fix(backup): BackupVault.fromBackupVaultArn parses wrong arn format (#25259)

`BackupVault.fromBackupVaultArn` parsed ARNs using the `ArnFormat.SLASH_RESOURCE_NAME` format.
This fix changes it to the [expected](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsbackup.html#awsbackup-resources-for-iam-policies) `ArnFormat.COLON_RESOURCE_NAME` format.

Closes #25212 .

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: lpizzinidev

packages/aws-cdk-lib/aws-backup/lib/vault.ts

@@ -243,8 +243,11 @@ export class BackupVault extends BackupVaultBase {
    * Import an existing backup vault by arn
    */
   public static fromBackupVaultArn(scope: Construct, id: string, backupVaultArn: string): IBackupVault {
-    const parsedArn = Stack.of(scope).splitArn(backupVaultArn, ArnFormat.SLASH_RESOURCE_NAME);
+    const parsedArn = Stack.of(scope).splitArn(backupVaultArn, ArnFormat.COLON_RESOURCE_NAME);
 
+    if (parsedArn.arnFormat !== ArnFormat.COLON_RESOURCE_NAME) {
+      throw new Error(`Backup Vault Arn ${backupVaultArn} has the wrong format, expected ${ArnFormat.COLON_RESOURCE_NAME}.`);
+    }
     if (!parsedArn.resourceName) {
       throw new Error(`Backup Vault Arn ${backupVaultArn} does not have a resource name.`);
     }

packages/aws-cdk-lib/aws-backup/test/vault.test.ts

@@ -276,6 +276,18 @@ test('import from arn', () => {
   expect(vault.backupVaultArn).toEqual(vaultArn);
 });
 
+test('import from arn should throw if arn format is incorrect', () => {
+  // WHEN
+  const vaultArn = stack.formatArn({
+    service: 'backup',
+    resource: 'backup-vault',
+    resourceName: 'myVaultName',
+    arnFormat: ArnFormat.SLASH_RESOURCE_NAME,
+  });
+
+  expect(() => BackupVault.fromBackupVaultArn(stack, 'Vault', vaultArn)).toThrow(/has the wrong format, expected arn:aws:service:region:account:resource:resourceName/);
+});
+
 test('import from name', () => {
   // WHEN
   const vaultName = 'myVaultName';