feat: update L1 CloudFormation resource definitions (#31120)

Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`

**L1 CloudFormation resource definition changes:**
```
├[~] service aws-acmpca
│ └ resources
│    └[~] resource AWS::ACMPCA::CertificateAuthority
│      └ types
│         └[~] type CrlConfiguration
│           └ properties
│              └[-] MaxPartitionSizeMB: integer
├[~] service aws-bedrock
│ └ resources
│    └[~] resource AWS::Bedrock::DataSource
│      ├ properties
│      │  ├[-] DataSourceConfiguration: DataSourceConfiguration (required)
│      │  └ VectorIngestionConfiguration: - VectorIngestionConfiguration (immutable)
│      │                                  + VectorIngestionConfiguration
│      └ types
│         ├[+] type BedrockFoundationModelConfiguration
│         │ ├  documentation: Settings for a foundation model used to parse documents for a data source.
│         │ │  name: BedrockFoundationModelConfiguration
│         │ └ properties
│         │    ├ModelArn: string (required)
│         │    └ParsingPrompt: ParsingPrompt
│         ├[~] type ChunkingConfiguration
│         │ └ properties
│         │    ├[+] HierarchicalChunkingConfiguration: HierarchicalChunkingConfiguration
│         │    └[+] SemanticChunkingConfiguration: SemanticChunkingConfiguration
│         ├[+] type CustomTransformationConfiguration
│         │ ├  documentation: Settings for customizing steps in the data source content ingestion pipeline.
│         │ │  name: CustomTransformationConfiguration
│         │ └ properties
│         │    ├IntermediateStorage: IntermediateStorage (required)
│         │    └Transformations: Array<Transformation> (required)
│         ├[-] type DataSourceConfiguration
│         │ ├  documentation: The connection configuration for the data source.
│         │ │  name: DataSourceConfiguration
│         │ └ properties
│         │    ├Type: string (required)
│         │    └S3Configuration: S3DataSourceConfiguration (required)
│         ├[+] type HierarchicalChunkingConfiguration
│         │ ├  documentation: Configurations for when you choose hierarchical chunking. If you set the chunkingStrategy as NONE, exclude this field.
│         │ │  name: HierarchicalChunkingConfiguration
│         │ └ properties
│         │    ├LevelConfigurations: Array<HierarchicalChunkingLevelConfiguration> (required)
│         │    └OverlapTokens: integer (required)
│         ├[+] type HierarchicalChunkingLevelConfiguration
│         │ ├  documentation: Token settings for a layer in a hierarchical chunking configuration.
│         │ │  name: HierarchicalChunkingLevelConfiguration
│         │ └ properties
│         │    └MaxTokens: integer (required)
│         ├[+] type IntermediateStorage
│         │ ├  documentation: A location for storing content from data sources temporarily as it is processed by custom components in the ingestion pipeline.
│         │ │  name: IntermediateStorage
│         │ └ properties
│         │    └S3Location: S3Location (required)
│         ├[+] type ParsingConfiguration
│         │ ├  documentation: Settings for parsing document contents
│         │ │  name: ParsingConfiguration
│         │ └ properties
│         │    ├ParsingStrategy: string (required)
│         │    └BedrockFoundationModelConfiguration: BedrockFoundationModelConfiguration
│         ├[+] type ParsingPrompt
│         │ ├  documentation: Instructions for interpreting the contents of a document.
│         │ │  name: ParsingPrompt
│         │ └ properties
│         │    └ParsingPromptText: string (required)
│         ├[-] type S3DataSourceConfiguration
│         │ ├  documentation: The configuration information to connect to Amazon S3 as your data source.
│         │ │  name: S3DataSourceConfiguration
│         │ └ properties
│         │    ├BucketArn: string (required)
│         │    ├InclusionPrefixes: Array<string>
│         │    └BucketOwnerAccountId: string
│         ├[+] type S3Location
│         │ ├  documentation: An Amazon S3 location.
│         │ │  name: S3Location
│         │ └ properties
│         │    └URI: string (required)
│         ├[+] type SemanticChunkingConfiguration
│         │ ├  documentation: Configurations for when you choose semantic chunking. If you set the chunkingStrategy as NONE, exclude this field.
│         │ │  name: SemanticChunkingConfiguration
│         │ └ properties
│         │    ├BreakpointPercentileThreshold: integer (required)
│         │    ├BufferSize: integer (required)
│         │    └MaxTokens: integer (required)
│         ├[+] type Transformation
│         │ ├  documentation: A Lambda function that processes documents.
│         │ │  name: Transformation
│         │ └ properties
│         │    ├StepToApply: string (required)
│         │    └TransformationFunction: TransformationFunction (required)
│         ├[+] type TransformationFunction
│         │ ├  documentation: A Lambda function that processes documents.
│         │ │  name: TransformationFunction
│         │ └ properties
│         │    └TransformationLambdaConfiguration: TransformationLambdaConfiguration (required)
│         ├[+] type TransformationLambdaConfiguration
│         │ ├  documentation: A Lambda function that processes documents.
│         │ │  name: TransformationLambdaConfiguration
│         │ └ properties
│         │    └LambdaArn: string (required)
│         └[~] type VectorIngestionConfiguration
│           └ properties
│              ├ ChunkingConfiguration: - ChunkingConfiguration
│              │                        + ChunkingConfiguration (immutable)
│              ├[+] CustomTransformationConfiguration: CustomTransformationConfiguration
│              └[+] ParsingConfiguration: ParsingConfiguration (immutable)
├[~] service aws-cognito
│ └ resources
│    ├[~] resource AWS::Cognito::IdentityPool
│    │ ├  - tagInformation: undefined
│    │ │  + tagInformation: {"tagPropertyName":"IdentityPoolTags","variant":"standard"}
│    │ └ properties
│    │    └[+] IdentityPoolTags: Array<tag>
│    ├[~] resource AWS::Cognito::LogDeliveryConfiguration
│    │ └ types
│    │    ├[~] type FirehoseConfiguration
│    │    │ ├  - documentation: undefined
│    │    │ │  + documentation: Configuration for the Amazon Data Firehose stream destination of user activity log export with advanced security features.
│    │    │ └ properties
│    │    │    └ StreamArn: (documentation changed)
│    │    ├[~] type LogConfiguration
│    │    │ └ properties
│    │    │    ├ FirehoseConfiguration: (documentation changed)
│    │    │    └ S3Configuration: (documentation changed)
│    │    └[~] type S3Configuration
│    │      ├  - documentation: undefined
│    │      │  + documentation: Configuration for the Amazon S3 bucket destination of user activity log export with advanced security features.
│    │      └ properties
│    │         └ BucketArn: (documentation changed)
│    └[~] resource AWS::Cognito::UserPool
│      └ types
│         ├[+] type AdvancedSecurityAdditionalFlows
│         │ ├  name: AdvancedSecurityAdditionalFlows
│         │ └ properties
│         │    └CustomAuthMode: string
│         ├[~] type PasswordPolicy
│         │ └ properties
│         │    └ PasswordHistorySize: (documentation changed)
│         └[~] type UserPoolAddOns
│           └ properties
│              ├[+] AdvancedSecurityAdditionalFlows: AdvancedSecurityAdditionalFlows
│              └ AdvancedSecurityMode: (documentation changed)
├[~] service aws-datasync
│ └ resources
│    ├[~] resource AWS::DataSync::LocationHDFS
│    │ └ properties
│    │    └ AgentArns: (documentation changed)
│    ├[~] resource AWS::DataSync::LocationNFS
│    │ ├ properties
│    │ │  └ OnPremConfig: (documentation changed)
│    │ └ types
│    │    └[~] type OnPremConfig
│    │      ├  - documentation: The AWS DataSync agents that are connecting to a Network File System (NFS) location.
│    │      │  + documentation: The AWS DataSync agents that can connect to your Network File System (NFS) file server.
│    │      └ properties
│    │         └ AgentArns: (documentation changed)
│    └[~] resource AWS::DataSync::LocationObjectStorage
│      └ properties
│         └ AgentArns: (documentation changed)
├[~] service aws-ec2
│ └ resources
│    ├[~] resource AWS::EC2::SubnetCidrBlock
│    │ └ attributes
│    │    ├[+] IpSource: string
│    │    └[+] Ipv6AddressAttribute: string
│    ├[~] resource AWS::EC2::TransitGatewayMulticastGroupMember
│    │ └ attributes
│    │    └ SourceType: (documentation changed)
│    ├[~] resource AWS::EC2::TransitGatewayMulticastGroupSource
│    │ └ attributes
│    │    └ MemberType: (documentation changed)
│    └[~] resource AWS::EC2::VPNConnection
│      └ properties
│         └ EnableAcceleration: (documentation changed)
├[~] service aws-glue
│ └ resources
│    └[~] resource AWS::Glue::Connection
│      └ types
│         └[~] type ConnectionInput
│           └ properties
│              └ ConnectionType: (documentation changed)
├[~] service aws-guardduty
│ └ resources
│    └[~] resource AWS::GuardDuty::MalwareProtectionPlan
│      └ types
│         └[~] type CFNTagging
│           └ properties
│              └ Status: (documentation changed)
├[~] service aws-lambda
│ └ resources
│    └[~] resource AWS::Lambda::EventSourceMapping
│      └ properties
│         └[+] KmsKeyArn: string
├[~] service aws-route53
│ └ resources
│    └[~] resource AWS::Route53::HostedZone
│      └  - tagInformation: undefined
│         + tagInformation: {"tagPropertyName":"HostedZoneTags","variant":"standard"}
├[~] service aws-securityhub
│ └ resources
│    └[~] resource AWS::SecurityHub::ConfigurationPolicy
│      └ types
│         ├[~] type SecurityControlsConfiguration
│         │ ├  - documentation: An object that defines which security controls are enabled in an AWS Security Hub configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.
│         │ │  + documentation: An object that defines which security controls are enabled in an AWS Security Hub configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.
│         │ │  This property is required only if `ServiceEnabled` is set to `true` in your configuration policy.
│         │ └ properties
│         │    ├ DisabledSecurityControlIdentifiers: (documentation changed)
│         │    └ EnabledSecurityControlIdentifiers: (documentation changed)
│         └[~] type SecurityHubPolicy
│           └ properties
│              ├ EnabledStandardIdentifiers: (documentation changed)
│              └ SecurityControlsConfiguration: (documentation changed)
├[~] service aws-securitylake
│ └ resources
│    └[~] resource AWS::SecurityLake::Subscriber
│      ├ properties
│      │  └[+] Sources: Array<Source> (required)
│      └ types
│         ├[+] type AwsLogSource
│         │ ├  documentation: Adds a natively supported AWS service as an Amazon Security Lake source. Enables source types for member accounts in required AWS Regions, based on the parameters you specify. You can choose any source type in any Region for either accounts that are part of a trusted organization or standalone accounts. Once you add an AWS service as a source, Security Lake starts collecting logs and events from it.
│         │ │  name: AwsLogSource
│         │ └ properties
│         │    ├SourceName: string
│         │    └SourceVersion: string
│         ├[+] type CustomLogSource
│         │ ├  documentation: Third-party custom log source that meets the requirements to be added to Amazon Security Lake . For more details, see [Custom log source](https://docs.aws.amazon.com//security-lake/latest/userguide/custom-sources.html#iam-roles-custom-sources) in the *Amazon Security Lake User Guide* .
│         │ │  name: CustomLogSource
│         │ └ properties
│         │    ├SourceName: string
│         │    └SourceVersion: string
│         └[+] type Source
│           ├  documentation: Sources are logs and events generated from a single system that match a specific event class in the Open Cybersecurity Schema Framework (OCSF) schema. Amazon Security Lake can collect logs and events from a variety of sources, including natively supported AWS services and third-party custom sources.
│           │  name: Source
│           └ properties
│              ├AwsLogSource: AwsLogSource
│              └CustomLogSource: CustomLogSource
└[~] service aws-systemsmanagersap
  └ resources
     └[~] resource AWS::SystemsManagerSAP::Application
       └ properties
          └[+] DatabaseArn: string (immutable)
```

package.json

@@ -177,4 +177,4 @@
  "dependencies": {
  "string-width": "^4.2.3"
  }
-}
+}

packages/@aws-cdk/cloudformation-diff/package.json

@@ -23,8 +23,8 @@
  },
  "license": "Apache-2.0",
  "dependencies": {
- "@aws-cdk/aws-service-spec": "^0.1.16",
- "@aws-cdk/service-spec-types": "^0.0.84",
+ "@aws-cdk/aws-service-spec": "^0.1.17",
+ "@aws-cdk/service-spec-types": "^0.0.85",
  "chalk": "^4",
  "diff": "^5.2.0",
  "fast-deep-equal": "^3.1.3",

packages/@aws-cdk/integ-runner/package.json

@@ -74,7 +74,7 @@
  "@aws-cdk/cloud-assembly-schema": "^36.0.5",
  "@aws-cdk/cloudformation-diff": "0.0.0",
  "@aws-cdk/cx-api": "0.0.0",
- "@aws-cdk/aws-service-spec": "^0.1.16",
+ "@aws-cdk/aws-service-spec": "^0.1.17",
  "cdk-assets": "0.0.0",
  "@aws-cdk/cdk-cli-wrapper": "0.0.0",
  "aws-cdk": "0.0.0",

packages/aws-cdk-lib/package.json

@@ -136,7 +136,7 @@
  "mime-types": "^2.1.35"
  },
  "devDependencies": {
- "@aws-cdk/aws-service-spec": "^0.1.16",
+ "@aws-cdk/aws-service-spec": "^0.1.17",
  "@aws-cdk/cdk-build-tools": "0.0.0",
  "@aws-cdk/custom-resource-handlers": "0.0.0",
  "@aws-cdk/pkglint": "0.0.0",

tools/@aws-cdk/spec2cdk/package.json

@@ -32,9 +32,9 @@
  },
  "license": "Apache-2.0",
  "dependencies": {
- "@aws-cdk/aws-service-spec": "^0.1.16",
+ "@aws-cdk/aws-service-spec": "^0.1.17",
  "@aws-cdk/service-spec-importers": "^0.0.44",
- "@aws-cdk/service-spec-types": "^0.0.84",
+ "@aws-cdk/service-spec-types": "^0.0.85",
  "@cdklabs/tskb": "^0.0.3",
  "@cdklabs/typewriter": "^0.0.3",
  "camelcase": "^6",

yarn.lock

@@ -51,12 +51,12 @@
  resolved "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.3.tgz#9b5d213b5ce5ad4461f6a4720195ff8de72e6523"
  integrity sha512-twhuEG+JPOYCYPx/xy5uH2+VUsIEhPTzDY0F1KuB+ocjWWB/KEDiOVL19nHvbPCB6fhWnkykXEMJ4HHcKvjtvg==
 
-"@aws-cdk/aws-service-spec@^0.1.16":
- version "0.1.16"
- resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.1.16.tgz#2cb1f7b1783c4dc362492296ebf61c7fd5cc88c7"
- integrity sha512-9NX+04puH6zkTQY2shOzSWa8Ge1sdz0M4sqZw/UI9mgHbflfhxgSkjTwz6Fe/B3FH3ZA1RXl/wW6ThEqeAb3fw==
+"@aws-cdk/aws-service-spec@^0.1.17":
+ version "0.1.17"
+ resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.1.17.tgz#8d3cf28223e8d43caf37cb28b96e1185c190bfbe"
+ integrity sha512-QCrkR16/gbWoQJiDdP8JhnMWcRCHkhslnRXMg8q3GfEFZ9p0SD3dqrXBCjT4imQQJUn1jrfWWufo5yz4KpbP7w==
  dependencies:
- "@aws-cdk/service-spec-types" "^0.0.84"
+ "@aws-cdk/service-spec-types" "^0.0.85"
  "@cdklabs/tskb" "^0.0.3"
 
 "@aws-cdk/cloud-assembly-schema@^36.0.5":
@@ -105,6 +105,13 @@
  dependencies:
  "@cdklabs/tskb" "^0.0.3"
 
+"@aws-cdk/service-spec-types@^0.0.85":
+ version "0.0.85"
+ resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.85.tgz#6d1d8d6720c50d44f0519a50b519dbcb33962203"
+ integrity sha512-cqTOKSy4ASJISezk4c3dv4AxGt1C8UfUdux9r58jmuNwNROjPfVTuAnSweACbmG18A1/rVvfyTUt5E72otYqgQ==
+ dependencies:
+ "@cdklabs/tskb" "^0.0.3"
+
 "@aws-crypto/crc32@3.0.0":
  version "3.0.0"
  resolved "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-3.0.0.tgz#07300eca214409c33e3ff769cd5697b57fdd38fa"