feat: update L1 CloudFormation resource definitions

[aws-cdk-automation]

Updates the L1 CloudFormation resource definitions with the latest changes from @aws-cdk/aws-service-spec

L1 CloudFormation resource definition changes:

├[~] service aws-apigateway
│ └ resources
│    └[~]  resource AWS::ApiGateway::DomainName
│       └      - documentation: The `AWS::ApiGateway::DomainName` resource specifies a public custom domain name for your API in API Gateway.
│              You can use a custom domain name to provide a URL that's more intuitive and easier to recall. For more information about using custom domain names, see [Set up Custom Domain Name for an API in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html) in the *API Gateway Developer Guide* .
│              + documentation: The `AWS::ApiGateway::DomainName` resource specifies a public custom domain name for your API in API Gateway.
│              To create a custom domain name for private APIs, use [AWS::ApiGateway::DomainV2](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainnamev2.html) .
│              You can use a custom domain name to provide a URL that's more intuitive and easier to recall. For more information about using custom domain names, see [Set up Custom Domain Name for an API in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html) in the *API Gateway Developer Guide* .
├[~] service aws-bedrock
│ └ resources
│    ├[~]  resource AWS::Bedrock::Prompt
│    │  └ types
│    │     ├[~] type CachePointBlock
│    │     │ ├      - documentation: Indicates where a cache checkpoint is located. All information before this checkpoint is cached to be accessed on subsequent requests.
│    │     │ │      + documentation: Defines a section of content to be cached for reuse in subsequent API calls.
│    │     │ └ properties
│    │     │    └ Type: (documentation changed)
│    │     ├[~] type ContentBlock
│    │     │ └ properties
│    │     │    └ CachePoint: (documentation changed)
│    │     ├[~] type SystemContentBlock
│    │     │ └ properties
│    │     │    └ CachePoint: (documentation changed)
│    │     └[~] type Tool
│    │       └ properties
│    │          └ CachePoint: (documentation changed)
│    └[~]  resource AWS::Bedrock::PromptVersion
│       └ types
│          ├[~] type CachePointBlock
│          │ ├      - documentation: Indicates where a cache checkpoint is located. All information before this checkpoint is cached to be accessed on subsequent requests.
│          │ │      + documentation: Defines a section of content to be cached for reuse in subsequent API calls.
│          │ └ properties
│          │    └ Type: (documentation changed)
│          ├[~] type ContentBlock
│          │ └ properties
│          │    └ CachePoint: (documentation changed)
│          ├[~] type SystemContentBlock
│          │ └ properties
│          │    └ CachePoint: (documentation changed)
│          └[~] type Tool
│            └ properties
│               └ CachePoint: (documentation changed)
├[+] service aws-dsql
│ ├      capitalized: DSQL
│ │      cloudFormationNamespace: AWS::DSQL
│ │      name: aws-dsql
│ │      shortName: dsql
│ └ resources
│    └ resource AWS::DSQL::Cluster
│      ├      name: Cluster
│      │      cloudFormationType: AWS::DSQL::Cluster
│      │      documentation: Resource Type definition for AWS::DSQL::Cluster
│      │      tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│      ├ properties
│      │  ├ DeletionProtectionEnabled: boolean
│      │  └ Tags: Array<tag>
│      └ attributes
│         ├ ResourceArn: string
│         ├ Identifier: string
│         ├ CreationTime: string
│         └ Status: string
├[~] service aws-dynamodb
│ └ resources
│    ├[~]  resource AWS::DynamoDB::GlobalTable
│    │  └ types
│    │     └[~] type Projection
│    │       └ properties
│    │          └ NonKeyAttributes: (documentation changed)
│    └[~]  resource AWS::DynamoDB::Table
│       └ types
│          └[~] type Projection
│            └ properties
│               └ NonKeyAttributes: (documentation changed)
├[~] service aws-ec2
│ └ resources
│    ├[~]  resource AWS::EC2::Instance
│    │  └ types
│    │     └[~] type NetworkInterface
│    │       └ properties
│    │          └ EnaSrdSpecification: (documentation changed)
│    ├[~]  resource AWS::EC2::LaunchTemplate
│    │  └ types
│    │     └[~] type NetworkInterface
│    │       └ properties
│    │          └ DeviceIndex: (documentation changed)
│    ├[~]  resource AWS::EC2::RouteServer
│    │  ├      - documentation: VPC Route Server
│    │  │      + documentation: Specifies a route server to manage dynamic routing in a VPC.
│    │  │      Amazon VPC Route Server simplifies routing for traffic between workloads that are deployed within a VPC and its internet gateways. With this feature, VPC Route Server dynamically updates VPC and internet gateway route tables with your preferred routes to achieve routing fault tolerance for those workloads. This enables you to automatically reroute traffic within a VPC, which increases the manageability of VPC routing and interoperability with third-party workloads.
│    │  │      For more information see [Dynamic routing in your VPC with VPC Route Server](https://docs.aws.amazon.com/vpc/latest/userguide/dynamic-routing-route-server.html) in the *Amazon VPC User Guide* .
│    │  ├ properties
│    │  │  ├ AmazonSideAsn: (documentation changed)
│    │  │  ├ PersistRoutes: (documentation changed)
│    │  │  ├ PersistRoutesDuration: (documentation changed)
│    │  │  ├ SnsNotificationsEnabled: (documentation changed)
│    │  │  └ Tags: (documentation changed)
│    │  └ attributes
│    │     ├ Arn: (documentation changed)
│    │     └ Id: (documentation changed)
│    ├[~]  resource AWS::EC2::RouteServerAssociation
│    │  ├      - documentation: VPC Route Server Association
│    │  │      + documentation: Specifies the association between a route server and a VPC.
│    │  │      A route server association is the connection established between a route server and a VPC.
│    │  └ properties
│    │     ├ RouteServerId: (documentation changed)
│    │     └ VpcId: (documentation changed)
│    ├[~]  resource AWS::EC2::RouteServerEndpoint
│    │  ├      - documentation: VPC Route Server Endpoint
│    │  │      + documentation: Creates a new endpoint for a route server in a specified subnet.
│    │  │      A route server endpoint is an AWS -managed component inside a subnet that facilitates [BGP (Border Gateway Protocol)](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Border_Gateway_Protocol) connections between your route server and your BGP peers.
│    │  │      For more information see [Dynamic routing in your VPC with VPC Route Server](https://docs.aws.amazon.com/vpc/latest/userguide/dynamic-routing-route-server.html) in the *Amazon VPC User Guide* .
│    │  ├ properties
│    │  │  ├ RouteServerId: (documentation changed)
│    │  │  ├ SubnetId: (documentation changed)
│    │  │  └ Tags: (documentation changed)
│    │  └ attributes
│    │     ├ Arn: (documentation changed)
│    │     ├ EniAddress: (documentation changed)
│    │     ├ EniId: (documentation changed)
│    │     ├ Id: (documentation changed)
│    │     └ VpcId: (documentation changed)
│    ├[~]  resource AWS::EC2::RouteServerPeer
│    │  ├      - documentation: VPC Route Server Peer
│    │  │      + documentation: Specifies a BGP peer configuration for a route server endpoint.
│    │  │      A route server peer is a session between a route server endpoint and the device deployed in AWS (such as a firewall appliance or other network security function running on an EC2 instance).
│    │  ├ properties
│    │  │  ├ BgpOptions: (documentation changed)
│    │  │  ├ PeerAddress: (documentation changed)
│    │  │  ├ RouteServerEndpointId: (documentation changed)
│    │  │  └ Tags: (documentation changed)
│    │  ├ attributes
│    │  │  ├ Arn: (documentation changed)
│    │  │  ├ EndpointEniAddress: (documentation changed)
│    │  │  ├ EndpointEniId: (documentation changed)
│    │  │  ├ Id: (documentation changed)
│    │  │  ├ RouteServerId: (documentation changed)
│    │  │  ├ SubnetId: (documentation changed)
│    │  │  └ VpcId: (documentation changed)
│    │  └ types
│    │     └[~] type BgpOptions
│    │       ├      - documentation: BGP Options
│    │       │      + documentation: The BGP configuration options for this peer, including ASN (Autonomous System Number) and BFD (Bidrectional Forwarding Detection) settings.
│    │       └ properties
│    │          ├ PeerAsn: (documentation changed)
│    │          └ PeerLivenessDetection: (documentation changed)
│    ├[~]  resource AWS::EC2::RouteServerPropagation
│    │  ├      - documentation: VPC Route Server Propagation
│    │  │      + documentation: Specifies route propagation from a route server to a route table.
│    │  │      For more information see [Dynamic routing in your VPC with VPC Route Server](https://docs.aws.amazon.com/vpc/latest/userguide/dynamic-routing-route-server.html) in the *Amazon VPC User Guide* .
│    │  └ properties
│    │     ├ RouteServerId: (documentation changed)
│    │     └ RouteTableId: (documentation changed)
│    └[~]  resource AWS::EC2::SecurityGroup
│       ├      - documentation: Specifies a security group.
│       │      You must specify ingress rules to allow inbound traffic. By default, no inbound traffic is allowed.
│       │      If you do not specify an egress rule, we add egress rules that allow outbound IPv4 and IPv6 traffic on all ports and protocols to any destination. We do not add these rules if you specify your own egress rules.
│       │      This type supports updates. For more information about updating stacks, see [AWS CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html) .
│       │      > To cross-reference two security groups in the ingress and egress rules of those security groups, use the [AWS::EC2::SecurityGroupEgress](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html) and [AWS::EC2::SecurityGroupIngress](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-ingress.html) resources to define your rules. Do not use the embedded ingress and egress rules in the `AWS::EC2::SecurityGroup` . Doing so creates a circular dependency, which AWS CloudFormation doesn't allow.
│       │      + documentation: Specifies a security group.
│       │      You must specify ingress rules to allow inbound traffic. By default, no inbound traffic is allowed.
│       │      If you do not specify an egress rule, we add egress rules that allow outbound IPv4 and IPv6 traffic on all ports and protocols to any destination. We do not add these rules if you specify your own egress rules.
│       │      If you modify a rule, CloudFormation removes the existing rule and then adds a new rule. There is a brief period when neither the original rule or the new rule exists, so the corresponding traffic is dropped.
│       │      This type supports updates. For more information about updating stacks, see [AWS CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html) .
│       │      > To cross-reference two security groups in the ingress and egress rules of those security groups, use the [AWS::EC2::SecurityGroupEgress](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html) and [AWS::EC2::SecurityGroupIngress](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-ingress.html) resources to define your rules. Do not use the embedded ingress and egress rules in the `AWS::EC2::SecurityGroup` . Doing so creates a circular dependency, which AWS CloudFormation doesn't allow.
│       └ properties
│          ├ SecurityGroupEgress: (documentation changed)
│          └ SecurityGroupIngress: (documentation changed)
├[~] service aws-fsx
│ └ resources
│    └[~]  resource AWS::FSx::FileSystem
│       └ types
│          └[~] type WindowsConfiguration
│            └ properties
│               └ WeeklyMaintenanceStartTime: (documentation changed)
├[~] service aws-gamelift
│ └ resources
│    ├[~]  resource AWS::GameLift::Alias
│    │  ├      - tagInformation: undefined
│    │  │      + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │  ├ properties
│    │  │  └[+] Tags: Array<tag>
│    │  └ attributes
│    │     └[+] AliasArn: string
│    ├[~]  resource AWS::GameLift::Build
│    │  ├      - tagInformation: undefined
│    │  │      + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │  ├ properties
│    │  │  └[+] Tags: Array<tag>
│    │  └ attributes
│    │     └[+] BuildArn: string
│    └[~]  resource AWS::GameLift::ContainerGroupDefinition
│       ├ properties
│       │  └ OperatingSystem: (documentation changed)
│       └ types
│          └[~] type ContainerPortRange
│            └      - documentation: A set of one or more port numbers that can be opened on the container.
│                   *Part of:* [ContainerPortConfiguration](https://docs.aws.amazon.com/gamelift/latest/apireference/API_ContainerPortConfiguration.html)
│                   + documentation: A set of one or more port numbers that can be opened on the container, and the supported network protocol.
│                   *Part of:* [ContainerPortConfiguration](https://docs.aws.amazon.com/gamelift/latest/apireference/API_ContainerPortConfiguration.html)
├[~] service aws-groundstation
│ └ resources
│    └[~]  resource AWS::GroundStation::DataflowEndpointGroup
│       └ properties
│          └ EndpointDetails: (documentation changed)
├[~] service aws-kinesisfirehose
│ └ resources
│    └[~]  resource AWS::KinesisFirehose::DeliveryStream
│       ├ properties
│       │  └ IcebergDestinationConfiguration: - IcebergDestinationConfiguration (immutable)
│       │                                     + IcebergDestinationConfiguration
│       └ types
│          └[~] type IcebergDestinationConfiguration
│            └ properties
│               └ CatalogConfiguration: - CatalogConfiguration (required)
│                                       + CatalogConfiguration (required, immutable)
├[~] service aws-paymentcryptography
│ └ resources
│    └[~]  resource AWS::PaymentCryptography::Key
│       └      - documentation: Creates an AWS Payment Cryptography key, a logical representation of a cryptographic key, that is unique in your account and AWS Region . You use keys for cryptographic functions such as encryption and decryption.
│              In addition to the key material used in cryptographic operations, an AWS Payment Cryptography key includes metadata such as the key ARN, key usage, key origin, creation date, description, and key state.
│              When you create a key, you specify both immutable and mutable data about the key. The immutable data contains key attributes that define the scope and cryptographic operations that you can perform using the key, for example key class (example: `SYMMETRIC_KEY` ), key algorithm (example: `TDES_2KEY` ), key usage (example: `TR31_P0_PIN_ENCRYPTION_KEY` ) and key modes of use (example: `Encrypt` ). For information about valid combinations of key attributes, see [Understanding key attributes](https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html) in the *AWS Payment Cryptography User Guide* . The mutable data contained within a key includes usage timestamp and key deletion timestamp and can be modified after creation.
│              AWS Payment Cryptography binds key attributes to keys using key blocks when you store or export them. AWS Payment Cryptography stores the key contents wrapped and never stores or transmits them in the clear.
│              *Cross-account use* : This operation can't be used across different AWS accounts.
│              *Related operations:*
│              - [DeleteKey](https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_DeleteKey.html)
│              - [GetKey](https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetKey.html)
│              - [ListKeys](https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ListKeys.html)
│              + documentation: Creates an AWS Payment Cryptography key, a logical representation of a cryptographic key, that is unique in your account and AWS Region . You use keys for cryptographic functions such as encryption and decryption.
│              In addition to the key material used in cryptographic operations, an AWS Payment Cryptography key includes metadata such as the key ARN, key usage, key origin, creation date, description, and key state.
│              When you create a key, you specify both immutable and mutable data about the key. The immutable data contains key attributes that define the scope and cryptographic operations that you can perform using the key, for example key class (example: `SYMMETRIC_KEY` ), key algorithm (example: `TDES_2KEY` ), key usage (example: `TR31_P0_PIN_ENCRYPTION_KEY` ) and key modes of use (example: `Encrypt` ). AWS Payment Cryptography binds key attributes to keys using key blocks when you store or export them. AWS Payment Cryptography stores the key contents wrapped and never stores or transmits them in the clear.
│              For information about valid combinations of key attributes, see [Understanding key attributes](https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html) in the *AWS Payment Cryptography User Guide* . The mutable data contained within a key includes usage timestamp and key deletion timestamp and can be modified after creation.
│              You can use the `CreateKey` operation to generate an ECC (Elliptic Curve Cryptography) key pair used for establishing an ECDH (Elliptic Curve Diffie-Hellman) key agreement between two parties. In the ECDH key agreement process, both parties generate their own ECC key pair with key usage K3 and exchange the public keys. Each party then use their private key, the received public key from the other party, and the key derivation parameters including key derivation function, hash algorithm, derivation data, and key algorithm to derive a shared key.
│              To maintain the single-use principle of cryptographic keys in payments, ECDH derived keys should not be used for multiple purposes, such as a `TR31_P0_PIN_ENCRYPTION_KEY` and `TR31_K1_KEY_BLOCK_PROTECTION_KEY` . When creating ECC key pairs in AWS Payment Cryptography you can optionally set the `DeriveKeyUsage` parameter, which defines the key usage bound to the symmetric key that will be derived using the ECC key pair.
│              *Cross-account use* : This operation can't be used across different AWS accounts.
│              *Related operations:*
│              - [DeleteKey](https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_DeleteKey.html)
│              - [GetKey](https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetKey.html)
│              - [ListKeys](https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ListKeys.html)
└[~] service aws-redshiftserverless
  └ resources
     └[~]  resource AWS::RedshiftServerless::Workgroup
        └ properties
           ├[+] RecoveryPointId: string
           ├[+] SnapshotArn: string
           ├[+] SnapshotName: string
           └[+] SnapshotOwnerAccount: string

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.98%. Comparing base (74cbe27) to head (7410a0c).

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #34064   +/-   ##
=======================================
  Coverage   83.98%   83.98%           
=======================================
  Files         120      120           
  Lines        6976     6976           
  Branches     1178     1178           
=======================================
  Hits         5859     5859           
  Misses       1005     1005           
  Partials      112      112           

Flag	Coverage Δ
suite.unit	83.98% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
packages/aws-cdk	∅ <ø> (∅)
packages/aws-cdk-lib/core	83.98% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 01f6af4
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.