feat: update L1 CloudFormation resource definitions

[aws-cdk-automation]

Updates the L1 CloudFormation resource definitions with the latest changes from @aws-cdk/aws-service-spec

L1 CloudFormation resource definition changes:

├[~] service aws-batch
│ └ resources
│    └[~]  resource AWS::Batch::ComputeEnvironment
│       ├ properties
│       │  └ EksConfiguration: (documentation changed)
│       └ types
│          └[~] type Ec2ConfigurationObject
│            └ properties
│               └ ImageType: (documentation changed)
├[~] service aws-bedrock
│ └ resources
│    ├[+]  resource AWS::Bedrock::AutomatedReasoningPolicy
│    │  ├      name: AutomatedReasoningPolicy
│    │  │      cloudFormationType: AWS::Bedrock::AutomatedReasoningPolicy
│    │  │      documentation: Creates an Automated Reasoning policy for Amazon Bedrock Guardrails. Automated Reasoning policies use mathematical techniques to detect hallucinations, suggest corrections, and highlight unstated assumptions in the responses of your GenAI application.
│    │  │      To create a policy, you upload a source document that describes the rules that you're encoding. Automated Reasoning extracts important concepts from the source document that will become variables in the policy and infers policy rules.
│    │  │      To learn more about creating Automated Reasoning policies, see [Minimize AI hallucinations and deliver up to 99% verification accuracy with Automated Reasoning checks: Now available](https://docs.aws.amazon.com/aws/minimize-ai-hallucinations-and-deliver-up-to-99-verification-accuracy-with-automated-reasoning-checks-now-available/) in the *AWS News Blog* .
│    │  │      tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │  ├ properties
│    │  │  ├ Name: string (required)
│    │  │  ├ Description: string
│    │  │  ├ PolicyDefinition: PolicyDefinition
│    │  │  └ Tags: Array<tag>
│    │  ├ attributes
│    │  │  ├ Version: string
│    │  │  ├ PolicyId: string
│    │  │  ├ PolicyArn: string
│    │  │  ├ DefinitionHash: string
│    │  │  ├ CreatedAt: string
│    │  │  └ UpdatedAt: string
│    │  └ types
│    │     ├ type PolicyDefinition
│    │     │ ├      documentation: The complete policy definition containing rules, variables, and types.
│    │     │ │      name: PolicyDefinition
│    │     │ └ properties
│    │     │    ├ Version: string
│    │     │    ├ Types: Array<PolicyDefinitionType>
│    │     │    ├ Rules: Array<PolicyDefinitionRule>
│    │     │    └ Variables: Array<PolicyDefinitionVariable>
│    │     ├ type PolicyDefinitionRule
│    │     │ ├      documentation: A rule within the policy definition that defines logical constraints.
│    │     │ │      name: PolicyDefinitionRule
│    │     │ └ properties
│    │     │    ├ Id: string (required)
│    │     │    ├ Expression: string (required)
│    │     │    └ AlternateExpression: string
│    │     ├ type PolicyDefinitionType
│    │     │ ├      documentation: A custom type definition within the policy.
│    │     │ │      name: PolicyDefinitionType
│    │     │ └ properties
│    │     │    ├ Name: string (required)
│    │     │    ├ Description: string
│    │     │    └ Values: Array<PolicyDefinitionTypeValue> (required)
│    │     ├ type PolicyDefinitionTypeValue
│    │     │ ├      documentation: A value associated with a custom type in the policy definition.
│    │     │ │      name: PolicyDefinitionTypeValue
│    │     │ └ properties
│    │     │    ├ Value: string (required)
│    │     │    └ Description: string
│    │     └ type PolicyDefinitionVariable
│    │       ├      documentation: A variable defined within the policy that can be used in rules.
│    │       │      name: PolicyDefinitionVariable
│    │       └ properties
│    │          ├ Name: string (required)
│    │          ├ Type: string (required)
│    │          └ Description: string (required)
│    └[+]  resource AWS::Bedrock::AutomatedReasoningPolicyVersion
│       ├      name: AutomatedReasoningPolicyVersion
│       │      cloudFormationType: AWS::Bedrock::AutomatedReasoningPolicyVersion
│       │      documentation: Creates a new version of an existing Automated Reasoning policy. This allows you to iterate on your policy rules while maintaining previous versions for rollback or comparison purposes.
│       │      tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│       ├ properties
│       │  ├ PolicyArn: string (required, immutable)
│       │  ├ LastUpdatedDefinitionHash: string (immutable)
│       │  └ Tags: Array<tag> (immutable)
│       └ attributes
│          ├ Version: string
│          ├ Name: string
│          ├ Description: string
│          ├ CreatedAt: string
│          ├ UpdatedAt: string
│          ├ PolicyId: string
│          └ DefinitionHash: string
├[~] service aws-cloudfront
│ └ resources
│    └[~]  resource AWS::CloudFront::Distribution
│       └ types
│          └[~] type CustomOriginConfig
│            └ properties
│               └ IpAddressType: (documentation changed)
├[~] service aws-datazone
│ └ resources
│    └[~]  resource AWS::DataZone::PolicyGrant
│       └ types
│          └[~] type PolicyGrantDetail
│            └ properties
│               └ CreateGlossary: (documentation changed)
├[~] service aws-ec2
│ └ resources
│    ├[~]  resource AWS::EC2::ClientVpnEndpoint
│    │  └ properties
│    │     └ ClientCidrBlock: - string (required, immutable)
│    │                        + string (immutable)
│    ├[~]  resource AWS::EC2::EC2Fleet
│    │  └ types
│    │     ├[~] type BlockDeviceMapping
│    │     │ └ properties
│    │     │    └ DeviceName: (documentation changed)
│    │     └[~] type Placement
│    │       └ properties
│    │          ├ AvailabilityZone: (documentation changed)
│    │          ├ GroupName: (documentation changed)
│    │          └ HostResourceGroupArn: (documentation changed)
│    ├[~]  resource AWS::EC2::Instance
│    │  └ types
│    │     └[~] type BlockDeviceMapping
│    │       └ properties
│    │          └ DeviceName: (documentation changed)
│    ├[~]  resource AWS::EC2::SpotFleet
│    │  └ types
│    │     └[~] type BlockDeviceMapping
│    │       └ properties
│    │          └ DeviceName: (documentation changed)
│    └[~]  resource AWS::EC2::VPCBlockPublicAccessOptions
│       └ attributes
│          └[+] ExclusionsAllowed: string
├[~] service aws-ecs
│ └ resources
│    └[~]  resource AWS::ECS::Service
│       ├ properties
│       │  └ AvailabilityZoneRebalancing: - string (default="DISABLED")
│       │                                 + string (default="ENABLED")
│       └ types
│          └[~] type ForceNewDeployment
│            ├      - documentation: undefined
│            │      + documentation: Determines whether to force a new deployment of the service. By default, deployments aren't forced. You can use this option to start a new deployment with no service definition changes. For example, you can update a service's tasks to use a newer Docker image with the same image/tag combination ( `my_image:latest` ) or to roll Fargate tasks onto a newer platform version.
│            └ properties
│               ├ EnableForceNewDeployment: (documentation changed)
│               └ ForceNewDeploymentNonce: (documentation changed)
├[~] service aws-gameliftstreams
│ └ resources
│    └[~]  resource AWS::GameLiftStreams::StreamGroup
│       ├      - documentation: The `AWS::GameLiftStreams::StreamGroup` resource defines a group of compute resources that will be running and streaming your game. When you create a stream group, you specify the hardware configuration (CPU, GPU, RAM) that will run your game (known as the *stream class* ), the geographical locations where your game can run, and the number of streams that can run simultaneously in each location (known as *stream capacity* ). Stream groups manage how Amazon GameLift Streams allocates resources and handles concurrent streams, allowing you to effectively manage capacity and costs.
│       │      There are two types of stream capacity: always-on and on-demand.
│       │      - *Always-on* : The streaming capacity that is allocated and ready to handle stream requests without delay. You pay for this capacity whether it's in use or not. Best for quickest time from streaming request to streaming session. Default is 1 when creating a stream group or adding a location.
│       │      - *On-demand* : The streaming capacity that Amazon GameLift Streams can allocate in response to stream requests, and then de-allocate when the session has terminated. This offers a cost control measure at the expense of a greater startup time (typically under 5 minutes). Default is 0 when creating a stream group or adding a location.
│       │      > Application association is not currently supported in AWS CloudFormation . To link additional applications to a stream group, use the Amazon GameLift Streams console or the AWS CLI .
│       │      + documentation: The `AWS::GameLiftStreams::StreamGroup` resource defines a group of compute resources that will be running and streaming your game. When you create a stream group, you specify the hardware configuration (CPU, GPU, RAM) that will run your game (known as the *stream class* ), the geographical locations where your game can run, and the number of streams that can run simultaneously in each location (known as *stream capacity* ). Stream groups manage how Amazon GameLift Streams allocates resources and handles concurrent streams, allowing you to effectively manage capacity and costs.
│       │      There are two types of stream capacity: always-on and on-demand.
│       │      - *Always-on* : The streaming capacity that is allocated and ready to handle stream requests without delay. You pay for this capacity whether it's in use or not. Best for quickest time from streaming request to streaming session. Default is 1 (2 for high stream classes) when creating a stream group or adding a location.
│       │      - *On-demand* : The streaming capacity that Amazon GameLift Streams can allocate in response to stream requests, and then de-allocate when the session has terminated. This offers a cost control measure at the expense of a greater startup time (typically under 5 minutes). Default is 0 when creating a stream group or adding a location.
│       │      Values for capacity must be whole number multiples of the tenancy value of the stream group's stream class.
│       │      > Application association is not currently supported in AWS CloudFormation . To link additional applications to a stream group, use the Amazon GameLift Streams console or the AWS CLI .
│       └ types
│          └[~] type LocationConfiguration
│            └ properties
│               └ AlwaysOnCapacity: (documentation changed)
├[~] service aws-iotsitewise
│ └ resources
│    └[~]  resource AWS::IoTSiteWise::AccessPolicy
│       └      - documentation: Creates an access policy that grants the specified identity (IAM Identity Center user, IAM Identity Center group, or IAM user) access to the specified AWS IoT SiteWise Monitor portal or project resource.
│              + documentation: Creates an access policy that grants the specified identity (IAM Identity Center user, IAM Identity Center group, or IAM user) access to the specified AWS IoT SiteWise Monitor portal or project resource.
│              > Support for access policies that use an SSO Group as the identity is not supported at this time.
├[~] service aws-ivs
│ └ resources
│    └[~]  resource AWS::IVS::Stage
│       └ types
│          └[~] type ParticipantThumbnailConfiguration
│            └ properties
│               └ RecordingMode: - string (default="INTERVAL")
│                                + string (default="DISABLED")
├[~] service aws-lex
│ └ resources
│    └[~]  resource AWS::Lex::Bot
│       ├ properties
│       │  └[+] ErrorLogSettings: ErrorLogSettings
│       └ types
│          └[+]  type ErrorLogSettings
│             ├      name: ErrorLogSettings
│             └ properties
│                └ Enabled: boolean (required)
├[~] service aws-notifications
│ └ resources
│    └[+]  resource AWS::Notifications::OrganizationalUnitAssociation
│       ├      name: OrganizationalUnitAssociation
│       │      cloudFormationType: AWS::Notifications::OrganizationalUnitAssociation
│       │      documentation: Resource Type definition for AWS::Notifications::OrganizationalUnitAssociation
│       └ properties
│          ├ NotificationConfigurationArn: string (required, immutable)
│          └ OrganizationalUnitId: string (required, immutable)
├[~] service aws-omics
│ └ resources
│    └[~]  resource AWS::Omics::Workflow
│       └      - documentation: Creates a private workflow. Before you create a private workflow, you must create and configure these required resources:
│              - *Workflow definition files* : Define your workflow in one or more workflow definition files, written in WDL, Nextflow, or CWL. The workflow definition specifies the inputs and outputs for runs that use the workflow. It also includes specifications for the runs and run tasks for your workflow, including compute and memory requirements. The workflow definition file must be in .zip format.
│              - (Optional) *Parameter template* : You can create a parameter template file that defines the run parameters, or AWS HealthOmics can generate the parameter template for you.
│              - *ECR container images* : Create one or more container images for the workflow. Store the images in a private ECR repository.
│              - (Optional) *Sentieon licenses* : Request a Sentieon license if using the Sentieon software in a private workflow.
│              For more information, see [Creating or updating a private workflow in AWS HealthOmics](https://docs.aws.amazon.com/omics/latest/dev/creating-private-workflows.html) in the *AWS HealthOmics User Guide* .
│              + documentation: Creates a private workflow. Before you create a private workflow, you must create and configure these required resources:
│              - *Workflow definition files* : Define your workflow in one or more workflow definition files, written in WDL, Nextflow, or CWL. The workflow definition specifies the inputs and outputs for runs that use the workflow. It also includes specifications for the runs and run tasks for your workflow, including compute and memory requirements. The workflow definition file must be in .zip format.
│              - (Optional) *Parameter template* : You can create a parameter template file that defines the run parameters, or AWS HealthOmics can generate the parameter template for you.
│              - *ECR container images* : Create container images for the workflow in a private ECR repository, or synchronize images from a supported upstream registry with your Amazon ECR private repository.
│              - (Optional) *Sentieon licenses* : Request a Sentieon license if using the Sentieon software in a private workflow.
│              For more information, see [Creating or updating a private workflow in AWS HealthOmics](https://docs.aws.amazon.com/omics/latest/dev/creating-private-workflows.html) in the *AWS HealthOmics User Guide* .
├[~] service aws-pcs
│ └ resources
│    ├[~]  resource AWS::PCS::Cluster
│    │  ├      - documentation: The `AWS::PCS::Cluster` resource creates an AWS PCS cluster.
│    │  │      + documentation: Creates an AWS PCS cluster resource. For more information, see [Creating a cluster in AWS Parallel Computing Service](https://docs.aws.amazon.com/pcs/latest/userguide/working-with_clusters_create.html) in the *AWS PCS User Guide* .
│    │  ├ properties
│    │  │  └ Size: (documentation changed)
│    │  ├ attributes
│    │  │  └ Status: (documentation changed)
│    │  └ types
│    │     ├[~] type Accounting
│    │     │ ├      - documentation: The accounting configuration includes configurable settings for Slurm accounting. It's a property of the `ClusterSlurmConfiguration` object.
│    │     │ │      + documentation: The accounting configuration includes configurable settings for Slurm accounting.
│    │     │ └ properties
│    │     │    └ DefaultPurgeTimeInDays: (documentation changed)
│    │     ├[~] type AuthKey
│    │     │ └ properties
│    │     │    └ SecretArn: (documentation changed)
│    │     ├[~] type Endpoint
│    │     │ └ properties
│    │     │    ├ Port: (documentation changed)
│    │     │    └ PublicIpAddress: (documentation changed)
│    │     ├[~] type ErrorInfo
│    │     │ └      - documentation: An error that occurred during resource provisioning.
│    │     │        + documentation: An error that occurred during resource creation.
│    │     ├[~] type Networking
│    │     │ └ properties
│    │     │    ├ SecurityGroupIds: (documentation changed)
│    │     │    └ SubnetIds: (documentation changed)
│    │     ├[~] type Scheduler
│    │     │ └ properties
│    │     │    └ Version: (documentation changed)
│    │     ├[~] type SlurmConfiguration
│    │     │ └ properties
│    │     │    ├ AuthKey: (documentation changed)
│    │     │    └ ScaleDownIdleTimeInSeconds: (documentation changed)
│    │     └[~] type SlurmCustomSetting
│    │       └ properties
│    │          └ ParameterName: (documentation changed)
│    ├[~]  resource AWS::PCS::ComputeNodeGroup
│    │  ├      - documentation: The `AWS::PCS::ComputeNodeGroup` resource creates an AWS PCS compute node group.
│    │  │      + documentation: Creates an AWS PCS compute node group resource. For more information, see [Creating a compute node group in AWS PCS](https://docs.aws.amazon.com/pcs/latest/userguide/working-with_cng_create.html) in the *AWS PCS User Guide* .
│    │  ├ properties
│    │  │  ├ IamInstanceProfileArn: (documentation changed)
│    │  │  ├ InstanceConfigs: (documentation changed)
│    │  │  ├ PurchaseOption: (documentation changed)
│    │  │  └ SpotOptions: (documentation changed)
│    │  ├ attributes
│    │  │  └ Status: (documentation changed)
│    │  └ types
│    │     ├[~] type ErrorInfo
│    │     │ └      - documentation: The list of errors that occurred during compute node group provisioning.
│    │     │        + documentation: An error that occurred during resource creation.
│    │     ├[~] type SlurmCustomSetting
│    │     │ └ properties
│    │     │    └ ParameterName: (documentation changed)
│    │     └[~] type SpotOptions
│    │       ├      - documentation: Additional configuration when you specify `SPOT` as the `purchaseOption` .
│    │       │      + documentation: Additional configuration when you specify `SPOT` as the `purchaseOption` for the `CreateComputeNodeGroup` API action.
│    │       └ properties
│    │          └ AllocationStrategy: (documentation changed)
│    └[~]  resource AWS::PCS::Queue
│       ├      - documentation: The `AWS::PCS::Queue` resource creates an AWS PCS queue.
│       │      + documentation: Creates an AWS PCS queue resource. For more information, see [Creating a queue in AWS PCS](https://docs.aws.amazon.com/pcs/latest/userguide/working-with_queues_create.html) in the *AWS PCS User Guide* .
│       ├ attributes
│       │  └ Status: (documentation changed)
│       └ types
│          └[~] type ErrorInfo
│            └      - documentation: An error that occurred during resource provisioning.
│                   + documentation: An error that occurred during resource creation.
├[~] service aws-s3tables
│ └ resources
│    ├[~]  resource AWS::S3Tables::Namespace
│    │  ├      - documentation: Creates a namespace. A namespace is a logical grouping of tables within your table bucket, which you can use to organize tables. For more information, see [Create a namespace](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-namespace-create.html) in the *Amazon Simple Storage Service User Guide* .
│    │  │      - **Permissions** - You must have the `s3tables:CreateNamespace` permission to use this operation.
│    │  │      + documentation: Creates a namespace. A namespace is a logical grouping of tables within your table bucket, which you can use to organize tables. For more information, see [Create a namespace](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-namespace-create.html) in the *Amazon Simple Storage Service User Guide* .
│    │  │      - **Permissions** - You must have the `s3tables:CreateNamespace` permission to use this operation.
│    │  │      - **Cloud Development Kit** - To use S3 Tables AWS CDK constructs, add the `@aws-cdk/aws-s3tables-alpha` dependency with one of the following options:
│    │  │      - NPM: `npm i @aws-cdk/aws-s3tables-alpha`
│    │  │      - Yarn: `yarn add @aws-cdk/aws-s3tables-alpha`
│    │  └ properties
│    │     └ TableBucketARN: (documentation changed)
│    ├[~]  resource AWS::S3Tables::Table
│    │  ├      - documentation: Creates a new table associated with the given namespace in a table bucket. For more information, see [Creating an Amazon S3 table](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-create.html) in the *Amazon Simple Storage Service User Guide* .
│    │  │      - **Permissions** - - You must have the `s3tables:CreateTable` permission to use this operation.
│    │  │      - If you use this operation with the optional `metadata` request parameter you must have the `s3tables:PutTableData` permission.
│    │  │      - If you use this operation with the optional `encryptionConfiguration` request parameter you must have the `s3tables:PutTableEncryption` permission.
│    │  │      > Additionally, If you choose SSE-KMS encryption you must grant the S3 Tables maintenance principal access to your KMS key. For more information, see [Permissions requirements for S3 Tables SSE-KMS encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-kms-permissions.html) .
│    │  │      + documentation: Creates a new table associated with the given namespace in a table bucket. For more information, see [Creating an Amazon S3 table](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-create.html) in the *Amazon Simple Storage Service User Guide* .
│    │  │      - **Permissions** - - You must have the `s3tables:CreateTable` permission to use this operation.
│    │  │      - If you use this operation with the optional `metadata` request parameter you must have the `s3tables:PutTableData` permission.
│    │  │      - If you use this operation with the optional `encryptionConfiguration` request parameter you must have the `s3tables:PutTableEncryption` permission.
│    │  │      > Additionally, If you choose SSE-KMS encryption you must grant the S3 Tables maintenance principal access to your KMS key. For more information, see [Permissions requirements for S3 Tables SSE-KMS encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-kms-permissions.html) .
│    │  │      - **Cloud Development Kit** - To use S3 Tables AWS CDK constructs, add the `@aws-cdk/aws-s3tables-alpha` dependency with one of the following options:
│    │  │      - NPM: `npm i @aws-cdk/aws-s3tables-alpha`
│    │  │      - Yarn: `yarn add @aws-cdk/aws-s3tables-alpha`
│    │  ├ properties
│    │  │  ├ Compaction: (documentation changed)
│    │  │  ├ OpenTableFormat: (documentation changed)
│    │  │  ├ SnapshotManagement: (documentation changed)
│    │  │  ├ TableBucketARN: (documentation changed)
│    │  │  └ WithoutMetadata: (documentation changed)
│    │  ├ attributes
│    │  │  └ VersionToken: (documentation changed)
│    │  └ types
│    │     ├[~] type Compaction
│    │     │ ├      - documentation: Settings governing the Compaction maintenance action. Contains details about the compaction settings for an Iceberg table.
│    │     │ │      + documentation: Contains details about the compaction settings for an Iceberg table.
│    │     │ └ properties
│    │     │    └ Status: (documentation changed)
│    │     ├[~] type IcebergMetadata
│    │     │ └ properties
│    │     │    └ IcebergSchema: (documentation changed)
│    │     ├[~] type IcebergSchema
│    │     │ └ properties
│    │     │    └ SchemaFieldList: (documentation changed)
│    │     └[~] type SnapshotManagement
│    │       ├      - documentation: Contains details about the snapshot management settings for an Iceberg table. A snapshot is expired when it exceeds MinSnapshotsToKeep and MaxSnapshotAgeHours.
│    │       │      + documentation: Contains details about the snapshot management settings for an Iceberg table. The oldest snapshot expires when its age exceeds the `maxSnapshotAgeHours` and the total number of snapshots exceeds the value for the minimum number of snapshots to keep `minSnapshotsToKeep` .
│    │       └ properties
│    │          └ Status: (documentation changed)
│    ├[~]  resource AWS::S3Tables::TableBucket
│    │  └      - documentation: Creates a table bucket. For more information, see [Creating a table bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-buckets-create.html) in the *Amazon Simple Storage Service User Guide* .
│    │         - **Permissions** - - You must have the `s3tables:CreateTableBucket` permission to use this operation.
│    │         - If you use this operation with the optional `encryptionConfiguration` parameter you must have the `s3tables:PutTableBucketEncryption` permission.
│    │         + documentation: Creates a table bucket. For more information, see [Creating a table bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-buckets-create.html) in the *Amazon Simple Storage Service User Guide* .
│    │         - **Permissions** - - You must have the `s3tables:CreateTableBucket` permission to use this operation.
│    │         - If you use this operation with the optional `encryptionConfiguration` parameter you must have the `s3tables:PutTableBucketEncryption` permission.
│    │         - **Cloud Development Kit** - To use S3 Tables AWS CDK constructs, add the `@aws-cdk/aws-s3tables-alpha` dependency with one of the following options:
│    │         - NPM: `npm i @aws-cdk/aws-s3tables-alpha`
│    │         - Yarn: `yarn add @aws-cdk/aws-s3tables-alpha`
│    ├[~]  resource AWS::S3Tables::TableBucketPolicy
│    │  └      - documentation: Creates a new table bucket policy or replaces an existing table bucket policy for a table bucket. For more information, see [Adding a table bucket policy](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-bucket-policy.html#table-bucket-policy-add) in the *Amazon Simple Storage Service User Guide* .
│    │         - **Permissions** - You must have the `s3tables:PutTableBucketPolicy` permission to use this operation.
│    │         + documentation: Creates a new maintenance configuration or replaces an existing table bucket policy for a table bucket. For more information, see [Adding a table bucket policy](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-bucket-policy.html#table-bucket-policy-add) in the *Amazon Simple Storage Service User Guide* .
│    │         - **Permissions** - You must have the `s3tables:PutTableBucketPolicy` permission to use this operation.
│    │         - **Cloud Development Kit** - To use S3 Tables AWS CDK constructs, add the `@aws-cdk/aws-s3tables-alpha` dependency with one of the following options:
│    │         - NPM: `npm i @aws-cdk/aws-s3tables-alpha`
│    │         - Yarn: `yarn add @aws-cdk/aws-s3tables-alpha`
│    └[~]  resource AWS::S3Tables::TablePolicy
│       ├      - documentation: Creates a new table policy or replaces an existing table policy for a table. For more information, see [Adding a table policy](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-table-policy.html#table-policy-add) in the *Amazon Simple Storage Service User Guide* .
│       │      - **Permissions** - You must have the `s3tables:PutTablePolicy` permission to use this operation.
│       │      + documentation: Creates a new maintenance configuration or replaces an existing table policy for a table. For more information, see [Adding a table policy](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-table-policy.html#table-policy-add) in the *Amazon Simple Storage Service User Guide* .
│       │      - **Permissions** - You must have the `s3tables:PutTablePolicy` permission to use this operation.
│       │      - **Cloud Development Kit** - To use S3 Tables AWS CDK constructs, add the `@aws-cdk/aws-s3tables-alpha` dependency with one of the following options:
│       │      - NPM: `npm i @aws-cdk/aws-s3tables-alpha`
│       │      - Yarn: `yarn add @aws-cdk/aws-s3tables-alpha`
│       ├ properties
│       │  ├ ResourcePolicy: (documentation changed)
│       │  └ TableARN: (documentation changed)
│       └ attributes
│          ├ Namespace: (documentation changed)
│          ├ TableBucketARN: (documentation changed)
│          └ TableName: (documentation changed)
├[~] service aws-secretsmanager
│ └ resources
│    └[~]  resource AWS::SecretsManager::RotationSchedule
│       └ types
│          └[~] type HostedRotationLambda
│            └ properties
│               └ Runtime: (documentation changed)
├[~] service aws-ses
│ └ resources
│    ├[~]  resource AWS::SES::ConfigurationSet
│    │  └ types
│    │     ├[~] type DeliveryOptions
│    │     │ └ properties
│    │     │    └ MaxDeliverySeconds: (documentation changed)
│    │     └[~] type TrackingOptions
│    │       └ properties
│    │          └ HttpsPolicy: (documentation changed)
│    ├[~]  resource AWS::SES::MailManagerAddonSubscription
│    │  └ properties
│    │     └ AddonName: (documentation changed)
│    ├[~]  resource AWS::SES::MailManagerAddressList
│    │  ├      - documentation: Definition of AWS::SES::MailManagerAddressList Resource Type
│    │  │      + documentation: The structure representing the address lists and address list attribute that will be used in evaluation of boolean expression.
│    │  ├ properties
│    │  │  ├ AddressListName: (documentation changed)
│    │  │  └ Tags: (documentation changed)
│    │  └ attributes
│    │     ├ AddressListArn: (documentation changed)
│    │     └ AddressListId: (documentation changed)
│    ├[~]  resource AWS::SES::MailManagerTrafficPolicy
│    │  └ types
│    │     ├[~] type IngressBooleanToEvaluate
│    │     │ └ properties
│    │     │    └ IsInAddressList: (documentation changed)
│    │     ├[~] type IngressIpv6Expression
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: The union type representing the allowed types for the left hand side of an IPv6 condition.
│    │     │ └ properties
│    │     │    ├ Evaluate: (documentation changed)
│    │     │    ├ Operator: (documentation changed)
│    │     │    └ Values: (documentation changed)
│    │     ├[~] type IngressIpv6ToEvaluate
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: The structure for an IPv6 based condition matching on the incoming mail.
│    │     │ └ properties
│    │     │    └ Attribute: (documentation changed)
│    │     ├[~] type IngressIsInAddressList
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: The address lists and the address list attribute value that is evaluated in a policy statement's conditional expression to either deny or block the incoming email.
│    │     │ └ properties
│    │     │    ├ AddressLists: (documentation changed)
│    │     │    └ Attribute: (documentation changed)
│    │     ├[~] type IngressStringToEvaluate
│    │     │ └ properties
│    │     │    └ Analysis: (documentation changed)
│    │     └[~] type PolicyCondition
│    │       └ properties
│    │          └ Ipv6Expression: (documentation changed)
│    └[~]  resource AWS::SES::ReceiptRule
│       └ types
│          └[~] type Action
│            └ properties
│               └ ConnectAction: (documentation changed)
├[~] service aws-synthetics
│ └ resources
│    └[~]  resource AWS::Synthetics::Canary
│       ├ properties
│       │  ├ BrowserConfigs: (documentation changed)
│       │  ├ VisualReference: (documentation changed)
│       │  └ VisualReferences: (documentation changed)
│       └ types
│          └[~] type BrowserConfig
│            ├      - documentation: undefined
│            │      + documentation: A structure that specifies the browser type to use for a canary run.
│            └ properties
│               └ BrowserType: (documentation changed)
└[~] service aws-wisdom
  └ resources
     └[~]  resource AWS::Wisdom::AIPrompt
        └ properties
           └ ModelId: - string (required, immutable)
                      + string (required)

CHANGES TO L1 RESOURCES:

• L1 resources are automatically generated from public CloudFormation Resource Schemas. They are build to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

• aws-ec2: AWS::EC2::ClientVpnEndpoint: ClientCidrBlock property is now optional.

• aws-ecs: AWS::ECS::Service: AvailabilityZoneRebalancing default value changed from "DISABLED" to "ENABLED".

• aws-ivs: AWS::IVS::Stage: RecordingMode default value in ParticipantThumbnailConfiguration changed from "INTERVAL" to "DISABLED".

• aws-wisdom: AWS::Wisdom::AIPrompt: ModelId property is now mutable.

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.