feat: update L1 CloudFormation resource definitions (#36122)

Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`

**L1 CloudFormation resource definition changes:**
```
├[~] service alexa-ask
│ └ resources
│    └[~]  resource Alexa::ASK::Skill
│       └ types
│          └[~] type SkillPackage
│            └ properties
│               └ S3BucketRole: (documentation changed)
├[~] service aws-aiops
│ └ resources
│    └[~]  resource AWS::AIOps::InvestigationGroup
│       ├ properties
│       │  ├ ChatbotNotificationChannels: (documentation changed)
│       │  └ EncryptionConfig: (documentation changed)
│       └ types
│          ├[~] type ChatbotNotificationChannel
│          │ └ properties
│          │    └ SNSTopicArn: (documentation changed)
│          └[~] type EncryptionConfigMap
│            └      - documentation: Use this structure if you want to use a customer managed AWS KMS key to encrypt your investigation data. If you omit this parameter, CloudWatch investigations will use an AWS key to encrypt the data. For more information, see [Encryption of investigation data](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Investigations-Security.html#Investigations-KMS) .
│                   + documentation: Use this structure if you want to use a customer managed AWS  key to encrypt your investigation data. If you omit this parameter, CloudWatch investigations will use an AWS key to encrypt the data. For more information, see [Encryption of investigation data](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Investigations-Security.html#Investigations-KMS) .
├[~] service aws-amazonmq
│ └ resources
│    └[~]  resource AWS::AmazonMQ::Broker
│       └ types
│          └[~] type EncryptionOptions
│            └ properties
│               ├ KmsKeyId: (documentation changed)
│               └ UseAwsOwnedKey: (documentation changed)
├[~] service aws-amplify
│ └ resources
│    └[~]  resource AWS::Amplify::Branch
│       ├ properties
│       │  └ Backend: (documentation changed)
│       └ types
│          └[~] type Backend
│            └ properties
│               └ StackArn: (documentation changed)
├[~] service aws-apigateway
│ └ resources
│    ├[~]  resource AWS::ApiGateway::ApiKey
│    │  └ properties
│    │     └ Name: (documentation changed)
│    ├[~]  resource AWS::ApiGateway::DomainName
│    │  └ properties
│    │     └ SecurityPolicy: (documentation changed)
│    ├[~]  resource AWS::ApiGateway::DomainNameV2
│    │  └ properties
│    │     └ SecurityPolicy: (documentation changed)
│    └[~]  resource AWS::ApiGateway::Model
│       └ properties
│          └ Name: (documentation changed)
├[~] service aws-appconfig
│ └ resources
│    └[~]  resource AWS::AppConfig::ConfigurationProfile
│       └ attributes
│          └ KmsKeyArn: (documentation changed)
├[~] service aws-appflow
│ └ resources
│    ├[~]  resource AWS::AppFlow::ConnectorProfile
│    │  └      - documentation: The `AWS::AppFlow::ConnectorProfile` resource is an Amazon AppFlow resource type that specifies the configuration profile for an instance of a connector. This includes the provided name, credentials ARN, connection-mode, and so on. The fields that are common to all types of connector profiles are explicitly specified under the `Properties` field. The rest of the connector-specific properties are specified under `Properties/ConnectorProfileConfig` .
│    │         > If you want to use AWS CloudFormation to create a connector profile for connectors that implement OAuth (such as Salesforce, Slack, Zendesk, and Google Analytics), you must fetch the access and refresh tokens. You can do this by implementing your own UI for OAuth, or by retrieving the tokens from elsewhere. Alternatively, you can use the Amazon AppFlow console to create the connector profile, and then use that connector profile in the flow creation CloudFormation template.
│    │         + documentation: The `AWS::AppFlow::ConnectorProfile` resource is an Amazon AppFlow resource type that specifies the configuration profile for an instance of a connector. This includes the provided name, credentials ARN, connection-mode, and so on. The fields that are common to all types of connector profiles are explicitly specified under the `Properties` field. The rest of the connector-specific properties are specified under `Properties/ConnectorProfileConfig` .
│    │         > If you want to use CloudFormation to create a connector profile for connectors that implement OAuth (such as Salesforce, Slack, Zendesk, and Google Analytics), you must fetch the access and refresh tokens. You can do this by implementing your own UI for OAuth, or by retrieving the tokens from elsewhere. Alternatively, you can use the Amazon AppFlow console to create the connector profile, and then use that connector profile in the flow creation CloudFormation template.
│    └[~]  resource AWS::AppFlow::Flow
│       └      - documentation: The `AWS::AppFlow::Flow` resource is an Amazon AppFlow resource type that specifies a new flow.
│              > If you want to use AWS CloudFormation to create a connector profile for connectors that implement OAuth (such as Salesforce, Slack, Zendesk, and Google Analytics), you must fetch the access and refresh tokens. You can do this by implementing your own UI for OAuth, or by retrieving the tokens from elsewhere. Alternatively, you can use the Amazon AppFlow console to create the connector profile, and then use that connector profile in the flow creation CloudFormation template.
│              + documentation: The `AWS::AppFlow::Flow` resource is an Amazon AppFlow resource type that specifies a new flow.
│              > If you want to use CloudFormation to create a connector profile for connectors that implement OAuth (such as Salesforce, Slack, Zendesk, and Google Analytics), you must fetch the access and refresh tokens. You can do this by implementing your own UI for OAuth, or by retrieving the tokens from elsewhere. Alternatively, you can use the Amazon AppFlow console to create the connector profile, and then use that connector profile in the flow creation CloudFormation template.
├[~] service aws-apprunner
│ └ resources
│    ├[~]  resource AWS::AppRunner::ObservabilityConfiguration
│    │  └ properties
│    │     └ ObservabilityConfigurationName: (documentation changed)
│    ├[~]  resource AWS::AppRunner::Service
│    │  └ properties
│    │     └ ServiceName: (documentation changed)
│    └[~]  resource AWS::AppRunner::VpcConnector
│       └ properties
│          └ VpcConnectorName: (documentation changed)
├[~] service aws-appstream
│ └ resources
│    └[~]  resource AWS::AppStream::Fleet
│       ├ properties
│       │  └[+] RootVolumeConfig: VolumeConfig
│       └ types
│          └[+]  type VolumeConfig
│             ├      name: VolumeConfig
│             └ properties
│                └ VolumeSizeInGb: integer
├[~] service aws-appsync
│ └ resources
│    └[~]  resource AWS::AppSync::FunctionConfiguration
│       └      - documentation: The `AWS::AppSync::FunctionConfiguration` resource defines the functions in GraphQL APIs to perform certain operations. You can use pipeline resolvers to attach functions. For more information, see [Pipeline Resolvers](https://docs.aws.amazon.com/appsync/latest/devguide/pipeline-resolvers.html) in the *AWS AppSync Developer Guide* .
│              > When you submit an update, AWS CloudFormation updates resources based on differences between what you submit and the stack's current template. To cause this resource to be updated you must change a property value for this resource in the AWS CloudFormation template. Changing the Amazon S3 file content without changing a property value will not result in an update operation.
│              > 
│              > See [Update Behaviors of Stack Resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html) in the *AWS CloudFormation User Guide* .
│              + documentation: The `AWS::AppSync::FunctionConfiguration` resource defines the functions in GraphQL APIs to perform certain operations. You can use pipeline resolvers to attach functions. For more information, see [Pipeline Resolvers](https://docs.aws.amazon.com/appsync/latest/devguide/pipeline-resolvers.html) in the *AWS AppSync Developer Guide* .
│              > When you submit an update, AWS CloudFormation updates resources based on differences between what you submit and the stack's current template. To cause this resource to be updated you must change a property value for this resource in the CloudFormation template. Changing the Amazon S3 file content without changing a property value will not result in an update operation.
│              > 
│              > See [Update Behaviors of Stack Resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html) in the *AWS CloudFormation User Guide* .
├[~] service aws-aps
│ └ resources
│    ├[~]  resource AWS::APS::ResourcePolicy
│    │  └      - documentation: Use resource-based policies to grant permissions to other AWS accounts or services to access your workspace.
│    │         Only Prometheus-compatible APIs can be used for workspace sharing. You can add non-Prometheus-compatible APIs to the policy, but they will be ignored. For more information, see [Prometheus-compatible APIs](https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-APIReference-Prometheus-Compatible-Apis.html) in the *Amazon Managed Service for Prometheus User Guide* .
│    │         If your workspace uses customer-managed AWS KMS keys for encryption, you must grant the principals in your resource-based policy access to those AWS KMS keys. You can do this by creating AWS KMS grants. For more information, see [CreateGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html) in the *AWS KMS API Reference* and [Encryption at rest](https://docs.aws.amazon.com/prometheus/latest/userguide/encryption-at-rest-Amazon-Service-Prometheus.html) in the *Amazon Managed Service for Prometheus User Guide* .
│    │         For more information about working with IAM , see [Using Amazon Managed Service for Prometheus with IAM](https://docs.aws.amazon.com/prometheus/latest/userguide/security_iam_service-with-iam.html) in the *Amazon Managed Service for Prometheus User Guide* .
│    │         + documentation: Use resource-based policies to grant permissions to other AWS accounts or services to access your workspace.
│    │         Only Prometheus-compatible APIs can be used for workspace sharing. You can add non-Prometheus-compatible APIs to the policy, but they will be ignored. For more information, see [Prometheus-compatible APIs](https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-APIReference-Prometheus-Compatible-Apis.html) in the *Amazon Managed Service for Prometheus User Guide* .
│    │         If your workspace uses customer-managed AWS  keys for encryption, you must grant the principals in your resource-based policy access to those AWS  keys. You can do this by creating AWS  grants. For more information, see [CreateGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html) in the *AWS  API Reference* and [Encryption at rest](https://docs.aws.amazon.com/prometheus/latest/userguide/encryption-at-rest-Amazon-Service-Prometheus.html) in the *Amazon Managed Service for Prometheus User Guide* .
│    │         For more information about working with IAM , see [Using Amazon Managed Service for Prometheus with IAM](https://docs.aws.amazon.com/prometheus/latest/userguide/security_iam_service-with-iam.html) in the *Amazon Managed Service for Prometheus User Guide* .
│    ├[~]  resource AWS::APS::Scraper
│    │  └ vendedLogs
│    │     └[+] vendedLogs
│    │       ├permissionsVersion: V1
│    │       ├logTypes: [APPLICATION_LOGS]
│    │       └destinations: [S3, CWL, FH]
│    └[~]  resource AWS::APS::Workspace
│       ├ properties
│       │  └ KmsKeyArn: (documentation changed)
│       └ vendedLogs
│          └[+] vendedLogs
│            ├permissionsVersion: V1
│            ├logTypes: [MANAGED_PROMETHEUS_LOGS]
│            └destinations: [S3, CWL, FH]
├[~] service aws-b2bi
│ └ resources
│    └[~]  resource AWS::B2BI::Transformer
│       └ vendedLogs
│          └[+] vendedLogs
│            ├permissionsVersion: V1
│            ├logTypes: [B2BI_EXECUTION_LOGS]
│            └destinations: [S3, CWL, FH]
├[~] service aws-backup
│ └ resources
│    ├[~]  resource AWS::Backup::BackupPlan
│    │  └      - documentation: Contains an optional backup plan display name and an array of `BackupRule` objects, each of which specifies a backup rule. Each rule in a backup plan is a separate scheduled task and can back up a different selection of AWS resources.
│    │         For a sample AWS CloudFormation template, see the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/assigning-resources.html#assigning-resources-cfn) .
│    │         + documentation: Contains an optional backup plan display name and an array of `BackupRule` objects, each of which specifies a backup rule. Each rule in a backup plan is a separate scheduled task and can back up a different selection of AWS resources.
│    │         For a sample CloudFormation template, see the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/assigning-resources.html#assigning-resources-cfn) .
│    ├[~]  resource AWS::Backup::BackupSelection
│    │  └      - documentation: Specifies a set of resources to assign to a backup plan.
│    │         For a sample AWS CloudFormation template, see the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/assigning-resources.html#assigning-resources-cfn) .
│    │         + documentation: Specifies a set of resources to assign to a backup plan.
│    │         For a sample CloudFormation template, see the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/assigning-resources.html#assigning-resources-cfn) .
│    ├[~]  resource AWS::Backup::BackupVault
│    │  └      - documentation: Creates a logical container where backups are stored. A `CreateBackupVault` request includes a name, optionally one or more resource tags, an encryption key, and a request ID.
│    │         Do not include sensitive data, such as passport numbers, in the name of a backup vault.
│    │         For a sample AWS CloudFormation template, see the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/assigning-resources.html#assigning-resources-cfn) .
│    │         + documentation: Creates a logical container where backups are stored. A `CreateBackupVault` request includes a name, optionally one or more resource tags, an encryption key, and a request ID.
│    │         Do not include sensitive data, such as passport numbers, in the name of a backup vault.
│    │         For a sample CloudFormation template, see the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/assigning-resources.html#assigning-resources-cfn) .
│    ├[~]  resource AWS::Backup::Framework
│    │  └      - documentation: Creates a framework with one or more controls. A framework is a collection of controls that you can use to evaluate your backup practices. By using pre-built customizable controls to define your policies, you can evaluate whether your backup practices comply with your policies and which resources are not yet in compliance.
│    │         For a sample AWS CloudFormation template, see the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/bam-cfn-integration.html#bam-cfn-frameworks-template) .
│    │         + documentation: Creates a framework with one or more controls. A framework is a collection of controls that you can use to evaluate your backup practices. By using pre-built customizable controls to define your policies, you can evaluate whether your backup practices comply with your policies and which resources are not yet in compliance.
│    │         For a sample CloudFormation template, see the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/bam-cfn-integration.html#bam-cfn-frameworks-template) .
│    ├[~]  resource AWS::Backup::LogicallyAirGappedBackupVault
│    │  ├ properties
│    │  │  └[+] EncryptionKeyArn: string (immutable)
│    │  └ attributes
│    │     └[-] EncryptionKeyArn: string
│    └[~]  resource AWS::Backup::ReportPlan
│       └      - documentation: Creates a report plan. A report plan is a document that contains information about the contents of the report and where AWS Backup will deliver it.
│              If you call `CreateReportPlan` with a plan that already exists, you receive an `AlreadyExistsException` exception.
│              For a sample AWS CloudFormation template, see the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/assigning-resources.html#assigning-resources-cfn) .
│              + documentation: Creates a report plan. A report plan is a document that contains information about the contents of the report and where AWS Backup will deliver it.
│              If you call `CreateReportPlan` with a plan that already exists, you receive an `AlreadyExistsException` exception.
│              For a sample CloudFormation template, see the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/assigning-resources.html#assigning-resources-cfn) .
├[~] service aws-backupgateway
│ └ resources
│    └[~]  resource AWS::BackupGateway::Hypervisor
│       └ vendedLogs
│          └[+] vendedLogs
│            ├permissionsVersion: V1
│            ├logTypes: [BGW_HYPERVISOR_LOGS, DATA_ACCESS_LOGS]
│            └destinations: [S3, CWL, FH]
├[~] service aws-batch
│ └ resources
│    └[~]  resource AWS::Batch::ComputeEnvironment
│       └ types
│          └[~] type ComputeResources
│            └ properties
│               └ Type: (documentation changed)
├[~] service aws-bedrock
│ └ resources
│    ├[~]  resource AWS::Bedrock::Agent
│    │  ├ properties
│    │  │  └ CustomerEncryptionKeyArn: (documentation changed)
│    │  └ vendedLogs
│    │     └[+] vendedLogs
│    │       ├permissionsVersion: V2
│    │       ├logTypes: [APPLICATION_LOGS]
│    │       └destinations: [S3, CWL, FH]
│    ├[~]  resource AWS::Bedrock::AgentAlias
│    │  └ vendedLogs
│    │     └[+] vendedLogs
│    │       ├permissionsVersion: V2
│    │       ├logTypes: [EVENT_LOGS]
│    │       └destinations: [S3, CWL, FH]
│    ├[~]  resource AWS::Bedrock::Blueprint
│    │  └ properties
│    │     └ KmsKeyId: (documentation changed)
│    ├[~]  resource AWS::Bedrock::DataAutomationProject
│    │  ├ properties
│    │  │  ├ KmsEncryptionContext: (documentation changed)
│    │  │  └ KmsKeyId: (documentation changed)
│    │  └ types
│    │     ├[+]  type AudioLanguageConfiguration
│    │     │  ├      name: AudioLanguageConfiguration
│    │     │  └ properties
│    │     │     ├ InputLanguages: Array<string>
│    │     │     ├ GenerativeOutputLanguage: string
│    │     │     └ IdentifyMultipleLanguages: boolean
│    │     └[~] type AudioOverrideConfiguration
│    │       └ properties
│    │          └[+] LanguageConfiguration: AudioLanguageConfiguration
│    ├[~]  resource AWS::Bedrock::DataSource
│    │  └ types
│    │     └[~] type ServerSideEncryptionConfiguration
│    │       └ properties
│    │          └ KmsKeyArn: (documentation changed)
│    ├[~]  resource AWS::Bedrock::Flow
│    │  └ vendedLogs
│    │     └[+] vendedLogs
│    │       ├permissionsVersion: V2
│    │       ├logTypes: [APPLICATION_LOGS]
│    │       └destinations: [S3, CWL, FH]
│    ├[~]  resource AWS::Bedrock::Guardrail
│    │  └ properties
│    │     └ KmsKeyArn: (documentation changed)
│    └[~]  resource AWS::Bedrock::KnowledgeBase
│       ├      - documentation: Specifies a knowledge base as a resource in a top-level template. Minimally, you must specify the following properties:
│       │      - Name – Specify a name for the knowledge base.
│       │      - RoleArn – Specify the Amazon Resource Name (ARN) of the IAM role with permissions to invoke API operations on the knowledge base. For more information, see [Create a service role for Knowledge base for Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/kb-permissions.html) .
│       │      - KnowledgeBaseConfiguration – Specify the embeddings configuration of the knowledge base. The following sub-properties are required:
│       │      - Type – Specify the value `VECTOR` .
│       │      - StorageConfiguration – Specify information about the vector store in which the data source is stored. The following sub-properties are required:
│       │      - Type – Specify the vector store service that you are using.
│       │      > Redis Enterprise Cloud vector stores are currently unsupported in AWS CloudFormation .
│       │      For more information about using knowledge bases in Amazon Bedrock , see [Knowledge base for Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/knowledge-base.html) .
│       │      See the *Properties* section below for descriptions of both the required and optional properties.
│       │      + documentation: Specifies a knowledge base as a resource in a top-level template. Minimally, you must specify the following properties:
│       │      - Name – Specify a name for the knowledge base.
│       │      - RoleArn – Specify the Amazon Resource Name (ARN) of the IAM role with permissions to invoke API operations on the knowledge base. For more information, see [Create a service role for Knowledge base for Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/kb-permissions.html) .
│       │      - KnowledgeBaseConfiguration – Specify the embeddings configuration of the knowledge base. The following sub-properties are required:
│       │      - Type – Specify the value `VECTOR` .
│       │      - StorageConfiguration – Specify information about the vector store in which the data source is stored. The following sub-properties are required:
│       │      - Type – Specify the vector store service that you are using.
│       │      > Redis Enterprise Cloud vector stores are currently unsupported in CloudFormation .
│       │      For more information about using knowledge bases in Amazon Bedrock , see [Knowledge base for Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/knowledge-base.html) .
│       │      See the *Properties* section below for descriptions of both the required and optional properties.
│       └ vendedLogs
│          └[+] vendedLogs
│            ├permissionsVersion: V2
│            ├logTypes: [APPLICATION_LOGS, RUNTIME_LOGS]
│            └destinations: [S3, CWL, FH]
├[~] service aws-bedrockagentcore
│ └ resources
│    ├[~]  resource AWS::BedrockAgentCore::Gateway
│    │  └ vendedLogs
│    │     └[+] vendedLogs
│    │       ├permissionsVersion: V2
│    │       ├logTypes: [APPLICATION_LOGS, TRACES]
│    │       └destinations: [S3, CWL, FH, XRAY]
│    ├[~]  resource AWS::BedrockAgentCore::Memory
│    │  └ vendedLogs
│    │     └[+] vendedLogs
│    │       ├permissionsVersion: V2
│    │       ├logTypes: [APPLICATION_LOGS, TRACES]
│    │       └destinations: [S3, CWL, FH, XRAY]
│    └[~]  resource AWS::BedrockAgentCore::Runtime
│       └ vendedLogs
│          └[+] vendedLogs
│            ├permissionsVersion: V2
│            ├logTypes: [APPLICATION_LOGS, TRACES, USAGE_LOGS]
│            └destinations: [S3, CWL, FH, XRAY]
├[~] service aws-billingconductor
│ └ resources
│    └[~]  resource AWS::BillingConductor::BillingGroup
│       ├ properties
│       │  └ PrimaryAccountId: - string (required, immutable)
│       │                      + string (immutable)
│       └ types
│          └[~] type AccountGrouping
│            └ properties
│               ├ LinkedAccountIds: - Array<string> (required)
│               │                   + Array<string>
│               └[+] ResponsibilityTransferArn: string
├[~] service aws-chatbot
│ └ resources
│    ├[~]  resource AWS::Chatbot::MicrosoftTeamsChannelConfiguration
│    │  └      - documentation: > AWS Chatbot is now  . [Learn more](https://docs.aws.amazon.com//chatbot/latest/adminguide/service-rename.html)
│    │         > 
│    │         > `Type` attribute values remain unchanged. 
│    │         The `AWS::Chatbot::MicrosoftTeamsChannelConfiguration` resource configures a Microsoft Teams channel to allow users to use  with AWS CloudFormation templates.
│    │         This resource requires some setup to be done in the  in chat applications console. To provide the required Microsoft Teams team and tenant IDs, you must perform the initial authorization flow with Microsoft Teams in the  in chat applications console, then copy and paste the IDs from the console. For more details, see steps 1-3 in [Get started with Microsoft Teams](https://docs.aws.amazon.com/chatbot/latest/adminguide/teams-setup.html#teams-client-setup) in the *in chat applications Administrator Guide* .
│    │         + documentation: > AWS Chatbot is now  . [Learn more](https://docs.aws.amazon.com//chatbot/latest/adminguide/service-rename.html)
│    │         > 
│    │         > `Type` attribute values remain unchanged. 
│    │         The `AWS::Chatbot::MicrosoftTeamsChannelConfiguration` resource configures a Microsoft Teams channel to allow users to use  with CloudFormation templates.
│    │         This resource requires some setup to be done in the  in chat applications console. To provide the required Microsoft Teams team and tenant IDs, you must perform the initial authorization flow with Microsoft Teams in the  in chat applications console, then copy and paste the IDs from the console. For more details, see steps 1-3 in [Get started with Microsoft Teams](https://docs.aws.amazon.com/chatbot/latest/adminguide/teams-setup.html#teams-client-setup) in the *in chat applications Administrator Guide* .
│    └[~]  resource AWS::Chatbot::SlackChannelConfiguration
│       └      - documentation: > AWS Chatbot is now  . [Learn more](https://docs.aws.amazon.com//chatbot/latest/adminguide/service-rename.html)
│              > 
│              > `Type` attribute values remain unchanged. 
│              The `AWS::Chatbot::SlackChannelConfiguration` resource configures a Slack channel to allow users to use  with AWS CloudFormation templates.
│              This resource requires some setup to be done in the  in chat applications console. To provide the required Slack workspace ID, you must perform the initial authorization flow with Slack in the  in chat applications console, then copy and paste the workspace ID from the console. For more details, see steps 1-3 in [Tutorial: Get started with Slack](https://docs.aws.amazon.com/chatbot/latest/adminguide/slack-setup.html#slack-client-setup) in the *in chat applications User Guide* .
│              + documentation: > AWS Chatbot is now  . [Learn more](https://docs.aws.amazon.com//chatbot/latest/adminguide/service-rename.html)
│              > 
│              > `Type` attribute values remain unchanged. 
│              The `AWS::Chatbot::SlackChannelConfiguration` resource configures a Slack channel to allow users to use  with CloudFormation templates.
│              This resource requires some setup to be done in the  in chat applications console. To provide the required Slack workspace ID, you must perform the initial authorization flow with Slack in the  in chat applications console, then copy and paste the workspace ID from the console. For more details, see steps 1-3 in [Tutorial: Get started with Slack](https://docs.aws.amazon.com/chatbot/latest/adminguide/slack-setup.html#slack-client-setup) in the *in chat applications User Guide* .
├[~] service aws-cleanrooms
│ └ resources
│    └[~]  resource AWS::CleanRooms::Membership
│       └ vendedLogs
│          └[+] vendedLogs
│            ├permissionsVersion: V1
│            ├logTypes: [ANALYSIS_LOGS]
│            └destinations: [S3, CWL, FH]
├[~] service aws-cloudformation
│ └ resources
│    ├[~]  resource AWS::CloudFormation::CustomResource
│    │  ├      - documentation: The `AWS::CloudFormation::CustomResource` resource creates a custom resource. Custom resources provide a way for you to write custom provisioning logic into your CloudFormation templates and have CloudFormation run it anytime you create, update (if you changed the custom resource), or delete a stack.
│    │  │      For more information, see [Create custom provisioning logic with custom resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html) in the *AWS CloudFormation User Guide* .
│    │  │      > If you use AWS PrivateLink , custom resources in the VPC must have access to CloudFormation -specific Amazon S3 buckets. Custom resources must send responses to a presigned Amazon S3 URL. If they can't send responses to Amazon S3 , CloudFormation won't receive a response and the stack operation fails. For more information, see [Access CloudFormation using an interface endpoint ( AWS PrivateLink )](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/vpc-interface-endpoints.html) in the *AWS CloudFormation User Guide* .
│    │  │      + documentation: The `AWS::CloudFormation::CustomResource` resource creates a custom resource. Custom resources provide a way for you to write custom provisioning logic into your CloudFormation templates and have CloudFormation run it anytime you create, update (if you changed the custom resource), or delete a stack.
│    │  │      For more information, see [Create custom provisioning logic with custom resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html) in the *CloudFormation User Guide* .
│    │  │      > If you use AWS PrivateLink , custom resources in the VPC must have access to CloudFormation -specific Amazon S3 buckets. Custom resources must send responses to a presigned Amazon S3 URL. If they can't send responses to Amazon S3 , CloudFormation won't receive a response and the stack operation fails. For more information, see [Access CloudFormation using an interface endpoint ( AWS PrivateLink )](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/vpc-interface-endpoints.html) in the *CloudFormation User Guide* .
│    │  └ properties
│    │     └ ServiceToken: (documentation changed)
│    ├[~]  resource AWS::CloudFormation::GuardHook
│    │  ├      - documentation: The `AWS::CloudFormation::GuardHook` resource creates and activates a Guard Hook. Using the Guard domain specific language (DSL), you can author Guard Hooks to evaluate your resources before allowing stack operations.
│    │  │      For more information, see [Guard Hooks](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/guard-hooks.html) in the *AWS CloudFormation Hooks User Guide* .
│    │  │      + documentation: The `AWS::CloudFormation::GuardHook` resource creates and activates a Guard Hook. Using the Guard domain specific language (DSL), you can author Guard Hooks to evaluate your resources before allowing stack operations.
│    │  │      For more information, see [Guard Hooks](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/guard-hooks.html) in the *CloudFormation Hooks User Guide* .
│    │  ├ properties
│    │  │  └ TargetOperations: (documentation changed)
│    │  └ types
│    │     ├[~] type StackFilters
│    │     │ └      - documentation: The `StackFilters` property type specifies stack level filters for a Hook.
│    │     │        The `StackNames` or `StackRoles` properties are optional. However, you must specify at least one of these properties.
│    │     │        For more information, see [AWS CloudFormation Hooks stack level filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html) .
│    │     │        + documentation: The `StackFilters` property type specifies stack level filters for a Hook.
│    │     │        The `StackNames` or `StackRoles` properties are optional. However, you must specify at least one of these properties.
│    │     │        For more information, see [CloudFormation Hooks stack level filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html) .
│    │     ├[~] type StackNames
│    │     │ └      - documentation: Specifies the stack names for the `StackFilters` property type to include or exclude specific stacks from Hook invocations.
│    │     │        For more information, see [AWS CloudFormation Hooks stack level filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html) .
│    │     │        + documentation: Specifies the stack names for the `StackFilters` property type to include or exclude specific stacks from Hook invocations.
│    │     │        For more information, see [CloudFormation Hooks stack level filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html) .
│    │     ├[~] type StackRoles
│    │     │ └      - documentation: Specifies the stack roles for the `StackFilters` property type to include or exclude specific stacks from Hook invocations based on their associated IAM roles.
│    │     │        For more information, see [AWS CloudFormation Hooks stack level filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html) .
│    │     │        + documentation: Specifies the stack roles for the `StackFilters` property type to include or exclude specific stacks from Hook invocations based on their associated IAM roles.
│    │     │        For more information, see [CloudFormation Hooks stack level filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html) .
│    │     └[~] type TargetFilters
│    │       └      - documentation: The `TargetFilters` property type specifies the target filters for the Hook.
│    │              For more information, see [AWS CloudFormation Hook target filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-target-filtering.html) .
│    │              + documentation: The `TargetFilters` property type specifies the target filters for the Hook.
│    │              For more information, see [CloudFormation Hook target filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-target-filtering.html) .
│    ├[~]  resource AWS::CloudFormation::HookDefaultVersion
│    │  └      - documentation: The `AWS::CloudFormation::HookDefaultVersion` resource specifies the default version of a Hook. The default version of the Hook is used in CloudFormation operations for this AWS account and AWS Region .
│    │         For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *AWS CloudFormation User Guide* .
│    │         This resource type is not compatible with Guard and Lambda Hooks.
│    │         + documentation: The `AWS::CloudFormation::HookDefaultVersion` resource specifies the default version of a Hook. The default version of the Hook is used in CloudFormation operations for this AWS account and AWS Region .
│    │         For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *CloudFormation User Guide* .
│    │         This resource type is not compatible with Guard and Lambda Hooks.
│    ├[~]  resource AWS::CloudFormation::HookTypeConfig
│    │  └      - documentation: The `AWS::CloudFormation::HookTypeConfig` resource specifies the configuration of an activated Hook.
│    │         For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *AWS CloudFormation User Guide* .
│    │         + documentation: The `AWS::CloudFormation::HookTypeConfig` resource specifies the configuration of an activated Hook.
│    │         For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *CloudFormation User Guide* .
│    ├[~]  resource AWS::CloudFormation::HookVersion
│    │  ├      - documentation: The `AWS::CloudFormation::HookVersion` resource publishes new or first version of a Hook to the CloudFormation registry.
│    │  │      For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *AWS CloudFormation User Guide* .
│    │  │      This resource type is not compatible with Guard and Lambda Hooks.
│    │  │      + documentation: The `AWS::CloudFormation::HookVersion` resource publishes new or first version of a Hook to the CloudFormation registry.
│    │  │      For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *CloudFormation User Guide* .
│    │  │      This resource type is not compatible with Guard and Lambda Hooks.
│    │  └ properties
│    │     └ SchemaHandlerPackage: (documentation changed)
│    ├[~]  resource AWS::CloudFormation::LambdaHook
│    │  ├      - documentation: The `AWS::CloudFormation::LambdaHook` resource creates and activates a Lambda Hook. You can use a Lambda Hook to evaluate your resources before allowing stack operations. This resource forwards requests for resource evaluation to a Lambda function.
│    │  │      For more information, see [Lambda Hooks](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/lambda-hooks.html) in the *AWS CloudFormation Hooks User Guide* .
│    │  │      + documentation: The `AWS::CloudFormation::LambdaHook` resource creates and activates a Lambda Hook. You can use a Lambda Hook to evaluate your resources before allowing stack operations. This resource forwards requests for resource evaluation to a Lambda function.
│    │  │      For more information, see [Lambda Hooks](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/lambda-hooks.html) in the *CloudFormation Hooks User Guide* .
│    │  ├ properties
│    │  │  └ TargetOperations: (documentation changed)
│    │  └ types
│    │     ├[~] type StackFilters
│    │     │ └      - documentation: The `StackFilters` property type specifies stack level filters for a Hook.
│    │     │        The `StackNames` or `StackRoles` properties are optional. However, you must specify at least one of these properties.
│    │     │        For more information, see [AWS CloudFormation Hooks stack level filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html) .
│    │     │        + documentation: The `StackFilters` property type specifies stack level filters for a Hook.
│    │     │        The `StackNames` or `StackRoles` properties are optional. However, you must specify at least one of these properties.
│    │     │        For more information, see [CloudFormation Hooks stack level filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html) .
│    │     ├[~] type StackNames
│    │     │ └      - documentation: Specifies the stack names for the `StackFilters` property type to include or exclude specific stacks from Hook invocations.
│    │     │        For more information, see [AWS CloudFormation Hooks stack level filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html) .
│    │     │        + documentation: Specifies the stack names for the `StackFilters` property type to include or exclude specific stacks from Hook invocations.
│    │     │        For more information, see [CloudFormation Hooks stack level filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html) .
│    │     ├[~] type StackRoles
│    │     │ └      - documentation: Specifies the stack roles for the `StackFilters` property type to include or exclude specific stacks from Hook invocations based on their associated IAM roles.
│    │     │        For more information, see [AWS CloudFormation Hooks stack level filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html) .
│    │     │        + documentation: Specifies the stack roles for the `StackFilters` property type to include or exclude specific stacks from Hook invocations based on their associated IAM roles.
│    │     │        For more information, see [CloudFormation Hooks stack level filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-stack-level-filtering.html) .
│    │     └[~] type TargetFilters
│    │       └      - documentation: The `TargetFilters` property type specifies the target filters for the Hook.
│    │              For more information, see [AWS CloudFormation Hook target filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-target-filtering.html) .
│    │              + documentation: The `TargetFilters` property type specifies the target filters for the Hook.
│    │              For more information, see [CloudFormation Hook target filters](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-target-filtering.html) .
│    ├[~]  resource AWS::CloudFormation::Macro
│    │  └      - documentation: The `AWS::CloudFormation::Macro` resource is a CloudFormation resource type that creates a CloudFormation macro to perform custom processing on CloudFormation templates.
│    │         For more information, see [Perform custom processing on CloudFormation templates with template macros](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html) in the *AWS CloudFormation User Guide* .
│    │         + documentation: The `AWS::CloudFormation::Macro` resource is a CloudFormation resource type that creates a CloudFormation macro to perform custom processing on CloudFormation templates.
│    │         For more information, see [Perform custom processing on CloudFormation templates with template macros](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html) in the *CloudFormation User Guide* .
│    ├[~]  resource AWS::CloudFormation::ModuleDefaultVersion
│    │  └      - documentation: Specifies the default version of a module. The default version of the module will be used in CloudFormation operations for this account and Region.
│    │         For more information, see [Create reusable resource configurations that can be included across templates with CloudFormation modules](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/modules.html) in the *AWS CloudFormation User Guide* .
│    │         For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *AWS CloudFormation User Guide* .
│    │         + documentation: Specifies the default version of a module. The default version of the module will be used in CloudFormation operations for this account and Region.
│    │         For more information, see [Create reusable resource configurations that can be included across templates with CloudFormation modules](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/modules.html) in the *CloudFormation User Guide* .
│    │         For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *CloudFormation User Guide* .
│    ├[~]  resource AWS::CloudFormation::ModuleVersion
│    │  ├      - documentation: The `AWS::CloudFormation::ModuleVersion` resource registers the specified version of the module with the CloudFormation registry. Registering a module makes it available for use in CloudFormation templates in your AWS account and Region.
│    │  │      For more information, see [Create reusable resource configurations that can be included across templates with CloudFormation modules](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/modules.html) in the *CloudFormation User Guide* .
│    │  │      For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *AWS CloudFormation User Guide* .
│    │  │      + documentation: The `AWS::CloudFormation::ModuleVersion` resource registers the specified version of the module with the CloudFormation registry. Registering a module makes it available for use in CloudFormation templates in your AWS account and Region.
│    │  │      For more information, see [Create reusable resource configurations that can be included across templates with CloudFormation modules](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/modules.html) in the *CloudFormation User Guide* .
│    │  │      For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *CloudFormation User Guide* .
│    │  └ properties
│    │     └ ModulePackage: (documentation changed)
│    ├[~]  resource AWS::CloudFormation::PublicTypeVersion
│    │  └      - documentation: The `AWS::CloudFormation::PublicTypeVersion` resource tests and publishes a registered extension as a public, third-party extension.
│    │         CloudFormation first tests the extension to make sure it meets all necessary requirements for being published in the CloudFormation registry. If it does, CloudFormation then publishes it to the registry as a public third-party extension in this Region. Public extensions are available for use by all CloudFormation users.
│    │         - For resource types, testing includes passing all contracts tests defined for the type.
│    │         - For modules, testing includes determining if the module's model meets all necessary requirements.
│    │         For more information, see [Testing your public extension prior to publishing](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-testing) in the *AWS CloudFormation Command Line Interface (CLI) User Guide* .
│    │         If you don't specify a version, CloudFormation uses the default version of the extension in your account and Region for testing.
│    │         To perform testing, CloudFormation assumes the execution role specified when the type was registered.
│    │         An extension must have a test status of `PASSED` before it can be published. For more information, see [Publishing extensions to make them available for public use](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html) in the *AWS CloudFormation Command Line Interface (CLI) User Guide* .
│    │         + documentation: The `AWS::CloudFormation::PublicTypeVersion` resource tests and publishes a registered extension as a public, third-party extension.
│    │         CloudFormation first tests the extension to make sure it meets all necessary requirements for being published in the CloudFormation registry. If it does, CloudFormation then publishes it to the registry as a public third-party extension in this Region. Public extensions are available for use by all CloudFormation users.
│    │         - For resource types, testing includes passing all contracts tests defined for the type.
│    │         - For modules, testing includes determining if the module's model meets all necessary requirements.
│    │         For more information, see [Testing your public extension prior to publishing](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-testing) in the *CloudFormation Command Line Interface (CLI) User Guide* .
│    │         If you don't specify a version, CloudFormation uses the default version of the extension in your account and Region for testing.
│    │         To perform testing, CloudFormation assumes the execution role specified when the type was registered.
│    │         An extension must have a test status of `PASSED` before it can be published. For more information, see [Publishing extensions to make them available for public use](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html) in the *CloudFormation Command Line Interface (CLI) User Guide* .
│    ├[~]  resource AWS::CloudFormation::Publisher
│    │  └      - documentation: The `AWS::CloudFormation::Publisher` resource registers your account as a publisher of public extensions in the CloudFormation registry. Public extensions are available for use by all CloudFormation users.
│    │         For information on requirements for registering as a public extension publisher, see [Publishing extensions to make them available for public use](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.htm) in the *AWS CloudFormation Command Line Interface (CLI) User Guide* .
│    │         + documentation: The `AWS::CloudFormation::Publisher` resource registers your account as a publisher of public extensions in the CloudFormation registry. Public extensions are available for use by all CloudFormation users.
│    │         For information on requirements for registering as a public extension publisher, see [Publishing extensions to make them available for public use](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.htm) in the *CloudFormation Command Line Interface (CLI) User Guide* .
│    ├[~]  resource AWS::CloudFormation::ResourceDefaultVersion
│    │  └      - documentation: The `AWS::CloudFormation::ResourceDefaultVersion` resource specifies the default version of a resource. The default version of a resource will be used in CloudFormation operations.
│    │         For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *AWS CloudFormation User Guide* .
│    │         + documentation: The `AWS::CloudFormation::ResourceDefaultVersion` resource specifies the default version of a resource. The default version of a resource will be used in CloudFormation operations.
│    │         For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *CloudFormation User Guide* .
│    ├[~]  resource AWS::CloudFormation::ResourceVersion
│    │  ├      - documentation: The `AWS::CloudFormation::ResourceVersion` resource registers a resource version with the CloudFormation registry. Registering a resource version makes it available for use in CloudFormation templates in your AWS account , and includes:
│    │  │      - Validating the resource schema.
│    │  │      - Determining which handlers, if any, have been specified for the resource.
│    │  │      - Making the resource available for use in your account.
│    │  │      For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *AWS CloudFormation User Guide* .
│    │  │      You can have a maximum of 50 resource versions registered at a time. This maximum is per account and per Region.
│    │  │      + documentation: The `AWS::CloudFormation::ResourceVersion` resource registers a resource version with the CloudFormation registry. Registering a resource version makes it available for use in CloudFormation templates in your AWS account , and includes:
│    │  │      - Validating the resource schema.
│    │  │      - Determining which handlers, if any, have been specified for the resource.
│    │  │      - Making the resource available for use in your account.
│    │  │      For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *CloudFormation User Guide* .
│    │  │      You can have a maximum of 50 resource versions registered at a time. This maximum is per account and per Region.
│    │  └ properties
│    │     └ SchemaHandlerPackage: (documentation changed)
│    ├[~]  resource AWS::CloudFormation::Stack
│    │  ├      - documentation: The `AWS::CloudFormation::Stack` resource nests a stack as a resource in a top-level template. For more information, see [Nested stacks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html) in the *AWS CloudFormation User Guide* .
│    │  │      You can add output values from a nested stack within the containing template. You use the [GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html) function with the nested stack's logical name and the name of the output value in the nested stack in the format `Outputs. *NestedStackOutputName*` .
│    │  │      We strongly recommend that updates to nested stacks are run from the parent stack.
│    │  │      When you apply template changes to update a top-level stack, CloudFormation updates the top-level stack and initiates an update to its nested stacks. CloudFormation updates the resources of modified nested stacks, but doesn't update the resources of unmodified nested stacks.
│    │  │      For stacks that contain IAM resources, you must acknowledge IAM capabilities. Also, make sure that you have cancel update stack permissions, which are required if an update rolls back. For more information about IAM and CloudFormation , see [Controlling access with AWS Identity and Access Management](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/control-access-with-iam.html) in the *AWS CloudFormation User Guide* .
│    │  │      > A subset of `AWS::CloudFormation::Stack` resource type properties listed below are available to customers using CloudFormation , AWS CDK , and Cloud Control  to configure.
│    │  │      > 
│    │  │      > - `NotificationARNs`
│    │  │      > - `Parameters`
│    │  │      > - `Tags`
│    │  │      > - `TemplateURL`
│    │  │      > - `TimeoutInMinutes`
│    │  │      > 
│    │  │      > These properties can be configured only when using Cloud Control  . This is because the below properties are set by the parent stack, and thus cannot be configured using CloudFormation or AWS CDK but only Cloud Control  .
│    │  │      > 
│    │  │      > - `Capabilities`
│    │  │      > - `Description`
│    │  │      > - `DisableRollback`
│    │  │      > - `EnableTerminationProtection`
│    │  │      > - `RoleARN`
│    │  │      > - `StackName`
│    │  │      > - `StackPolicyBody`
│    │  │      > - `StackPolicyURL`
│    │  │      > - `StackStatusReason`
│    │  │      > - `TemplateBody`
│    │  │      > 
│    │  │      > Customers that configure `AWS::CloudFormation::Stack` using CloudFormation and AWS CDK can do so for nesting a CloudFormation stack as a resource in their top-level template.
│    │  │      > 
│    │  │      > These read-only properties can be accessed only when using Cloud Control  .
│    │  │      > 
│    │  │      > - `ChangeSetId`
│    │  │      > - `CreationTime`
│    │  │      > - `LastUpdateTime`
│    │  │      > - `Outputs`
│    │  │      > - `ParentId`
│    │  │      > - `RootId`
│    │  │      > - `StackId`
│    │  │      > - `StackStatus`
│    │  │      + documentation: The `AWS::CloudFormation::Stack` resource nests a stack as a resource in a top-level template. For more information, see [Nested stacks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html) in the *CloudFormation User Guide* .
│    │  │      You can add output values from a nested stack within the containing template. You use the [GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html) function with the nested stack's logical name and the name of the output value in the nested stack in the format `Outputs. *NestedStackOutputName*` .
│    │  │      We strongly recommend that updates to nested stacks are run from the parent stack.
│    │  │      When you apply template changes to update a top-level stack, CloudFormation updates the top-level stack and initiates an update to its nested stacks. CloudFormation updates the resources of modified nested stacks, but doesn't update the resources of unmodified nested stacks.
│    │  │      For stacks that contain IAM resources, you must acknowledge IAM capabilities. Also, make sure that you have cancel update stack permissions, which are required if an update rolls back. For more information about IAM and CloudFormation , see [Controlling access with AWS Identity and Access Management](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/control-access-with-iam.html) in the *CloudFormation User Guide* .
│    │  │      > A subset of `AWS::CloudFormation::Stack` resource type properties listed below are available to customers using CloudFormation , AWS CDK , and Cloud Control  to configure.
│    │  │      > 
│    │  │      > - `NotificationARNs`
│    │  │      > - `Parameters`
│    │  │      > - `Tags`
│    │  │      > - `TemplateURL`
│    │  │      > - `TimeoutInMinutes`
│    │  │      > 
│    │  │      > These properties can be configured only when using Cloud Control  . This is because the below properties are set by the parent stack, and thus cannot be configured using CloudFormation or AWS CDK but only Cloud Control  .
│    │  │      > 
│    │  │      > - `Capabilities`
│    │  │      > - `Description`
│    │  │      > - `DisableRollback`
│    │  │      > - `EnableTerminationProtection`
│    │  │      > - `RoleARN`
│    │  │      > - `StackName`
│    │  │      > - `StackPolicyBody`
│    │  │      > - `StackPolicyURL`
│    │  │      > - `StackStatusReason`
│    │  │      > - `TemplateBody`
│    │  │      > 
│    │  │      > Customers that configure `AWS::CloudFormation::Stack` using CloudFormation and AWS CDK can do so for nesting a CloudFormation stack as a resource in their top-level template.
│    │  │      > 
│    │  │      > These read-only properties can be accessed only when using Cloud Control  .
│    │  │      > 
│    │  │      > - `ChangeSetId`
│    │  │      > - `CreationTime`
│    │  │      > - `LastUpdateTime`
│    │  │      > - `Outputs`
│    │  │      > - `ParentId`
│    │  │      > - `RootId`
│    │  │      > - `StackId`
│    │  │      > - `StackStatus`
│    │  └ types
│    │     └[~] type Output
│    │       └      - documentation: The Output data type.
│    │              + documentation: The `Output` data type.
│    ├[~]  resource AWS::CloudFormation::StackSet
│    │  ├ properties
│    │  │  ├ AdministrationRoleARN: (documentation changed)
│    │  │  ├ AutoDeployment: (documentation changed)
│    │  │  ├ CallAs: (documentation changed)
│    │  │  ├ Capabilities: (documentation changed)
│    │  │  └ PermissionModel: (documentation changed)
│    │  └ types
│    │     ├[~] type AutoDeployment
│    │     │ └      - documentation: Describes whether StackSets automatically deploys to AWS Organizations accounts that are added to a target organization or organizational unit (OU). For more information, see [Enable or disable automatic deployments for StackSets in AWS Organizations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-manage-auto-deployment.html) in the *AWS CloudFormation User Guide* .
│    │     │        + documentation: Describes whether StackSets automatically deploys to AWS Organizations accounts that are added to a target organization or organizational unit (OU). For more information, see [Enable or disable automatic deployments for StackSets in AWS Organizations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-manage-auto-deployment.html) in the *CloudFormation User Guide* .
│    │     └[~] type OperationPreferences
│    │       └      - documentation: The user-specified preferences for how CloudFormation performs a StackSet operation. For more information on maximum concurrent accounts and failure tolerance, see [StackSet operation options](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html#stackset-ops-options) in the *AWS CloudFormation User Guide* .
│    │              + documentation: The user-specified preferences for how CloudFormation performs a StackSet operation. For more information on maximum concurrent accounts and failure tolerance, see [StackSet operation options](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html#stackset-ops-options) in the *CloudFormation User Guide* .
│    ├[~]  resource AWS::CloudFormation::TypeActivation
│    │  └      - documentation: The `AWS::CloudFormation::TypeActivation` resource activates a public third-party extension, making it available for use in stack templates.
│    │         For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *AWS CloudFormation User Guide* .
│    │         + documentation: The `AWS::CloudFormation::TypeActivation` resource activates a public third-party extension, making it available for use in stack templates.
│    │         For information about the CloudFormation registry, see [Managing extensions with the CloudFormation registry](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html) in the *CloudF…

Author: aws-cdk-automation

packages/@aws-cdk/mixins-preview/package.json

@@ -357,7 +357,7 @@
     "@aws-cdk/cdk-build-tools": "0.0.0",
     "@aws-cdk/pkglint": "0.0.0",
     "@aws-cdk/custom-resource-handlers": "0.0.0",
-    "@aws-cdk/service-spec-types": "^0.0.182",
+    "@aws-cdk/service-spec-types": "^0.0.185",
     "@aws-cdk/spec2cdk": "0.0.0",
     "@cdklabs/tskb": "^0.0.3",
     "@cdklabs/typewriter": "^0.0.10",

packages/aws-cdk-lib/aws-lambda/lib/function-hash.ts

@@ -77,6 +77,7 @@ export const VERSION_LOCKED: { [key: string]: boolean } = {
   CodeSigningConfigArn: false,
   ReservedConcurrentExecutions: false,
   Tags: false,
+  TenancyConfig: false,
 };
 
 function filterUsefulKeys(properties: any, fn: LambdaFunction) {

packages/aws-cdk-lib/package.json

@@ -132,7 +132,7 @@
   },
   "devDependencies": {
     "@aws-cdk/lambda-layer-kubectl-v31": "^2.1.0",
-    "@aws-cdk/aws-service-spec": "^0.1.116",
+    "@aws-cdk/aws-service-spec": "^0.1.119",
     "@aws-cdk/cdk-build-tools": "0.0.0",
     "@aws-cdk/custom-resource-handlers": "0.0.0",
     "@aws-cdk/pkglint": "0.0.0",

tools/@aws-cdk/spec2cdk/package.json

@@ -31,9 +31,9 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-cdk/aws-service-spec": "^0.1.116",
-    "@aws-cdk/service-spec-importers": "^0.0.93",
-    "@aws-cdk/service-spec-types": "^0.0.182",
+    "@aws-cdk/aws-service-spec": "^0.1.119",
+    "@aws-cdk/service-spec-importers": "^0.0.94",
+    "@aws-cdk/service-spec-types": "^0.0.185",
     "@cdklabs/tskb": "^0.0.3",
     "@cdklabs/typewriter": "^0.0.10",
     "camelcase": "^6",