@aws-sdk/client-bedrock-agentcore-control 3.1036.0 → 3.1037.0

package/dist-types/models/enums.d.ts

@@ -34,6 +34,7 @@ export type ValidationExceptionReason = (typeof ValidationExceptionReason)[keyof
  * @enum
  */
 export declare const AgentManagedRuntimeType: {
+    readonly NODE_22: "NODE_22";
     readonly PYTHON_3_10: "PYTHON_3_10";
     readonly PYTHON_3_11: "PYTHON_3_11";
     readonly PYTHON_3_12: "PYTHON_3_12";
@@ -69,6 +70,18 @@ export declare const InboundTokenClaimValueType: {
  * @public
  */
 export type InboundTokenClaimValueType = (typeof InboundTokenClaimValueType)[keyof typeof InboundTokenClaimValueType];
+/**
+ * @public
+ * @enum
+ */
+export declare const EndpointIpAddressType: {
+    readonly IPV4: "IPV4";
+    readonly IPV6: "IPV6";
+};
+/**
+ * @public
+ */
+export type EndpointIpAddressType = (typeof EndpointIpAddressType)[keyof typeof EndpointIpAddressType];
 /**
  * @public
  * @enum
@@ -371,18 +384,6 @@ export declare const CredentialProviderType: {
  * @public
  */
 export type CredentialProviderType = (typeof CredentialProviderType)[keyof typeof CredentialProviderType];
-/**
- * @public
- * @enum
- */
-export declare const EndpointIpAddressType: {
-    readonly IPV4: "IPV4";
-    readonly IPV6: "IPV6";
-};
-/**
- * @public
- */
-export type EndpointIpAddressType = (typeof EndpointIpAddressType)[keyof typeof EndpointIpAddressType];
 /**
  * @public
  * @enum
@@ -634,6 +635,23 @@ export declare const CredentialProviderVendorType: {
  * @public
  */
 export type CredentialProviderVendorType = (typeof CredentialProviderVendorType)[keyof typeof CredentialProviderVendorType];
+/**
+ * @public
+ * @enum
+ */
+export declare const Status: {
+    readonly CREATE_FAILED: "CREATE_FAILED";
+    readonly CREATING: "CREATING";
+    readonly DELETE_FAILED: "DELETE_FAILED";
+    readonly DELETING: "DELETING";
+    readonly READY: "READY";
+    readonly UPDATE_FAILED: "UPDATE_FAILED";
+    readonly UPDATING: "UPDATING";
+};
+/**
+ * @public
+ */
+export type Status = (typeof Status)[keyof typeof Status];
 /**
  * @public
  * @enum

package/dist-types/models/models_0.d.ts

@@ -459,7 +459,7 @@ export interface CodeConfiguration {
      */
     code: Code | undefined;
     /**
-     * <p>The runtime environment for executing the code (for example, Python 3.9 or Node.js 18).</p>
+     * <p>The runtime environment for executing the agent code. Specify the programming language and version to use for the agent runtime. For valid values, see the list of supported runtimes.</p>
      * @public
      */
     runtime: AgentManagedRuntimeType | undefined;
@@ -607,6 +607,136 @@ export interface CustomClaimValidationType {
      */
     authorizingClaimMatchValue: AuthorizingClaimMatchValueType | undefined;
 }
+/**
+ * <p>Configuration for a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resource gateway and resource configuration on your behalf using a service-linked role.</p>
+ * @public
+ */
+export interface ManagedVpcResource {
+    /**
+     * <p>The ID of the VPC that contains your private resource.</p>
+     * @public
+     */
+    vpcIdentifier: string | undefined;
+    /**
+     * <p>The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.</p>
+     * @public
+     */
+    subnetIds: string[] | undefined;
+    /**
+     * <p>The IP address type for the resource configuration endpoint.</p>
+     * @public
+     */
+    endpointIpAddressType: EndpointIpAddressType | undefined;
+    /**
+     * <p>The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.</p>
+     * @public
+     */
+    securityGroupIds?: string[] | undefined;
+    /**
+     * <p>Tags to apply to the managed VPC Lattice resource gateway.</p>
+     * @public
+     */
+    tags?: Record<string, string> | undefined;
+    /**
+     * <p>An intermediate publicly resolvable domain used as the VPC Lattice resource configuration endpoint. Required when your private endpoint uses a domain that is not publicly resolvable.</p>
+     * @public
+     */
+    routingDomain?: string | undefined;
+}
+/**
+ * <p>Configuration for a self-managed VPC Lattice resource. You create and manage the VPC Lattice resource gateway and resource configuration, then provide the resource configuration identifier.</p>
+ * @public
+ */
+export type SelfManagedLatticeResource = SelfManagedLatticeResource.ResourceConfigurationIdentifierMember | SelfManagedLatticeResource.$UnknownMember;
+/**
+ * @public
+ */
+export declare namespace SelfManagedLatticeResource {
+    /**
+     * <p>The ARN or ID of the VPC Lattice resource configuration.</p>
+     * @public
+     */
+    interface ResourceConfigurationIdentifierMember {
+        resourceConfigurationIdentifier: string;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     */
+    interface $UnknownMember {
+        resourceConfigurationIdentifier?: never;
+        $unknown: [string, any];
+    }
+    /**
+     * @deprecated unused in schema-serde mode.
+     *
+     */
+    interface Visitor<T> {
+        resourceConfigurationIdentifier: (value: string) => T;
+        _: (name: string, value: any) => T;
+    }
+}
+/**
+ * <p>The private endpoint configuration for a gateway target. Defines how the gateway connects to private resources in your VPC.</p>
+ * @public
+ */
+export type PrivateEndpoint = PrivateEndpoint.ManagedVpcResourceMember | PrivateEndpoint.SelfManagedLatticeResourceMember | PrivateEndpoint.$UnknownMember;
+/**
+ * @public
+ */
+export declare namespace PrivateEndpoint {
+    /**
+     * <p>Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.</p>
+     * @public
+     */
+    interface SelfManagedLatticeResourceMember {
+        selfManagedLatticeResource: SelfManagedLatticeResource;
+        managedVpcResource?: never;
+        $unknown?: never;
+    }
+    /**
+     * <p>Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.</p>
+     * @public
+     */
+    interface ManagedVpcResourceMember {
+        selfManagedLatticeResource?: never;
+        managedVpcResource: ManagedVpcResource;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     */
+    interface $UnknownMember {
+        selfManagedLatticeResource?: never;
+        managedVpcResource?: never;
+        $unknown: [string, any];
+    }
+    /**
+     * @deprecated unused in schema-serde mode.
+     *
+     */
+    interface Visitor<T> {
+        selfManagedLatticeResource: (value: SelfManagedLatticeResource) => T;
+        managedVpcResource: (value: ManagedVpcResource) => T;
+        _: (name: string, value: any) => T;
+    }
+}
+/**
+ * <p>A mapping of a specific domain to a private endpoint for secure connectivity through a VPC Lattice resource configuration.</p>
+ * @public
+ */
+export interface PrivateEndpointOverride {
+    /**
+     * <p>The domain to override with a private endpoint.</p>
+     * @public
+     */
+    domain: string | undefined;
+    /**
+     * <p>The private endpoint configuration for the specified domain.</p>
+     * @public
+     */
+    privateEndpoint: PrivateEndpoint | undefined;
+}
 /**
  * <p>Configuration for inbound JWT-based authorization, specifying how incoming requests should be authenticated.</p>
  * @public
@@ -637,6 +767,16 @@ export interface CustomJWTAuthorizerConfiguration {
      * @public
      */
     customClaims?: CustomClaimValidationType[] | undefined;
+    /**
+     * <p>The private endpoint configuration for a gateway target. Defines how the gateway connects to private resources in your VPC.</p>
+     * @public
+     */
+    privateEndpoint?: PrivateEndpoint | undefined;
+    /**
+     * <p>A list of private endpoint overrides for the JWT authorizer. Each override maps a specific domain to a private endpoint, enabling secure connectivity through VPC Lattice resource configurations.</p>
+     * @public
+     */
+    privateEndpointOverrides?: PrivateEndpointOverride[] | undefined;
 }
 /**
  * <p>Represents inbound authorization configuration options used to authenticate incoming requests. </p>
@@ -3951,120 +4091,6 @@ export interface MetadataConfiguration {
      */
     allowedResponseHeaders?: string[] | undefined;
 }
-/**
- * <p>Configuration for a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resource gateway and resource configuration on your behalf using a service-linked role.</p>
- * @public
- */
-export interface ManagedLatticeResource {
-    /**
-     * <p>The ID of the VPC that contains your private resource.</p>
-     * @public
-     */
-    vpcIdentifier: string | undefined;
-    /**
-     * <p>The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.</p>
-     * @public
-     */
-    subnetIds: string[] | undefined;
-    /**
-     * <p>The IP address type for the resource configuration endpoint.</p>
-     * @public
-     */
-    endpointIpAddressType: EndpointIpAddressType | undefined;
-    /**
-     * <p>The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.</p>
-     * @public
-     */
-    securityGroupIds?: string[] | undefined;
-    /**
-     * <p>Tags to apply to the managed VPC Lattice resource gateway.</p>
-     * @public
-     */
-    tags?: Record<string, string> | undefined;
-    /**
-     * <p>An intermediate publicly resolvable domain used as the VPC Lattice resource configuration endpoint. Required when your private endpoint uses a domain that is not publicly resolvable.</p>
-     * @public
-     */
-    routingDomain?: string | undefined;
-}
-/**
- * <p>Configuration for a self-managed VPC Lattice resource. You create and manage the VPC Lattice resource gateway and resource configuration, then provide the resource configuration identifier.</p>
- * @public
- */
-export type SelfManagedLatticeResource = SelfManagedLatticeResource.ResourceConfigurationIdentifierMember | SelfManagedLatticeResource.$UnknownMember;
-/**
- * @public
- */
-export declare namespace SelfManagedLatticeResource {
-    /**
-     * <p>The ARN or ID of the VPC Lattice resource configuration.</p>
-     * @public
-     */
-    interface ResourceConfigurationIdentifierMember {
-        resourceConfigurationIdentifier: string;
-        $unknown?: never;
-    }
-    /**
-     * @public
-     */
-    interface $UnknownMember {
-        resourceConfigurationIdentifier?: never;
-        $unknown: [string, any];
-    }
-    /**
-     * @deprecated unused in schema-serde mode.
-     *
-     */
-    interface Visitor<T> {
-        resourceConfigurationIdentifier: (value: string) => T;
-        _: (name: string, value: any) => T;
-    }
-}
-/**
- * <p>The private endpoint configuration for a gateway target. Defines how the gateway connects to private resources in your VPC.</p>
- * @public
- */
-export type PrivateEndpoint = PrivateEndpoint.ManagedLatticeResourceMember | PrivateEndpoint.SelfManagedLatticeResourceMember | PrivateEndpoint.$UnknownMember;
-/**
- * @public
- */
-export declare namespace PrivateEndpoint {
-    /**
-     * <p>Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.</p>
-     * @public
-     */
-    interface SelfManagedLatticeResourceMember {
-        selfManagedLatticeResource: SelfManagedLatticeResource;
-        managedLatticeResource?: never;
-        $unknown?: never;
-    }
-    /**
-     * <p>Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.</p>
-     * @public
-     */
-    interface ManagedLatticeResourceMember {
-        selfManagedLatticeResource?: never;
-        managedLatticeResource: ManagedLatticeResource;
-        $unknown?: never;
-    }
-    /**
-     * @public
-     */
-    interface $UnknownMember {
-        selfManagedLatticeResource?: never;
-        managedLatticeResource?: never;
-        $unknown: [string, any];
-    }
-    /**
-     * @deprecated unused in schema-serde mode.
-     *
-     */
-    interface Visitor<T> {
-        selfManagedLatticeResource: (value: SelfManagedLatticeResource) => T;
-        managedLatticeResource: (value: ManagedLatticeResource) => T;
-        _: (name: string, value: any) => T;
-    }
-}
 /**
  * <p>Specifies which operations from an API Gateway REST API are exposed as tools. Tool names and descriptions are derived from the operationId and description fields in the API's exported OpenAPI specification.</p>
  * @public
@@ -8070,6 +8096,16 @@ export interface CustomOauth2ProviderConfigInput {
      * @public
      */
     clientSecret: string | undefined;
+    /**
+     * <p>The default private endpoint for the custom OAuth2 provider, enabling secure connectivity through a VPC Lattice resource configuration.</p>
+     * @public
+     */
+    privateEndpoint?: PrivateEndpoint | undefined;
+    /**
+     * <p>The list of private endpoint overrides for the custom OAuth2 provider. Each override maps a specific domain to a private endpoint, enabling secure connectivity through VPC Lattice resource configurations.</p>
+     * @public
+     */
+    privateEndpointOverrides?: PrivateEndpointOverride[] | undefined;
 }
 /**
  * <p>Input configuration for a GitHub OAuth2 provider.</p>
@@ -8150,24 +8186,3 @@ export interface LinkedinOauth2ProviderConfigInput {
      */
     clientSecret: string | undefined;
 }
-/**
- * <p>Input configuration for a Microsoft OAuth2 provider.</p>
- * @public
- */
-export interface MicrosoftOauth2ProviderConfigInput {
-    /**
-     * <p>The client ID for the Microsoft OAuth2 provider.</p>
-     * @public
-     */
-    clientId: string | undefined;
-    /**
-     * <p>The client secret for the Microsoft OAuth2 provider.</p>
-     * @public
-     */
-    clientSecret: string | undefined;
-    /**
-     * <p>The Microsoft Entra ID (formerly Azure AD) tenant ID for your organization. This identifies the specific tenant within Microsoft's identity platform where your application is registered.</p>
-     * @public
-     */
-    tenantId?: string | undefined;
-}

package/dist-types/models/models_1.d.ts

@@ -1,5 +1,26 @@
-import type { CredentialProviderVendorType, DescriptorType, FilterOperator, FindingType, OnlineEvaluationConfigStatus, OnlineEvaluationExecutionStatus, PolicyEngineStatus, PolicyGenerationStatus, PolicyStatus, PolicyValidationMode, RegistryAuthorizerType, RegistryRecordCredentialProviderType, RegistryRecordOAuthGrantType, RegistryRecordStatus, RegistryStatus, SchemaType, SynchronizationType, TargetStatus } from "./enums";
-import type { A2aDescriptor, AgentSkillsDescriptor, ApiGatewayTargetConfiguration, ApiSchemaConfiguration, AtlassianOauth2ProviderConfigInput, AuthorizationData, AuthorizerConfiguration, CredentialProviderConfiguration, CustomOauth2ProviderConfigInput, GithubOauth2ProviderConfigInput, GoogleOauth2ProviderConfigInput, IncludedOauth2ProviderConfigInput, KmsConfiguration, LinkedinOauth2ProviderConfigInput, ManagedResourceDetails, McpServerTargetConfiguration, MetadataConfiguration, MicrosoftOauth2ProviderConfigInput, Oauth2Discovery, PrivateEndpoint, S3Configuration, Secret, SkillDefinition, SkillMdDefinition, UpdatedAuthorizerConfiguration } from "./models_0";
+import type { CredentialProviderVendorType, DescriptorType, FilterOperator, FindingType, OnlineEvaluationConfigStatus, OnlineEvaluationExecutionStatus, PolicyEngineStatus, PolicyGenerationStatus, PolicyStatus, PolicyValidationMode, RegistryAuthorizerType, RegistryRecordCredentialProviderType, RegistryRecordOAuthGrantType, RegistryRecordStatus, RegistryStatus, SchemaType, Status, SynchronizationType, TargetStatus } from "./enums";
+import type { A2aDescriptor, AgentSkillsDescriptor, ApiGatewayTargetConfiguration, ApiSchemaConfiguration, AtlassianOauth2ProviderConfigInput, AuthorizationData, AuthorizerConfiguration, CredentialProviderConfiguration, CustomOauth2ProviderConfigInput, GithubOauth2ProviderConfigInput, GoogleOauth2ProviderConfigInput, IncludedOauth2ProviderConfigInput, KmsConfiguration, LinkedinOauth2ProviderConfigInput, ManagedResourceDetails, McpServerTargetConfiguration, MetadataConfiguration, Oauth2Discovery, PrivateEndpoint, PrivateEndpointOverride, S3Configuration, Secret, SkillDefinition, SkillMdDefinition, UpdatedAuthorizerConfiguration } from "./models_0";
+/**
+ * <p>Input configuration for a Microsoft OAuth2 provider.</p>
+ * @public
+ */
+export interface MicrosoftOauth2ProviderConfigInput {
+    /**
+     * <p>The client ID for the Microsoft OAuth2 provider.</p>
+     * @public
+     */
+    clientId: string | undefined;
+    /**
+     * <p>The client secret for the Microsoft OAuth2 provider.</p>
+     * @public
+     */
+    clientSecret: string | undefined;
+    /**
+     * <p>The Microsoft Entra ID (formerly Azure AD) tenant ID for your organization. This identifies the specific tenant within Microsoft's identity platform where your application is registered.</p>
+     * @public
+     */
+    tenantId?: string | undefined;
+}
 /**
  * <p>Input configuration for a Salesforce OAuth2 provider.</p>
  * @public
@@ -273,6 +294,16 @@ export interface CustomOauth2ProviderConfigOutput {
      * @public
      */
     clientId?: string | undefined;
+    /**
+     * <p>The default private endpoint for the custom OAuth2 provider, enabling secure connectivity through a VPC Lattice resource configuration.</p>
+     * @public
+     */
+    privateEndpoint?: PrivateEndpoint | undefined;
+    /**
+     * <p>The list of private endpoint overrides for the custom OAuth2 provider. Each override maps a specific domain to a private endpoint, enabling secure connectivity through VPC Lattice resource configurations.</p>
+     * @public
+     */
+    privateEndpointOverrides?: PrivateEndpointOverride[] | undefined;
 }
 /**
  * <p>Output configuration for a GitHub OAuth2 provider.</p>
@@ -600,6 +631,11 @@ export interface CreateOauth2CredentialProviderResponse {
      * @public
      */
     oauth2ProviderConfigOutput?: Oauth2ProviderConfigOutput | undefined;
+    /**
+     * <p>The current status of the OAuth2 credential provider.</p>
+     * @public
+     */
+    status?: Status | undefined;
 }
 /**
  * @public
@@ -670,6 +706,16 @@ export interface GetOauth2CredentialProviderResponse {
      * @public
      */
     lastUpdatedTime: Date | undefined;
+    /**
+     * <p>The current status of the OAuth2 credential provider.</p>
+     * @public
+     */
+    status?: Status | undefined;
+    /**
+     * <p>The reason for the failure if the OAuth2 credential provider is in a failed state.</p>
+     * @public
+     */
+    failureReason?: string | undefined;
 }
 /**
  * @public
@@ -796,6 +842,11 @@ export interface UpdateOauth2CredentialProviderResponse {
      * @public
      */
     lastUpdatedTime: Date | undefined;
+    /**
+     * <p>The current status of the OAuth2 credential provider.</p>
+     * @public
+     */
+    status?: Status | undefined;
 }
 /**
  * <p> The configuration for reading agent traces from CloudWatch logs as input for online evaluation. </p>

package/dist-types/schemas/schemas_0.d.ts

@@ -277,8 +277,8 @@ export declare var ListTagsForResourceResponse$: StaticStructureSchema;
 export declare var ListWorkloadIdentitiesRequest$: StaticStructureSchema;
 export declare var ListWorkloadIdentitiesResponse$: StaticStructureSchema;
 export declare var LlmAsAJudgeEvaluatorConfig$: StaticStructureSchema;
-export declare var ManagedLatticeResource$: StaticStructureSchema;
 export declare var ManagedResourceDetails$: StaticStructureSchema;
+export declare var ManagedVpcResource$: StaticStructureSchema;
 export declare var McpDescriptor$: StaticStructureSchema;
 export declare var MCPGatewayConfiguration$: StaticStructureSchema;
 export declare var McpLambdaTargetConfiguration$: StaticStructureSchema;
@@ -309,6 +309,7 @@ export declare var PolicyEngine$: StaticStructureSchema;
 export declare var PolicyGeneration$: StaticStructureSchema;
 export declare var PolicyGenerationAsset$: StaticStructureSchema;
 export declare var PolicyGenerationDetails$: StaticStructureSchema;
+export declare var PrivateEndpointOverride$: StaticStructureSchema;
 export declare var ProtocolConfiguration$: StaticStructureSchema;
 export declare var PutResourcePolicyRequest$: StaticStructureSchema;
 export declare var PutResourcePolicyResponse$: StaticStructureSchema;

package/dist-types/ts3.4/models/enums.d.ts

@@ -18,6 +18,7 @@ export declare const ValidationExceptionReason: {
 export type ValidationExceptionReason =
   (typeof ValidationExceptionReason)[keyof typeof ValidationExceptionReason];
 export declare const AgentManagedRuntimeType: {
+  readonly NODE_22: "NODE_22";
   readonly PYTHON_3_10: "PYTHON_3_10";
   readonly PYTHON_3_11: "PYTHON_3_11";
   readonly PYTHON_3_12: "PYTHON_3_12";
@@ -39,6 +40,12 @@ export declare const InboundTokenClaimValueType: {
 };
 export type InboundTokenClaimValueType =
   (typeof InboundTokenClaimValueType)[keyof typeof InboundTokenClaimValueType];
+export declare const EndpointIpAddressType: {
+  readonly IPV4: "IPV4";
+  readonly IPV6: "IPV6";
+};
+export type EndpointIpAddressType =
+  (typeof EndpointIpAddressType)[keyof typeof EndpointIpAddressType];
 export declare const NetworkMode: {
   readonly PUBLIC: "PUBLIC";
   readonly VPC: "VPC";
@@ -197,12 +204,6 @@ export declare const CredentialProviderType: {
 };
 export type CredentialProviderType =
   (typeof CredentialProviderType)[keyof typeof CredentialProviderType];
-export declare const EndpointIpAddressType: {
-  readonly IPV4: "IPV4";
-  readonly IPV6: "IPV6";
-};
-export type EndpointIpAddressType =
-  (typeof EndpointIpAddressType)[keyof typeof EndpointIpAddressType];
 export declare const RestApiMethod: {
   readonly DELETE: "DELETE";
   readonly GET: "GET";
@@ -347,6 +348,16 @@ export declare const CredentialProviderVendorType: {
 };
 export type CredentialProviderVendorType =
   (typeof CredentialProviderVendorType)[keyof typeof CredentialProviderVendorType];
+export declare const Status: {
+  readonly CREATE_FAILED: "CREATE_FAILED";
+  readonly CREATING: "CREATING";
+  readonly DELETE_FAILED: "DELETE_FAILED";
+  readonly DELETING: "DELETING";
+  readonly READY: "READY";
+  readonly UPDATE_FAILED: "UPDATE_FAILED";
+  readonly UPDATING: "UPDATING";
+};
+export type Status = (typeof Status)[keyof typeof Status];
 export declare const FilterOperator: {
   readonly CONTAINS: "Contains";
   readonly EQUALS: "Equals";

package/dist-types/ts3.4/models/models_0.d.ts

@@ -224,12 +224,69 @@ export interface CustomClaimValidationType {
   inboundTokenClaimValueType: InboundTokenClaimValueType | undefined;
   authorizingClaimMatchValue: AuthorizingClaimMatchValueType | undefined;
 }
+export interface ManagedVpcResource {
+  vpcIdentifier: string | undefined;
+  subnetIds: string[] | undefined;
+  endpointIpAddressType: EndpointIpAddressType | undefined;
+  securityGroupIds?: string[] | undefined;
+  tags?: Record<string, string> | undefined;
+  routingDomain?: string | undefined;
+}
+export type SelfManagedLatticeResource =
+  | SelfManagedLatticeResource.ResourceConfigurationIdentifierMember
+  | SelfManagedLatticeResource.$UnknownMember;
+export declare namespace SelfManagedLatticeResource {
+  interface ResourceConfigurationIdentifierMember {
+    resourceConfigurationIdentifier: string;
+    $unknown?: never;
+  }
+  interface $UnknownMember {
+    resourceConfigurationIdentifier?: never;
+    $unknown: [string, any];
+  }
+  interface Visitor<T> {
+    resourceConfigurationIdentifier: (value: string) => T;
+    _: (name: string, value: any) => T;
+  }
+}
+export type PrivateEndpoint =
+  | PrivateEndpoint.ManagedVpcResourceMember
+  | PrivateEndpoint.SelfManagedLatticeResourceMember
+  | PrivateEndpoint.$UnknownMember;
+export declare namespace PrivateEndpoint {
+  interface SelfManagedLatticeResourceMember {
+    selfManagedLatticeResource: SelfManagedLatticeResource;
+    managedVpcResource?: never;
+    $unknown?: never;
+  }
+  interface ManagedVpcResourceMember {
+    selfManagedLatticeResource?: never;
+    managedVpcResource: ManagedVpcResource;
+    $unknown?: never;
+  }
+  interface $UnknownMember {
+    selfManagedLatticeResource?: never;
+    managedVpcResource?: never;
+    $unknown: [string, any];
+  }
+  interface Visitor<T> {
+    selfManagedLatticeResource: (value: SelfManagedLatticeResource) => T;
+    managedVpcResource: (value: ManagedVpcResource) => T;
+    _: (name: string, value: any) => T;
+  }
+}
+export interface PrivateEndpointOverride {
+  domain: string | undefined;
+  privateEndpoint: PrivateEndpoint | undefined;
+}
 export interface CustomJWTAuthorizerConfiguration {
   discoveryUrl: string | undefined;
   allowedAudience?: string[] | undefined;
   allowedClients?: string[] | undefined;
   allowedScopes?: string[] | undefined;
   customClaims?: CustomClaimValidationType[] | undefined;
+  privateEndpoint?: PrivateEndpoint | undefined;
+  privateEndpointOverrides?: PrivateEndpointOverride[] | undefined;
 }
 export type AuthorizerConfiguration =
   | AuthorizerConfiguration.CustomJWTAuthorizerMember
@@ -1146,57 +1203,6 @@ export interface MetadataConfiguration {
   allowedQueryParameters?: string[] | undefined;
   allowedResponseHeaders?: string[] | undefined;
 }
-export interface ManagedLatticeResource {
-  vpcIdentifier: string | undefined;
-  subnetIds: string[] | undefined;
-  endpointIpAddressType: EndpointIpAddressType | undefined;
-  securityGroupIds?: string[] | undefined;
-  tags?: Record<string, string> | undefined;
-  routingDomain?: string | undefined;
-}
-export type SelfManagedLatticeResource =
-  | SelfManagedLatticeResource.ResourceConfigurationIdentifierMember
-  | SelfManagedLatticeResource.$UnknownMember;
-export declare namespace SelfManagedLatticeResource {
-  interface ResourceConfigurationIdentifierMember {
-    resourceConfigurationIdentifier: string;
-    $unknown?: never;
-  }
-  interface $UnknownMember {
-    resourceConfigurationIdentifier?: never;
-    $unknown: [string, any];
-  }
-  interface Visitor<T> {
-    resourceConfigurationIdentifier: (value: string) => T;
-    _: (name: string, value: any) => T;
-  }
-}
-export type PrivateEndpoint =
-  | PrivateEndpoint.ManagedLatticeResourceMember
-  | PrivateEndpoint.SelfManagedLatticeResourceMember
-  | PrivateEndpoint.$UnknownMember;
-export declare namespace PrivateEndpoint {
-  interface SelfManagedLatticeResourceMember {
-    selfManagedLatticeResource: SelfManagedLatticeResource;
-    managedLatticeResource?: never;
-    $unknown?: never;
-  }
-  interface ManagedLatticeResourceMember {
-    selfManagedLatticeResource?: never;
-    managedLatticeResource: ManagedLatticeResource;
-    $unknown?: never;
-  }
-  interface $UnknownMember {
-    selfManagedLatticeResource?: never;
-    managedLatticeResource?: never;
-    $unknown: [string, any];
-  }
-  interface Visitor<T> {
-    selfManagedLatticeResource: (value: SelfManagedLatticeResource) => T;
-    managedLatticeResource: (value: ManagedLatticeResource) => T;
-    _: (name: string, value: any) => T;
-  }
-}
 export interface ApiGatewayToolFilter {
   filterPath: string | undefined;
   methods: RestApiMethod[] | undefined;
@@ -2750,6 +2756,8 @@ export interface CustomOauth2ProviderConfigInput {
   oauthDiscovery: Oauth2Discovery | undefined;
   clientId: string | undefined;
   clientSecret: string | undefined;
+  privateEndpoint?: PrivateEndpoint | undefined;
+  privateEndpointOverrides?: PrivateEndpointOverride[] | undefined;
 }
 export interface GithubOauth2ProviderConfigInput {
   clientId: string | undefined;
@@ -2770,8 +2778,3 @@ export interface LinkedinOauth2ProviderConfigInput {
   clientId: string | undefined;
   clientSecret: string | undefined;
 }
-export interface MicrosoftOauth2ProviderConfigInput {
-  clientId: string | undefined;
-  clientSecret: string | undefined;
-  tenantId?: string | undefined;
-}