 
│    │    │ │  > Attribute-based instance type selection is only supported when using Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan to use the launch template in the [launch instance wizard](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html) , or with the [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) API or [AWS::EC2::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) AWS CloudFormation resource, you can't specify `InstanceRequirements` . 
│    │    │ │  For more information, see [Attribute-based instance type selection for EC2 Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html) , [Attribute-based instance type selection for Spot Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html) , and [Spot placement score](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) in the *Amazon EC2 User Guide* .
│    │    │ │  + documentation: The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.
│    │    │ │  You must specify `VCpuCount` and `MemoryMiB` . All other attributes are optional. Any unspecified optional attribute is set to its default.
│    │    │ │  When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values.
│    │    │ │  To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request:
│    │    │ │  - `AllowedInstanceTypes` - The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.
│    │    │ │  - `ExcludedInstanceTypes` - The instance types to exclude from the list, even if they match your specified attributes.
│    │    │ │  > If you specify `InstanceRequirements` , you can't specify `InstanceType` .
│    │    │ │  > 
│    │    │ │  > Attribute-based instance type selection is only supported when using Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan to use the launch template in the [launch instance wizard](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html) , or with the [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) API or [AWS::EC2::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) AWS CloudFormation resource, you can't specify `InstanceRequirements` . 
│    │    │ │  For more information, see [Specify attributes for instance type selection for EC2 Fleet or Spot Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html) and [Spot placement score](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) in the *Amazon EC2 User Guide* .
│    │    │ └ properties
│    │    │    └ AcceleratorTypes: (documentation changed)
│    │    └[~] type LaunchTemplateData
│    │      └ properties
│    │         ├ ElasticInferenceAccelerators: (documentation changed)
│    │         └ InstanceRequirements: (documentation changed)
│    ├[~] resource AWS::EC2::NetworkAcl
│    │ └  - documentation: Specifies a network ACL for your VPC.
│    │    + documentation: Specifies a network ACL for your VPC.
│    │    To add a network ACL entry, see [AWS::EC2::NetworkAclEntry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkaclentry.html) .
│    ├[~] resource AWS::EC2::NetworkAclEntry
│    │ └  - documentation: Specifies an entry, known as a rule, in a network ACL with a rule number you specify. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules.
│    │    For information about the protocol value, see [Protocol Numbers](https://docs.aws.amazon.com/https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml) on the Internet Assigned Numbers Authority (IANA) website.
│    │    + documentation: Specifies an entry, known as a rule, in a network ACL with a rule number you specify. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules.
│    │    To create the network ACL, see [AWS::EC2::NetworkAcl](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkacl.html) .
│    │    For information about the protocol value, see [Protocol Numbers](https://docs.aws.amazon.com/https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml) on the Internet Assigned Numbers Authority (IANA) website.
│    ├[~] resource AWS::EC2::PrefixList
│    │ └ properties
│    │    └ MaxEntries: (documentation changed)
│    ├[~] resource AWS::EC2::SpotFleet
│    │ └ types
│    │    └[~] type InstanceRequirementsRequest
│    │      ├  - documentation: The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.
│    │      │  You must specify `VCpuCount` and `MemoryMiB` . All other attributes are optional. Any unspecified optional attribute is set to its default.
│    │      │  When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values.
│    │      │  To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request:
│    │      │  - `AllowedInstanceTypes` - The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.
│    │      │  - `ExcludedInstanceTypes` - The instance types to exclude from the list, even if they match your specified attributes.
│    │      │  > If you specify `InstanceRequirements` , you can't specify `InstanceType` .
│    │      │  > 
│    │      │  > Attribute-based instance type selection is only supported when using Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan to use the launch template in the [launch instance wizard](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html) , or with the [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) API or [AWS::EC2::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) AWS CloudFormation resource, you can't specify `InstanceRequirements` . 
│    │      │  For more information, see [Attribute-based instance type selection for EC2 Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html) , [Attribute-based instance type selection for Spot Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html) , and [Spot placement score](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) in the *Amazon EC2 User Guide* .
│    │      │  + documentation: The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.
│    │      │  You must specify `VCpuCount` and `MemoryMiB` . All other attributes are optional. Any unspecified optional attribute is set to its default.
│    │      │  When you specify multiple attributes, you get instance types that satisfy all of the specified attributes. If you specify multiple values for an attribute, you get instance types that satisfy any of the specified values.
│    │      │  To limit the list of instance types from which Amazon EC2 can identify matching instance types, you can use one of the following parameters, but not both in the same request:
│    │      │  - `AllowedInstanceTypes` - The instance types to include in the list. All other instance types are ignored, even if they match your specified attributes.
│    │      │  - `ExcludedInstanceTypes` - The instance types to exclude from the list, even if they match your specified attributes.
│    │      │  > If you specify `InstanceRequirements` , you can't specify `InstanceType` .
│    │      │  > 
│    │      │  > Attribute-based instance type selection is only supported when using Auto Scaling groups, EC2 Fleet, and Spot Fleet to launch instances. If you plan to use the launch template in the [launch instance wizard](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-instance-wizard.html) , or with the [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) API or [AWS::EC2::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) AWS CloudFormation resource, you can't specify `InstanceRequirements` . 
│    │      │  For more information, see [Specify attributes for instance type selection for EC2 Fleet or Spot Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html) and [Spot placement score](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html) in the *Amazon EC2 User Guide* .
│    │      └ properties
│    │         └ AcceleratorTypes: (documentation changed)
│    ├[~] resource AWS::EC2::VPCPeeringConnection
│    │ └  - documentation: Requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection. The accepter VPC can belong to a different AWS account and can be in a different Region than the requester VPC.
│    │    The requester VPC and accepter VPC cannot have overlapping CIDR blocks. If you create a VPC peering connection request between VPCs with overlapping CIDR blocks, the VPC peering connection has a status of `failed` .
│    │    If the VPCs belong to different accounts, the acceptor account must have a role that allows the requester account to accept the VPC peering connection. For more information, see [Walkthough: Peer with a VPC in another AWS account](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/peer-with-vpc-in-another-account.html) .
│    │    If the requester and acceptor VPCs are in the same account, the peering request is accepted without a peering role.
│    │    + documentation: Requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection. The accepter VPC can belong to a different AWS account and can be in a different Region than the requester VPC.
│    │    The requester VPC and accepter VPC cannot have overlapping CIDR blocks. If you create a VPC peering connection request between VPCs with overlapping CIDR blocks, the VPC peering connection has a status of `failed` .
│    │    If the VPCs belong to different accounts, the acceptor account must have a role that allows the requester account to accept the VPC peering connection. For an example, see [Walkthrough: Peer with a VPC in another AWS account](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/peer-with-vpc-in-another-account.html) .
│    │    If the requester and acceptor VPCs are in the same account, the peering request is accepted without a peering role.
│    └[~] resource AWS::EC2::VPNConnection
│      └ types
│         ├[+] type CloudwatchLogOptionsSpecification
│         │ ├  documentation: Options for sending VPN tunnel logs to CloudWatch.
│         │ │  name: CloudwatchLogOptionsSpecification
│         │ └ properties
│         │    ├LogEnabled: boolean
│         │    ├LogOutputFormat: string
│         │    └LogGroupArn: string
│         ├[+] type IKEVersionsRequestListValue
│         │ ├  documentation: The IKE version that is permitted for the VPN tunnel.
│         │ │  name: IKEVersionsRequestListValue
│         │ └ properties
│         │    └Value: string
│         ├[+] type Phase1DHGroupNumbersRequestListValue
│         │ ├  documentation: Specifies a Diffie-Hellman group number for the VPN tunnel for phase 1 IKE negotiations.
│         │ │  name: Phase1DHGroupNumbersRequestListValue
│         │ └ properties
│         │    └Value: integer
│         ├[+] type Phase1EncryptionAlgorithmsRequestListValue
│         │ ├  documentation: Specifies the encryption algorithm for the VPN tunnel for phase 1 IKE negotiations.
│         │ │  name: Phase1EncryptionAlgorithmsRequestListValue
│         │ └ properties
│         │    └Value: string
│         ├[+] type Phase1IntegrityAlgorithmsRequestListValue
│         │ ├  documentation: Specifies the integrity algorithm for the VPN tunnel for phase 1 IKE negotiations.
│         │ │  name: Phase1IntegrityAlgorithmsRequestListValue
│         │ └ properties
│         │    └Value: string
│         ├[+] type Phase2DHGroupNumbersRequestListValue
│         │ ├  documentation: Specifies a Diffie-Hellman group number for the VPN tunnel for phase 2 IKE negotiations.
│         │ │  name: Phase2DHGroupNumbersRequestListValue
│         │ └ properties
│         │    └Value: integer
│         ├[+] type Phase2EncryptionAlgorithmsRequestListValue
│         │ ├  documentation: Specifies the encryption algorithm for the VPN tunnel for phase 2 IKE negotiations.
│         │ │  name: Phase2EncryptionAlgorithmsRequestListValue
│         │ └ properties
│         │    └Value: string
│         ├[+] type Phase2IntegrityAlgorithmsRequestListValue
│         │ ├  documentation: Specifies the integrity algorithm for the VPN tunnel for phase 2 IKE negotiations.
│         │ │  name: Phase2IntegrityAlgorithmsRequestListValue
│         │ └ properties
│         │    └Value: string
│         ├[+] type VpnTunnelLogOptionsSpecification
│         │ ├  documentation: Options for logging VPN tunnel activity.
│         │ │  name: VpnTunnelLogOptionsSpecification
│         │ └ properties
│         │    └CloudwatchLogOptions: CloudwatchLogOptionsSpecification
│         └[~] type VpnTunnelOptionsSpecification
│           └ properties
│              ├[+] DPDTimeoutAction: string
│              ├[+] DPDTimeoutSeconds: integer
│              ├[+] EnableTunnelLifecycleControl: boolean
│              ├[+] IKEVersions: Array<IKEVersionsRequestListValue>
│              ├[+] LogOptions: VpnTunnelLogOptionsSpecification
│              ├[+] Phase1DHGroupNumbers: Array<Phase1DHGroupNumbersRequestListValue>
│              ├[+] Phase1EncryptionAlgorithms: Array<Phase1EncryptionAlgorithmsRequestListValue>
│              ├[+] Phase1IntegrityAlgorithms: Array<Phase1IntegrityAlgorithmsRequestListValue>
│              ├[+] Phase1LifetimeSeconds: integer
│              ├[+] Phase2DHGroupNumbers: Array<Phase2DHGroupNumbersRequestListValue>
│              ├[+] Phase2EncryptionAlgorithms: Array<Phase2EncryptionAlgorithmsRequestListValue>
│              ├[+] Phase2IntegrityAlgorithms: Array<Phase2IntegrityAlgorithmsRequestListValue>
│              ├[+] Phase2LifetimeSeconds: integer
│              ├[+] RekeyFuzzPercentage: integer
│              ├[+] RekeyMarginTimeSeconds: integer
│              ├[+] ReplayWindowSize: integer
│              ├[+] StartupAction: string
│              └[+] TunnelInsideIpv6Cidr: string
├[~] service aws-ecs
│ └ resources
│    ├[~] resource AWS::ECS::CapacityProvider
│    │ └ properties
│    │    └ AutoScalingGroupProvider: - AutoScalingGroupProvider (required)
│    │                                + AutoScalingGroupProvider
│    └[~] resource AWS::ECS::TaskSet
│      ├ properties
│      │  └ CapacityProviderStrategy: (documentation changed)
│      └ types
│         └[~] type CapacityProviderStrategyItem
│           ├  - documentation: undefined
│           │  + documentation: The details of a capacity provider strategy. A capacity provider strategy can be set when using the [RunTask](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html) or [CreateCluster](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateCluster.html) APIs or as the default capacity provider strategy for a cluster with the `CreateCluster` API.
│           │  Only capacity providers that are already associated with a cluster and have an `ACTIVE` or `UPDATING` status can be used in a capacity provider strategy. The [PutClusterCapacityProviders](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutClusterCapacityProviders.html) API is used to associate a capacity provider with a cluster.
│           │  If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must already be created. New Auto Scaling group capacity providers can be created with the [CreateClusterCapacityProvider](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateClusterCapacityProvider.html) API operation.
│           │  To use a AWS Fargate capacity provider, specify either the `FARGATE` or `FARGATE_SPOT` capacity providers. The AWS Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used in a capacity provider strategy.
│           │  With `FARGATE_SPOT` , you can run interruption tolerant tasks at a rate that's discounted compared to the `FARGATE` price. `FARGATE_SPOT` runs tasks on spare compute capacity. When AWS needs the capacity back, your tasks are interrupted with a two-minute warning. `FARGATE_SPOT` supports Linux tasks with the X86_64 architecture on platform version 1.3.0 or later. `FARGATE_SPOT` supports Linux tasks with the ARM64 architecture on platform version 1.4.0 or later.
│           │  A capacity provider strategy may contain a maximum of 6 capacity providers.
│           └ properties
│              ├ Base: (documentation changed)
│              ├ CapacityProvider: (documentation changed)
│              └ Weight: (documentation changed)
├[~] service aws-eks
│ └ resources
│    └[~] resource AWS::EKS::Cluster
│      └ properties
│         └ Name: (documentation changed)
├[~] service aws-elasticloadbalancingv2
│ └ resources
│    └[~] resource AWS::ElasticLoadBalancingV2::LoadBalancer
│      └ types
│         └[~] type LoadBalancerAttribute
│           └ properties
│              └ Key: (documentation changed)
├[~] service aws-fms
│ └ resources
│    └[~] resource AWS::FMS::Policy
│      └ types
│         ├[+] type IcmpTypeCode
│         │ ├  documentation: ICMP protocol: The ICMP type and code.
│         │ │  name: IcmpTypeCode
│         │ └ properties
│         │    ├Code: integer (required)
│         │    └Type: integer (required)
│         ├[~] type NetworkAclCommonPolicy
│         │ └ properties
│         │    └[+] NetworkAclEntrySet: NetworkAclEntrySet (required)
│         ├[+] type NetworkAclEntry
│         │ ├  documentation: Describes a rule in a network ACL.
│         │ │  Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules. When determining
│         │ │  whether a packet should be allowed in or out of a subnet associated with the network ACL, AWS processes the entries in the network ACL according to the rule numbers, in ascending order.
│         │ │  When you manage an individual network ACL, you explicitly specify the rule numbers. When you specify the network ACL rules in a Firewall Manager policy, you provide the rules to run first, in the order that you want them to run, and the rules to run last, in the order that you want them to run. Firewall Manager assigns the rule numbers for you when you save the network ACL policy specification.
│         │ │  name: NetworkAclEntry
│         │ └ properties
│         │    ├CidrBlock: string
│         │    ├Egress: boolean (required)
│         │    ├IcmpTypeCode: IcmpTypeCode
│         │    ├Ipv6CidrBlock: string
│         │    ├PortRange: PortRange
│         │    ├Protocol: string (required)
│         │    └RuleAction: string (required)
│         ├[+] type NetworkAclEntrySet
│         │ ├  documentation: The configuration of the first and last rules for the network ACL policy, and the remediation settings for each.
│         │ │  name: NetworkAclEntrySet
│         │ └ properties
│         │    ├FirstEntries: Array<NetworkAclEntry>
│         │    ├ForceRemediateForFirstEntries: boolean (required)
│         │    ├LastEntries: Array<NetworkAclEntry>
│         │    └ForceRemediateForLastEntries: boolean (required)
│         └[+] type PortRange
│           ├  documentation: TCP or UDP protocols: The range of ports the rule applies to.
│           │  name: PortRange
│           └ properties
│              ├From: integer (required)
│              └To: integer (required)
├[~] service aws-gamelift
│ └ resources
│    └[~] resource AWS::GameLift::ContainerGroupDefinition
│      ├ properties
│      │  ├[+] SourceVersionNumber: integer
│      │  └[+] SupportContainerDefinitions: Array<json>
│      └ attributes
│         ├[+] Status: string
│         └[+] StatusReason: string
├[~] service aws-glue
│ └ resources
│    ├[~] resource AWS::Glue::Crawler
│    │ └ attributes
│    │    └[-] Id: string
│    ├[~] resource AWS::Glue::Schema
│    │ └ properties
│    │    └ SchemaDefinition: - string (required, immutable)
│    │                        + string (immutable)
│    └[~] resource AWS::Glue::UsageProfile
│      ├ properties
│      │  └[+] Configuration: ProfileConfiguration
│      └ types
│         ├[+] type ConfigurationObject
│         │ ├  documentation: Specifies the values that an admin sets for each job or session parameter configured in a AWS Glue usage profile.
│         │ │  name: ConfigurationObject
│         │ └ properties
│         │    ├DefaultValue: string
│         │    ├AllowedValues: Array<string>
│         │    ├MinValue: string
│         │    └MaxValue: string
│         └[+] type ProfileConfiguration
│           ├  documentation: Specifies the job and session values that an admin configures in an AWS Glue usage profile.
│           │  name: ProfileConfiguration
│           └ properties
│              ├JobConfiguration: Map<string, ConfigurationObject>
│              └SessionConfiguration: Map<string, ConfigurationObject>
├[~] service aws-kinesis
│ └ resources
│    └[~] resource AWS::Kinesis::ResourcePolicy
│      ├  - documentation: Resource Type definition for AWS::Kinesis::ResourcePolicy
│      │  + documentation: Attaches a resource-based policy to a data stream or registered consumer. If you are using an identity other than the root user of the AWS account that owns the resource, the calling identity must have the `PutResourcePolicy` permissions on the specified Kinesis Data Streams resource and belong to the owner's account in order to use this operation. If you don't have `PutResourcePolicy` permissions, Amazon Kinesis Data Streams returns a `403 Access Denied error` . If you receive a `ResourceNotFoundException` , check to see if you passed a valid stream or consumer resource.
│      │  Request patterns can be one of the following:
│      │  - Data stream pattern: `arn:aws.*:kinesis:.*:\d{12}:.*stream/\S+`
│      │  - Consumer pattern: `^(arn):aws.*:kinesis:.*:\d{12}:.*stream\/[a-zA-Z0-9_.-]+\/consumer\/[a-zA-Z0-9_.-]+:[0-9]+`
│      │  For more information, see [Controlling Access to Amazon Kinesis Data Streams Resources Using IAM](https://docs.aws.amazon.com/streams/latest/dev/controlling-access.html) .
│      └ properties
│         ├[+] ResourceArn: string (required, immutable)
│         └ ResourcePolicy: (documentation changed)
├[~] service aws-mediapackagev2
│ └ resources
│    ├[~] resource AWS::MediaPackageV2::Channel
│    │ └ properties
│    │    └ InputType: (documentation changed)
│    └[~] resource AWS::MediaPackageV2::OriginEndpoint
│      ├ properties
│      │  └ ForceEndpointErrorConfiguration: (documentation changed)
│      └ types
│         └[~] type ForceEndpointErrorConfiguration
│           ├  - documentation: <p>The failover settings for the endpoint.</p>
│           │  + documentation: The failover settings for the endpoint.
│           └ properties
│              └ EndpointErrorConditions: (documentation changed)
├[~] service aws-networkfirewall
│ └ resources
│    └[~] resource AWS::NetworkFirewall::FirewallPolicy
│      └ types
│         ├[+] type FlowTimeouts
│         │ ├  name: FlowTimeouts
│         │ └ properties
│         │    └TcpIdleTimeoutSeconds: integer
│         └[~] type StatefulEngineOptions
│           └ properties
│              └[+] FlowTimeouts: FlowTimeouts
├[~] service aws-qbusiness
│ └ resources
│    ├[~] resource AWS::QBusiness::DataSource
│    │ └ properties
│    │    └ Configuration: (documentation changed)
│    └[~] resource AWS::QBusiness::WebExperience
│      └ properties
│         └[+] Origins: Array<string>
├[~] service aws-quicksight
│ └ resources
│    ├[~] resource AWS::QuickSight::Analysis
│    │ ├ properties
│    │ │  └[+] FolderArns: Array<string>
│    │ └ types
│    │    └[~] type DestinationParameterValueConfiguration
│    │      └ properties
│    │         └ SourceColumn: (documentation changed)
│    ├[~] resource AWS::QuickSight::Dashboard
│    │ ├ properties
│    │ │  └[+] FolderArns: Array<string>
│    │ └ types
│    │    └[~] type DestinationParameterValueConfiguration
│    │      └ properties
│    │         └ SourceColumn: (documentation changed)
│    ├[~] resource AWS::QuickSight::DataSet
│    │ └ types
│    │    ├[~] type CustomSql
│    │    │ └ properties
│    │    │    └ Columns: - Array<InputColumn> (required)
│    │    │               + Array<InputColumn>
│    │    ├[~] type RelationalTable
│    │    │ └ properties
│    │    │    └ InputColumns: - Array<InputColumn> (required)
│    │    │                    + Array<InputColumn>
│    │    └[~] type TransformOperation
│    │      └ properties
│    │         └ OverrideDatasetParameterOperation: (documentation changed)
│    ├[~] resource AWS::QuickSight::DataSource
│    │ └ properties
│    │    └[+] FolderArns: Array<string>
│    ├[~] resource AWS::QuickSight::Folder
│    │ └ properties
│    │    ├ AwsAccountId: (documentation changed)
│    │    ├ ParentFolderArn: (documentation changed)
│    │    └ Permissions: (documentation changed)
│    ├[~] resource AWS::QuickSight::Template
│    │ └ types
│    │    └[~] type DestinationParameterValueConfiguration
│    │      └ properties
│    │         └ SourceColumn: (documentation changed)
│    └[~] resource AWS::QuickSight::Theme
│      └ types
│         └[~] type ThemeConfiguration
│           └ properties
│              └ Typography: (documentation changed)
├[~] service aws-redshift
│ └ resources
│    ├[~] resource AWS::Redshift::Cluster
│    │ ├ properties
│    │ │  ├[+] MasterPasswordSecretKmsKeyId: string
│    │ │  └ NodeType: (documentation changed)
│    │ └ types
│    │    └[~] type LoggingProperties
│    │      └ properties
│    │         └ S3KeyPrefix: (documentation changed)
│    └[+] resource AWS::Redshift::Integration
│      ├  name: Integration
│      │  cloudFormationType: AWS::Redshift::Integration
│      │  documentation: Integration from a source AWS service to a Redshift cluster
│      │  tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│      ├ properties
│      │  ├IntegrationName: string
│      │  ├SourceArn: string (required, immutable)
│      │  ├TargetArn: string (required, immutable)
│      │  ├Tags: Array<tag>
│      │  ├KMSKeyId: string (immutable)
│      │  └AdditionalEncryptionContext: Map<string, string> (immutable)
│      └ attributes
│         ├IntegrationArn: string
│         └CreateTime: string
├[~] service aws-route53profiles
│ └ resources
│    └[~] resource AWS::Route53Profiles::ProfileAssociation
│      └ properties
│         └ ProfileId: (documentation changed)
├[~] service aws-route53resolver
│ └ resources
│    └[~] resource AWS::Route53Resolver::ResolverRule
│      ├ properties
│      │  └[-] DelegationRecord: string
│      └ types
│         └[~] type TargetAddress
│           └ properties
│              └[+] ServerNameIndication: string
├[~] service aws-s3
│ └ resources
│    ├[~] resource AWS::S3::Bucket
│    │ └ types
│    │    ├[~] type LifecycleConfiguration
│    │    │ └ properties
│    │    │    ├ Rules: (documentation changed)
│    │    │    └ TransitionDefaultMinimumObjectSize: (documentation changed)
│    │    └[~] type ServerSideEncryptionByDefault
│    │      └  - documentation: Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) .
│    │         > - *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key ( `aws/s3` ) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS.
│    │         > - *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) ( `aws/s3` ) isn't supported.
│    │         > - *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS.
│    │         + documentation: Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) .
│    │         > - *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key ( `aws/s3` ) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS.
│    │         > - *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. The [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) ( `aws/s3` ) isn't supported.
│    │         > - *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS.
│    └[~] resource AWS::S3::StorageLens
│      └ types
│         └[~] type AccountLevel
│           └ properties
│              └ BucketLevel: (documentation changed)
├[~] service aws-s3express
│ └ resources
│    └[~] resource AWS::S3Express::DirectoryBucket
│      └ types
│         └[~] type ServerSideEncryptionByDefault
│           └ properties
│              └[+] KMSMasterKeyID: string
├[~] service aws-s3outposts
│ └ resources
│    └[~] resource AWS::S3Outposts::Bucket
│      └ types
│         ├[~] type Filter
│         │ ├  - documentation: undefined
│         │ │  + documentation: The container for the filter of the lifecycle rule.
│         │ └ properties
│         │    ├ Prefix: (documentation changed)
│         │    └ Tag: (documentation changed)
│         ├[~] type FilterAndOperator
│         │ └ properties
│         │    ├ Prefix: (documentation changed)
│         │    └ Tags: (documentation changed)
│         ├[~] type FilterTag
│         │ └  - documentation: undefined
│         │    + documentation: Tag used to identify a subset of objects for an Amazon S3Outposts bucket.
│         └[~] type Rule
│           └ properties
│              ├ Filter: - json
│              │         + Filter ⇐ json
│              └ Id: (documentation changed)
├[~] service aws-sagemaker
│ └ resources
│    └[~] resource AWS::SageMaker::ImageVersion
│      ├ properties
│      │  └[-] Version: integer
│      └ attributes
│         └ Version: (documentation changed)
├[~] service aws-ssmquicksetup
│ └ resources
│    └[~] resource AWS::SSMQuickSetup::ConfigurationManager
│      └ types
│         └[~] type ConfigurationDefinition
│           └ properties
│              └ Parameters: (documentation changed)
├[~] service aws-transfer
│ └ resources
│    └[~] resource AWS::Transfer::Server
│      ├ properties
│      │  ├ IdentityProviderDetails: (documentation changed)
│      │  ├ Protocols: - Array<json> ⇐ Array<string>
│      │  │            + Array<string>
│      │  └ StructuredLogDestinations: - Array<json> ⇐ Array<string>
│      │                               + Array<string>
│      ├ attributes
│      │  └[+] As2ServiceManagedEgressIpAddresses: Array<string>
│      └ types
│         ├[~] type IdentityProviderDetails
│         │ └  - documentation: Required when `IdentityProviderType` is set to `AWS_DIRECTORY_SERVICE` , `AWS _LAMBDA` or `API_GATEWAY` . Accepts an array containing all of the information required to use a directory in `AWS_DIRECTORY_SERVICE` or invoke a customer-supplied authentication API, including the API Gateway URL. Not required when `IdentityProviderType` is set to `SERVICE_MANAGED` .
│         │    + documentation: Required when `IdentityProviderType` is set to `AWS_DIRECTORY_SERVICE` , `AWS _LAMBDA` or `API_GATEWAY` . Accepts an array containing all of the information required to use a directory in `AWS_DIRECTORY_SERVICE` or invoke a customer-supplied authentication API, including the API Gateway URL. Cannot be specified when `IdentityProviderType` is set to `SERVICE_MANAGED` .
│         └[~] type ProtocolDetails
│           └ properties
│              └ As2Transports: - Array<json> ⇐ Array<string>
│                               + Array<string>
├[~] service aws-waf
│ └ resources
│    ├[~] resource AWS::WAF::ByteMatchSet
│    │ └ types
│    │    ├[~] type ByteMatchTuple
│    │    │ └  - documentation: > Deprecation notice: AWS WAF Classic support will end on September 30, 2025.
│    │    │    > 
│    │    │    > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│    │    │    > 
│    │    │    > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. 
│    │    │    The bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings.
│    │    │    + documentation: > AWS WAF Classic support will end on September 30, 2025.
│    │    │    > 
│    │    │    > This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide.
│    │    │    > 
│    │    │    > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS 

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 639c7bc
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.