feat: update L1 CloudFormation resource definitions (#29606)

Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`

**L1 CloudFormation resource definition changes:**
```
├[~] service aws-cloudwatch
│ └ resources
│    └[~] resource AWS::CloudWatch::AnomalyDetector
│      └ types
│         └[~] type SingleMetricAnomalyDetector
│           └ properties
│              └[+] AccountId: string
├[~] service aws-docdbelastic
│ └ resources
│    └[~] resource AWS::DocDBElastic::Cluster
│      └ properties
│         ├[+] BackupRetentionPeriod: integer
│         ├[+] PreferredBackupWindow: string
│         └[+] ShardInstanceCount: integer
├[~] service aws-elasticache
│ └ resources
│    └[~] resource AWS::ElastiCache::ParameterGroup
│      └ attributes
│         └[-] CacheParameterGroupName: string
├[~] service aws-entityresolution
│ └ resources
│    └[~] resource AWS::EntityResolution::IdMappingWorkflow
│      ├ properties
│      │  └ OutputSourceConfig: - Array<IdMappingWorkflowOutputSource> (required)
│      │                        + Array<IdMappingWorkflowOutputSource>
│      └ types
│         └[~] type IdMappingWorkflowInputSource
│           └ properties
│              ├ SchemaArn: - string (required)
│              │            + string
│              └[+] Type: string
├[~] service aws-iam
│ └ resources
│    └[~] resource AWS::IAM::ManagedPolicy
│      └ properties
│         └ Path: - string (immutable)
│                 + string (default="/", immutable)
└[~] service aws-securityhub
  └ resources
     ├[-] resource AWS::SecurityHub::DelegatedAdmin
     │ ├  name: DelegatedAdmin
     │ │  cloudFormationType: AWS::SecurityHub::DelegatedAdmin
     │ │  documentation: The AWS::SecurityHub::DelegatedAdmin resource represents the AWS Security Hub delegated admin account in your organization. One delegated admin resource is allowed to create for the organization in each region in which you configure the AdminAccountId.
     │ ├ properties
     │ │  └AdminAccountId: string (required, immutable)
     │ └ attributes
     │    ├DelegatedAdminIdentifier: string
     │    └Status: string
     ├[-] resource AWS::SecurityHub::Insight
     │ ├  name: Insight
     │ │  cloudFormationType: AWS::SecurityHub::Insight
     │ │  documentation: Creates a custom insight in Security Hub. An insight is a consolidation of findings that relate to a security issue that requires attention or remediation.
     │ │  To group the related findings in the insight, use the `GroupByAttribute` .
     │ ├ properties
     │ │  ├Name: string (required)
     │ │  ├Filters: AwsSecurityFindingFilters (required)
     │ │  └GroupByAttribute: string (required)
     │ ├ attributes
     │ │  └InsightArn: string
     │ └ types
     │    ├type AwsSecurityFindingFilters
     │    │├  documentation: A collection of filters that are applied to all active findings aggregated by AWS Security Hub .
     │    ││  You can filter by up to ten finding attributes. For each attribute, you can provide up to 20 filter values.
     │    ││  name: AwsSecurityFindingFilters
     │    │└ properties
     │    │   ├ProductArn: Array<StringFilter>
     │    │   ├AwsAccountId: Array<StringFilter>
     │    │   ├AwsAccountName: Array<StringFilter>
     │    │   ├Id: Array<StringFilter>
     │    │   ├GeneratorId: Array<StringFilter>
     │    │   ├Type: Array<StringFilter>
     │    │   ├Region: Array<StringFilter>
     │    │   ├SeverityLabel: Array<StringFilter>
     │    │   ├Title: Array<StringFilter>
     │    │   ├Description: Array<StringFilter>
     │    │   ├RecommendationText: Array<StringFilter>
     │    │   ├SourceUrl: Array<StringFilter>
     │    │   ├ProductFields: Array<MapFilter>
     │    │   ├ProductName: Array<StringFilter>
     │    │   ├CompanyName: Array<StringFilter>
     │    │   ├UserDefinedFields: Array<MapFilter>
     │    │   ├MalwareName: Array<StringFilter>
     │    │   ├MalwareType: Array<StringFilter>
     │    │   ├MalwarePath: Array<StringFilter>
     │    │   ├MalwareState: Array<StringFilter>
     │    │   ├NetworkDirection: Array<StringFilter>
     │    │   ├NetworkProtocol: Array<StringFilter>
     │    │   ├NetworkSourceIpV4: Array<IpFilter>
     │    │   ├NetworkSourceIpV6: Array<IpFilter>
     │    │   ├NetworkSourceDomain: Array<StringFilter>
     │    │   ├NetworkSourceMac: Array<StringFilter>
     │    │   ├NetworkDestinationIpV4: Array<IpFilter>
     │    │   ├NetworkDestinationIpV6: Array<IpFilter>
     │    │   ├NetworkDestinationDomain: Array<StringFilter>
     │    │   ├ProcessName: Array<StringFilter>
     │    │   ├ProcessPath: Array<StringFilter>
     │    │   ├ThreatIntelIndicatorType: Array<StringFilter>
     │    │   ├ThreatIntelIndicatorValue: Array<StringFilter>
     │    │   ├ThreatIntelIndicatorCategory: Array<StringFilter>
     │    │   ├ThreatIntelIndicatorSource: Array<StringFilter>
     │    │   ├ThreatIntelIndicatorSourceUrl: Array<StringFilter>
     │    │   ├ResourceType: Array<StringFilter>
     │    │   ├ResourceId: Array<StringFilter>
     │    │   ├ResourcePartition: Array<StringFilter>
     │    │   ├ResourceRegion: Array<StringFilter>
     │    │   ├ResourceTags: Array<MapFilter>
     │    │   ├ResourceAwsEc2InstanceType: Array<StringFilter>
     │    │   ├ResourceAwsEc2InstanceImageId: Array<StringFilter>
     │    │   ├ResourceAwsEc2InstanceIpV4Addresses: Array<IpFilter>
     │    │   ├ResourceAwsEc2InstanceIpV6Addresses: Array<IpFilter>
     │    │   ├ResourceAwsEc2InstanceKeyName: Array<StringFilter>
     │    │   ├ResourceAwsEc2InstanceIamInstanceProfileArn: Array<StringFilter>
     │    │   ├ResourceAwsEc2InstanceVpcId: Array<StringFilter>
     │    │   ├ResourceAwsEc2InstanceSubnetId: Array<StringFilter>
     │    │   ├ResourceAwsS3BucketOwnerId: Array<StringFilter>
     │    │   ├ResourceAwsS3BucketOwnerName: Array<StringFilter>
     │    │   ├ResourceAwsIamAccessKeyStatus: Array<StringFilter>
     │    │   ├ResourceContainerName: Array<StringFilter>
     │    │   ├ResourceContainerImageId: Array<StringFilter>
     │    │   ├ResourceContainerImageName: Array<StringFilter>
     │    │   ├ResourceDetailsOther: Array<MapFilter>
     │    │   ├ComplianceStatus: Array<StringFilter>
     │    │   ├VerificationState: Array<StringFilter>
     │    │   ├WorkflowState: Array<StringFilter>
     │    │   ├WorkflowStatus: Array<StringFilter>
     │    │   ├RecordState: Array<StringFilter>
     │    │   ├RelatedFindingsProductArn: Array<StringFilter>
     │    │   ├RelatedFindingsId: Array<StringFilter>
     │    │   ├ResourceApplicationArn: Array<StringFilter>
     │    │   ├ResourceApplicationName: Array<StringFilter>
     │    │   ├NoteText: Array<StringFilter>
     │    │   ├NoteUpdatedBy: Array<StringFilter>
     │    │   ├Sample: Array<BooleanFilter>
     │    │   ├ComplianceAssociatedStandardsId: Array<StringFilter>
     │    │   ├ComplianceSecurityControlId: Array<StringFilter>
     │    │   ├ComplianceSecurityControlParametersName: Array<StringFilter>
     │    │   ├ComplianceSecurityControlParametersValue: Array<StringFilter>
     │    │   ├FindingProviderFieldsRelatedFindingsId: Array<StringFilter>
     │    │   ├FindingProviderFieldsRelatedFindingsProductArn: Array<StringFilter>
     │    │   ├FindingProviderFieldsSeverityLabel: Array<StringFilter>
     │    │   ├FindingProviderFieldsSeverityOriginal: Array<StringFilter>
     │    │   ├FindingProviderFieldsTypes: Array<StringFilter>
     │    │   ├ResourceAwsIamAccessKeyPrincipalName: Array<StringFilter>
     │    │   ├ResourceAwsIamUserUserName: Array<StringFilter>
     │    │   ├VulnerabilitiesExploitAvailable: Array<StringFilter>
     │    │   └VulnerabilitiesFixAvailable: Array<StringFilter>
     │    ├type StringFilter
     │    │├  documentation: A string filter for filtering AWS Security Hub findings.
     │    ││  name: StringFilter
     │    │└ properties
     │    │   ├Comparison: string (required)
     │    │   └Value: string (required)
     │    ├type MapFilter
     │    │├  documentation: A map filter for filtering AWS Security Hub findings. Each map filter provides the field to check for, the value to check for, and the comparison operator.
     │    ││  name: MapFilter
     │    │└ properties
     │    │   ├Comparison: string (required)
     │    │   ├Key: string (required)
     │    │   └Value: string (required)
     │    ├type IpFilter
     │    │├  documentation: The IP filter for querying findings.
     │    ││  name: IpFilter
     │    │└ properties
     │    │   └Cidr: string
     │    └type BooleanFilter
     │     ├  documentation: Boolean filter for querying findings.
     │     │  name: BooleanFilter
     │     └ properties
     │        └Value: boolean (required)
     └[-] resource AWS::SecurityHub::ProductSubscription
       ├  name: ProductSubscription
       │  cloudFormationType: AWS::SecurityHub::ProductSubscription
       │  documentation: The AWS::SecurityHub::ProductSubscription resource represents a subscription to a service that is allowed to generate findings for your Security Hub account. One product subscription resource is created for each product enabled.
       ├ properties
       │  └ProductArn: string (required, immutable)
       └ attributes
          └ProductSubscriptionArn: string
```

Author: aws-cdk-automation

packages/@aws-cdk/cloudformation-diff/package.json

@@ -23,8 +23,8 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-cdk/aws-service-spec": "^0.0.59",
-    "@aws-cdk/service-spec-types": "^0.0.59",
+    "@aws-cdk/aws-service-spec": "^0.0.60",
+    "@aws-cdk/service-spec-types": "^0.0.60",
     "aws-sdk": "2.1583.0",
     "chalk": "^4",
     "diff": "^5.2.0",

packages/@aws-cdk/integ-runner/package.json

@@ -74,7 +74,7 @@
     "@aws-cdk/cloud-assembly-schema": "0.0.0",
     "@aws-cdk/cloudformation-diff": "0.0.0",
     "@aws-cdk/cx-api": "0.0.0",
-    "@aws-cdk/aws-service-spec": "^0.0.59",
+    "@aws-cdk/aws-service-spec": "^0.0.60",
     "cdk-assets": "0.0.0",
     "@aws-cdk/cdk-cli-wrapper": "0.0.0",
     "aws-cdk": "0.0.0",

packages/aws-cdk-lib/package.json

@@ -135,7 +135,7 @@
     "mime-types": "^2.1.35"
   },
   "devDependencies": {
-    "@aws-cdk/aws-service-spec": "^0.0.59",
+    "@aws-cdk/aws-service-spec": "^0.0.60",
     "@aws-cdk/cdk-build-tools": "0.0.0",
     "@aws-cdk/custom-resource-handlers": "0.0.0",
     "@aws-cdk/pkglint": "0.0.0",

tools/@aws-cdk/spec2cdk/package.json

@@ -32,9 +32,9 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-cdk/aws-service-spec": "^0.0.59",
+    "@aws-cdk/aws-service-spec": "^0.0.60",
     "@aws-cdk/service-spec-importers": "^0.0.27",
-    "@aws-cdk/service-spec-types": "^0.0.59",
+    "@aws-cdk/service-spec-types": "^0.0.60",
     "@cdklabs/tskb": "^0.0.3",
     "@cdklabs/typewriter": "^0.0.3",
     "camelcase": "^6",

yarn.lock

@@ -56,12 +56,12 @@
   resolved "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.1.tgz#6dc9b7cdb22ff622a7176141197962360c33e9ac"
   integrity sha512-DDt4SLdLOwWCjGtltH4VCST7hpOI5DzieuhGZsBpZ+AgJdSI2GCjklCXm0GCTwJG/SolkL5dtQXyUKgg9luBDg==
 
-"@aws-cdk/aws-service-spec@^0.0.59":
-  version "0.0.59"
-  resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.0.59.tgz#4d3f64e42b566fa75d8228e19c8e95feec1f225c"
-  integrity sha512-uIk+FmA/giiDs8gORSUa8dKfJvkMPi6wQHcnZw7a0B1hQ6hA8WVXv+yxCmz5xd1b2Y7Zd/ww36XHTu9CvGKEvg==
+"@aws-cdk/aws-service-spec@^0.0.60":
+  version "0.0.60"
+  resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.0.60.tgz#6ed18a6f9cd8bce649a49f26ecf5e3c7a1360cf0"
+  integrity sha512-HyIQGKkPz3olFP5JKXxxVomTZFcpwRvDQ5e+deJ2srTS4EpUTFs8jB/Etw4gNvv0ka0y6Vv3dZ4Tvz6EhZ9t3A==
   dependencies:
-    "@aws-cdk/service-spec-types" "^0.0.59"
+    "@aws-cdk/service-spec-types" "^0.0.60"
     "@cdklabs/tskb" "^0.0.3"
 
 "@aws-cdk/lambda-layer-kubectl-v24@^2.0.242":
@@ -92,10 +92,10 @@
   dependencies:
     "@cdklabs/tskb" "^0.0.3"
 
-"@aws-cdk/service-spec-types@^0.0.59":
-  version "0.0.59"
-  resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.59.tgz#79605be022b21dcda73c2422821c41ac7f104db7"
-  integrity sha512-uFTPHuQ3/qBZy+pusVvXcfbM5dCbeOiItxHv2se/nOzRlrCz024aEq334oIpE1QET9rY1XWR8ji8tPlSimXcIA==
+"@aws-cdk/service-spec-types@^0.0.60":
+  version "0.0.60"
+  resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.60.tgz#497a45d223f9a5e8dcfc90c614271c54a92588a9"
+  integrity sha512-yXjN5vP1DmB7XJ4SmAvbvSusEklM9xe8e7QcETbokn3ghr0HHXjUkkzdVWaySr5EBBg92ANBG5dP/WZV2vHo/Q==
   dependencies:
     "@cdklabs/tskb" "^0.0.3"