aws-sdk-macie2 1.40.0 → 1.61.0

data/lib/aws-sdk-macie2/types.rb

@@ -18,15 +18,6 @@ module Aws::Macie2
     # The masterAccount property has been deprecated and is retained only
     # for backward compatibility.
     #
-    # @note When making an API call, you may pass AcceptInvitationRequest
-    #   data as a hash:
-    #
-    #       {
-    #         administrator_account_id: "__string",
-    #         invitation_id: "__string", # required
-    #         master_account: "__string",
-    #       }
-    #
     # @!attribute [rw] administrator_account_id
     #   @return [String]
     #
@@ -85,14 +76,6 @@ module Aws::Macie2
     # Specifies the details of an account to associate with an Amazon Macie
     # administrator account.
     #
-    # @note When making an API call, you may pass AccountDetail
-    #   data as a hash:
-    #
-    #       {
-    #         account_id: "__string", # required
-    #         email: "__string", # required
-    #       }
-    #
     # @!attribute [rw] account_id
     #   @return [String]
     #
@@ -113,8 +96,8 @@ module Aws::Macie2
     #
     # @!attribute [rw] block_public_access
     #   Provides information about the block public access settings for an
-    #   S3 bucket. These settings can apply to a bucket at the account level
-    #   or bucket level. For detailed information about each setting, see
+    #   S3 bucket. These settings can apply to a bucket at the account or
+    #   bucket level. For detailed information about each setting, see
     #   [Blocking public access to your Amazon S3 storage][1] in the *Amazon
     #   Simple Storage Service User Guide*.
     #
@@ -152,6 +135,81 @@ module Aws::Macie2
       include Aws::Structure
     end
 
+    # Specifies the criteria for an allow list. The criteria must specify a
+    # regular expression (regex) or an S3 object (s3WordsList). It can't
+    # specify both.
+    #
+    # @!attribute [rw] regex
+    #   @return [String]
+    #
+    # @!attribute [rw] s3_words_list
+    #   Provides information about an S3 object that lists specific text to
+    #   ignore.
+    #   @return [Types::S3WordsList]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/AllowListCriteria AWS API Documentation
+    #
+    class AllowListCriteria < Struct.new(
+      :regex,
+      :s3_words_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides information about the current status of an allow list, which
+    # indicates whether Amazon Macie can access and use the list's
+    # criteria.
+    #
+    # @!attribute [rw] code
+    #   Indicates the current status of an allow list. Depending on the type
+    #   of criteria that the list specifies, possible values are:
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/AllowListStatus AWS API Documentation
+    #
+    class AllowListStatus < Struct.new(
+      :code,
+      :description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides a subset of information about an allow list.
+    #
+    # @!attribute [rw] arn
+    #   @return [String]
+    #
+    # @!attribute [rw] created_at
+    #   @return [Time]
+    #
+    # @!attribute [rw] description
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   @return [String]
+    #
+    # @!attribute [rw] updated_at
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/AllowListSummary AWS API Documentation
+    #
+    class AllowListSummary < Struct.new(
+      :arn,
+      :created_at,
+      :description,
+      :id,
+      :name,
+      :updated_at)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Provides information about an API operation that an entity invoked for
     # an affected resource.
     #
@@ -282,13 +340,6 @@ module Aws::Macie2
     # Specifies one or more custom data identifiers to retrieve information
     # about.
     #
-    # @note When making an API call, you may pass BatchGetCustomDataIdentifiersRequest
-    #   data as a hash:
-    #
-    #       {
-    #         ids: ["__string"],
-    #       }
-    #
     # @!attribute [rw] ids
     #   @return [Array<String>]
     #
@@ -318,10 +369,10 @@ module Aws::Macie2
     end
 
     # Provides information about the block public access settings for an S3
-    # bucket. These settings can apply to a bucket at the account level or
-    # bucket level. For detailed information about each setting, see
-    # [Blocking public access to your Amazon S3 storage][1] in the *Amazon
-    # Simple Storage Service User Guide*.
+    # bucket. These settings can apply to a bucket at the account or bucket
+    # level. For detailed information about each setting, see [Blocking
+    # public access to your Amazon S3 storage][1] in the *Amazon Simple
+    # Storage Service User Guide*.
     #
     #
     #
@@ -351,7 +402,7 @@ module Aws::Macie2
     end
 
     # Provides information about the number of S3 buckets that are publicly
-    # accessible based on a combination of permissions settings for each
+    # accessible due to a combination of permissions settings for each
     # bucket.
     #
     # @!attribute [rw] publicly_accessible
@@ -377,11 +428,12 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # Provides information about the number of S3 buckets that use certain
-    # types of server-side encryption by default or don't encrypt new
-    # objects by default. For detailed information about these settings, see
-    # [Setting default server-side encryption behavior for Amazon S3
-    # buckets][1] in the *Amazon Simple Storage Service User Guide*.
+    # Provides information about the number of S3 buckets whose settings do
+    # or don't specify default server-side encryption behavior for objects
+    # that are added to the buckets. For detailed information about these
+    # settings, see [Setting default server-side encryption behavior for
+    # Amazon S3 buckets][1] in the *Amazon Simple Storage Service User
+    # Guide*.
     #
     #
     #
@@ -411,7 +463,12 @@ module Aws::Macie2
     end
 
     # Provides information about the number of S3 buckets that are or
-    # aren't shared with other Amazon Web Services accounts.
+    # aren't shared with other Amazon Web Services accounts, Amazon
+    # CloudFront origin access identities (OAIs), or CloudFront origin
+    # access controls (OACs). In this data, an *Amazon Macie organization*
+    # is defined as a set of Macie accounts that are centrally managed as a
+    # group of related accounts through Organizations or by Macie
+    # invitation.
     #
     # @!attribute [rw] external
     #   @return [Integer]
@@ -438,7 +495,7 @@ module Aws::Macie2
 
     # Provides information about the number of S3 buckets whose bucket
     # policies do or don't require server-side encryption of objects when
-    # objects are uploaded to the buckets.
+    # objects are added to the buckets.
     #
     # @!attribute [rw] allows_unencrypted_object_uploads
     #   @return [Integer]
@@ -462,19 +519,6 @@ module Aws::Macie2
     # Specifies the operator to use in a property-based condition that
     # filters the results of a query for information about S3 buckets.
     #
-    # @note When making an API call, you may pass BucketCriteriaAdditionalProperties
-    #   data as a hash:
-    #
-    #       {
-    #         eq: ["__string"],
-    #         gt: 1,
-    #         gte: 1,
-    #         lt: 1,
-    #         lte: 1,
-    #         neq: ["__string"],
-    #         prefix: "__string",
-    #       }
-    #
     # @!attribute [rw] eq
     #   @return [Array<String>]
     #
@@ -520,8 +564,8 @@ module Aws::Macie2
     #
     # @!attribute [rw] block_public_access
     #   Provides information about the block public access settings for an
-    #   S3 bucket. These settings can apply to a bucket at the account level
-    #   or bucket level. For detailed information about each setting, see
+    #   S3 bucket. These settings can apply to a bucket at the account or
+    #   bucket level. For detailed information about each setting, see
     #   [Blocking public access to your Amazon S3 storage][1] in the *Amazon
     #   Simple Storage Service User Guide*.
     #
@@ -546,13 +590,22 @@ module Aws::Macie2
     end
 
     # Provides statistical data and other information about an S3 bucket
-    # that Amazon Macie monitors and analyzes for your account. If an error
-    # occurs when Macie attempts to retrieve and process information about
-    # the bucket or the bucket's objects, the value for the versioning
-    # property is false and the value for most other properties is null.
-    # Exceptions are accountId, bucketArn, bucketCreatedAt, bucketName,
-    # lastUpdated, and region. To identify the cause of the error, refer to
-    # the errorCode and errorMessage values.
+    # that Amazon Macie monitors and analyzes for your account. By default,
+    # object count and storage size values include data for object parts
+    # that are the result of incomplete multipart uploads. For more
+    # information, see [How Macie monitors Amazon S3 data security][1] in
+    # the *Amazon Macie User Guide*.
+    #
+    # If an error occurs when Macie attempts to retrieve and process
+    # metadata from Amazon S3 for the bucket or the bucket's objects, the
+    # value for the versioning property is false and the value for most
+    # other properties is null. Key exceptions are accountId, bucketArn,
+    # bucketCreatedAt, bucketName, lastUpdated, and region. To identify the
+    # cause of the error, refer to the errorCode and errorMessage values.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/macie/latest/user/monitoring-s3-how-it-works.html
     #
     # @!attribute [rw] account_id
     #   @return [String]
@@ -577,8 +630,8 @@ module Aws::Macie2
     #
     # @!attribute [rw] error_code
     #   The error code for an error that prevented Amazon Macie from
-    #   retrieving and processing information about an S3 bucket and the
-    #   bucket's objects.
+    #   retrieving and processing metadata from Amazon S3 for an S3 bucket
+    #   and the bucket's objects.
     #   @return [String]
     #
     # @!attribute [rw] error_message
@@ -590,6 +643,9 @@ module Aws::Macie2
     #   of the job that ran most recently.
     #   @return [Types::JobDetails]
     #
+    # @!attribute [rw] last_automated_discovery_time
+    #   @return [Time]
+    #
     # @!attribute [rw] last_updated
     #   @return [Time]
     #
@@ -616,6 +672,9 @@ module Aws::Macie2
     #   Amazon Web Services accounts and, if so, which accounts.
     #   @return [Types::ReplicationDetails]
     #
+    # @!attribute [rw] sensitivity_score
+    #   @return [Integer]
+    #
     # @!attribute [rw] server_side_encryption
     #   Provides information about the default server-side encryption
     #   settings for an S3 bucket. For detailed information about these
@@ -645,10 +704,10 @@ module Aws::Macie2
     #   number of objects that Amazon Macie can't analyze in one or more S3
     #   buckets. In a BucketMetadata or MatchingBucket object, this data is
     #   for a specific bucket. In a GetBucketStatisticsResponse object, this
-    #   data is aggregated for the buckets in the query results. If
-    #   versioning is enabled for a bucket, total storage size values are
-    #   based on the size of the latest version of each applicable object in
-    #   the bucket.
+    #   data is aggregated for all the buckets in the query results. If
+    #   versioning is enabled for a bucket, storage size values are based on
+    #   the size of the latest version of each applicable object in the
+    #   bucket.
     #   @return [Types::ObjectLevelStatistics]
     #
     # @!attribute [rw] unclassifiable_object_size_in_bytes
@@ -656,10 +715,10 @@ module Aws::Macie2
     #   number of objects that Amazon Macie can't analyze in one or more S3
     #   buckets. In a BucketMetadata or MatchingBucket object, this data is
     #   for a specific bucket. In a GetBucketStatisticsResponse object, this
-    #   data is aggregated for the buckets in the query results. If
-    #   versioning is enabled for a bucket, total storage size values are
-    #   based on the size of the latest version of each applicable object in
-    #   the bucket.
+    #   data is aggregated for all the buckets in the query results. If
+    #   versioning is enabled for a bucket, storage size values are based on
+    #   the size of the latest version of each applicable object in the
+    #   bucket.
     #   @return [Types::ObjectLevelStatistics]
     #
     # @!attribute [rw] versioning
@@ -678,12 +737,14 @@ module Aws::Macie2
       :error_code,
       :error_message,
       :job_details,
+      :last_automated_discovery_time,
       :last_updated,
       :object_count,
       :object_count_by_encryption_type,
       :public_access,
       :region,
       :replication_details,
+      :sensitivity_score,
       :server_side_encryption,
       :shared_access,
       :size_in_bytes,
@@ -783,14 +844,6 @@ module Aws::Macie2
     # Specifies criteria for sorting the results of a query for information
     # about S3 buckets.
     #
-    # @note When making an API call, you may pass BucketSortCriteria
-    #   data as a hash:
-    #
-    #       {
-    #         attribute_name: "__string",
-    #         order_by: "ASC", # accepts ASC, DESC
-    #       }
-    #
     # @!attribute [rw] attribute_name
     #   @return [String]
     #
@@ -806,6 +859,62 @@ module Aws::Macie2
       include Aws::Structure
     end
 
+    # Provides aggregated statistical data for sensitive data discovery
+    # metrics that apply to S3 buckets, grouped by bucket sensitivity score
+    # (sensitivityScore). If automated sensitive data discovery is currently
+    # disabled for your account, the value for each metric is 0.
+    #
+    # @!attribute [rw] classification_error
+    #   Provides aggregated statistical data for sensitive data discovery
+    #   metrics that apply to S3 buckets. Each field contains aggregated
+    #   data for all the buckets that have a sensitivity score
+    #   (sensitivityScore) of a specified value or within a specified range
+    #   (BucketStatisticsBySensitivity). If automated sensitive data
+    #   discovery is currently disabled for your account, the value for each
+    #   field is 0.
+    #   @return [Types::SensitivityAggregations]
+    #
+    # @!attribute [rw] not_classified
+    #   Provides aggregated statistical data for sensitive data discovery
+    #   metrics that apply to S3 buckets. Each field contains aggregated
+    #   data for all the buckets that have a sensitivity score
+    #   (sensitivityScore) of a specified value or within a specified range
+    #   (BucketStatisticsBySensitivity). If automated sensitive data
+    #   discovery is currently disabled for your account, the value for each
+    #   field is 0.
+    #   @return [Types::SensitivityAggregations]
+    #
+    # @!attribute [rw] not_sensitive
+    #   Provides aggregated statistical data for sensitive data discovery
+    #   metrics that apply to S3 buckets. Each field contains aggregated
+    #   data for all the buckets that have a sensitivity score
+    #   (sensitivityScore) of a specified value or within a specified range
+    #   (BucketStatisticsBySensitivity). If automated sensitive data
+    #   discovery is currently disabled for your account, the value for each
+    #   field is 0.
+    #   @return [Types::SensitivityAggregations]
+    #
+    # @!attribute [rw] sensitive
+    #   Provides aggregated statistical data for sensitive data discovery
+    #   metrics that apply to S3 buckets. Each field contains aggregated
+    #   data for all the buckets that have a sensitivity score
+    #   (sensitivityScore) of a specified value or within a specified range
+    #   (BucketStatisticsBySensitivity). If automated sensitive data
+    #   discovery is currently disabled for your account, the value for each
+    #   field is 0.
+    #   @return [Types::SensitivityAggregations]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/BucketStatisticsBySensitivity AWS API Documentation
+    #
+    class BucketStatisticsBySensitivity < Struct.new(
+      :classification_error,
+      :not_classified,
+      :not_sensitive,
+      :sensitive)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Specifies the location of an occurrence of sensitive data in a
     # Microsoft Excel workbook, CSV file, or TSV file.
     #
@@ -832,8 +941,8 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # Provides information about a sensitive data finding, including the
-    # classification job that produced the finding.
+    # Provides information about a sensitive data finding and the details of
+    # the finding.
     #
     # @!attribute [rw] detailed_results_location
     #   @return [String]
@@ -844,6 +953,11 @@ module Aws::Macie2
     # @!attribute [rw] job_id
     #   @return [String]
     #
+    # @!attribute [rw] origin_type
+    #   Specifies how Amazon Macie found the sensitive data that produced a
+    #   finding. Possible values are:
+    #   @return [String]
+    #
     # @!attribute [rw] result
     #   Provides the details of a sensitive data finding, including the
     #   types, number of occurrences, and locations of the sensitive data
@@ -856,25 +970,15 @@ module Aws::Macie2
       :detailed_results_location,
       :job_arn,
       :job_id,
+      :origin_type,
       :result)
       SENSITIVE = []
       include Aws::Structure
     end
 
     # Specifies where to store data classification results, and the
-    # encryption settings to use when storing results in that location.
-    # Currently, you can store classification results only in an S3 bucket.
-    #
-    # @note When making an API call, you may pass ClassificationExportConfiguration
-    #   data as a hash:
-    #
-    #       {
-    #         s3_destination: {
-    #           bucket_name: "__string", # required
-    #           key_prefix: "__string",
-    #           kms_key_arn: "__string", # required
-    #         },
-    #       }
+    # encryption settings to use when storing results in that location. The
+    # location must be an S3 bucket.
     #
     # @!attribute [rw] s3_destination
     #   Specifies an S3 bucket to store data classification results in, and
@@ -947,6 +1051,27 @@ module Aws::Macie2
       include Aws::Structure
     end
 
+    # Provides information about the classification scope for an Amazon
+    # Macie account. Macie uses the scope's settings when it performs
+    # automated sensitive data discovery for the account.
+    #
+    # @!attribute [rw] id
+    #   The unique identifier the classification scope.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the classification scope.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/ClassificationScopeSummary AWS API Documentation
+    #
+    class ClassificationScopeSummary < Struct.new(
+      :id,
+      :name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Provides information about an error that occurred due to a versioning
     # conflict for a specified resource.
     #
@@ -961,135 +1086,71 @@ module Aws::Macie2
       include Aws::Structure
     end
 
+    # Specifies the settings for an allow list. When Amazon Macie processes
+    # the request, Macie tests the list's criteria. If the criteria specify
+    # a regular expression that Macie can't compile or an S3 object that
+    # Macie can't retrieve or parse, an error occurs.
+    #
+    # @!attribute [rw] client_token
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #   @return [String]
+    #
+    # @!attribute [rw] criteria
+    #   Specifies the criteria for an allow list. The criteria must specify
+    #   a regular expression (regex) or an S3 object (s3WordsList). It
+    #   can't specify both.
+    #   @return [Types::AllowListCriteria]
+    #
+    # @!attribute [rw] description
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   A string-to-string map of key-value pairs that specifies the tags
+    #   (keys and values) for an Amazon Macie resource.
+    #   @return [Hash<String,String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/CreateAllowListRequest AWS API Documentation
+    #
+    class CreateAllowListRequest < Struct.new(
+      :client_token,
+      :criteria,
+      :description,
+      :name,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides information about an allow list that was created in response
+    # to a request.
+    #
+    # @!attribute [rw] arn
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/CreateAllowListResponse AWS API Documentation
+    #
+    class CreateAllowListResponse < Struct.new(
+      :arn,
+      :id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Specifies the scope, schedule, and other settings for a classification
     # job. You can't change any settings for a classification job after you
-    # create it. This helps ensure that you have an immutable history of
+    # create it. This helps to ensure that you have an immutable history of
     # sensitive data findings and discovery results for data privacy and
     # protection audits or investigations.
     #
-    # @note When making an API call, you may pass CreateClassificationJobRequest
-    #   data as a hash:
-    #
-    #       {
-    #         client_token: "__string", # required
-    #         custom_data_identifier_ids: ["__string"],
-    #         description: "__string",
-    #         initial_run: false,
-    #         job_type: "ONE_TIME", # required, accepts ONE_TIME, SCHEDULED
-    #         managed_data_identifier_ids: ["__string"],
-    #         managed_data_identifier_selector: "ALL", # accepts ALL, EXCLUDE, INCLUDE, NONE
-    #         name: "__string", # required
-    #         s3_job_definition: { # required
-    #           bucket_definitions: [
-    #             {
-    #               account_id: "__string", # required
-    #               buckets: ["__string"], # required
-    #             },
-    #           ],
-    #           scoping: {
-    #             excludes: {
-    #               and: [
-    #                 {
-    #                   simple_scope_term: {
-    #                     comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                     key: "OBJECT_EXTENSION", # accepts OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, OBJECT_KEY
-    #                     values: ["__string"],
-    #                   },
-    #                   tag_scope_term: {
-    #                     comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                     key: "__string",
-    #                     tag_values: [
-    #                       {
-    #                         key: "__string",
-    #                         value: "__string",
-    #                       },
-    #                     ],
-    #                     target: "S3_OBJECT", # accepts S3_OBJECT
-    #                   },
-    #                 },
-    #               ],
-    #             },
-    #             includes: {
-    #               and: [
-    #                 {
-    #                   simple_scope_term: {
-    #                     comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                     key: "OBJECT_EXTENSION", # accepts OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, OBJECT_KEY
-    #                     values: ["__string"],
-    #                   },
-    #                   tag_scope_term: {
-    #                     comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                     key: "__string",
-    #                     tag_values: [
-    #                       {
-    #                         key: "__string",
-    #                         value: "__string",
-    #                       },
-    #                     ],
-    #                     target: "S3_OBJECT", # accepts S3_OBJECT
-    #                   },
-    #                 },
-    #               ],
-    #             },
-    #           },
-    #           bucket_criteria: {
-    #             excludes: {
-    #               and: [
-    #                 {
-    #                   simple_criterion: {
-    #                     comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                     key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
-    #                     values: ["__string"],
-    #                   },
-    #                   tag_criterion: {
-    #                     comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                     tag_values: [
-    #                       {
-    #                         key: "__string",
-    #                         value: "__string",
-    #                       },
-    #                     ],
-    #                   },
-    #                 },
-    #               ],
-    #             },
-    #             includes: {
-    #               and: [
-    #                 {
-    #                   simple_criterion: {
-    #                     comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                     key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
-    #                     values: ["__string"],
-    #                   },
-    #                   tag_criterion: {
-    #                     comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                     tag_values: [
-    #                       {
-    #                         key: "__string",
-    #                         value: "__string",
-    #                       },
-    #                     ],
-    #                   },
-    #                 },
-    #               ],
-    #             },
-    #           },
-    #         },
-    #         sampling_percentage: 1,
-    #         schedule_frequency: {
-    #           daily_schedule: {
-    #           },
-    #           monthly_schedule: {
-    #             day_of_month: 1,
-    #           },
-    #           weekly_schedule: {
-    #             day_of_week: "SUNDAY", # accepts SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY
-    #           },
-    #         },
-    #         tags: {
-    #           "__string" => "__string",
-    #         },
-    #       }
+    # @!attribute [rw] allow_list_ids
+    #   @return [Array<String>]
     #
     # @!attribute [rw] client_token
     #   **A suitable default value is auto-generated.** You should normally
@@ -1139,13 +1200,13 @@ module Aws::Macie2
     #
     # @!attribute [rw] tags
     #   A string-to-string map of key-value pairs that specifies the tags
-    #   (keys and values) for a classification job, custom data identifier,
-    #   findings filter, or member account.
+    #   (keys and values) for an Amazon Macie resource.
     #   @return [Hash<String,String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/CreateClassificationJobRequest AWS API Documentation
     #
     class CreateClassificationJobRequest < Struct.new(
+      :allow_list_ids,
       :client_token,
       :custom_data_identifier_ids,
       :description,
@@ -1182,32 +1243,10 @@ module Aws::Macie2
 
     # Specifies the detection criteria and other settings for a custom data
     # identifier. You can't change a custom data identifier after you
-    # create it. This helps ensure that you have an immutable history of
+    # create it. This helps to ensure that you have an immutable history of
     # sensitive data findings and discovery results for data privacy and
     # protection audits or investigations.
     #
-    # @note When making an API call, you may pass CreateCustomDataIdentifierRequest
-    #   data as a hash:
-    #
-    #       {
-    #         client_token: "__string",
-    #         description: "__string",
-    #         ignore_words: ["__string"],
-    #         keywords: ["__string"],
-    #         maximum_match_distance: 1,
-    #         name: "__string",
-    #         regex: "__string",
-    #         severity_levels: [
-    #           {
-    #             occurrences_threshold: 1, # required
-    #             severity: "LOW", # required, accepts LOW, MEDIUM, HIGH
-    #           },
-    #         ],
-    #         tags: {
-    #           "__string" => "__string",
-    #         },
-    #       }
-    #
     # @!attribute [rw] client_token
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.
@@ -1250,8 +1289,7 @@ module Aws::Macie2
     #
     # @!attribute [rw] tags
     #   A string-to-string map of key-value pairs that specifies the tags
-    #   (keys and values) for a classification job, custom data identifier,
-    #   findings filter, or member account.
+    #   (keys and values) for an Amazon Macie resource.
     #   @return [Hash<String,String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/CreateCustomDataIdentifierRequest AWS API Documentation
@@ -1286,36 +1324,9 @@ module Aws::Macie2
 
     # Specifies the criteria and other settings for a new findings filter.
     #
-    # @note When making an API call, you may pass CreateFindingsFilterRequest
-    #   data as a hash:
-    #
-    #       {
-    #         action: "ARCHIVE", # required, accepts ARCHIVE, NOOP
-    #         client_token: "__string",
-    #         description: "__string",
-    #         finding_criteria: { # required
-    #           criterion: {
-    #             "__string" => {
-    #               eq: ["__string"],
-    #               eq_exact_match: ["__string"],
-    #               gt: 1,
-    #               gte: 1,
-    #               lt: 1,
-    #               lte: 1,
-    #               neq: ["__string"],
-    #             },
-    #           },
-    #         },
-    #         name: "__string", # required
-    #         position: 1,
-    #         tags: {
-    #           "__string" => "__string",
-    #         },
-    #       }
-    #
     # @!attribute [rw] action
-    #   The action to perform on findings that meet the filter criteria. To
-    #   suppress (automatically archive) findings that meet the criteria,
+    #   The action to perform on findings that match the filter criteria. To
+    #   suppress (automatically archive) findings that match the criteria,
     #   set this value to ARCHIVE. Valid values are:
     #   @return [String]
     #
@@ -1340,8 +1351,7 @@ module Aws::Macie2
     #
     # @!attribute [rw] tags
     #   A string-to-string map of key-value pairs that specifies the tags
-    #   (keys and values) for a classification job, custom data identifier,
-    #   findings filter, or member account.
+    #   (keys and values) for an Amazon Macie resource.
     #   @return [Hash<String,String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/CreateFindingsFilterRequest AWS API Documentation
@@ -1383,15 +1393,6 @@ module Aws::Macie2
     # notification on the recipient's console. You can optionally notify
     # the recipient by also sending the invitation as an email message.
     #
-    # @note When making an API call, you may pass CreateInvitationsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         account_ids: ["__string"], # required
-    #         disable_email_notification: false,
-    #         message: "__string",
-    #       }
-    #
     # @!attribute [rw] account_ids
     #   @return [Array<String>]
     #
@@ -1428,19 +1429,6 @@ module Aws::Macie2
     # Specifies an Amazon Web Services account to associate with an Amazon
     # Macie administrator account.
     #
-    # @note When making an API call, you may pass CreateMemberRequest
-    #   data as a hash:
-    #
-    #       {
-    #         account: { # required
-    #           account_id: "__string", # required
-    #           email: "__string", # required
-    #         },
-    #         tags: {
-    #           "__string" => "__string",
-    #         },
-    #       }
-    #
     # @!attribute [rw] account
     #   Specifies the details of an account to associate with an Amazon
     #   Macie administrator account.
@@ -1448,8 +1436,7 @@ module Aws::Macie2
     #
     # @!attribute [rw] tags
     #   A string-to-string map of key-value pairs that specifies the tags
-    #   (keys and values) for a classification job, custom data identifier,
-    #   findings filter, or member account.
+    #   (keys and values) for an Amazon Macie resource.
     #   @return [Hash<String,String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/CreateMemberRequest AWS API Documentation
@@ -1477,13 +1464,6 @@ module Aws::Macie2
 
     # Specifies the types of sample findings to create.
     #
-    # @note When making an API call, you may pass CreateSampleFindingsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         finding_types: ["SensitiveData:S3Object/Multiple"], # accepts SensitiveData:S3Object/Multiple, SensitiveData:S3Object/Financial, SensitiveData:S3Object/Personal, SensitiveData:S3Object/Credentials, SensitiveData:S3Object/CustomIdentifier, Policy:IAMUser/S3BucketPublic, Policy:IAMUser/S3BucketSharedExternally, Policy:IAMUser/S3BucketReplicatedExternally, Policy:IAMUser/S3BucketEncryptionDisabled, Policy:IAMUser/S3BlockPublicAccessDisabled
-    #       }
-    #
     # @!attribute [rw] finding_types
     #   @return [Array<String>]
     #
@@ -1503,30 +1483,6 @@ module Aws::Macie2
     # criteria for including or excluding S3 buckets from a classification
     # job.
     #
-    # @note When making an API call, you may pass CriteriaBlockForJob
-    #   data as a hash:
-    #
-    #       {
-    #         and: [
-    #           {
-    #             simple_criterion: {
-    #               comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #               key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
-    #               values: ["__string"],
-    #             },
-    #             tag_criterion: {
-    #               comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #               tag_values: [
-    #                 {
-    #                   key: "__string",
-    #                   value: "__string",
-    #                 },
-    #               ],
-    #             },
-    #           },
-    #         ],
-    #       }
-    #
     # @!attribute [rw] and
     #   @return [Array<Types::CriteriaForJob>]
     #
@@ -1541,26 +1497,6 @@ module Aws::Macie2
     # Specifies a property- or tag-based condition that defines criteria for
     # including or excluding S3 buckets from a classification job.
     #
-    # @note When making an API call, you may pass CriteriaForJob
-    #   data as a hash:
-    #
-    #       {
-    #         simple_criterion: {
-    #           comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #           key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
-    #           values: ["__string"],
-    #         },
-    #         tag_criterion: {
-    #           comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #           tag_values: [
-    #             {
-    #               key: "__string",
-    #               value: "__string",
-    #             },
-    #           ],
-    #         },
-    #       }
-    #
     # @!attribute [rw] simple_criterion
     #   Specifies a property-based condition that determines whether an S3
     #   bucket is included or excluded from a classification job.
@@ -1589,19 +1525,6 @@ module Aws::Macie2
     #
     # [1]: https://docs.aws.amazon.com/macie/latest/user/findings-filter-basics.html
     #
-    # @note When making an API call, you may pass CriterionAdditionalProperties
-    #   data as a hash:
-    #
-    #       {
-    #         eq: ["__string"],
-    #         eq_exact_match: ["__string"],
-    #         gt: 1,
-    #         gte: 1,
-    #         lt: 1,
-    #         lte: 1,
-    #         neq: ["__string"],
-    #       }
-    #
     # @!attribute [rw] eq
     #   @return [Array<String>]
     #
@@ -1730,13 +1653,6 @@ module Aws::Macie2
     # Specifies one or more accounts that sent Amazon Macie membership
     # invitations to decline.
     #
-    # @note When making an API call, you may pass DeclineInvitationsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         account_ids: ["__string"], # required
-    #       }
-    #
     # @!attribute [rw] account_ids
     #   @return [Array<String>]
     #
@@ -1788,13 +1704,25 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DeleteCustomDataIdentifierRequest
-    #   data as a hash:
+    # @!attribute [rw] id
+    #   @return [String]
     #
-    #       {
-    #         id: "__string", # required
-    #       }
+    # @!attribute [rw] ignore_job_checks
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/DeleteAllowListRequest AWS API Documentation
+    #
+    class DeleteAllowListRequest < Struct.new(
+      :id,
+      :ignore_job_checks)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/DeleteAllowListResponse AWS API Documentation
     #
+    class DeleteAllowListResponse < Aws::EmptyStructure; end
+
     # @!attribute [rw] id
     #   @return [String]
     #
@@ -1810,13 +1738,6 @@ module Aws::Macie2
     #
     class DeleteCustomDataIdentifierResponse < Aws::EmptyStructure; end
 
-    # @note When making an API call, you may pass DeleteFindingsFilterRequest
-    #   data as a hash:
-    #
-    #       {
-    #         id: "__string", # required
-    #       }
-    #
     # @!attribute [rw] id
     #   @return [String]
     #
@@ -1835,13 +1756,6 @@ module Aws::Macie2
     # Specifies one or more accounts that sent Amazon Macie membership
     # invitations to delete.
     #
-    # @note When making an API call, you may pass DeleteInvitationsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         account_ids: ["__string"], # required
-    #       }
-    #
     # @!attribute [rw] account_ids
     #   @return [Array<String>]
     #
@@ -1867,13 +1781,6 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DeleteMemberRequest
-    #   data as a hash:
-    #
-    #       {
-    #         id: "__string", # required
-    #       }
-    #
     # @!attribute [rw] id
     #   @return [String]
     #
@@ -1893,29 +1800,6 @@ module Aws::Macie2
     # of a query for statistical data and other information about S3
     # buckets.
     #
-    # @note When making an API call, you may pass DescribeBucketsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         criteria: {
-    #           "__string" => {
-    #             eq: ["__string"],
-    #             gt: 1,
-    #             gte: 1,
-    #             lt: 1,
-    #             lte: 1,
-    #             neq: ["__string"],
-    #             prefix: "__string",
-    #           },
-    #         },
-    #         max_results: 1,
-    #         next_token: "__string",
-    #         sort_criteria: {
-    #           attribute_name: "__string",
-    #           order_by: "ASC", # accepts ASC, DESC
-    #         },
-    #       }
-    #
     # @!attribute [rw] criteria
     #   Specifies, as a map, one or more property-based conditions that
     #   filter the results of a query for information about S3 buckets.
@@ -1962,13 +1846,6 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DescribeClassificationJobRequest
-    #   data as a hash:
-    #
-    #       {
-    #         job_id: "__string", # required
-    #       }
-    #
     # @!attribute [rw] job_id
     #   @return [String]
     #
@@ -1983,6 +1860,9 @@ module Aws::Macie2
     # Provides information about a classification job, including the current
     # configuration settings and status of the job.
     #
+    # @!attribute [rw] allow_list_ids
+    #   @return [Array<String>]
+    #
     # @!attribute [rw] client_token
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.
@@ -2062,8 +1942,7 @@ module Aws::Macie2
     #
     # @!attribute [rw] tags
     #   A string-to-string map of key-value pairs that specifies the tags
-    #   (keys and values) for a classification job, custom data identifier,
-    #   findings filter, or member account.
+    #   (keys and values) for an Amazon Macie resource.
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] user_paused_details
@@ -2080,6 +1959,7 @@ module Aws::Macie2
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/DescribeClassificationJobResponse AWS API Documentation
     #
     class DescribeClassificationJobResponse < Struct.new(
+      :allow_list_ids,
       :client_token,
       :created_at,
       :custom_data_identifier_ids,
@@ -2128,6 +2008,60 @@ module Aws::Macie2
       include Aws::Structure
     end
 
+    # Specifies 1-10 occurrences of a specific type of sensitive data
+    # reported by a finding.
+    #
+    # @!attribute [rw] value
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/DetectedDataDetails AWS API Documentation
+    #
+    class DetectedDataDetails < Struct.new(
+      :value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides information about a type of sensitive data that Amazon Macie
+    # found in an S3 bucket while performing automated sensitive data
+    # discovery for the bucket. The information also specifies the custom
+    # data identifier or managed data identifier that detected the data.
+    # This information is available only if automated sensitive data
+    # discovery is currently enabled for your account.
+    #
+    # @!attribute [rw] arn
+    #   @return [String]
+    #
+    # @!attribute [rw] count
+    #   @return [Integer]
+    #
+    # @!attribute [rw] id
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   @return [String]
+    #
+    # @!attribute [rw] suppressed
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] type
+    #   The type of data identifier that detected a specific type of
+    #   sensitive data in an S3 bucket. Possible values are:
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/Detection AWS API Documentation
+    #
+    class Detection < Struct.new(
+      :arn,
+      :count,
+      :id,
+      :name,
+      :suppressed,
+      :type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/DisableMacieRequest AWS API Documentation
@@ -2138,13 +2072,6 @@ module Aws::Macie2
     #
     class DisableMacieResponse < Aws::EmptyStructure; end
 
-    # @note When making an API call, you may pass DisableOrganizationAdminAccountRequest
-    #   data as a hash:
-    #
-    #       {
-    #         admin_account_id: "__string", # required
-    #       }
-    #
     # @!attribute [rw] admin_account_id
     #   @return [String]
     #
@@ -2180,13 +2107,6 @@ module Aws::Macie2
     #
     class DisassociateFromMasterAccountResponse < Aws::EmptyStructure; end
 
-    # @note When making an API call, you may pass DisassociateMemberRequest
-    #   data as a hash:
-    #
-    #       {
-    #         id: "__string", # required
-    #       }
-    #
     # @!attribute [rw] id
     #   @return [String]
     #
@@ -2226,15 +2146,6 @@ module Aws::Macie2
     # Enables Amazon Macie and specifies the configuration settings for a
     # Macie account.
     #
-    # @note When making an API call, you may pass EnableMacieRequest
-    #   data as a hash:
-    #
-    #       {
-    #         client_token: "__string",
-    #         finding_publishing_frequency: "FIFTEEN_MINUTES", # accepts FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS
-    #         status: "PAUSED", # accepts PAUSED, ENABLED
-    #       }
-    #
     # @!attribute [rw] client_token
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.
@@ -2243,10 +2154,9 @@ module Aws::Macie2
     # @!attribute [rw] finding_publishing_frequency
     #   The frequency with which Amazon Macie publishes updates to policy
     #   findings for an account. This includes publishing updates to
-    #   Security Hub and Amazon EventBridge (formerly called Amazon
-    #   CloudWatch Events). For more information, see [Monitoring and
-    #   processing findings][1] in the *Amazon Macie User Guide*. Valid
-    #   values are:
+    #   Security Hub and Amazon EventBridge (formerly Amazon CloudWatch
+    #   Events). For more information, see [Monitoring and processing
+    #   findings][1] in the *Amazon Macie User Guide*. Valid values are:
     #
     #
     #
@@ -2276,14 +2186,6 @@ module Aws::Macie2
     # this request, you must be a user of the Organizations management
     # account.
     #
-    # @note When making an API call, you may pass EnableOrganizationAdminAccountRequest
-    #   data as a hash:
-    #
-    #       {
-    #         admin_account_id: "__string", # required
-    #         client_token: "__string",
-    #       }
-    #
     # @!attribute [rw] admin_account_id
     #   @return [String]
     #
@@ -2348,12 +2250,12 @@ module Aws::Macie2
     #   @return [Boolean]
     #
     # @!attribute [rw] category
-    #   The category of the finding. Valid values are:
+    #   The category of the finding. Possible values are:
     #   @return [String]
     #
     # @!attribute [rw] classification_details
-    #   Provides information about a sensitive data finding, including the
-    #   classification job that produced the finding.
+    #   Provides information about a sensitive data finding and the details
+    #   of the finding.
     #   @return [Types::ClassificationDetails]
     #
     # @!attribute [rw] count
@@ -2398,7 +2300,7 @@ module Aws::Macie2
     #
     # @!attribute [rw] type
     #   The type of finding. For details about each type, see [Types of
-    #   Amazon Macie findings][1] in the *Amazon Macie User Guide*. Valid
+    #   Amazon Macie findings][1] in the *Amazon Macie User Guide*. Possible
     #   values are:
     #
     #
@@ -2487,23 +2389,6 @@ module Aws::Macie2
     # Specifies, as a map, one or more property-based conditions that filter
     # the results of a query for findings.
     #
-    # @note When making an API call, you may pass FindingCriteria
-    #   data as a hash:
-    #
-    #       {
-    #         criterion: {
-    #           "__string" => {
-    #             eq: ["__string"],
-    #             eq_exact_match: ["__string"],
-    #             gt: 1,
-    #             gte: 1,
-    #             lt: 1,
-    #             lte: 1,
-    #             neq: ["__string"],
-    #           },
-    #         },
-    #       }
-    #
     # @!attribute [rw] criterion
     #   Specifies a condition that defines a property, operator, and one or
     #   more values to filter the results of a query for findings. The
@@ -2528,14 +2413,6 @@ module Aws::Macie2
     # Specifies criteria for sorting the results of a query that retrieves
     # aggregated statistical data about findings.
     #
-    # @note When making an API call, you may pass FindingStatisticsSortCriteria
-    #   data as a hash:
-    #
-    #       {
-    #         attribute_name: "groupKey", # accepts groupKey, count
-    #         order_by: "ASC", # accepts ASC, DESC
-    #       }
-    #
     # @!attribute [rw] attribute_name
     #   The grouping to sort the results by. Valid values are:
     #   @return [String]
@@ -2555,8 +2432,8 @@ module Aws::Macie2
     # Provides information about a findings filter.
     #
     # @!attribute [rw] action
-    #   The action to perform on findings that meet the filter criteria. To
-    #   suppress (automatically archive) findings that meet the criteria,
+    #   The action to perform on findings that match the filter criteria. To
+    #   suppress (automatically archive) findings that match the criteria,
     #   set this value to ARCHIVE. Valid values are:
     #   @return [String]
     #
@@ -2571,8 +2448,7 @@ module Aws::Macie2
     #
     # @!attribute [rw] tags
     #   A string-to-string map of key-value pairs that specifies the tags
-    #   (keys and values) for a classification job, custom data identifier,
-    #   findings filter, or member account.
+    #   (keys and values) for an Amazon Macie resource.
     #   @return [Hash<String,String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/FindingsFilterListItem AWS API Documentation
@@ -2610,46 +2486,159 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # Specifies the account that owns the S3 buckets to retrieve aggregated
-    # statistical data for.
-    #
-    # @note When making an API call, you may pass GetBucketStatisticsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         account_id: "__string",
-    #       }
-    #
-    # @!attribute [rw] account_id
+    # @!attribute [rw] id
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetBucketStatisticsRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetAllowListRequest AWS API Documentation
     #
-    class GetBucketStatisticsRequest < Struct.new(
-      :account_id)
+    class GetAllowListRequest < Struct.new(
+      :id)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # Provides the results of a query that retrieved aggregated statistical
-    # data for all the S3 buckets that Amazon Macie monitors and analyzes
-    # for your account.
+    # Provides information about the settings and status of an allow list.
     #
-    # @!attribute [rw] bucket_count
-    #   @return [Integer]
+    # @!attribute [rw] arn
+    #   @return [String]
     #
-    # @!attribute [rw] bucket_count_by_effective_permission
-    #   Provides information about the number of S3 buckets that are
-    #   publicly accessible based on a combination of permissions settings
-    #   for each bucket.
-    #   @return [Types::BucketCountByEffectivePermission]
+    # @!attribute [rw] created_at
+    #   @return [Time]
     #
-    # @!attribute [rw] bucket_count_by_encryption_type
-    #   Provides information about the number of S3 buckets that use certain
-    #   types of server-side encryption by default or don't encrypt new
-    #   objects by default. For detailed information about these settings,
-    #   see [Setting default server-side encryption behavior for Amazon S3
-    #   buckets][1] in the *Amazon Simple Storage Service User Guide*.
+    # @!attribute [rw] criteria
+    #   Specifies the criteria for an allow list. The criteria must specify
+    #   a regular expression (regex) or an S3 object (s3WordsList). It
+    #   can't specify both.
+    #   @return [Types::AllowListCriteria]
+    #
+    # @!attribute [rw] description
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   Provides information about the current status of an allow list,
+    #   which indicates whether Amazon Macie can access and use the list's
+    #   criteria.
+    #   @return [Types::AllowListStatus]
+    #
+    # @!attribute [rw] tags
+    #   A string-to-string map of key-value pairs that specifies the tags
+    #   (keys and values) for an Amazon Macie resource.
+    #   @return [Hash<String,String>]
+    #
+    # @!attribute [rw] updated_at
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetAllowListResponse AWS API Documentation
+    #
+    class GetAllowListResponse < Struct.new(
+      :arn,
+      :created_at,
+      :criteria,
+      :description,
+      :id,
+      :name,
+      :status,
+      :tags,
+      :updated_at)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @api private
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetAutomatedDiscoveryConfigurationRequest AWS API Documentation
+    #
+    class GetAutomatedDiscoveryConfigurationRequest < Aws::EmptyStructure; end
+
+    # Provides information about the configuration settings for performing
+    # automated sensitive data discovery for an Amazon Macie account, and
+    # the status of the configuration for the account.
+    #
+    # @!attribute [rw] classification_scope_id
+    #   The unique identifier the classification scope.
+    #   @return [String]
+    #
+    # @!attribute [rw] disabled_at
+    #   Specifies a date and time in UTC and extended ISO 8601 format.
+    #   @return [Time]
+    #
+    # @!attribute [rw] first_enabled_at
+    #   Specifies a date and time in UTC and extended ISO 8601 format.
+    #   @return [Time]
+    #
+    # @!attribute [rw] last_updated_at
+    #   Specifies a date and time in UTC and extended ISO 8601 format.
+    #   @return [Time]
+    #
+    # @!attribute [rw] sensitivity_inspection_template_id
+    #   The unique identifier for the sensitivity inspection template.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The status of the automated sensitive data discovery configuration
+    #   for an Amazon Macie account. Valid values are:
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetAutomatedDiscoveryConfigurationResponse AWS API Documentation
+    #
+    class GetAutomatedDiscoveryConfigurationResponse < Struct.new(
+      :classification_scope_id,
+      :disabled_at,
+      :first_enabled_at,
+      :last_updated_at,
+      :sensitivity_inspection_template_id,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies the account that owns the S3 buckets to retrieve aggregated
+    # statistical data for.
+    #
+    # @!attribute [rw] account_id
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetBucketStatisticsRequest AWS API Documentation
+    #
+    class GetBucketStatisticsRequest < Struct.new(
+      :account_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides the results of a query that retrieved aggregated statistical
+    # data for all the S3 buckets that Amazon Macie monitors and analyzes
+    # for your account. By default, object count and storage size values
+    # include data for object parts that are the result of incomplete
+    # multipart uploads. For more information, see [How Macie monitors
+    # Amazon S3 data security][1] in the *Amazon Macie User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/macie/latest/user/monitoring-s3-how-it-works.html
+    #
+    # @!attribute [rw] bucket_count
+    #   @return [Integer]
+    #
+    # @!attribute [rw] bucket_count_by_effective_permission
+    #   Provides information about the number of S3 buckets that are
+    #   publicly accessible due to a combination of permissions settings for
+    #   each bucket.
+    #   @return [Types::BucketCountByEffectivePermission]
+    #
+    # @!attribute [rw] bucket_count_by_encryption_type
+    #   Provides information about the number of S3 buckets whose settings
+    #   do or don't specify default server-side encryption behavior for
+    #   objects that are added to the buckets. For detailed information
+    #   about these settings, see [Setting default server-side encryption
+    #   behavior for Amazon S3 buckets][1] in the *Amazon Simple Storage
+    #   Service User Guide*.
     #
     #
     #
@@ -2659,14 +2648,26 @@ module Aws::Macie2
     # @!attribute [rw] bucket_count_by_object_encryption_requirement
     #   Provides information about the number of S3 buckets whose bucket
     #   policies do or don't require server-side encryption of objects when
-    #   objects are uploaded to the buckets.
+    #   objects are added to the buckets.
     #   @return [Types::BucketCountPolicyAllowsUnencryptedObjectUploads]
     #
     # @!attribute [rw] bucket_count_by_shared_access_type
     #   Provides information about the number of S3 buckets that are or
-    #   aren't shared with other Amazon Web Services accounts.
+    #   aren't shared with other Amazon Web Services accounts, Amazon
+    #   CloudFront origin access identities (OAIs), or CloudFront origin
+    #   access controls (OACs). In this data, an *Amazon Macie organization*
+    #   is defined as a set of Macie accounts that are centrally managed as
+    #   a group of related accounts through Organizations or by Macie
+    #   invitation.
     #   @return [Types::BucketCountBySharedAccessType]
     #
+    # @!attribute [rw] bucket_statistics_by_sensitivity
+    #   Provides aggregated statistical data for sensitive data discovery
+    #   metrics that apply to S3 buckets, grouped by bucket sensitivity
+    #   score (sensitivityScore). If automated sensitive data discovery is
+    #   currently disabled for your account, the value for each metric is 0.
+    #   @return [Types::BucketStatisticsBySensitivity]
+    #
     # @!attribute [rw] classifiable_object_count
     #   @return [Integer]
     #
@@ -2690,10 +2691,10 @@ module Aws::Macie2
     #   number of objects that Amazon Macie can't analyze in one or more S3
     #   buckets. In a BucketMetadata or MatchingBucket object, this data is
     #   for a specific bucket. In a GetBucketStatisticsResponse object, this
-    #   data is aggregated for the buckets in the query results. If
-    #   versioning is enabled for a bucket, total storage size values are
-    #   based on the size of the latest version of each applicable object in
-    #   the bucket.
+    #   data is aggregated for all the buckets in the query results. If
+    #   versioning is enabled for a bucket, storage size values are based on
+    #   the size of the latest version of each applicable object in the
+    #   bucket.
     #   @return [Types::ObjectLevelStatistics]
     #
     # @!attribute [rw] unclassifiable_object_size_in_bytes
@@ -2701,10 +2702,10 @@ module Aws::Macie2
     #   number of objects that Amazon Macie can't analyze in one or more S3
     #   buckets. In a BucketMetadata or MatchingBucket object, this data is
     #   for a specific bucket. In a GetBucketStatisticsResponse object, this
-    #   data is aggregated for the buckets in the query results. If
-    #   versioning is enabled for a bucket, total storage size values are
-    #   based on the size of the latest version of each applicable object in
-    #   the bucket.
+    #   data is aggregated for all the buckets in the query results. If
+    #   versioning is enabled for a bucket, storage size values are based on
+    #   the size of the latest version of each applicable object in the
+    #   bucket.
     #   @return [Types::ObjectLevelStatistics]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetBucketStatisticsResponse AWS API Documentation
@@ -2715,6 +2716,7 @@ module Aws::Macie2
       :bucket_count_by_encryption_type,
       :bucket_count_by_object_encryption_requirement,
       :bucket_count_by_shared_access_type,
+      :bucket_statistics_by_sensitivity,
       :classifiable_object_count,
       :classifiable_size_in_bytes,
       :last_updated,
@@ -2739,8 +2741,7 @@ module Aws::Macie2
     # @!attribute [rw] configuration
     #   Specifies where to store data classification results, and the
     #   encryption settings to use when storing results in that location.
-    #   Currently, you can store classification results only in an S3
-    #   bucket.
+    #   The location must be an S3 bucket.
     #   @return [Types::ClassificationExportConfiguration]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetClassificationExportConfigurationResponse AWS API Documentation
@@ -2751,13 +2752,44 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetCustomDataIdentifierRequest
-    #   data as a hash:
+    # @!attribute [rw] id
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetClassificationScopeRequest AWS API Documentation
+    #
+    class GetClassificationScopeRequest < Struct.new(
+      :id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides information about the classification scope settings for an
+    # Amazon Macie account. Macie uses these settings when it performs
+    # automated sensitive data discovery for the account.
     #
-    #       {
-    #         id: "__string", # required
-    #       }
+    # @!attribute [rw] id
+    #   The unique identifier the classification scope.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the classification scope.
+    #   @return [String]
+    #
+    # @!attribute [rw] s3
+    #   Specifies the S3 buckets that are excluded from automated sensitive
+    #   data discovery for an Amazon Macie account.
+    #   @return [Types::S3ClassificationScope]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetClassificationScopeResponse AWS API Documentation
+    #
+    class GetClassificationScopeResponse < Struct.new(
+      :id,
+      :name,
+      :s3)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] id
     #   @return [String]
     #
@@ -2821,8 +2853,7 @@ module Aws::Macie2
     #
     # @!attribute [rw] tags
     #   A string-to-string map of key-value pairs that specifies the tags
-    #   (keys and values) for a classification job, custom data identifier,
-    #   findings filter, or member account.
+    #   (keys and values) for an Amazon Macie resource.
     #   @return [Hash<String,String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetCustomDataIdentifierResponse AWS API Documentation
@@ -2848,31 +2879,6 @@ module Aws::Macie2
     # the results of a query that retrieves aggregated statistical data
     # about findings.
     #
-    # @note When making an API call, you may pass GetFindingStatisticsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         finding_criteria: {
-    #           criterion: {
-    #             "__string" => {
-    #               eq: ["__string"],
-    #               eq_exact_match: ["__string"],
-    #               gt: 1,
-    #               gte: 1,
-    #               lt: 1,
-    #               lte: 1,
-    #               neq: ["__string"],
-    #             },
-    #           },
-    #         },
-    #         group_by: "resourcesAffected.s3Bucket.name", # required, accepts resourcesAffected.s3Bucket.name, type, classificationDetails.jobId, severity.description
-    #         size: 1,
-    #         sort_criteria: {
-    #           attribute_name: "groupKey", # accepts groupKey, count
-    #           order_by: "ASC", # accepts ASC, DESC
-    #         },
-    #       }
-    #
     # @!attribute [rw] finding_criteria
     #   Specifies, as a map, one or more property-based conditions that
     #   filter the results of a query for findings.
@@ -2914,13 +2920,6 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetFindingsFilterRequest
-    #   data as a hash:
-    #
-    #       {
-    #         id: "__string", # required
-    #       }
-    #
     # @!attribute [rw] id
     #   @return [String]
     #
@@ -2936,8 +2935,8 @@ module Aws::Macie2
     # findings filter.
     #
     # @!attribute [rw] action
-    #   The action to perform on findings that meet the filter criteria. To
-    #   suppress (automatically archive) findings that meet the criteria,
+    #   The action to perform on findings that match the filter criteria. To
+    #   suppress (automatically archive) findings that match the criteria,
     #   set this value to ARCHIVE. Valid values are:
     #   @return [String]
     #
@@ -2963,8 +2962,7 @@ module Aws::Macie2
     #
     # @!attribute [rw] tags
     #   A string-to-string map of key-value pairs that specifies the tags
-    #   (keys and values) for a classification job, custom data identifier,
-    #   findings filter, or member account.
+    #   (keys and values) for an Amazon Macie resource.
     #   @return [Hash<String,String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetFindingsFilterResponse AWS API Documentation
@@ -3012,17 +3010,6 @@ module Aws::Macie2
 
     # Specifies one or more findings to retrieve.
     #
-    # @note When making an API call, you may pass GetFindingsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         finding_ids: ["__string"], # required
-    #         sort_criteria: {
-    #           attribute_name: "__string",
-    #           order_by: "ASC", # accepts ASC, DESC
-    #         },
-    #       }
-    #
     # @!attribute [rw] finding_ids
     #   @return [Array<String>]
     #
@@ -3080,8 +3067,8 @@ module Aws::Macie2
     #
     class GetMacieSessionRequest < Aws::EmptyStructure; end
 
-    # Provides information about the current status and configuration
-    # settings for an Amazon Macie account.
+    # Provides information about the status and configuration settings for
+    # an Amazon Macie account.
     #
     # @!attribute [rw] created_at
     #   @return [Time]
@@ -3089,10 +3076,9 @@ module Aws::Macie2
     # @!attribute [rw] finding_publishing_frequency
     #   The frequency with which Amazon Macie publishes updates to policy
     #   findings for an account. This includes publishing updates to
-    #   Security Hub and Amazon EventBridge (formerly called Amazon
-    #   CloudWatch Events). For more information, see [Monitoring and
-    #   processing findings][1] in the *Amazon Macie User Guide*. Valid
-    #   values are:
+    #   Security Hub and Amazon EventBridge (formerly Amazon CloudWatch
+    #   Events). For more information, see [Monitoring and processing
+    #   findings][1] in the *Amazon Macie User Guide*. Valid values are:
     #
     #
     #
@@ -3144,13 +3130,6 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetMemberRequest
-    #   data as a hash:
-    #
-    #       {
-    #         id: "__string", # required
-    #       }
-    #
     # @!attribute [rw] id
     #   @return [String]
     #
@@ -3190,8 +3169,7 @@ module Aws::Macie2
     #
     # @!attribute [rw] tags
     #   A string-to-string map of key-value pairs that specifies the tags
-    #   (keys and values) for a classification job, custom data identifier,
-    #   findings filter, or member account.
+    #   (keys and values) for an Amazon Macie resource.
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] updated_at
@@ -3213,30 +3191,216 @@ module Aws::Macie2
       include Aws::Structure
     end
 
+    # @!attribute [rw] resource_arn
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetResourceProfileRequest AWS API Documentation
+    #
+    class GetResourceProfileRequest < Struct.new(
+      :resource_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides the results of a query that retrieved sensitive data
+    # discovery statistics and the sensitivity score for an S3 bucket that
+    # Amazon Macie monitors and analyzes for your account. This data is
+    # available only if automated sensitive data discovery is currently
+    # enabled for your account.
+    #
+    # @!attribute [rw] profile_updated_at
+    #   @return [Time]
+    #
+    # @!attribute [rw] sensitivity_score
+    #   @return [Integer]
+    #
+    # @!attribute [rw] sensitivity_score_overridden
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] statistics
+    #   Provides statistical data for sensitive data discovery metrics that
+    #   apply to an S3 bucket that Amazon Macie monitors and analyzes for
+    #   your account. The statistics capture the results of automated
+    #   sensitive data discovery activities that Macie has performed for the
+    #   bucket. The data is available only if automated sensitive data
+    #   discovery is currently enabled for your account.
+    #   @return [Types::ResourceStatistics]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetResourceProfileResponse AWS API Documentation
+    #
+    class GetResourceProfileResponse < Struct.new(
+      :profile_updated_at,
+      :sensitivity_score,
+      :sensitivity_score_overridden,
+      :statistics)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @api private
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetRevealConfigurationRequest AWS API Documentation
+    #
+    class GetRevealConfigurationRequest < Aws::EmptyStructure; end
+
+    # Provides information about the configuration settings for retrieving
+    # occurrences of sensitive data reported by findings, and the status of
+    # the configuration for an Amazon Macie account.
+    #
+    # @!attribute [rw] configuration
+    #   Specifies the configuration settings for retrieving occurrences of
+    #   sensitive data reported by findings, and the status of the
+    #   configuration for an Amazon Macie account. When you enable the
+    #   configuration for the first time, your request must specify an Key
+    #   Management Service (KMS) key. Otherwise, an error occurs. Macie uses
+    #   the specified key to encrypt the sensitive data that you retrieve.
+    #   @return [Types::RevealConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetRevealConfigurationResponse AWS API Documentation
+    #
+    class GetRevealConfigurationResponse < Struct.new(
+      :configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] finding_id
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetSensitiveDataOccurrencesAvailabilityRequest AWS API Documentation
+    #
+    class GetSensitiveDataOccurrencesAvailabilityRequest < Struct.new(
+      :finding_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides information about whether occurrences of sensitive data can
+    # be retrieved for a finding and, if not, why the data can't be
+    # retrieved.
+    #
+    # @!attribute [rw] code
+    #   Specifies whether occurrences of sensitive data can be retrieved for
+    #   a finding. Possible values are:
+    #   @return [String]
+    #
+    # @!attribute [rw] reasons
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetSensitiveDataOccurrencesAvailabilityResponse AWS API Documentation
+    #
+    class GetSensitiveDataOccurrencesAvailabilityResponse < Struct.new(
+      :code,
+      :reasons)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] finding_id
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetSensitiveDataOccurrencesRequest AWS API Documentation
+    #
+    class GetSensitiveDataOccurrencesRequest < Struct.new(
+      :finding_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides the results of a request to retrieve occurrences of sensitive
+    # data reported by a finding.
+    #
+    # @!attribute [rw] error
+    #   @return [String]
+    #
+    # @!attribute [rw] sensitive_data_occurrences
+    #   Specifies a type of sensitive data reported by a finding and
+    #   provides occurrences of the specified type of sensitive data.
+    #   @return [Hash<String,Array<Types::DetectedDataDetails>>]
+    #
+    # @!attribute [rw] status
+    #   The status of a request to retrieve occurrences of sensitive data
+    #   reported by a finding. Possible values are:
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetSensitiveDataOccurrencesResponse AWS API Documentation
+    #
+    class GetSensitiveDataOccurrencesResponse < Struct.new(
+      :error,
+      :sensitive_data_occurrences,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] id
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetSensitivityInspectionTemplateRequest AWS API Documentation
+    #
+    class GetSensitivityInspectionTemplateRequest < Struct.new(
+      :id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides information about the settings for the sensitivity inspection
+    # template for an Amazon Macie account. Macie uses the template's
+    # settings when it performs automated sensitive data discovery for the
+    # account.
+    #
+    # @!attribute [rw] description
+    #   @return [String]
+    #
+    # @!attribute [rw] excludes
+    #   Specifies managed data identifiers to exclude (not use) when
+    #   performing automated sensitive data discovery for an Amazon Macie
+    #   account. For information about the managed data identifiers that
+    #   Amazon Macie currently provides, see [Using managed data
+    #   identifiers][1] in the *Amazon Macie User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html
+    #   @return [Types::SensitivityInspectionTemplateExcludes]
+    #
+    # @!attribute [rw] includes
+    #   Specifies the allow lists, custom data identifiers, and managed data
+    #   identifiers to include (use) when performing automated sensitive
+    #   data discovery for an Amazon Macie account. The configuration must
+    #   specify at least one custom data identifier or managed data
+    #   identifier. For information about the managed data identifiers that
+    #   Amazon Macie currently provides, see [Using managed data
+    #   identifiers][1] in the *Amazon Macie User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html
+    #   @return [Types::SensitivityInspectionTemplateIncludes]
+    #
+    # @!attribute [rw] name
+    #   @return [String]
+    #
+    # @!attribute [rw] sensitivity_inspection_template_id
+    #   The unique identifier for the sensitivity inspection template.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetSensitivityInspectionTemplateResponse AWS API Documentation
+    #
+    class GetSensitivityInspectionTemplateResponse < Struct.new(
+      :description,
+      :excludes,
+      :includes,
+      :name,
+      :sensitivity_inspection_template_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Specifies criteria for filtering, sorting, and paginating the results
     # of a query for quotas and aggregated usage data for one or more Amazon
     # Macie accounts.
     #
-    # @note When making an API call, you may pass GetUsageStatisticsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         filter_by: [
-    #           {
-    #             comparator: "GT", # accepts GT, GTE, LT, LTE, EQ, NE, CONTAINS
-    #             key: "accountId", # accepts accountId, serviceLimit, freeTrialStartDate, total
-    #             values: ["__string"],
-    #           },
-    #         ],
-    #         max_results: 1,
-    #         next_token: "__string",
-    #         sort_by: {
-    #           key: "accountId", # accepts accountId, total, serviceLimitValue, freeTrialStartDate
-    #           order_by: "ASC", # accepts ASC, DESC
-    #         },
-    #         time_range: "MONTH_TO_DATE", # accepts MONTH_TO_DATE, PAST_30_DAYS
-    #       }
-    #
     # @!attribute [rw] filter_by
     #   @return [Array<Types::UsageStatisticsFilter>]
     #
@@ -3292,13 +3456,6 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetUsageTotalsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         time_range: "__string",
-    #       }
-    #
     # @!attribute [rw] time_range
     #   @return [String]
     #
@@ -3556,20 +3713,6 @@ module Aws::Macie2
 
     # Specifies the recurrence pattern for running a classification job.
     #
-    # @note When making an API call, you may pass JobScheduleFrequency
-    #   data as a hash:
-    #
-    #       {
-    #         daily_schedule: {
-    #         },
-    #         monthly_schedule: {
-    #           day_of_month: 1,
-    #         },
-    #         weekly_schedule: {
-    #           day_of_week: "SUNDAY", # accepts SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY
-    #         },
-    #       }
-    #
     # @!attribute [rw] daily_schedule
     #   Specifies that a classification job runs once a day, every day. This
     #   is an empty object.
@@ -3600,28 +3743,6 @@ module Aws::Macie2
     # JobScopeTerm object can contain only one simpleScopeTerm object or one
     # tagScopeTerm object.
     #
-    # @note When making an API call, you may pass JobScopeTerm
-    #   data as a hash:
-    #
-    #       {
-    #         simple_scope_term: {
-    #           comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #           key: "OBJECT_EXTENSION", # accepts OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, OBJECT_KEY
-    #           values: ["__string"],
-    #         },
-    #         tag_scope_term: {
-    #           comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #           key: "__string",
-    #           tag_values: [
-    #             {
-    #               key: "__string",
-    #               value: "__string",
-    #             },
-    #           ],
-    #           target: "S3_OBJECT", # accepts S3_OBJECT
-    #         },
-    #       }
-    #
     # @!attribute [rw] simple_scope_term
     #   Specifies a property-based condition that determines whether an S3
     #   object is included or excluded from a classification job.
@@ -3645,32 +3766,6 @@ module Aws::Macie2
     # criteria for including or excluding S3 objects from a classification
     # job.
     #
-    # @note When making an API call, you may pass JobScopingBlock
-    #   data as a hash:
-    #
-    #       {
-    #         and: [
-    #           {
-    #             simple_scope_term: {
-    #               comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #               key: "OBJECT_EXTENSION", # accepts OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, OBJECT_KEY
-    #               values: ["__string"],
-    #             },
-    #             tag_scope_term: {
-    #               comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #               key: "__string",
-    #               tag_values: [
-    #                 {
-    #                   key: "__string",
-    #                   value: "__string",
-    #                 },
-    #               ],
-    #               target: "S3_OBJECT", # accepts S3_OBJECT
-    #             },
-    #           },
-    #         ],
-    #       }
-    #
     # @!attribute [rw] and
     #   @return [Array<Types::JobScopeTerm>]
     #
@@ -3685,6 +3780,12 @@ module Aws::Macie2
     # Provides information about a classification job, including the current
     # status of the job.
     #
+    # @!attribute [rw] bucket_criteria
+    #   Specifies property- and tag-based conditions that define criteria
+    #   for including or excluding S3 buckets from a classification job.
+    #   Exclude conditions take precedence over include conditions.
+    #   @return [Types::S3BucketCriteriaForJob]
+    #
     # @!attribute [rw] bucket_definitions
     #   @return [Array<Types::S3BucketDefinitionForJob>]
     #
@@ -3727,15 +3828,10 @@ module Aws::Macie2
     #   status of RUNNING.
     #   @return [Types::UserPausedDetails]
     #
-    # @!attribute [rw] bucket_criteria
-    #   Specifies property- and tag-based conditions that define criteria
-    #   for including or excluding S3 buckets from a classification job.
-    #   Exclude conditions take precedence over include conditions.
-    #   @return [Types::S3BucketCriteriaForJob]
-    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/JobSummary AWS API Documentation
     #
     class JobSummary < Struct.new(
+      :bucket_criteria,
       :bucket_definitions,
       :created_at,
       :job_id,
@@ -3743,8 +3839,7 @@ module Aws::Macie2
       :job_type,
       :last_run_error_status,
       :name,
-      :user_paused_details,
-      :bucket_criteria)
+      :user_paused_details)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3791,36 +3886,40 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # Specifies criteria for filtering, sorting, and paginating the results
-    # of a request for information about classification jobs.
+    # @!attribute [rw] max_results
+    #   @return [Integer]
     #
-    # @note When making an API call, you may pass ListClassificationJobsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         filter_criteria: {
-    #           excludes: [
-    #             {
-    #               comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #               key: "jobType", # accepts jobType, jobStatus, createdAt, name
-    #               values: ["__string"],
-    #             },
-    #           ],
-    #           includes: [
-    #             {
-    #               comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #               key: "jobType", # accepts jobType, jobStatus, createdAt, name
-    #               values: ["__string"],
-    #             },
-    #           ],
-    #         },
-    #         max_results: 1,
-    #         next_token: "__string",
-    #         sort_criteria: {
-    #           attribute_name: "createdAt", # accepts createdAt, jobStatus, name, jobType
-    #           order_by: "ASC", # accepts ASC, DESC
-    #         },
-    #       }
+    # @!attribute [rw] next_token
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/ListAllowListsRequest AWS API Documentation
+    #
+    class ListAllowListsRequest < Struct.new(
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides the results of a request for information about allow lists.
+    #
+    # @!attribute [rw] allow_lists
+    #   @return [Array<Types::AllowListSummary>]
+    #
+    # @!attribute [rw] next_token
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/ListAllowListsResponse AWS API Documentation
+    #
+    class ListAllowListsResponse < Struct.new(
+      :allow_lists,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies criteria for filtering, sorting, and paginating the results
+    # of a request for information about classification jobs.
     #
     # @!attribute [rw] filter_criteria
     #   Specifies criteria for filtering the results of a request for
@@ -3867,16 +3966,44 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # Specifies criteria for paginating the results of a request for
-    # information about custom data identifiers.
+    # @!attribute [rw] name
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/ListClassificationScopesRequest AWS API Documentation
+    #
+    class ListClassificationScopesRequest < Struct.new(
+      :name,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides the results of a request for information about the
+    # classification scope for an Amazon Macie account. Macie uses the
+    # scope's settings when it performs automated sensitive data discovery
+    # for the account.
+    #
+    # @!attribute [rw] classification_scopes
+    #   @return [Array<Types::ClassificationScopeSummary>]
+    #
+    # @!attribute [rw] next_token
+    #   Specifies which page of results to return in a paginated response.
+    #   @return [String]
     #
-    # @note When making an API call, you may pass ListCustomDataIdentifiersRequest
-    #   data as a hash:
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/ListClassificationScopesResponse AWS API Documentation
     #
-    #       {
-    #         max_results: 1,
-    #         next_token: "__string",
-    #       }
+    class ListClassificationScopesResponse < Struct.new(
+      :classification_scopes,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies criteria for paginating the results of a request for
+    # information about custom data identifiers.
     #
     # @!attribute [rw] max_results
     #   @return [Integer]
@@ -3911,14 +4038,6 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListFindingsFiltersRequest
-    #   data as a hash:
-    #
-    #       {
-    #         max_results: 1,
-    #         next_token: "__string",
-    #       }
-    #
     # @!attribute [rw] max_results
     #   @return [Integer]
     #
@@ -3954,31 +4073,6 @@ module Aws::Macie2
     # Specifies criteria for filtering, sorting, and paginating the results
     # of a request for information about findings.
     #
-    # @note When making an API call, you may pass ListFindingsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         finding_criteria: {
-    #           criterion: {
-    #             "__string" => {
-    #               eq: ["__string"],
-    #               eq_exact_match: ["__string"],
-    #               gt: 1,
-    #               gte: 1,
-    #               lt: 1,
-    #               lte: 1,
-    #               neq: ["__string"],
-    #             },
-    #           },
-    #         },
-    #         max_results: 1,
-    #         next_token: "__string",
-    #         sort_criteria: {
-    #           attribute_name: "__string",
-    #           order_by: "ASC", # accepts ASC, DESC
-    #         },
-    #       }
-    #
     # @!attribute [rw] finding_criteria
     #   Specifies, as a map, one or more property-based conditions that
     #   filter the results of a query for findings.
@@ -4024,14 +4118,6 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListInvitationsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         max_results: 1,
-    #         next_token: "__string",
-    #       }
-    #
     # @!attribute [rw] max_results
     #   @return [Integer]
     #
@@ -4068,26 +4154,6 @@ module Aws::Macie2
     # Specifies criteria for filtering the results of a request for
     # information about classification jobs.
     #
-    # @note When making an API call, you may pass ListJobsFilterCriteria
-    #   data as a hash:
-    #
-    #       {
-    #         excludes: [
-    #           {
-    #             comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #             key: "jobType", # accepts jobType, jobStatus, createdAt, name
-    #             values: ["__string"],
-    #           },
-    #         ],
-    #         includes: [
-    #           {
-    #             comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #             key: "jobType", # accepts jobType, jobStatus, createdAt, name
-    #             values: ["__string"],
-    #           },
-    #         ],
-    #       }
-    #
     # @!attribute [rw] excludes
     #   @return [Array<Types::ListJobsFilterTerm>]
     #
@@ -4107,17 +4173,9 @@ module Aws::Macie2
     # information about classification jobs. Each condition consists of a
     # property, an operator, and one or more values.
     #
-    # @note When making an API call, you may pass ListJobsFilterTerm
-    #   data as a hash:
-    #
-    #       {
-    #         comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #         key: "jobType", # accepts jobType, jobStatus, createdAt, name
-    #         values: ["__string"],
-    #       }
-    #
     # @!attribute [rw] comparator
-    #   The operator to use in a condition. Valid values are:
+    #   The operator to use in a condition. Depending on the type of
+    #   condition, possible values are:
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -4140,14 +4198,6 @@ module Aws::Macie2
     # Specifies criteria for sorting the results of a request for
     # information about classification jobs.
     #
-    # @note When making an API call, you may pass ListJobsSortCriteria
-    #   data as a hash:
-    #
-    #       {
-    #         attribute_name: "createdAt", # accepts createdAt, jobStatus, name, jobType
-    #         order_by: "ASC", # accepts ASC, DESC
-    #       }
-    #
     # @!attribute [rw] attribute_name
     #   The property to sort the results by. Valid values are:
     #   @return [String]
@@ -4167,13 +4217,6 @@ module Aws::Macie2
     # Specifies criteria for paginating the results of a request for
     # information about managed data identifiers.
     #
-    # @note When making an API call, you may pass ListManagedDataIdentifiersRequest
-    #   data as a hash:
-    #
-    #       {
-    #         next_token: "__string",
-    #       }
-    #
     # @!attribute [rw] next_token
     #   @return [String]
     #
@@ -4203,15 +4246,6 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListMembersRequest
-    #   data as a hash:
-    #
-    #       {
-    #         max_results: 1,
-    #         next_token: "__string",
-    #         only_associated: "__string",
-    #       }
-    #
     # @!attribute [rw] max_results
     #   @return [Integer]
     #
@@ -4249,14 +4283,6 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListOrganizationAdminAccountsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         max_results: 1,
-    #         next_token: "__string",
-    #       }
-    #
     # @!attribute [rw] max_results
     #   @return [Integer]
     #
@@ -4290,13 +4316,117 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListTagsForResourceRequest
-    #   data as a hash:
+    # @!attribute [rw] next_token
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_arn
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/ListResourceProfileArtifactsRequest AWS API Documentation
+    #
+    class ListResourceProfileArtifactsRequest < Struct.new(
+      :next_token,
+      :resource_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides the results of a request for information about the S3 objects
+    # that Amazon Macie selected for analysis while performing automated
+    # sensitive data discovery for an S3 bucket. This information is
+    # available only if automated sensitive data discovery is currently
+    # enabled for your account.
+    #
+    # @!attribute [rw] artifacts
+    #   @return [Array<Types::ResourceProfileArtifact>]
+    #
+    # @!attribute [rw] next_token
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/ListResourceProfileArtifactsResponse AWS API Documentation
+    #
+    class ListResourceProfileArtifactsResponse < Struct.new(
+      :artifacts,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] max_results
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_arn
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/ListResourceProfileDetectionsRequest AWS API Documentation
+    #
+    class ListResourceProfileDetectionsRequest < Struct.new(
+      :max_results,
+      :next_token,
+      :resource_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides the results of a request for information about the types and
+    # amount of sensitive data that Amazon Macie found in an S3 bucket while
+    # performing automated sensitive data discovery for the bucket. This
+    # information is available only if automated sensitive data discovery is
+    # currently enabled for your account.
+    #
+    # @!attribute [rw] detections
+    #   @return [Array<Types::Detection>]
+    #
+    # @!attribute [rw] next_token
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/ListResourceProfileDetectionsResponse AWS API Documentation
+    #
+    class ListResourceProfileDetectionsResponse < Struct.new(
+      :detections,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] max_results
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/ListSensitivityInspectionTemplatesRequest AWS API Documentation
+    #
+    class ListSensitivityInspectionTemplatesRequest < Struct.new(
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides the results of a request for information about the
+    # sensitivity inspection template for an Amazon Macie account. Macie
+    # uses the template's settings when it performs automated sensitive
+    # data discovery for the account.
+    #
+    # @!attribute [rw] next_token
+    #   @return [String]
+    #
+    # @!attribute [rw] sensitivity_inspection_templates
+    #   @return [Array<Types::SensitivityInspectionTemplatesEntry>]
     #
-    #       {
-    #         resource_arn: "__string", # required
-    #       }
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/ListSensitivityInspectionTemplatesResponse AWS API Documentation
     #
+    class ListSensitivityInspectionTemplatesResponse < Struct.new(
+      :next_token,
+      :sensitivity_inspection_templates)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] resource_arn
     #   @return [String]
     #
@@ -4309,13 +4439,11 @@ module Aws::Macie2
     end
 
     # Provides information about the tags (keys and values) that are
-    # associated with a classification job, custom data identifier, findings
-    # filter, or member account.
+    # associated with an Amazon Macie resource.
     #
     # @!attribute [rw] tags
     #   A string-to-string map of key-value pairs that specifies the tags
-    #   (keys and values) for a classification job, custom data identifier,
-    #   findings filter, or member account.
+    #   (keys and values) for an Amazon Macie resource.
     #   @return [Hash<String,String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/ListTagsForResourceResponse AWS API Documentation
@@ -4354,12 +4482,21 @@ module Aws::Macie2
     end
 
     # Provides statistical data and other information about an S3 bucket
-    # that Amazon Macie monitors and analyzes for your account. If an error
-    # occurs when Macie attempts to retrieve and process information about
-    # the bucket or the bucket's objects, the value for most of these
-    # properties is null. Exceptions are accountId and bucketName. To
-    # identify the cause of the error, refer to the errorCode and
-    # errorMessage values.
+    # that Amazon Macie monitors and analyzes for your account. By default,
+    # object count and storage size values include data for object parts
+    # that are the result of incomplete multipart uploads. For more
+    # information, see [How Macie monitors Amazon S3 data security][1] in
+    # the *Amazon Macie User Guide*.
+    #
+    # If an error occurs when Macie attempts to retrieve and process
+    # information about the bucket or the bucket's objects, the value for
+    # most of these properties is null. Key exceptions are accountId and
+    # bucketName. To identify the cause of the error, refer to the errorCode
+    # and errorMessage values.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/macie/latest/user/monitoring-s3-how-it-works.html
     #
     # @!attribute [rw] account_id
     #   @return [String]
@@ -4375,8 +4512,8 @@ module Aws::Macie2
     #
     # @!attribute [rw] error_code
     #   The error code for an error that prevented Amazon Macie from
-    #   retrieving and processing information about an S3 bucket and the
-    #   bucket's objects.
+    #   retrieving and processing metadata from Amazon S3 for an S3 bucket
+    #   and the bucket's objects.
     #   @return [String]
     #
     # @!attribute [rw] error_message
@@ -4388,6 +4525,9 @@ module Aws::Macie2
     #   of the job that ran most recently.
     #   @return [Types::JobDetails]
     #
+    # @!attribute [rw] last_automated_discovery_time
+    #   @return [Time]
+    #
     # @!attribute [rw] object_count
     #   @return [Integer]
     #
@@ -4397,6 +4537,9 @@ module Aws::Macie2
     #   client-side encryption, or aren't encrypted.
     #   @return [Types::ObjectCountByEncryptionType]
     #
+    # @!attribute [rw] sensitivity_score
+    #   @return [Integer]
+    #
     # @!attribute [rw] size_in_bytes
     #   @return [Integer]
     #
@@ -4408,10 +4551,10 @@ module Aws::Macie2
     #   number of objects that Amazon Macie can't analyze in one or more S3
     #   buckets. In a BucketMetadata or MatchingBucket object, this data is
     #   for a specific bucket. In a GetBucketStatisticsResponse object, this
-    #   data is aggregated for the buckets in the query results. If
-    #   versioning is enabled for a bucket, total storage size values are
-    #   based on the size of the latest version of each applicable object in
-    #   the bucket.
+    #   data is aggregated for all the buckets in the query results. If
+    #   versioning is enabled for a bucket, storage size values are based on
+    #   the size of the latest version of each applicable object in the
+    #   bucket.
     #   @return [Types::ObjectLevelStatistics]
     #
     # @!attribute [rw] unclassifiable_object_size_in_bytes
@@ -4419,10 +4562,10 @@ module Aws::Macie2
     #   number of objects that Amazon Macie can't analyze in one or more S3
     #   buckets. In a BucketMetadata or MatchingBucket object, this data is
     #   for a specific bucket. In a GetBucketStatisticsResponse object, this
-    #   data is aggregated for the buckets in the query results. If
-    #   versioning is enabled for a bucket, total storage size values are
-    #   based on the size of the latest version of each applicable object in
-    #   the bucket.
+    #   data is aggregated for all the buckets in the query results. If
+    #   versioning is enabled for a bucket, storage size values are based on
+    #   the size of the latest version of each applicable object in the
+    #   bucket.
     #   @return [Types::ObjectLevelStatistics]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/MatchingBucket AWS API Documentation
@@ -4435,8 +4578,10 @@ module Aws::Macie2
       :error_code,
       :error_message,
       :job_details,
+      :last_automated_discovery_time,
       :object_count,
       :object_count_by_encryption_type,
+      :sensitivity_score,
       :size_in_bytes,
       :size_in_bytes_compressed,
       :unclassifiable_object_count,
@@ -4451,12 +4596,21 @@ module Aws::Macie2
     #
     # @!attribute [rw] matching_bucket
     #   Provides statistical data and other information about an S3 bucket
-    #   that Amazon Macie monitors and analyzes for your account. If an
-    #   error occurs when Macie attempts to retrieve and process information
-    #   about the bucket or the bucket's objects, the value for most of
-    #   these properties is null. Exceptions are accountId and bucketName.
-    #   To identify the cause of the error, refer to the errorCode and
-    #   errorMessage values.
+    #   that Amazon Macie monitors and analyzes for your account. By
+    #   default, object count and storage size values include data for
+    #   object parts that are the result of incomplete multipart uploads.
+    #   For more information, see [How Macie monitors Amazon S3 data
+    #   security][1] in the *Amazon Macie User Guide*.
+    #
+    #   If an error occurs when Macie attempts to retrieve and process
+    #   information about the bucket or the bucket's objects, the value for
+    #   most of these properties is null. Key exceptions are accountId and
+    #   bucketName. To identify the cause of the error, refer to the
+    #   errorCode and errorMessage values.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/macie/latest/user/monitoring-s3-how-it-works.html
     #   @return [Types::MatchingBucket]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/MatchingResource AWS API Documentation
@@ -4495,8 +4649,7 @@ module Aws::Macie2
     #
     # @!attribute [rw] tags
     #   A string-to-string map of key-value pairs that specifies the tags
-    #   (keys and values) for a classification job, custom data identifier,
-    #   findings filter, or member account.
+    #   (keys and values) for an Amazon Macie resource.
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] updated_at
@@ -4521,13 +4674,6 @@ module Aws::Macie2
     # Specifies a monthly recurrence pattern for running a classification
     # job.
     #
-    # @note When making an API call, you may pass MonthlySchedule
-    #   data as a hash:
-    #
-    #       {
-    #         day_of_month: 1,
-    #       }
-    #
     # @!attribute [rw] day_of_month
     #   @return [Integer]
     #
@@ -4574,9 +4720,9 @@ module Aws::Macie2
     # of objects that Amazon Macie can't analyze in one or more S3 buckets.
     # In a BucketMetadata or MatchingBucket object, this data is for a
     # specific bucket. In a GetBucketStatisticsResponse object, this data is
-    # aggregated for the buckets in the query results. If versioning is
-    # enabled for a bucket, total storage size values are based on the size
-    # of the latest version of each applicable object in the bucket.
+    # aggregated for all the buckets in the query results. If versioning is
+    # enabled for a bucket, storage size values are based on the size of the
+    # latest version of each applicable object in the bucket.
     #
     # @!attribute [rw] file_type
     #   @return [Integer]
@@ -4607,9 +4753,13 @@ module Aws::Macie2
     #   @return [Array<Types::Cell>]
     #
     # @!attribute [rw] line_ranges
+    #   Specifies the locations of occurrences of sensitive data in a
+    #   non-binary text file.
     #   @return [Array<Types::Range>]
     #
     # @!attribute [rw] offset_ranges
+    #   Specifies the locations of occurrences of sensitive data in a
+    #   non-binary text file.
     #   @return [Array<Types::Range>]
     #
     # @!attribute [rw] pages
@@ -4618,6 +4768,8 @@ module Aws::Macie2
     #   @return [Array<Types::Page>]
     #
     # @!attribute [rw] records
+    #   Specifies the locations of occurrences of sensitive data in an
+    #   Apache Avro object container or a structured data file.
     #   @return [Array<Types::Record>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/Occurrences AWS API Documentation
@@ -4636,13 +4788,15 @@ module Aws::Macie2
     # Portable Document Format file.
     #
     # @!attribute [rw] line_range
-    #   Specifies the location of an occurrence of sensitive data in a
-    #   non-binary text file, such as an HTML, TXT, or XML file.
+    #   Specifies the location of an occurrence of sensitive data in an
+    #   email message or a non-binary text file such as an HTML, TXT, or XML
+    #   file.
     #   @return [Types::Range]
     #
     # @!attribute [rw] offset_range
-    #   Specifies the location of an occurrence of sensitive data in a
-    #   non-binary text file, such as an HTML, TXT, or XML file.
+    #   Specifies the location of an occurrence of sensitive data in an
+    #   email message or a non-binary text file such as an HTML, TXT, or XML
+    #   file.
     #   @return [Types::Range]
     #
     # @!attribute [rw] page_number
@@ -4681,26 +4835,11 @@ module Aws::Macie2
 
     # Specifies where to store data classification results, and the
     # encryption settings to use when storing results in that location.
-    # Currently, you can store classification results only in an S3 bucket.
-    #
-    # @note When making an API call, you may pass PutClassificationExportConfigurationRequest
-    #   data as a hash:
-    #
-    #       {
-    #         configuration: { # required
-    #           s3_destination: {
-    #             bucket_name: "__string", # required
-    #             key_prefix: "__string",
-    #             kms_key_arn: "__string", # required
-    #           },
-    #         },
-    #       }
     #
     # @!attribute [rw] configuration
     #   Specifies where to store data classification results, and the
     #   encryption settings to use when storing results in that location.
-    #   Currently, you can store classification results only in an S3
-    #   bucket.
+    #   The location must be an S3 bucket.
     #   @return [Types::ClassificationExportConfiguration]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/PutClassificationExportConfigurationRequest AWS API Documentation
@@ -4717,8 +4856,7 @@ module Aws::Macie2
     # @!attribute [rw] configuration
     #   Specifies where to store data classification results, and the
     #   encryption settings to use when storing results in that location.
-    #   Currently, you can store classification results only in an S3
-    #   bucket.
+    #   The location must be an S3 bucket.
     #   @return [Types::ClassificationExportConfiguration]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/PutClassificationExportConfigurationResponse AWS API Documentation
@@ -4732,17 +4870,6 @@ module Aws::Macie2
     # Specifies configuration settings for publishing findings to Security
     # Hub automatically.
     #
-    # @note When making an API call, you may pass PutFindingsPublicationConfigurationRequest
-    #   data as a hash:
-    #
-    #       {
-    #         client_token: "__string",
-    #         security_hub_configuration: {
-    #           publish_classification_findings: false, # required
-    #           publish_policy_findings: false, # required
-    #         },
-    #       }
-    #
     # @!attribute [rw] client_token
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.
@@ -4772,8 +4899,8 @@ module Aws::Macie2
     #
     class PutFindingsPublicationConfigurationResponse < Aws::EmptyStructure; end
 
-    # Specifies the location of an occurrence of sensitive data in a
-    # non-binary text file, such as an HTML, TXT, or XML file.
+    # Specifies the location of an occurrence of sensitive data in an email
+    # message or a non-binary text file such as an HTML, TXT, or XML file.
     #
     # @!attribute [rw] end
     #   @return [Integer]
@@ -4850,6 +4977,81 @@ module Aws::Macie2
       include Aws::Structure
     end
 
+    # Provides information about an S3 object that Amazon Macie selected for
+    # analysis while performing automated sensitive data discovery for an S3
+    # bucket, and the status and results of the analysis. This information
+    # is available only if automated sensitive data discovery is currently
+    # enabled for your account.
+    #
+    # @!attribute [rw] arn
+    #   @return [String]
+    #
+    # @!attribute [rw] classification_result_status
+    #   @return [String]
+    #
+    # @!attribute [rw] sensitive
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/ResourceProfileArtifact AWS API Documentation
+    #
+    class ResourceProfileArtifact < Struct.new(
+      :arn,
+      :classification_result_status,
+      :sensitive)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides statistical data for sensitive data discovery metrics that
+    # apply to an S3 bucket that Amazon Macie monitors and analyzes for your
+    # account. The statistics capture the results of automated sensitive
+    # data discovery activities that Macie has performed for the bucket. The
+    # data is available only if automated sensitive data discovery is
+    # currently enabled for your account.
+    #
+    # @!attribute [rw] total_bytes_classified
+    #   @return [Integer]
+    #
+    # @!attribute [rw] total_detections
+    #   @return [Integer]
+    #
+    # @!attribute [rw] total_detections_suppressed
+    #   @return [Integer]
+    #
+    # @!attribute [rw] total_items_classified
+    #   @return [Integer]
+    #
+    # @!attribute [rw] total_items_sensitive
+    #   @return [Integer]
+    #
+    # @!attribute [rw] total_items_skipped
+    #   @return [Integer]
+    #
+    # @!attribute [rw] total_items_skipped_invalid_encryption
+    #   @return [Integer]
+    #
+    # @!attribute [rw] total_items_skipped_invalid_kms
+    #   @return [Integer]
+    #
+    # @!attribute [rw] total_items_skipped_permission_denied
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/ResourceStatistics AWS API Documentation
+    #
+    class ResourceStatistics < Struct.new(
+      :total_bytes_classified,
+      :total_detections,
+      :total_detections_suppressed,
+      :total_items_classified,
+      :total_items_sensitive,
+      :total_items_skipped,
+      :total_items_skipped_invalid_encryption,
+      :total_items_skipped_invalid_kms,
+      :total_items_skipped_permission_denied)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Provides information about the resources that a finding applies to.
     #
     # @!attribute [rw] s3_bucket
@@ -4869,6 +5071,30 @@ module Aws::Macie2
       include Aws::Structure
     end
 
+    # Specifies the configuration settings for retrieving occurrences of
+    # sensitive data reported by findings, and the status of the
+    # configuration for an Amazon Macie account. When you enable the
+    # configuration for the first time, your request must specify an Key
+    # Management Service (KMS) key. Otherwise, an error occurs. Macie uses
+    # the specified key to encrypt the sensitive data that you retrieve.
+    #
+    # @!attribute [rw] kms_key_id
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The status of the configuration for retrieving occurrences of
+    #   sensitive data reported by findings. Valid values are:
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/RevealConfiguration AWS API Documentation
+    #
+    class RevealConfiguration < Struct.new(
+      :kms_key_id,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Provides information about the S3 bucket that a finding applies to.
     #
     # @!attribute [rw] allows_unencrypted_object_uploads
@@ -4881,8 +5107,9 @@ module Aws::Macie2
     #   @return [Time]
     #
     # @!attribute [rw] default_server_side_encryption
-    #   Provides information about the server-side encryption settings for
-    #   an S3 bucket or S3 object.
+    #   Provides information about the default server-side encryption
+    #   settings for an S3 bucket or the encryption settings for an S3
+    #   object.
     #   @return [Types::ServerSideEncryption]
     #
     # @!attribute [rw] name
@@ -4923,52 +5150,6 @@ module Aws::Macie2
     # including or excluding S3 buckets from a classification job. Exclude
     # conditions take precedence over include conditions.
     #
-    # @note When making an API call, you may pass S3BucketCriteriaForJob
-    #   data as a hash:
-    #
-    #       {
-    #         excludes: {
-    #           and: [
-    #             {
-    #               simple_criterion: {
-    #                 comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                 key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
-    #                 values: ["__string"],
-    #               },
-    #               tag_criterion: {
-    #                 comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                 tag_values: [
-    #                   {
-    #                     key: "__string",
-    #                     value: "__string",
-    #                   },
-    #                 ],
-    #               },
-    #             },
-    #           ],
-    #         },
-    #         includes: {
-    #           and: [
-    #             {
-    #               simple_criterion: {
-    #                 comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                 key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
-    #                 values: ["__string"],
-    #               },
-    #               tag_criterion: {
-    #                 comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                 tag_values: [
-    #                   {
-    #                     key: "__string",
-    #                     value: "__string",
-    #                   },
-    #                 ],
-    #               },
-    #             },
-    #           ],
-    #         },
-    #       }
-    #
     # @!attribute [rw] excludes
     #   Specifies one or more property- and tag-based conditions that define
     #   criteria for including or excluding S3 buckets from a classification
@@ -4994,14 +5175,6 @@ module Aws::Macie2
     # classification job to analyze, and one or more specific buckets to
     # analyze for that account.
     #
-    # @note When making an API call, you may pass S3BucketDefinitionForJob
-    #   data as a hash:
-    #
-    #       {
-    #         account_id: "__string", # required
-    #         buckets: ["__string"], # required
-    #       }
-    #
     # @!attribute [rw] account_id
     #   @return [String]
     #
@@ -5035,17 +5208,75 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # Specifies an S3 bucket to store data classification results in, and
-    # the encryption settings to use when storing results in that bucket.
+    # Specifies the S3 buckets that are excluded from automated sensitive
+    # data discovery for an Amazon Macie account.
+    #
+    # @!attribute [rw] excludes
+    #   Specifies the names of the S3 buckets that are excluded from
+    #   automated sensitive data discovery.
+    #   @return [Types::S3ClassificationScopeExclusion]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/S3ClassificationScope AWS API Documentation
+    #
+    class S3ClassificationScope < Struct.new(
+      :excludes)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies the names of the S3 buckets that are excluded from automated
+    # sensitive data discovery.
+    #
+    # @!attribute [rw] bucket_names
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/S3ClassificationScopeExclusion AWS API Documentation
+    #
+    class S3ClassificationScopeExclusion < Struct.new(
+      :bucket_names)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies S3 buckets to add or remove from the exclusion list defined
+    # by the classification scope for an Amazon Macie account.
+    #
+    # @!attribute [rw] bucket_names
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] operation
+    #   Specifies how to apply changes to the S3 bucket exclusion list
+    #   defined by the classification scope for an Amazon Macie account.
+    #   Valid values are:
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/S3ClassificationScopeExclusionUpdate AWS API Documentation
     #
-    # @note When making an API call, you may pass S3Destination
-    #   data as a hash:
+    class S3ClassificationScopeExclusionUpdate < Struct.new(
+      :bucket_names,
+      :operation)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies changes to the list of S3 buckets that are excluded from
+    # automated sensitive data discovery for an Amazon Macie account.
     #
-    #       {
-    #         bucket_name: "__string", # required
-    #         key_prefix: "__string",
-    #         kms_key_arn: "__string", # required
-    #       }
+    # @!attribute [rw] excludes
+    #   Specifies S3 buckets to add or remove from the exclusion list
+    #   defined by the classification scope for an Amazon Macie account.
+    #   @return [Types::S3ClassificationScopeExclusionUpdate]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/S3ClassificationScopeUpdate AWS API Documentation
+    #
+    class S3ClassificationScopeUpdate < Struct.new(
+      :excludes)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies an S3 bucket to store data classification results in, and
+    # the encryption settings to use when storing results in that bucket.
     #
     # @!attribute [rw] bucket_name
     #   @return [String]
@@ -5074,108 +5305,14 @@ module Aws::Macie2
     # objects in any buckets that match the specified criteria each time the
     # job starts to run.
     #
-    # @note When making an API call, you may pass S3JobDefinition
-    #   data as a hash:
-    #
-    #       {
-    #         bucket_definitions: [
-    #           {
-    #             account_id: "__string", # required
-    #             buckets: ["__string"], # required
-    #           },
-    #         ],
-    #         scoping: {
-    #           excludes: {
-    #             and: [
-    #               {
-    #                 simple_scope_term: {
-    #                   comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                   key: "OBJECT_EXTENSION", # accepts OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, OBJECT_KEY
-    #                   values: ["__string"],
-    #                 },
-    #                 tag_scope_term: {
-    #                   comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                   key: "__string",
-    #                   tag_values: [
-    #                     {
-    #                       key: "__string",
-    #                       value: "__string",
-    #                     },
-    #                   ],
-    #                   target: "S3_OBJECT", # accepts S3_OBJECT
-    #                 },
-    #               },
-    #             ],
-    #           },
-    #           includes: {
-    #             and: [
-    #               {
-    #                 simple_scope_term: {
-    #                   comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                   key: "OBJECT_EXTENSION", # accepts OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, OBJECT_KEY
-    #                   values: ["__string"],
-    #                 },
-    #                 tag_scope_term: {
-    #                   comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                   key: "__string",
-    #                   tag_values: [
-    #                     {
-    #                       key: "__string",
-    #                       value: "__string",
-    #                     },
-    #                   ],
-    #                   target: "S3_OBJECT", # accepts S3_OBJECT
-    #                 },
-    #               },
-    #             ],
-    #           },
-    #         },
-    #         bucket_criteria: {
-    #           excludes: {
-    #             and: [
-    #               {
-    #                 simple_criterion: {
-    #                   comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                   key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
-    #                   values: ["__string"],
-    #                 },
-    #                 tag_criterion: {
-    #                   comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                   tag_values: [
-    #                     {
-    #                       key: "__string",
-    #                       value: "__string",
-    #                     },
-    #                   ],
-    #                 },
-    #               },
-    #             ],
-    #           },
-    #           includes: {
-    #             and: [
-    #               {
-    #                 simple_criterion: {
-    #                   comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                   key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
-    #                   values: ["__string"],
-    #                 },
-    #                 tag_criterion: {
-    #                   comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                   tag_values: [
-    #                     {
-    #                       key: "__string",
-    #                       value: "__string",
-    #                     },
-    #                   ],
-    #                 },
-    #               },
-    #             ],
-    #           },
-    #         },
-    #       }
-    #
-    # @!attribute [rw] bucket_definitions
-    #   @return [Array<Types::S3BucketDefinitionForJob>]
+    # @!attribute [rw] bucket_criteria
+    #   Specifies property- and tag-based conditions that define criteria
+    #   for including or excluding S3 buckets from a classification job.
+    #   Exclude conditions take precedence over include conditions.
+    #   @return [Types::S3BucketCriteriaForJob]
+    #
+    # @!attribute [rw] bucket_definitions
+    #   @return [Array<Types::S3BucketDefinitionForJob>]
     #
     # @!attribute [rw] scoping
     #   Specifies one or more property- and tag-based conditions that define
@@ -5183,18 +5320,12 @@ module Aws::Macie2
     #   job. Exclude conditions take precedence over include conditions.
     #   @return [Types::Scoping]
     #
-    # @!attribute [rw] bucket_criteria
-    #   Specifies property- and tag-based conditions that define criteria
-    #   for including or excluding S3 buckets from a classification job.
-    #   Exclude conditions take precedence over include conditions.
-    #   @return [Types::S3BucketCriteriaForJob]
-    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/S3JobDefinition AWS API Documentation
     #
     class S3JobDefinition < Struct.new(
+      :bucket_criteria,
       :bucket_definitions,
-      :scoping,
-      :bucket_criteria)
+      :scoping)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5223,8 +5354,9 @@ module Aws::Macie2
     #   @return [Boolean]
     #
     # @!attribute [rw] server_side_encryption
-    #   Provides information about the server-side encryption settings for
-    #   an S3 bucket or S3 object.
+    #   Provides information about the default server-side encryption
+    #   settings for an S3 bucket or the encryption settings for an S3
+    #   object.
     #   @return [Types::ServerSideEncryption]
     #
     # @!attribute [rw] size
@@ -5262,60 +5394,28 @@ module Aws::Macie2
       include Aws::Structure
     end
 
+    # Provides information about an S3 object that lists specific text to
+    # ignore.
+    #
+    # @!attribute [rw] bucket_name
+    #   @return [String]
+    #
+    # @!attribute [rw] object_key
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/S3WordsList AWS API Documentation
+    #
+    class S3WordsList < Struct.new(
+      :bucket_name,
+      :object_key)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Specifies one or more property- and tag-based conditions that define
     # criteria for including or excluding S3 objects from a classification
     # job. Exclude conditions take precedence over include conditions.
     #
-    # @note When making an API call, you may pass Scoping
-    #   data as a hash:
-    #
-    #       {
-    #         excludes: {
-    #           and: [
-    #             {
-    #               simple_scope_term: {
-    #                 comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                 key: "OBJECT_EXTENSION", # accepts OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, OBJECT_KEY
-    #                 values: ["__string"],
-    #               },
-    #               tag_scope_term: {
-    #                 comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                 key: "__string",
-    #                 tag_values: [
-    #                   {
-    #                     key: "__string",
-    #                     value: "__string",
-    #                   },
-    #                 ],
-    #                 target: "S3_OBJECT", # accepts S3_OBJECT
-    #               },
-    #             },
-    #           ],
-    #         },
-    #         includes: {
-    #           and: [
-    #             {
-    #               simple_scope_term: {
-    #                 comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                 key: "OBJECT_EXTENSION", # accepts OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, OBJECT_KEY
-    #                 values: ["__string"],
-    #               },
-    #               tag_scope_term: {
-    #                 comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                 key: "__string",
-    #                 tag_values: [
-    #                   {
-    #                     key: "__string",
-    #                     value: "__string",
-    #                   },
-    #                 ],
-    #                 target: "S3_OBJECT", # accepts S3_OBJECT
-    #               },
-    #             },
-    #           ],
-    #         },
-    #       }
-    #
     # @!attribute [rw] excludes
     #   Specifies one or more property- and tag-based conditions that define
     #   criteria for including or excluding S3 objects from a classification
@@ -5341,52 +5441,6 @@ module Aws::Macie2
     # criteria for including or excluding S3 buckets from the query results.
     # Exclude conditions take precedence over include conditions.
     #
-    # @note When making an API call, you may pass SearchResourcesBucketCriteria
-    #   data as a hash:
-    #
-    #       {
-    #         excludes: {
-    #           and: [
-    #             {
-    #               simple_criterion: {
-    #                 comparator: "EQ", # accepts EQ, NE
-    #                 key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
-    #                 values: ["__string"],
-    #               },
-    #               tag_criterion: {
-    #                 comparator: "EQ", # accepts EQ, NE
-    #                 tag_values: [
-    #                   {
-    #                     key: "__string",
-    #                     value: "__string",
-    #                   },
-    #                 ],
-    #               },
-    #             },
-    #           ],
-    #         },
-    #         includes: {
-    #           and: [
-    #             {
-    #               simple_criterion: {
-    #                 comparator: "EQ", # accepts EQ, NE
-    #                 key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
-    #                 values: ["__string"],
-    #               },
-    #               tag_criterion: {
-    #                 comparator: "EQ", # accepts EQ, NE
-    #                 tag_values: [
-    #                   {
-    #                     key: "__string",
-    #                     value: "__string",
-    #                   },
-    #                 ],
-    #               },
-    #             },
-    #           ],
-    #         },
-    #       }
-    #
     # @!attribute [rw] excludes
     #   Specifies property- and tag-based conditions that define filter
     #   criteria for including or excluding Amazon Web Services resources
@@ -5411,26 +5465,6 @@ module Aws::Macie2
     # Specifies a property- or tag-based filter condition for including or
     # excluding Amazon Web Services resources from the query results.
     #
-    # @note When making an API call, you may pass SearchResourcesCriteria
-    #   data as a hash:
-    #
-    #       {
-    #         simple_criterion: {
-    #           comparator: "EQ", # accepts EQ, NE
-    #           key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
-    #           values: ["__string"],
-    #         },
-    #         tag_criterion: {
-    #           comparator: "EQ", # accepts EQ, NE
-    #           tag_values: [
-    #             {
-    #               key: "__string",
-    #               value: "__string",
-    #             },
-    #           ],
-    #         },
-    #       }
-    #
     # @!attribute [rw] simple_criterion
     #   Specifies a property-based filter condition that determines which
     #   Amazon Web Services resources are included or excluded from the
@@ -5456,30 +5490,6 @@ module Aws::Macie2
     # criteria for including or excluding Amazon Web Services resources from
     # the query results.
     #
-    # @note When making an API call, you may pass SearchResourcesCriteriaBlock
-    #   data as a hash:
-    #
-    #       {
-    #         and: [
-    #           {
-    #             simple_criterion: {
-    #               comparator: "EQ", # accepts EQ, NE
-    #               key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
-    #               values: ["__string"],
-    #             },
-    #             tag_criterion: {
-    #               comparator: "EQ", # accepts EQ, NE
-    #               tag_values: [
-    #                 {
-    #                   key: "__string",
-    #                   value: "__string",
-    #                 },
-    #               ],
-    #             },
-    #           },
-    #         ],
-    #       }
-    #
     # @!attribute [rw] and
     #   @return [Array<Types::SearchResourcesCriteria>]
     #
@@ -5495,60 +5505,6 @@ module Aws::Macie2
     # of a query for statistical data and other information about Amazon Web
     # Services resources that Amazon Macie monitors and analyzes.
     #
-    # @note When making an API call, you may pass SearchResourcesRequest
-    #   data as a hash:
-    #
-    #       {
-    #         bucket_criteria: {
-    #           excludes: {
-    #             and: [
-    #               {
-    #                 simple_criterion: {
-    #                   comparator: "EQ", # accepts EQ, NE
-    #                   key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
-    #                   values: ["__string"],
-    #                 },
-    #                 tag_criterion: {
-    #                   comparator: "EQ", # accepts EQ, NE
-    #                   tag_values: [
-    #                     {
-    #                       key: "__string",
-    #                       value: "__string",
-    #                     },
-    #                   ],
-    #                 },
-    #               },
-    #             ],
-    #           },
-    #           includes: {
-    #             and: [
-    #               {
-    #                 simple_criterion: {
-    #                   comparator: "EQ", # accepts EQ, NE
-    #                   key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
-    #                   values: ["__string"],
-    #                 },
-    #                 tag_criterion: {
-    #                   comparator: "EQ", # accepts EQ, NE
-    #                   tag_values: [
-    #                     {
-    #                       key: "__string",
-    #                       value: "__string",
-    #                     },
-    #                   ],
-    #                 },
-    #               },
-    #             ],
-    #           },
-    #         },
-    #         max_results: 1,
-    #         next_token: "__string",
-    #         sort_criteria: {
-    #           attribute_name: "ACCOUNT_ID", # accepts ACCOUNT_ID, RESOURCE_NAME, S3_CLASSIFIABLE_OBJECT_COUNT, S3_CLASSIFIABLE_SIZE_IN_BYTES
-    #           order_by: "ASC", # accepts ASC, DESC
-    #         },
-    #       }
-    #
     # @!attribute [rw] bucket_criteria
     #   Specifies property- and tag-based conditions that define filter
     #   criteria for including or excluding S3 buckets from the query
@@ -5601,15 +5557,6 @@ module Aws::Macie2
     # Amazon Web Services resources are included or excluded from the query
     # results.
     #
-    # @note When making an API call, you may pass SearchResourcesSimpleCriterion
-    #   data as a hash:
-    #
-    #       {
-    #         comparator: "EQ", # accepts EQ, NE
-    #         key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
-    #         values: ["__string"],
-    #       }
-    #
     # @!attribute [rw] comparator
     #   The operator to use in a condition that filters the results of a
     #   query. Valid values are:
@@ -5637,14 +5584,6 @@ module Aws::Macie2
     # about Amazon Web Services resources that Amazon Macie monitors and
     # analyzes.
     #
-    # @note When making an API call, you may pass SearchResourcesSortCriteria
-    #   data as a hash:
-    #
-    #       {
-    #         attribute_name: "ACCOUNT_ID", # accepts ACCOUNT_ID, RESOURCE_NAME, S3_CLASSIFIABLE_OBJECT_COUNT, S3_CLASSIFIABLE_SIZE_IN_BYTES
-    #         order_by: "ASC", # accepts ASC, DESC
-    #       }
-    #
     # @!attribute [rw] attribute_name
     #   The property to sort the query results by. Valid values are:
     #   @return [String]
@@ -5665,19 +5604,6 @@ module Aws::Macie2
     # Web Services resources are included or excluded from the query
     # results.
     #
-    # @note When making an API call, you may pass SearchResourcesTagCriterion
-    #   data as a hash:
-    #
-    #       {
-    #         comparator: "EQ", # accepts EQ, NE
-    #         tag_values: [
-    #           {
-    #             key: "__string",
-    #             value: "__string",
-    #           },
-    #         ],
-    #       }
-    #
     # @!attribute [rw] comparator
     #   The operator to use in a condition that filters the results of a
     #   query. Valid values are:
@@ -5700,14 +5626,6 @@ module Aws::Macie2
     # values are case sensitive. Also, Amazon Macie doesn't support use of
     # partial values or wildcard characters in tag-based filter conditions.
     #
-    # @note When making an API call, you may pass SearchResourcesTagCriterionPair
-    #   data as a hash:
-    #
-    #       {
-    #         key: "__string",
-    #         value: "__string",
-    #       }
-    #
     # @!attribute [rw] key
     #   @return [String]
     #
@@ -5732,14 +5650,6 @@ module Aws::Macie2
     #
     # [1]: https://docs.aws.amazon.com/macie/latest/user/securityhub-integration.html
     #
-    # @note When making an API call, you may pass SecurityHubConfiguration
-    #   data as a hash:
-    #
-    #       {
-    #         publish_classification_findings: false, # required
-    #         publish_policy_findings: false, # required
-    #       }
-    #
     # @!attribute [rw] publish_classification_findings
     #   @return [Boolean]
     #
@@ -5785,12 +5695,114 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # Provides information about the server-side encryption settings for an
-    # S3 bucket or S3 object.
+    # Provides aggregated statistical data for sensitive data discovery
+    # metrics that apply to S3 buckets. Each field contains aggregated data
+    # for all the buckets that have a sensitivity score (sensitivityScore)
+    # of a specified value or within a specified range
+    # (BucketStatisticsBySensitivity). If automated sensitive data discovery
+    # is currently disabled for your account, the value for each field is 0.
+    #
+    # @!attribute [rw] classifiable_size_in_bytes
+    #   @return [Integer]
+    #
+    # @!attribute [rw] publicly_accessible_count
+    #   @return [Integer]
+    #
+    # @!attribute [rw] total_count
+    #   @return [Integer]
+    #
+    # @!attribute [rw] total_size_in_bytes
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/SensitivityAggregations AWS API Documentation
+    #
+    class SensitivityAggregations < Struct.new(
+      :classifiable_size_in_bytes,
+      :publicly_accessible_count,
+      :total_count,
+      :total_size_in_bytes)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies managed data identifiers to exclude (not use) when
+    # performing automated sensitive data discovery for an Amazon Macie
+    # account. For information about the managed data identifiers that
+    # Amazon Macie currently provides, see [Using managed data
+    # identifiers][1] in the *Amazon Macie User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html
+    #
+    # @!attribute [rw] managed_data_identifier_ids
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/SensitivityInspectionTemplateExcludes AWS API Documentation
+    #
+    class SensitivityInspectionTemplateExcludes < Struct.new(
+      :managed_data_identifier_ids)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies the allow lists, custom data identifiers, and managed data
+    # identifiers to include (use) when performing automated sensitive data
+    # discovery for an Amazon Macie account. The configuration must specify
+    # at least one custom data identifier or managed data identifier. For
+    # information about the managed data identifiers that Amazon Macie
+    # currently provides, see [Using managed data identifiers][1] in the
+    # *Amazon Macie User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html
+    #
+    # @!attribute [rw] allow_list_ids
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] custom_data_identifier_ids
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] managed_data_identifier_ids
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/SensitivityInspectionTemplateIncludes AWS API Documentation
+    #
+    class SensitivityInspectionTemplateIncludes < Struct.new(
+      :allow_list_ids,
+      :custom_data_identifier_ids,
+      :managed_data_identifier_ids)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides information about the sensitivity inspection template for an
+    # Amazon Macie account. Macie uses the template's settings when it
+    # performs automated sensitive data discovery for the account.
+    #
+    # @!attribute [rw] id
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/SensitivityInspectionTemplatesEntry AWS API Documentation
+    #
+    class SensitivityInspectionTemplatesEntry < Struct.new(
+      :id,
+      :name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides information about the default server-side encryption settings
+    # for an S3 bucket or the encryption settings for an S3 object.
     #
     # @!attribute [rw] encryption_type
-    #   The type of server-side encryption that's used to encrypt an S3
-    #   object or objects in an S3 bucket. Valid values are:
+    #   The server-side encryption algorithm that was used to encrypt an S3
+    #   object or is used by default to encrypt objects that are added to an
+    #   S3 bucket. Possible values are:
     #   @return [String]
     #
     # @!attribute [rw] kms_master_key_id
@@ -5932,17 +5944,9 @@ module Aws::Macie2
 
     # Specifies a severity level for findings that a custom data identifier
     # produces. A severity level determines which severity is assigned to
-    # the findings, based on the number of occurrences of text that matches
+    # the findings, based on the number of occurrences of text that match
     # the custom data identifier's detection criteria.
     #
-    # @note When making an API call, you may pass SeverityLevel
-    #   data as a hash:
-    #
-    #       {
-    #         occurrences_threshold: 1, # required
-    #         severity: "LOW", # required, accepts LOW, MEDIUM, HIGH
-    #       }
-    #
     # @!attribute [rw] occurrences_threshold
     #   @return [Integer]
     #
@@ -5963,17 +5967,9 @@ module Aws::Macie2
     # Specifies a property-based condition that determines whether an S3
     # bucket is included or excluded from a classification job.
     #
-    # @note When making an API call, you may pass SimpleCriterionForJob
-    #   data as a hash:
-    #
-    #       {
-    #         comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #         key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
-    #         values: ["__string"],
-    #       }
-    #
     # @!attribute [rw] comparator
-    #   The operator to use in a condition. Valid values are:
+    #   The operator to use in a condition. Depending on the type of
+    #   condition, possible values are:
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -5998,17 +5994,9 @@ module Aws::Macie2
     # Specifies a property-based condition that determines whether an S3
     # object is included or excluded from a classification job.
     #
-    # @note When making an API call, you may pass SimpleScopeTerm
-    #   data as a hash:
-    #
-    #       {
-    #         comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #         key: "OBJECT_EXTENSION", # accepts OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, OBJECT_KEY
-    #         values: ["__string"],
-    #       }
-    #
     # @!attribute [rw] comparator
-    #   The operator to use in a condition. Valid values are:
+    #   The operator to use in a condition. Depending on the type of
+    #   condition, possible values are:
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -6032,14 +6020,6 @@ module Aws::Macie2
 
     # Specifies criteria for sorting the results of a request for findings.
     #
-    # @note When making an API call, you may pass SortCriteria
-    #   data as a hash:
-    #
-    #       {
-    #         attribute_name: "__string",
-    #         order_by: "ASC", # accepts ASC, DESC
-    #       }
-    #
     # @!attribute [rw] attribute_name
     #   @return [String]
     #
@@ -6072,24 +6052,33 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # Specifies a tag-based condition that determines whether an S3 bucket
-    # is included or excluded from a classification job.
+    # Specifies a custom data identifier or managed data identifier that
+    # detected a type of sensitive data to start excluding or including in
+    # an S3 bucket's sensitivity score.
+    #
+    # @!attribute [rw] id
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The type of data identifier that detected a specific type of
+    #   sensitive data in an S3 bucket. Possible values are:
+    #   @return [String]
     #
-    # @note When making an API call, you may pass TagCriterionForJob
-    #   data as a hash:
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/SuppressDataIdentifier AWS API Documentation
     #
-    #       {
-    #         comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #         tag_values: [
-    #           {
-    #             key: "__string",
-    #             value: "__string",
-    #           },
-    #         ],
-    #       }
+    class SuppressDataIdentifier < Struct.new(
+      :id,
+      :type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies a tag-based condition that determines whether an S3 bucket
+    # is included or excluded from a classification job.
     #
     # @!attribute [rw] comparator
-    #   The operator to use in a condition. Valid values are:
+    #   The operator to use in a condition. Depending on the type of
+    #   condition, possible values are:
     #   @return [String]
     #
     # @!attribute [rw] tag_values
@@ -6110,14 +6099,6 @@ module Aws::Macie2
     # are case sensitive. Also, Amazon Macie doesn't support use of partial
     # values or wildcard characters in tag-based conditions.
     #
-    # @note When making an API call, you may pass TagCriterionPairForJob
-    #   data as a hash:
-    #
-    #       {
-    #         key: "__string",
-    #         value: "__string",
-    #       }
-    #
     # @!attribute [rw] key
     #   @return [String]
     #
@@ -6133,27 +6114,15 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # Specifies the tags (keys and values) to associate with a
-    # classification job, custom data identifier, findings filter, or member
-    # account.
-    #
-    # @note When making an API call, you may pass TagResourceRequest
-    #   data as a hash:
-    #
-    #       {
-    #         resource_arn: "__string", # required
-    #         tags: { # required
-    #           "__string" => "__string",
-    #         },
-    #       }
+    # Specifies the tags (keys and values) to associate with an Amazon Macie
+    # resource.
     #
     # @!attribute [rw] resource_arn
     #   @return [String]
     #
     # @!attribute [rw] tags
     #   A string-to-string map of key-value pairs that specifies the tags
-    #   (keys and values) for a classification job, custom data identifier,
-    #   findings filter, or member account.
+    #   (keys and values) for an Amazon Macie resource.
     #   @return [Hash<String,String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/TagResourceRequest AWS API Documentation
@@ -6165,7 +6134,8 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # The request succeeded. The specified tags were added to the resource.
+    # The request succeeded. The specified tags were added or updated for
+    # the resource.
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/TagResourceResponse AWS API Documentation
     #
@@ -6174,23 +6144,9 @@ module Aws::Macie2
     # Specifies a tag-based condition that determines whether an S3 object
     # is included or excluded from a classification job.
     #
-    # @note When making an API call, you may pass TagScopeTerm
-    #   data as a hash:
-    #
-    #       {
-    #         comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #         key: "__string",
-    #         tag_values: [
-    #           {
-    #             key: "__string",
-    #             value: "__string",
-    #           },
-    #         ],
-    #         target: "S3_OBJECT", # accepts S3_OBJECT
-    #       }
-    #
     # @!attribute [rw] comparator
-    #   The operator to use in a condition. Valid values are:
+    #   The operator to use in a condition. Depending on the type of
+    #   condition, possible values are:
     #   @return [String]
     #
     # @!attribute [rw] key
@@ -6221,14 +6177,6 @@ module Aws::Macie2
     # Also, Amazon Macie doesn't support use of partial values or wildcard
     # characters in tag-based conditions.
     #
-    # @note When making an API call, you may pass TagValuePair
-    #   data as a hash:
-    #
-    #       {
-    #         key: "__string",
-    #         value: "__string",
-    #       }
-    #
     # @!attribute [rw] key
     #   @return [String]
     #
@@ -6246,17 +6194,6 @@ module Aws::Macie2
 
     # Specifies the detection criteria of a custom data identifier to test.
     #
-    # @note When making an API call, you may pass TestCustomDataIdentifierRequest
-    #   data as a hash:
-    #
-    #       {
-    #         ignore_words: ["__string"],
-    #         keywords: ["__string"],
-    #         maximum_match_distance: 1,
-    #         regex: "__string", # required
-    #         sample_text: "__string", # required
-    #       }
-    #
     # @!attribute [rw] ignore_words
     #   @return [Array<String>]
     #
@@ -6311,6 +6248,20 @@ module Aws::Macie2
       include Aws::Structure
     end
 
+    # Provides information about an error that occurred due to an
+    # unprocessable entity.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UnprocessableEntityException AWS API Documentation
+    #
+    class UnprocessableEntityException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Provides information about an account-related request that hasn't
     # been processed.
     #
@@ -6334,14 +6285,6 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass UntagResourceRequest
-    #   data as a hash:
-    #
-    #       {
-    #         resource_arn: "__string", # required
-    #         tag_keys: ["__string"], # required
-    #       }
-    #
     # @!attribute [rw] resource_arn
     #   @return [String]
     #
@@ -6364,6 +6307,76 @@ module Aws::Macie2
     #
     class UntagResourceResponse < Aws::EmptyStructure; end
 
+    # Changes the settings for an allow list. If you change the list's
+    # criteria, Amazon Macie tests the new criteria when it processes your
+    # request. If the criteria specify a regular expression that Macie
+    # can't compile or an S3 object that Macie can't retrieve or parse, an
+    # error occurs.
+    #
+    # @!attribute [rw] criteria
+    #   Specifies the criteria for an allow list. The criteria must specify
+    #   a regular expression (regex) or an S3 object (s3WordsList). It
+    #   can't specify both.
+    #   @return [Types::AllowListCriteria]
+    #
+    # @!attribute [rw] description
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateAllowListRequest AWS API Documentation
+    #
+    class UpdateAllowListRequest < Struct.new(
+      :criteria,
+      :description,
+      :id,
+      :name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides information about an allow list whose settings were changed
+    # in response to a request.
+    #
+    # @!attribute [rw] arn
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateAllowListResponse AWS API Documentation
+    #
+    class UpdateAllowListResponse < Struct.new(
+      :arn,
+      :id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Enables or disables automated sensitive data discovery for an Amazon
+    # Macie account.
+    #
+    # @!attribute [rw] status
+    #   The status of the automated sensitive data discovery configuration
+    #   for an Amazon Macie account. Valid values are:
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateAutomatedDiscoveryConfigurationRequest AWS API Documentation
+    #
+    class UpdateAutomatedDiscoveryConfigurationRequest < Struct.new(
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateAutomatedDiscoveryConfigurationResponse AWS API Documentation
+    #
+    class UpdateAutomatedDiscoveryConfigurationResponse < Aws::EmptyStructure; end
+
     # Changes the status of a classification job. For more information about
     # pausing, resuming, or cancelling jobs, see [Managing sensitive data
     # discovery jobs][1] in the *Amazon Macie User Guide*.
@@ -6372,14 +6385,6 @@ module Aws::Macie2
     #
     # [1]: https://docs.aws.amazon.com/macie/latest/user/discovery-jobs-manage.html
     #
-    # @note When making an API call, you may pass UpdateClassificationJobRequest
-    #   data as a hash:
-    #
-    #       {
-    #         job_id: "__string", # required
-    #         job_status: "RUNNING", # required, accepts RUNNING, PAUSED, CANCELLED, COMPLETE, IDLE, USER_PAUSED
-    #       }
-    #
     # @!attribute [rw] job_id
     #   @return [String]
     #
@@ -6400,39 +6405,46 @@ module Aws::Macie2
     #
     class UpdateClassificationJobResponse < Aws::EmptyStructure; end
 
-    # Specifies the criteria and other settings for a findings filter.
+    # Specifies new classification scope settings for an Amazon Macie
+    # account. Macie uses these settings when it performs automated
+    # sensitive data discovery for the account. To update the settings,
+    # automated sensitive data discovery must currently be enabled for the
+    # account.
+    #
+    # @!attribute [rw] id
+    #   @return [String]
+    #
+    # @!attribute [rw] s3
+    #   Specifies changes to the list of S3 buckets that are excluded from
+    #   automated sensitive data discovery for an Amazon Macie account.
+    #   @return [Types::S3ClassificationScopeUpdate]
     #
-    # @note When making an API call, you may pass UpdateFindingsFilterRequest
-    #   data as a hash:
-    #
-    #       {
-    #         action: "ARCHIVE", # accepts ARCHIVE, NOOP
-    #         description: "__string",
-    #         finding_criteria: {
-    #           criterion: {
-    #             "__string" => {
-    #               eq: ["__string"],
-    #               eq_exact_match: ["__string"],
-    #               gt: 1,
-    #               gte: 1,
-    #               lt: 1,
-    #               lte: 1,
-    #               neq: ["__string"],
-    #             },
-    #           },
-    #         },
-    #         id: "__string", # required
-    #         name: "__string",
-    #         position: 1,
-    #         client_token: "__string",
-    #       }
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateClassificationScopeRequest AWS API Documentation
+    #
+    class UpdateClassificationScopeRequest < Struct.new(
+      :id,
+      :s3)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateClassificationScopeResponse AWS API Documentation
+    #
+    class UpdateClassificationScopeResponse < Aws::EmptyStructure; end
+
+    # Specifies the criteria and other settings for a findings filter.
     #
     # @!attribute [rw] action
-    #   The action to perform on findings that meet the filter criteria. To
-    #   suppress (automatically archive) findings that meet the criteria,
+    #   The action to perform on findings that match the filter criteria. To
+    #   suppress (automatically archive) findings that match the criteria,
     #   set this value to ARCHIVE. Valid values are:
     #   @return [String]
     #
+    # @!attribute [rw] client_token
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #   @return [String]
+    #
     # @!attribute [rw] description
     #   @return [String]
     #
@@ -6450,21 +6462,16 @@ module Aws::Macie2
     # @!attribute [rw] position
     #   @return [Integer]
     #
-    # @!attribute [rw] client_token
-    #   **A suitable default value is auto-generated.** You should normally
-    #   not need to pass this option.
-    #   @return [String]
-    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateFindingsFilterRequest AWS API Documentation
     #
     class UpdateFindingsFilterRequest < Struct.new(
       :action,
+      :client_token,
       :description,
       :finding_criteria,
       :id,
       :name,
-      :position,
-      :client_token)
+      :position)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6490,21 +6497,12 @@ module Aws::Macie2
     # Changes the status or configuration settings for an Amazon Macie
     # account.
     #
-    # @note When making an API call, you may pass UpdateMacieSessionRequest
-    #   data as a hash:
-    #
-    #       {
-    #         finding_publishing_frequency: "FIFTEEN_MINUTES", # accepts FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS
-    #         status: "PAUSED", # accepts PAUSED, ENABLED
-    #       }
-    #
     # @!attribute [rw] finding_publishing_frequency
     #   The frequency with which Amazon Macie publishes updates to policy
     #   findings for an account. This includes publishing updates to
-    #   Security Hub and Amazon EventBridge (formerly called Amazon
-    #   CloudWatch Events). For more information, see [Monitoring and
-    #   processing findings][1] in the *Amazon Macie User Guide*. Valid
-    #   values are:
+    #   Security Hub and Amazon EventBridge (formerly Amazon CloudWatch
+    #   Events). For more information, see [Monitoring and processing
+    #   findings][1] in the *Amazon Macie User Guide*. Valid values are:
     #
     #
     #
@@ -6530,14 +6528,6 @@ module Aws::Macie2
 
     # Suspends (pauses) or re-enables Amazon Macie for a member account.
     #
-    # @note When making an API call, you may pass UpdateMemberSessionRequest
-    #   data as a hash:
-    #
-    #       {
-    #         id: "__string", # required
-    #         status: "PAUSED", # required, accepts PAUSED, ENABLED
-    #       }
-    #
     # @!attribute [rw] id
     #   @return [String]
     #
@@ -6561,13 +6551,6 @@ module Aws::Macie2
     # Specifies whether to enable Amazon Macie automatically for accounts
     # that are added to an organization in Organizations.
     #
-    # @note When making an API call, you may pass UpdateOrganizationConfigurationRequest
-    #   data as a hash:
-    #
-    #       {
-    #         auto_enable: false, # required
-    #       }
-    #
     # @!attribute [rw] auto_enable
     #   @return [Boolean]
     #
@@ -6583,6 +6566,150 @@ module Aws::Macie2
     #
     class UpdateOrganizationConfigurationResponse < Aws::EmptyStructure; end
 
+    # Updates the sensitivity scoring settings for an S3 bucket that Amazon
+    # Macie monitors and analyzes for your account. The settings specify
+    # whether to exclude or include occurrences of specific types of
+    # sensitive data in calculations of the bucket's sensitivity score. You
+    # can update the settings only if automated sensitive data discovery is
+    # currently enabled for your account.
+    #
+    # @!attribute [rw] resource_arn
+    #   @return [String]
+    #
+    # @!attribute [rw] suppress_data_identifiers
+    #   @return [Array<Types::SuppressDataIdentifier>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateResourceProfileDetectionsRequest AWS API Documentation
+    #
+    class UpdateResourceProfileDetectionsRequest < Struct.new(
+      :resource_arn,
+      :suppress_data_identifiers)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateResourceProfileDetectionsResponse AWS API Documentation
+    #
+    class UpdateResourceProfileDetectionsResponse < Aws::EmptyStructure; end
+
+    # Specifies a new sensitivity score for an S3 bucket that Amazon Macie
+    # monitors and analyzes for your account. To update the score, automated
+    # sensitive data discovery must currently be enabled for your account.
+    #
+    # @!attribute [rw] resource_arn
+    #   @return [String]
+    #
+    # @!attribute [rw] sensitivity_score_override
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateResourceProfileRequest AWS API Documentation
+    #
+    class UpdateResourceProfileRequest < Struct.new(
+      :resource_arn,
+      :sensitivity_score_override)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateResourceProfileResponse AWS API Documentation
+    #
+    class UpdateResourceProfileResponse < Aws::EmptyStructure; end
+
+    # Specifies the configuration settings for retrieving occurrences of
+    # sensitive data reported by findings, and the status of the
+    # configuration for an Amazon Macie account.
+    #
+    # @!attribute [rw] configuration
+    #   Specifies the configuration settings for retrieving occurrences of
+    #   sensitive data reported by findings, and the status of the
+    #   configuration for an Amazon Macie account. When you enable the
+    #   configuration for the first time, your request must specify an Key
+    #   Management Service (KMS) key. Otherwise, an error occurs. Macie uses
+    #   the specified key to encrypt the sensitive data that you retrieve.
+    #   @return [Types::RevealConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateRevealConfigurationRequest AWS API Documentation
+    #
+    class UpdateRevealConfigurationRequest < Struct.new(
+      :configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides information about updated configuration settings for
+    # retrieving occurrences of sensitive data reported by findings, and the
+    # status of the configuration for an Amazon Macie account.
+    #
+    # @!attribute [rw] configuration
+    #   Specifies the configuration settings for retrieving occurrences of
+    #   sensitive data reported by findings, and the status of the
+    #   configuration for an Amazon Macie account. When you enable the
+    #   configuration for the first time, your request must specify an Key
+    #   Management Service (KMS) key. Otherwise, an error occurs. Macie uses
+    #   the specified key to encrypt the sensitive data that you retrieve.
+    #   @return [Types::RevealConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateRevealConfigurationResponse AWS API Documentation
+    #
+    class UpdateRevealConfigurationResponse < Struct.new(
+      :configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies settings for the sensitivity inspection template for an
+    # Amazon Macie account. Macie uses the template's settings when it
+    # performs automated sensitive data discovery for the account. To update
+    # the settings, automated sensitive data discovery must currently be
+    # enabled for the account.
+    #
+    # @!attribute [rw] description
+    #   @return [String]
+    #
+    # @!attribute [rw] excludes
+    #   Specifies managed data identifiers to exclude (not use) when
+    #   performing automated sensitive data discovery for an Amazon Macie
+    #   account. For information about the managed data identifiers that
+    #   Amazon Macie currently provides, see [Using managed data
+    #   identifiers][1] in the *Amazon Macie User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html
+    #   @return [Types::SensitivityInspectionTemplateExcludes]
+    #
+    # @!attribute [rw] id
+    #   @return [String]
+    #
+    # @!attribute [rw] includes
+    #   Specifies the allow lists, custom data identifiers, and managed data
+    #   identifiers to include (use) when performing automated sensitive
+    #   data discovery for an Amazon Macie account. The configuration must
+    #   specify at least one custom data identifier or managed data
+    #   identifier. For information about the managed data identifiers that
+    #   Amazon Macie currently provides, see [Using managed data
+    #   identifiers][1] in the *Amazon Macie User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html
+    #   @return [Types::SensitivityInspectionTemplateIncludes]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateSensitivityInspectionTemplateRequest AWS API Documentation
+    #
+    class UpdateSensitivityInspectionTemplateRequest < Struct.new(
+      :description,
+      :excludes,
+      :id,
+      :includes)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateSensitivityInspectionTemplateResponse AWS API Documentation
+    #
+    class UpdateSensitivityInspectionTemplateResponse < Aws::EmptyStructure; end
+
     # Provides data for a specific usage metric and the corresponding quota
     # for an Amazon Macie account.
     #
@@ -6619,6 +6746,9 @@ module Aws::Macie2
     # @!attribute [rw] account_id
     #   @return [String]
     #
+    # @!attribute [rw] automated_discovery_free_trial_start_date
+    #   @return [Time]
+    #
     # @!attribute [rw] free_trial_start_date
     #   @return [Time]
     #
@@ -6629,6 +6759,7 @@ module Aws::Macie2
     #
     class UsageRecord < Struct.new(
       :account_id,
+      :automated_discovery_free_trial_start_date,
       :free_trial_start_date,
       :usage)
       SENSITIVE = []
@@ -6638,15 +6769,6 @@ module Aws::Macie2
     # Specifies a condition for filtering the results of a query for quota
     # and usage data for one or more Amazon Macie accounts.
     #
-    # @note When making an API call, you may pass UsageStatisticsFilter
-    #   data as a hash:
-    #
-    #       {
-    #         comparator: "GT", # accepts GT, GTE, LT, LTE, EQ, NE, CONTAINS
-    #         key: "accountId", # accepts accountId, serviceLimit, freeTrialStartDate, total
-    #         values: ["__string"],
-    #       }
-    #
     # @!attribute [rw] comparator
     #   The operator to use in a condition that filters the results of a
     #   query for Amazon Macie account quotas and usage data. Valid values
@@ -6674,14 +6796,6 @@ module Aws::Macie2
     # Specifies criteria for sorting the results of a query for Amazon Macie
     # account quotas and usage data.
     #
-    # @note When making an API call, you may pass UsageStatisticsSortBy
-    #   data as a hash:
-    #
-    #       {
-    #         key: "accountId", # accepts accountId, total, serviceLimitValue, freeTrialStartDate
-    #         order_by: "ASC", # accepts ASC, DESC
-    #       }
-    #
     # @!attribute [rw] key
     #   The field to use to sort the results of a query for Amazon Macie
     #   account quotas and usage data. Valid values are:
@@ -6855,13 +6969,6 @@ module Aws::Macie2
     # Specifies a weekly recurrence pattern for running a classification
     # job.
     #
-    # @note When making an API call, you may pass WeeklySchedule
-    #   data as a hash:
-    #
-    #       {
-    #         day_of_week: "SUNDAY", # accepts SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY
-    #       }
-    #
     # @!attribute [rw] day_of_week
     #   @return [String]
     #