feat: update L1 CloudFormation resource definitions (aws#29677)

Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`

**L1 CloudFormation resource definition changes:**
```
├[~] service aws-appintegrations
│ └ resources
│    └[~] resource AWS::AppIntegrations::Application
│      ├  - documentation: Resource Type definition for AWS:AppIntegrations::Application
│      │  + documentation: Creates and persists an Application resource.
│      ├ properties
│      │  ├ ApplicationSourceConfig: (documentation changed)
│      │  ├ Description: (documentation changed)
│      │  └ Tags: (documentation changed)
│      └ types
│         ├[~] type ApplicationSourceConfig
│         │ ├  - documentation: Application source config
│         │ │  + documentation: The configuration for where the application should be loaded from.
│         │ └ properties
│         │    └ ExternalUrlConfig: (documentation changed)
│         └[~] type ExternalUrlConfig
│           ├  - documentation: undefined
│           │  + documentation: The external URL source for the application.
│           └ properties
│              ├ AccessUrl: (documentation changed)
│              └ ApprovedOrigins: (documentation changed)
├[~] service aws-applicationautoscaling
│ └ resources
│    └[~] resource AWS::ApplicationAutoScaling::ScalingPolicy
│      └ types
│         └[~] type TargetTrackingMetricStat
│           └  - documentation: This structure defines the CloudWatch metric to return, along with the statistic, period, and unit.
│              `TargetTrackingMetricStat` is a property of the [AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingMetricDataQuery](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationautoscaling-scalingpolicy-targettrackingmetricdataquery.html) property type.
│              For more information about the CloudWatch terminology below, see [Amazon CloudWatch concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) in the *Amazon CloudWatch User Guide* .
│              + documentation: This structure defines the CloudWatch metric to return, along with the statistic and unit.
│              `TargetTrackingMetricStat` is a property of the [AWS::ApplicationAutoScaling::ScalingPolicy TargetTrackingMetricDataQuery](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-applicationautoscaling-scalingpolicy-targettrackingmetricdataquery.html) property type.
│              For more information about the CloudWatch terminology below, see [Amazon CloudWatch concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) in the *Amazon CloudWatch User Guide* .
├[~] service aws-appmesh
│ └ resources
│    └[~] resource AWS::AppMesh::VirtualNode
│      └  - documentation: Creates a virtual node within a service mesh.
│         A virtual node acts as a logical pointer to a particular task group, such as an Amazon ECS service or a Kubernetes deployment. When you create a virtual node, you can specify the service discovery information for your task group, and whether the proxy running in a task group will communicate with other proxies using Transport Layer Security (TLS).
│         You define a `listener` for any inbound traffic that your virtual node expects. Any virtual service that your virtual node expects to communicate to is specified as a `backend` .
│         The response metadata for your new virtual node contains the `arn` that is associated with the virtual node. Set this value to the full ARN; for example, `arn:aws:appmesh:us-west-2:123456789012:myMesh/default/virtualNode/myApp` ) as the `APPMESH_RESOURCE_ARN` environment variable for your task group's Envoy proxy container in your task definition or pod spec. This is then mapped to the `node.id` and `node.cluster` Envoy parameters.
│         > By default, App Mesh uses the name of the resource you specified in `APPMESH_RESOURCE_ARN` when Envoy is referring to itself in metrics and traces. You can override this behavior by setting the `APPMESH_RESOURCE_CLUSTER` environment variable with your own name. 
│         For more information about virtual nodes, see [Virtual nodes](https://docs.aws.amazon.com/app-mesh/latest/userguide/virtual_nodes.html) . You must be using `1.15.0` or later of the Envoy image when setting these variables. For more information about App Mesh Envoy variables, see [Envoy image](https://docs.aws.amazon.com/app-mesh/latest/userguide/envoy.html) in the AWS App Mesh User Guide.
│         + documentation: Creates a virtual node within a service mesh.
│         A virtual node acts as a logical pointer to a particular task group, such as an Amazon ECS service or a Kubernetes deployment. When you create a virtual node, you can specify the service discovery information for your task group, and whether the proxy running in a task group will communicate with other proxies using Transport Layer Security (TLS).
│         You define a `listener` for any inbound traffic that your virtual node expects. Any virtual service that your virtual node expects to communicate to is specified as a `backend` .
│         The response metadata for your new virtual node contains the `arn` that is associated with the virtual node. Set this value to the full ARN; for example, `arn:aws:appmesh:us-west-2:123456789012:myMesh/default/virtualNode/myApp` ) as the `APPMESH_RESOURCE_ARN` environment variable for your task group's Envoy proxy container in your task definition or pod spec. This is then mapped to the `node.id` and `node.cluster` Envoy parameters.
│         > By default, App Mesh uses the name of the resource you specified in `APPMESH_RESOURCE_ARN` when Envoy is referring to itself in metrics and traces. You can override this behavior by setting the `APPMESH_RESOURCE_CLUSTER` environment variable with your own name. 
│         For more information about virtual nodes, see [Virtual nodes](https://docs.aws.amazon.com/app-mesh/latest/userguide/virtual_nodes.html) . You must be using `1.15.0` or later of the Envoy image when setting these variables. For more information aboutApp Mesh Envoy variables, see [Envoy image](https://docs.aws.amazon.com/app-mesh/latest/userguide/envoy.html) in the AWS App Mesh User Guide.
├[~] service aws-aps
│ └ resources
│    ├[~] resource AWS::APS::RuleGroupsNamespace
│    │ └  - documentation: The definition of a rule groups namespace in an Amazon Managed Service for Prometheus workspace. A rule groups namespace is associated with exactly one rules file. A workspace can have multiple rule groups namespaces. For more information about rules files, seee [Creating a rules file](https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-ruler-rulesfile.html) , in the *Amazon Managed Service for Prometheus User Guide* .
│    │    + documentation: The definition of a rule groups namespace in an Amazon Managed Service for Prometheus workspace. A rule groups namespace is associated with exactly one rules file. A workspace can have multiple rule groups namespaces. For more information about rules files, see [Creating a rules file](https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-ruler-rulesfile.html) , in the *Amazon Managed Service for Prometheus User Guide* .
│    └[+] resource AWS::APS::Scraper
│      ├  name: Scraper
│      │  cloudFormationType: AWS::APS::Scraper
│      │  documentation: Resource Type definition for AWS::APS::Scraper
│      │  tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│      ├ properties
│      │  ├Alias: string (immutable)
│      │  ├ScrapeConfiguration: ScrapeConfiguration (required, immutable)
│      │  ├Source: Source (required, immutable)
│      │  ├Destination: Destination (required, immutable)
│      │  └Tags: Array<tag>
│      ├ attributes
│      │  ├ScraperId: string
│      │  ├Arn: string
│      │  └RoleArn: string
│      └ types
│         ├type ScrapeConfiguration
│         │├  documentation: Scraper configuration
│         ││  name: ScrapeConfiguration
│         │└ properties
│         │   └ConfigurationBlob: string (required)
│         ├type Source
│         │├  documentation: Scraper metrics source
│         ││  name: Source
│         │└ properties
│         │   └EksConfiguration: EksConfiguration (required)
│         ├type EksConfiguration
│         │├  documentation: Configuration for EKS metrics source
│         ││  name: EksConfiguration
│         │└ properties
│         │   ├ClusterArn: string (required)
│         │   ├SecurityGroupIds: Array<string>
│         │   └SubnetIds: Array<string> (required)
│         ├type Destination
│         │├  documentation: Scraper metrics destination
│         ││  name: Destination
│         │└ properties
│         │   └AmpConfiguration: AmpConfiguration (required)
│         └type AmpConfiguration
│          ├  documentation: Configuration for Amazon Managed Prometheus metrics destination
│          │  name: AmpConfiguration
│          └ properties
│             └WorkspaceArn: string (required)
├[~] service aws-cleanrooms
│ └ resources
│    └[~] resource AWS::CleanRooms::ConfiguredTable
│      └ types
│         ├[~] type AnalysisRuleCustom
│         │ └ properties
│         │    └[+] DifferentialPrivacy: DifferentialPrivacy
│         ├[+] type DifferentialPrivacy
│         │ ├  name: DifferentialPrivacy
│         │ └ properties
│         │    └Columns: Array<DifferentialPrivacyColumn> (required)
│         └[+] type DifferentialPrivacyColumn
│           ├  documentation: Specifies the name of the column that contains the unique identifier of your users, whose privacy you want to protect.
│           │  name: DifferentialPrivacyColumn
│           └ properties
│              └Name: string (required)
├[~] service aws-codebuild
│ └ resources
│    ├[~] resource AWS::CodeBuild::Project
│    │ └ types
│    │    ├[~] type ProjectSourceVersion
│    │    │ └ properties
│    │    │    └ SourceVersion: (documentation changed)
│    │    └[~] type Source
│    │      └ properties
│    │         ├ Location: (documentation changed)
│    │         └ Type: (documentation changed)
│    └[~] resource AWS::CodeBuild::SourceCredential
│      └ properties
│         ├ AuthType: (documentation changed)
│         └ ServerType: (documentation changed)
├[~] service aws-codestarconnections
│ └ resources
│    └[~] resource AWS::CodeStarConnections::SyncConfiguration
│      └ properties
│         ├[+] PublishDeploymentStatus: string
│         └[+] TriggerResourceUpdateOn: string
├[~] service aws-connect
│ └ resources
│    └[~] resource AWS::Connect::PredefinedAttribute
│      └ attributes
│         ├[+] LastModifiedRegion: string
│         └[+] LastModifiedTime: number
├[~] service aws-dms
│ └ resources
│    └[~] resource AWS::DMS::Endpoint
│      └ types
│         └[~] type PostgreSqlSettings
│           └ properties
│              ├ CaptureDdls: (documentation changed)
│              ├ DdlArtifactsSchema: (documentation changed)
│              ├ FailTasksOnLobTruncation: (documentation changed)
│              ├ HeartbeatEnable: (documentation changed)
│              ├ HeartbeatFrequency: (documentation changed)
│              ├ HeartbeatSchema: (documentation changed)
│              ├ MapBooleanAsBoolean: (documentation changed)
│              ├ MaxFileSize: (documentation changed)
│              └ PluginName: (documentation changed)
├[~] service aws-docdbelastic
│ └ resources
│    └[~] resource AWS::DocDBElastic::Cluster
│      └ properties
│         ├ BackupRetentionPeriod: (documentation changed)
│         ├ PreferredBackupWindow: (documentation changed)
│         └ ShardInstanceCount: (documentation changed)
├[~] service aws-ec2
│ └ resources
│    ├[~] resource AWS::EC2::Subnet
│    │ └ properties
│    │    └[+] EnableLniAtDeviceIndex: integer
│    └[~] resource AWS::EC2::TransitGatewayRouteTableAssociation
├[~] service aws-ecs
│ └ resources
│    └[~] resource AWS::ECS::TaskSet
│      └  - documentation: Create a task set in the specified cluster and service. This is used when a service uses the `EXTERNAL` deployment controller type. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide* .
│         For information about the maximum number of task sets and otther quotas, see [Amazon ECS service quotas](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-quotas.html) in the *Amazon Elastic Container Service Developer Guide* .
│         + documentation: Create a task set in the specified cluster and service. This is used when a service uses the `EXTERNAL` deployment controller type. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide* .
│         > On March 21, 2024, a change was made to resolve the task definition revision before authorization. When a task definition revision is not specified, authorization will occur using the latest revision of a task definition. 
│         For information about the maximum number of task sets and otther quotas, see [Amazon ECS service quotas](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-quotas.html) in the *Amazon Elastic Container Service Developer Guide* .
├[~] service aws-entityresolution
│ └ resources
│    └[~] resource AWS::EntityResolution::MatchingWorkflow
│      └ types
│         └[~] type ResolutionTechniques
│           └ properties
│              └ ResolutionType: (documentation changed)
├[~] service aws-globalaccelerator
│ └ resources
│    └[~] resource AWS::GlobalAccelerator::EndpointGroup
│      └ types
│         └[~] type EndpointConfiguration
│           └ properties
│              └ AttachmentArn: (documentation changed)
├[~] service aws-glue
│ └ resources
│    └[~] resource AWS::Glue::Crawler
│      ├ properties
│      │  └ LakeFormationConfiguration: (documentation changed)
│      └ types
│         └[~] type LakeFormationConfiguration
│           ├  - documentation: undefined
│           │  + documentation: Specifies AWS Lake Formation configuration settings for the crawler.
│           └ properties
│              ├ AccountId: (documentation changed)
│              └ UseLakeFormationCredentials: (documentation changed)
├[~] service aws-iotsitewise
│ └ resources
│    └[~] resource AWS::IoTSiteWise::AssetModel
│      └ types
│         ├[~] type AssetModelCompositeModel
│         │ └ properties
│         │    ├ Description: (documentation changed)
│         │    ├ ExternalId: (documentation changed)
│         │    ├ ParentAssetModelCompositeModelExternalId: (documentation changed)
│         │    └ Path: (documentation changed)
│         ├[~] type AssetModelHierarchy
│         │ └ properties
│         │    ├ ExternalId: (documentation changed)
│         │    └ LogicalId: (documentation changed)
│         └[~] type AssetModelProperty
│           └ properties
│              ├ ExternalId: (documentation changed)
│              └ LogicalId: (documentation changed)
├[~] service aws-kafkaconnect
│ └ resources
│    ├[~] resource AWS::KafkaConnect::CustomPlugin
│    │ ├  - documentation: An example resource schema demonstrating some basic constructs and validation rules.
│    │ │  + documentation: Creates a custom plugin using the specified properties.
│    │ ├ properties
│    │ │  ├ ContentType: (documentation changed)
│    │ │  ├ Description: (documentation changed)
│    │ │  └ Location: (documentation changed)
│    │ ├ attributes
│    │ │  └ CustomPluginArn: (documentation changed)
│    │ └ types
│    │    ├[~] type CustomPluginFileDescription
│    │    │ └  - documentation: Details about the custom plugin file.
│    │    │    + documentation: Details about a custom plugin file.
│    │    └[~] type S3Location
│    │      └  - documentation: The S3 bucket Amazon Resource Name (ARN), file key, and object version of the plugin file stored in Amazon S3.
│    │         + documentation: The location of an object in Amazon S3.
│    └[~] resource AWS::KafkaConnect::WorkerConfiguration
│      ├  - documentation: The configuration of the workers, which are the processes that run the connector logic.
│      │  + documentation: Creates a worker configuration using the specified properties.
│      ├ properties
│      │  ├ Description: (documentation changed)
│      │  └ PropertiesFileContent: (documentation changed)
│      └ attributes
│         ├ Revision: (documentation changed)
│         └ WorkerConfigurationArn: (documentation changed)
├[~] service aws-kendra
│ └ resources
│    └[~] resource AWS::Kendra::DataSource
│      └ types
│         ├[~] type ConnectionConfiguration
│         │ └ properties
│         │    └ SecretArn: (documentation changed)
│         ├[~] type CustomDocumentEnrichmentConfiguration
│         │ └ properties
│         │    └ RoleArn: (documentation changed)
│         ├[~] type HookConfiguration
│         │ └ properties
│         │    └ LambdaArn: (documentation changed)
│         ├[~] type OneDriveUsers
│         │ └ properties
│         │    └ OneDriveUserList: (documentation changed)
│         ├[~] type ProxyConfiguration
│         │ └ properties
│         │    └ Credentials: (documentation changed)
│         └[~] type WebCrawlerBasicAuthentication
│           └ properties
│              └ Credentials: (documentation changed)
├[~] service aws-kinesisfirehose
│ └ resources
│    └[~] resource AWS::KinesisFirehose::DeliveryStream
│      ├ properties
│      │  └ Tags: (documentation changed)
│      └ types
│         └[~] type ParquetSerDe
│           └  - documentation: A serializer to use for converting data to the Parquet format before storing it in Amazon S3. For more information, see [Apache Parquet](https://docs.aws.amazon.com/https://parquet.apache.org/documentation/latest/) .
│              + documentation: A serializer to use for converting data to the Parquet format before storing it in Amazon S3. For more information, see [Apache Parquet](https://docs.aws.amazon.com/https://parquet.apache.org/docs/) .
├[~] service aws-managedblockchain
│ └ resources
│    └[~] resource AWS::ManagedBlockchain::Node
│      └ properties
│         └ NetworkId: (documentation changed)
├[~] service aws-oam
│ └ resources
│    └[~] resource AWS::Oam::Link
│      └ properties
│         └ ResourceTypes: (documentation changed)
├[~] service aws-rds
│ └ resources
│    ├[~] resource AWS::RDS::DBCluster
│    │ ├ properties
│    │ │  ├ ScalingConfiguration: (documentation changed)
│    │ │  └ ServerlessV2ScalingConfiguration: (documentation changed)
│    │ └ types
│    │    ├[~] type ScalingConfiguration
│    │    │ └  - documentation: The `ScalingConfiguration` property type specifies the scaling configuration of an Aurora Serverless DB cluster.
│    │    │    For more information, see [Using Amazon Aurora Serverless](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) in the *Amazon Aurora User Guide* .
│    │    │    This property is only supported for Aurora Serverless v1. For Aurora Serverless v2, Use the `ServerlessV2ScalingConfiguration` property.
│    │    │    Valid for: Aurora DB clusters only
│    │    │    + documentation: The `ScalingConfiguration` property type specifies the scaling configuration of an Aurora Serverless v1 DB cluster.
│    │    │    For more information, see [Using Amazon Aurora Serverless](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) in the *Amazon Aurora User Guide* .
│    │    │    This property is only supported for Aurora Serverless v1. For Aurora Serverless v2, Use the `ServerlessV2ScalingConfiguration` property.
│    │    │    Valid for: Aurora Serverless v1 DB clusters only
│    │    └[~] type ServerlessV2ScalingConfiguration
│    │      └  - documentation: The `ServerlessV2ScalingConfiguration` property type specifies the scaling configuration of an Aurora Serverless V2 DB cluster.
│    │         For more information, see [Using Amazon Aurora Serverless v2](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html) in the *Amazon Aurora User Guide* .
│    │         If you have an Aurora cluster, you must set the `ScalingConfigurationInfo` attribute before you add a DB instance that uses the `db.serverless` DB instance class. For more information, see [Clusters that use Aurora Serverless v2 must have a capacity range specified](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html#aurora-serverless-v2.requirements.capacity-range) in the *Amazon Aurora User Guide* .
│    │         This property is only supported for Aurora Serverless v2. For Aurora Serverless v1, Use the `ScalingConfiguration` property.
│    │         + documentation: The `ServerlessV2ScalingConfiguration` property type specifies the scaling configuration of an Aurora Serverless V2 DB cluster.
│    │         For more information, see [Using Amazon Aurora Serverless v2](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html) in the *Amazon Aurora User Guide* .
│    │         If you have an Aurora cluster, you must set the `ScalingConfigurationInfo` attribute before you add a DB instance that uses the `db.serverless` DB instance class. For more information, see [Clusters that use Aurora Serverless v2 must have a capacity range specified](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html#aurora-serverless-v2.requirements.capacity-range) in the *Amazon Aurora User Guide* .
│    │         This property is only supported for Aurora Serverless v2. For Aurora Serverless v1, use the `ScalingConfiguration` property.
│    │         Valid for: Aurora Serverless v2 DB clusters
│    └[~] resource AWS::RDS::Integration
│      └ properties
│         ├[+] DataFilter: string
│         ├[+] Description: string
│         └ IntegrationName: - string (immutable)
│                            + string
├[~] service aws-securityhub
│ └ resources
│    └[~] resource AWS::SecurityHub::AutomationRule
│      └ types
│         ├[~] type AutomationRulesFindingFilters
│         │ └ properties
│         │    ├ CreatedAt: (documentation changed)
│         │    ├ FirstObservedAt: (documentation changed)
│         │    ├ LastObservedAt: (documentation changed)
│         │    ├ NoteUpdatedAt: (documentation changed)
│         │    └ UpdatedAt: (documentation changed)
│         └[~] type DateFilter
│           └ properties
│              ├ End: (documentation changed)
│              └ Start: (documentation changed)
└[+] service aws-securitylake
  ├  capitalized: SecurityLake
  │  cloudFormationNamespace: AWS::SecurityLake
  │  name: aws-securitylake
  │  shortName: securitylake
  └ resources
     └resource AWS::SecurityLake::DataLake
      ├  name: DataLake
      │  cloudFormationType: AWS::SecurityLake::DataLake
      │  documentation: Resource Type definition for AWS::SecurityLake::DataLake
      │  tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
      ├ properties
      │  ├EncryptionConfiguration: EncryptionConfiguration
      │  ├LifecycleConfiguration: LifecycleConfiguration
      │  ├ReplicationConfiguration: ReplicationConfiguration
      │  ├MetaStoreManagerRoleArn: string (immutable)
      │  └Tags: Array<tag>
      ├ attributes
      │  ├Arn: string
      │  └S3BucketArn: string
      └ types
         ├type EncryptionConfiguration
         │├  documentation: Provides encryption details of Amazon Security Lake object.
         ││  name: EncryptionConfiguration
         │└ properties
         │   └KmsKeyId: string
         ├type LifecycleConfiguration
         │├  documentation: Provides lifecycle details of Amazon Security Lake object.
         ││  name: LifecycleConfiguration
         │└ properties
         │   ├Expiration: Expiration
         │   └Transitions: Array<Transitions>
         ├type Expiration
         │├  documentation: Provides data expiration details of Amazon Security Lake object.
         ││  name: Expiration
         │└ properties
         │   └Days: integer
         ├type Transitions
         │├  name: Transitions
         │└ properties
         │   ├Days: integer
         │   └StorageClass: string
         └type ReplicationConfiguration
          ├  documentation: Provides replication details of Amazon Security Lake object.
          │  name: ReplicationConfiguration
          └ properties
             ├Regions: Array<string>
             └RoleArn: string
```

packages/@aws-cdk/cloudformation-diff/package.json

@@ -23,8 +23,8 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-cdk/aws-service-spec": "^0.0.60",
-    "@aws-cdk/service-spec-types": "^0.0.60",
+    "@aws-cdk/aws-service-spec": "^0.0.61",
+    "@aws-cdk/service-spec-types": "^0.0.61",
     "aws-sdk": "2.1586.0",
     "chalk": "^4",
     "diff": "^5.2.0",

packages/@aws-cdk/integ-runner/package.json

@@ -74,7 +74,7 @@
     "@aws-cdk/cloud-assembly-schema": "0.0.0",
     "@aws-cdk/cloudformation-diff": "0.0.0",
     "@aws-cdk/cx-api": "0.0.0",
-    "@aws-cdk/aws-service-spec": "^0.0.60",
+    "@aws-cdk/aws-service-spec": "^0.0.61",
     "cdk-assets": "0.0.0",
     "@aws-cdk/cdk-cli-wrapper": "0.0.0",
     "aws-cdk": "0.0.0",

packages/aws-cdk-lib/aws-securitylake/.jsiirc.json

@@ -0,0 +1,13 @@
+{
+  "targets": {
+    "java": {
+      "package": "software.amazon.awscdk.services.securitylake"
+    },
+    "dotnet": {
+      "package": "Amazon.CDK.AWS.SecurityLake"
+    },
+    "python": {
+      "module": "aws_cdk.aws_securitylake"
+    }
+  }
+}

packages/aws-cdk-lib/aws-securitylake/README.md

@@ -0,0 +1,39 @@
+# AWS::SecurityLake Construct Library
+<!--BEGIN STABILITY BANNER-->
+
+---
+
+![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge)
+
+> All classes with the `Cfn` prefix in this module ([CFN Resources]) are always stable and safe to use.
+>
+> [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib
+
+---
+
+<!--END STABILITY BANNER-->
+
+This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.
+
+```ts nofixture
+import * as securitylake from 'aws-cdk-lib/aws-securitylake';
+```
+
+<!--BEGIN CFNONLY DISCLAIMER-->
+
+There are no official hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. Here are some suggestions on how to proceed:
+
+- Search [Construct Hub for SecurityLake construct libraries](https://constructs.dev/search?q=securitylake)
+- Use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, in the same way you would use [the CloudFormation AWS::SecurityLake resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_SecurityLake.html) directly.
+
+
+<!--BEGIN CFNONLY DISCLAIMER-->
+
+There are no hand-written ([L2](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) constructs for this service yet. 
+However, you can still use the automatically generated [L1](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_l1_using) constructs, and use this service exactly as you would using CloudFormation directly.
+
+For more information on the resources and properties available for this service, see the [CloudFormation documentation for AWS::SecurityLake](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_SecurityLake.html).
+
+(Read the [CDK Contributing Guide](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and submit an RFC if you are interested in contributing to this construct library.)
+
+<!--END CFNONLY DISCLAIMER-->

packages/aws-cdk-lib/aws-securitylake/index.ts

@@ -0,0 +1 @@
+export * from './lib';

packages/aws-cdk-lib/aws-securitylake/lib/index.ts

@@ -0,0 +1,2 @@
+// AWS::SecurityLake Cloudformation Resources
+export * from './securitylake.generated';

packages/aws-cdk-lib/index.ts

@@ -226,6 +226,7 @@ export * as aws_scheduler from './aws-scheduler';
 export * as aws_sdb from './aws-sdb';
 export * as aws_secretsmanager from './aws-secretsmanager';
 export * as aws_securityhub from './aws-securityhub';
+export * as aws_securitylake from './aws-securitylake';
 export * as aws_servicecatalog from './aws-servicecatalog';
 export * as aws_servicecatalogappregistry from './aws-servicecatalogappregistry';
 export * as aws_servicediscovery from './aws-servicediscovery';

packages/aws-cdk-lib/package.json

@@ -135,7 +135,7 @@
     "mime-types": "^2.1.35"
   },
   "devDependencies": {
-    "@aws-cdk/aws-service-spec": "^0.0.60",
+    "@aws-cdk/aws-service-spec": "^0.0.61",
     "@aws-cdk/cdk-build-tools": "0.0.0",
     "@aws-cdk/custom-resource-handlers": "0.0.0",
     "@aws-cdk/pkglint": "0.0.0",
@@ -442,6 +442,7 @@
     "./aws-sdb": "./aws-sdb/index.js",
     "./aws-secretsmanager": "./aws-secretsmanager/index.js",
     "./aws-securityhub": "./aws-securityhub/index.js",
+    "./aws-securitylake": "./aws-securitylake/index.js",
     "./aws-servicecatalog": "./aws-servicecatalog/index.js",
     "./aws-servicecatalogappregistry": "./aws-servicecatalogappregistry/index.js",
     "./aws-servicediscovery": "./aws-servicediscovery/index.js",

packages/aws-cdk-lib/scripts/scope-map.json

@@ -609,6 +609,9 @@
   "aws-securityhub": [
     "AWS::SecurityHub"
   ],
+  "aws-securitylake": [
+    "AWS::SecurityLake"
+  ],
   "aws-servicecatalog": [
     "AWS::ServiceCatalog"
   ],

tools/@aws-cdk/spec2cdk/package.json

@@ -32,9 +32,9 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-cdk/aws-service-spec": "^0.0.60",
-    "@aws-cdk/service-spec-importers": "^0.0.27",
-    "@aws-cdk/service-spec-types": "^0.0.60",
+    "@aws-cdk/aws-service-spec": "^0.0.61",
+    "@aws-cdk/service-spec-importers": "^0.0.28",
+    "@aws-cdk/service-spec-types": "^0.0.61",
     "@cdklabs/tskb": "^0.0.3",
     "@cdklabs/typewriter": "^0.0.3",
     "camelcase": "^6",

yarn.lock

@@ -56,12 +56,12 @@
   resolved "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.1.tgz#6dc9b7cdb22ff622a7176141197962360c33e9ac"
   integrity sha512-DDt4SLdLOwWCjGtltH4VCST7hpOI5DzieuhGZsBpZ+AgJdSI2GCjklCXm0GCTwJG/SolkL5dtQXyUKgg9luBDg==
 
-"@aws-cdk/aws-service-spec@^0.0.60":
-  version "0.0.60"
-  resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.0.60.tgz#6ed18a6f9cd8bce649a49f26ecf5e3c7a1360cf0"
-  integrity sha512-HyIQGKkPz3olFP5JKXxxVomTZFcpwRvDQ5e+deJ2srTS4EpUTFs8jB/Etw4gNvv0ka0y6Vv3dZ4Tvz6EhZ9t3A==
+"@aws-cdk/aws-service-spec@^0.0.61":
+  version "0.0.61"
+  resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.0.61.tgz#afb49a8fb0a8907e08337a7d3d07d16847da7d84"
+  integrity sha512-otxvSzkPCuZuGddWFHXFdEsjasTpQciGRjfPWmtt+iwu48rJe40zQtpyXZm72SJ25JBXFDHNnrYcALT4NzIQMQ==
   dependencies:
-    "@aws-cdk/service-spec-types" "^0.0.60"
+    "@aws-cdk/service-spec-types" "^0.0.61"
     "@cdklabs/tskb" "^0.0.3"
 
 "@aws-cdk/lambda-layer-kubectl-v24@^2.0.242":
@@ -74,12 +74,12 @@
   resolved "https://registry.npmjs.org/@aws-cdk/lambda-layer-kubectl-v29/-/lambda-layer-kubectl-v29-2.0.0.tgz#1c078fffa2c701c691aeb3e599e91cd3c1017e74"
   integrity sha512-X6RKZPcPGkYSp9/AhiNtEL7Vz2I77qCdbr5XGtqFeIyw/620Qo2ZIRFr2AjWfGEj81gvcwUbVW5lZ6+EqqyqlA==
 
-"@aws-cdk/service-spec-importers@^0.0.27":
-  version "0.0.27"
-  resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.27.tgz#a8ce7bb76eebf5027671bcecf03fa8739d01385e"
-  integrity sha512-YR5Fo/SJwJyG1i271GnJEvaq3mWw4Eg9PuKQkSIyACn1Jb/k4vVMxAz6Y3j50Wp9H3nq7Ux+cbezHcJTFVd7nw==
+"@aws-cdk/service-spec-importers@^0.0.28":
+  version "0.0.28"
+  resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.28.tgz#97ad3077ac3f2b6e31ca54e2da6f8aa4c1f0765b"
+  integrity sha512-x6WDd5xsgBJHRxVMmeO6ivSovGdDG5CtEPAf2rAPp+dd56NCe6N3/A4x2SzmejvUTOWBQrxcXqHsKaW8YRGvAg==
   dependencies:
-    "@aws-cdk/service-spec-types" "^0.0.57"
+    "@aws-cdk/service-spec-types" "^0.0.61"
     "@cdklabs/tskb" "^0.0.3"
     ajv "^6"
     canonicalize "^2.0.0"
@@ -90,17 +90,10 @@
     glob "^8"
     sort-json "^2.0.1"
 
-"@aws-cdk/service-spec-types@^0.0.57":
-  version "0.0.57"
-  resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.57.tgz#b3d3e498a93957c57aa48b6edcd3d122e2145ad2"
-  integrity sha512-IPB4sgE+05DQXt6UqWSutEyeBCFPm6mSxBiw7/neXHSBLu/FcxXDy+C80nyTcuSW1WJbkNomjV4b3hkp47VPAg==
-  dependencies:
-    "@cdklabs/tskb" "^0.0.3"
-
-"@aws-cdk/service-spec-types@^0.0.60":
-  version "0.0.60"
-  resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.60.tgz#497a45d223f9a5e8dcfc90c614271c54a92588a9"
-  integrity sha512-yXjN5vP1DmB7XJ4SmAvbvSusEklM9xe8e7QcETbokn3ghr0HHXjUkkzdVWaySr5EBBg92ANBG5dP/WZV2vHo/Q==
+"@aws-cdk/service-spec-types@^0.0.61":
+  version "0.0.61"
+  resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.61.tgz#6ff36bf633483567c738b5a873dff01cea4fe3c7"
+  integrity sha512-ZeVY22xFHHJQBJsawF+eg9BrlQSgYa9CYw1qusV1jfeduoCbHqWoFVQsnrAGJ1Y50AX4QfMR7GinxlvPCR2Iqw==
   dependencies:
     "@cdklabs/tskb" "^0.0.3"