feat(sources): update documentation

[aws-cdk-automation]

⚠️ This Pull Request updates daily and will overwrite all manual changes pushed to the branch

Updates the documentation source from upstream. See details in workflow run.

---

Automatically created by projen via the "update-source-documentation" workflow

[github-actions]

To work on this Pull Request, please create a new branch and PR. This prevents your work from being deleted by the automation.

Run the following commands inside the repo:

gh co 761
git switch -c fix-pr-761 && git push -u origin HEAD
gh pr create -t "fix: PR #761" --body "Fixes https://github.com/cdklabs/awscdk-service-spec/pull/761"

[github-actions]

@aws-cdk/aws-service-spec: Model database diff detected

├[~] service aws-cloudfront
│ └ resources
│    └[~] resource AWS::CloudFront::KeyValueStore
│      ├  - documentation: Resource Type definition for AWS::CloudFront::KeyValueStore
│      │  + documentation: The Key Value Store. Use this to separate data from function code, allowing you to update data without having to publish a new version of a function. The Key Value Store holds keys and their corresponding values.
│      ├ properties
│      │  ├ Comment: (documentation changed)
│      │  ├ ImportSource: (documentation changed)
│      │  └ Name: (documentation changed)
│      ├ attributes
│      │  ├ Arn: (documentation changed)
│      │  ├ Id: (documentation changed)
│      │  └ Status: (documentation changed)
│      └ types
│         └[~] type ImportSource
│           ├  - documentation: undefined
│           │  + documentation: The import source for the Key Value Store.
│           └ properties
│              ├ SourceArn: (documentation changed)
│              └ SourceType: (documentation changed)
├[~] service aws-cloudwatch
│ └ resources
│    └[~] resource AWS::CloudWatch::MetricStream
│      └ properties
│         ├ OutputFormat: (documentation changed)
│         └ StatisticsConfigurations: (documentation changed)
├[~] service aws-codedeploy
│ └ resources
│    └[~] resource AWS::CodeDeploy::DeploymentGroup
│      └ properties
│         └ TerminationHookEnabled: (documentation changed)
├[~] service aws-codepipeline
│ └ resources
│    └[~] resource AWS::CodePipeline::Pipeline
│      ├ properties
│      │  ├ PipelineType: (documentation changed)
│      │  ├ Triggers: (documentation changed)
│      │  └ Variables: (documentation changed)
│      └ types
│         ├[~] type GitConfiguration
│         │ ├  - documentation: undefined
│         │ │  + documentation: A type of trigger configuration for Git-based source actions.
│         │ │  > You can specify the Git configuration trigger type for all third-party Git-based source actions that are supported by the `CodeStarSourceConnection` action type.
│         │ └ properties
│         │    ├ Push: (documentation changed)
│         │    └ SourceActionName: (documentation changed)
│         ├[~] type GitPushFilter
│         │ ├  - documentation: undefined
│         │ │  + documentation: The event criteria that specify when a specified repository event will start the pipeline for the specified trigger configuration, such as the lists of Git tags to include and exclude.
│         │ └ properties
│         │    └ Tags: (documentation changed)
│         ├[~] type GitTagFilterCriteria
│         │ ├  - documentation: undefined
│         │ │  + documentation: The Git tags specified as filter criteria for whether a Git tag repository event will start the pipeline.
│         │ └ properties
│         │    ├ Excludes: (documentation changed)
│         │    └ Includes: (documentation changed)
│         ├[~] type PipelineTriggerDeclaration
│         │ ├  - documentation: undefined
│         │ │  + documentation: Represents information about the specified trigger configuration, such as the filter criteria and the source stage for the action that contains the trigger.
│         │ │  > This is only supported for the `CodeStarSourceConnection` action type. > When a trigger configuration is specified, default change detection for repository and branch commits is disabled.
│         │ └ properties
│         │    ├ GitConfiguration: (documentation changed)
│         │    └ ProviderType: (documentation changed)
│         └[~] type VariableDeclaration
│           ├  - documentation: undefined
│           │  + documentation: A variable declared at the pipeline level.
│           └ properties
│              ├ DefaultValue: (documentation changed)
│              ├ Description: (documentation changed)
│              └ Name: (documentation changed)
├[~] service aws-cognito
│ └ resources
│    ├[~] resource AWS::Cognito::UserPool
│    │ └ attributes
│    │    └ UserPoolId: (documentation changed)
│    ├[~] resource AWS::Cognito::UserPoolClient
│    │ └ properties
│    │    └ AllowedOAuthFlows: (documentation changed)
│    ├[~] resource AWS::Cognito::UserPoolGroup
│    │ └  - documentation: Specifies a new group in the identified user pool.
│    │    Calling this action requires developer credentials.
│    │    > If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.
│    │    + documentation: A user pool group that you can add a user to.
│    └[~] resource AWS::Cognito::UserPoolUser
│      └ properties
│         └ UserAttributes: (documentation changed)
├[~] service aws-config
│ └ resources
│    └[~] resource AWS::Config::ConfigurationRecorder
│      ├ properties
│      │  └ RecordingMode: (documentation changed)
│      └ types
│         ├[~] type RecordingMode
│         │ ├  - documentation: undefined
│         │ │  + documentation: Specifies the default recording frequency that AWS Config uses to record configuration changes. AWS Config supports *Continuous recording* and *Daily recording* .
│         │ │  - Continuous recording allows you to record configuration changes continuously whenever a change occurs.
│         │ │  - Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it’s different from the previous CI recorded.
│         │ │  > AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous. 
│         │ │  You can also override the recording frequency for specific resource types.
│         │ └ properties
│         │    ├ RecordingFrequency: (documentation changed)
│         │    └ RecordingModeOverrides: (documentation changed)
│         └[~] type RecordingModeOverride
│           ├  - documentation: undefined
│           │  + documentation: An object for you to specify your overrides for the recording mode.
│           └ properties
│              ├ Description: (documentation changed)
│              ├ RecordingFrequency: (documentation changed)
│              └ ResourceTypes: (documentation changed)
├[~] service aws-connect
│ └ resources
│    └[~] resource AWS::Connect::Instance
│      └ properties
│         └ Tags: (documentation changed)
├[~] service aws-datasync
│ └ resources
│    └[~] resource AWS::DataSync::Task
│      └ types
│         └[~] type Options
│           └ properties
│              └ OverwriteMode: (documentation changed)
├[~] service aws-dms
│ └ resources
│    └[~] resource AWS::DMS::Endpoint
│      └ types
│         └[~] type IbmDb2Settings
│           └ properties
│              ├ KeepCsvFiles: (documentation changed)
│              ├ LoadTimeout: (documentation changed)
│              ├ MaxFileSize: (documentation changed)
│              └ WriteBufferSize: (documentation changed)
├[~] service aws-ec2
│ └ resources
│    └[~] resource AWS::EC2::LaunchTemplate
│      └ types
│         └[~] type MetadataOptions
│           └ properties
│              └ HttpTokens: (documentation changed)
├[~] service aws-elasticache
│ └ resources
│    └[~] resource AWS::ElastiCache::ServerlessCache
│      └ properties
│         ├ Endpoint: (documentation changed)
│         └ ReaderEndpoint: (documentation changed)
├[~] service aws-fis
│ └ resources
│    ├[~] resource AWS::FIS::ExperimentTemplate
│    │ ├  - documentation: Describes an experiment template.
│    │ │  + documentation: Specifies an experiment template.
│    │ │  An experiment template includes the following components:
│    │ │  - *Targets* : A target can be a specific resource in your AWS environment, or one or more resources that match criteria that you specify, for example, resources that have specific tags.
│    │ │  - *Actions* : The actions to carry out on the target. You can specify multiple actions, the duration of each action, and when to start each action during an experiment.
│    │ │  - *Stop conditions* : If a stop condition is triggered while an experiment is running, the experiment is automatically stopped. You can define a stop condition as a CloudWatch alarm.
│    │ │  For more information, see [Experiment templates](https://docs.aws.amazon.com/fis/latest/userguide/experiment-templates.html) in the *AWS Fault Injection Service User Guide* .
│    │ └ types
│    │    ├[~] type ExperimentTemplateAction
│    │    │ └  - documentation: Describes an action for an experiment template.
│    │    │    + documentation: Specifies an action for an experiment template.
│    │    │    For more information, see [Actions](https://docs.aws.amazon.com/fis/latest/userguide/actions.html) in the *AWS Fault Injection Service User Guide* .
│    │    ├[~] type ExperimentTemplateLogConfiguration
│    │    │ ├  - documentation: Describes the configuration for experiment logging.
│    │    │ │  + documentation: Specifies the configuration for experiment logging.
│    │    │ │  For more information, see [Experiment logging](https://docs.aws.amazon.com/fis/latest/userguide/monitoring-logging.html) in the *AWS Fault Injection Service User Guide* .
│    │    │ └ properties
│    │    │    ├ CloudWatchLogsConfiguration: (documentation changed)
│    │    │    └ S3Configuration: (documentation changed)
│    │    ├[~] type ExperimentTemplateStopCondition
│    │    │ └  - documentation: Describes a stop condition for an experiment template.
│    │    │    + documentation: Specifies a stop condition for an experiment template.
│    │    │    For more information, see [Stop conditions](https://docs.aws.amazon.com/fis/latest/userguide/stop-conditions.html) in the *AWS Fault Injection Service User Guide* .
│    │    ├[~] type ExperimentTemplateTarget
│    │    │ ├  - documentation: Describes a target for an experiment template.
│    │    │ │  + documentation: Specifies a target for an experiment. You must specify at least one Amazon Resource Name (ARN) or at least one resource tag. You cannot specify both ARNs and tags.
│    │    │ │  For more information, see [Targets](https://docs.aws.amazon.com/fis/latest/userguide/targets.html) in the *AWS Fault Injection Service User Guide* .
│    │    │ └ properties
│    │    │    └ Parameters: (documentation changed)
│    │    └[~] type ExperimentTemplateTargetFilter
│    │      └  - documentation: Describes a filter used for the target resources in an experiment template.
│    │         + documentation: Specifies a filter used for the target resource input in an experiment template.
│    │         For more information, see [Resource filters](https://docs.aws.amazon.com/fis/latest/userguide/targets.html#target-filters) in the *AWS Fault Injection Service User Guide* .
│    └[~] resource AWS::FIS::TargetAccountConfiguration
│      └  - documentation: Creates a target account configuration for the experiment template. A target account configuration is required when `accountTargeting` of `experimentOptions` is set to `multi-account` . For more information, see [experiment options](https://docs.aws.amazon.com/fis/latest/userguide/experiment-options.html) in the *AWS Fault Injection Simulator User Guide* .
│         + documentation: Creates a target account configuration for the experiment template. A target account configuration is required when `accountTargeting` of `experimentOptions` is set to `multi-account` . For more information, see [experiment options](https://docs.aws.amazon.com/fis/latest/userguide/experiment-options.html) in the *AWS Fault Injection Service User Guide* .
├[~] service aws-internetmonitor
│ └ resources
│    └[~] resource AWS::InternetMonitor::Monitor
│      └ types
│         ├[~] type InternetMeasurementsLogDelivery
│         │ └ properties
│         │    └ S3Config: (documentation changed)
│         └[~] type S3Config
│           ├  - documentation: The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) bucket prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` if you choose to deliver internet measurements to S3 logs, and `DISABLED` otherwise.
│           │  The measurements are also published to Amazon CloudWatch Logs.
│           │  + documentation: The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` or `DISABLED` , depending on whether you choose to deliver internet measurements to S3 logs.
│           └ properties
│              ├ BucketName: (documentation changed)
│              ├ BucketPrefix: (documentation changed)
│              └ LogDeliveryStatus: (documentation changed)
├[~] service aws-iot
│ └ resources
│    ├[~] resource AWS::IoT::SoftwarePackage
│    │ └ properties
│    │    ├ Description: (documentation changed)
│    │    ├ PackageName: (documentation changed)
│    │    └ Tags: (documentation changed)
│    └[~] resource AWS::IoT::SoftwarePackageVersion
│      └ properties
│         ├ Attributes: (documentation changed)
│         ├ Description: (documentation changed)
│         ├ PackageName: (documentation changed)
│         ├ Tags: (documentation changed)
│         └ VersionName: (documentation changed)
├[~] service aws-networkmanager
│ └ resources
│    └[~] resource AWS::NetworkManager::Device
│      └ attributes
│         └ CreatedAt: (documentation changed)
├[~] service aws-osis
│ └ resources
│    └[~] resource AWS::OSIS::Pipeline
│      ├ properties
│      │  ├ BufferOptions: (documentation changed)
│      │  └ EncryptionAtRestOptions: (documentation changed)
│      └ types
│         ├[~] type BufferOptions
│         │ └  - documentation: Key-value pairs to configure buffering.
│         │    + documentation: Options that specify the configuration of a persistent buffer. To configure how OpenSearch Ingestion encrypts this data, set the EncryptionAtRestOptions.
│         └[~] type EncryptionAtRestOptions
│           ├  - documentation: Key-value pairs to configure encryption at rest.
│           │  + documentation: Options to control how OpenSearch encrypts all data-at-rest.
│           └ properties
│              └ KmsKeyArn: (documentation changed)
├[~] service aws-rolesanywhere
│ └ resources
│    ├[~] resource AWS::RolesAnywhere::Profile
│    │ ├  - documentation: Creates a Profile.
│    │ │  + documentation: Creates a *profile* , a list of the roles that Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.
│    │ │  *Required permissions:* `rolesanywhere:CreateProfile` .
│    │ └ properties
│    │    ├ DurationSeconds: (documentation changed)
│    │    ├ Enabled: (documentation changed)
│    │    ├ ManagedPolicyArns: (documentation changed)
│    │    ├ Name: (documentation changed)
│    │    ├ RequireInstanceProperties: (documentation changed)
│    │    ├ RoleArns: (documentation changed)
│    │    ├ SessionPolicy: (documentation changed)
│    │    └ Tags: (documentation changed)
│    └[~] resource AWS::RolesAnywhere::TrustAnchor
│      ├  - documentation: Creates a TrustAnchor.
│      │  + documentation: Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA). You can define a trust anchor as a reference to an AWS Private Certificate Authority ( AWS Private CA ) or by uploading a CA certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary AWS credentials.
│      │  *Required permissions:* `rolesanywhere:CreateTrustAnchor` .
│      └ types
│         ├[~] type Source
│         │ ├  - documentation: Object representing the TrustAnchor type and its related certificate data.
│         │ │  + documentation: The trust anchor type and its related certificate data.
│         │ └ properties
│         │    ├ SourceData: (documentation changed)
│         │    └ SourceType: (documentation changed)
│         └[~] type SourceData
│           └  - documentation: A union object representing the data field of the TrustAnchor depending on its type
│              + documentation: The data field of the trust anchor depending on its type.
└[~] service aws-sagemaker
  └ resources
     └[~] resource AWS::SageMaker::FeatureGroup
       └ types
          └[~] type OnlineStoreConfig
            └ properties
               └ StorageType: (documentation changed)