npm - @aws-sdk/client-kms - Versions diffs - 3.686.0 → 3.691.0 - Mend

@aws-sdk/client-kms 3.686.0 → 3.691.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist-types/models/models_0.d.ts +291 -291
package/dist-types/ts3.4/models/models_0.d.ts +295 -291
package/package.json +7 -7

package/dist-types/models/models_0.d.ts CHANGED Viewed

@@ -25,29 +25,29 @@ export interface AliasListEntry {
      * <p>String that contains the alias. This value begins with <code>alias/</code>.</p>
      * @public
      */
-    AliasName?: string;
+    AliasName?: string | undefined;
     /**
      * <p>String that contains the key ARN.</p>
      * @public
      */
-    AliasArn?: string;
+    AliasArn?: string | undefined;
     /**
      * <p>String that contains the key identifier of the KMS key associated with the alias.</p>
      * @public
      */
-    TargetKeyId?: string;
+    TargetKeyId?: string | undefined;
     /**
      * <p>Date and time that the alias was most recently created in the account and Region.
      *       Formatted as Unix time.</p>
      * @public
      */
-    CreationDate?: Date;
+    CreationDate?: Date | undefined;
     /**
      * <p>Date and time that the alias was most recently associated with a KMS key in the account
      *       and Region. Formatted as Unix time.</p>
      * @public
      */
-    LastUpdatedDate?: Date;
+    LastUpdatedDate?: Date | undefined;
 }
 /**
  * <p>The request was rejected because it attempted to create a resource that already
@@ -93,7 +93,7 @@ export interface CancelKeyDeletionResponse {
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the KMS key whose deletion is canceled.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
 }
 /**
  * <p>The system timed out while trying to fulfill the request. You can retry the
@@ -546,7 +546,7 @@ export interface CreateCustomKeyStoreRequest {
      *       custom key store. To find the cluster ID, use the <a href="https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html">DescribeClusters</a> operation.</p>
      * @public
      */
-    CloudHsmClusterId?: string;
+    CloudHsmClusterId?: string | undefined;
     /**
      * <p>Specifies the certificate for an CloudHSM key store. This parameter is required for custom
      *       key stores with a <code>CustomKeyStoreType</code> of <code>AWS_CLOUDHSM</code>.</p>
@@ -555,7 +555,7 @@ export interface CreateCustomKeyStoreRequest {
      *         cluster</a>.</p>
      * @public
      */
-    TrustAnchorCertificate?: string;
+    TrustAnchorCertificate?: string | undefined;
     /**
      * <p>Specifies the <code>kmsuser</code> password for an CloudHSM key store. This parameter is
      *       required for custom key stores with a <code>CustomKeyStoreType</code> of
@@ -569,7 +569,7 @@ export interface CreateCustomKeyStoreRequest {
      *       the password in the CloudHSM cluster.</p>
      * @public
      */
-    KeyStorePassword?: string;
+    KeyStorePassword?: string | undefined;
     /**
      * <p>Specifies the type of custom key store. The default value is
      *       <code>AWS_CLOUDHSM</code>.</p>
@@ -579,7 +579,7 @@ export interface CreateCustomKeyStoreRequest {
      *       store is created.</p>
      * @public
      */
-    CustomKeyStoreType?: CustomKeyStoreType;
+    CustomKeyStoreType?: CustomKeyStoreType | undefined;
     /**
      * <p>Specifies the endpoint that KMS uses to send requests to the external key store proxy
      *       (XKS proxy). This parameter is required for custom key stores with a
@@ -619,7 +619,7 @@ export interface CreateCustomKeyStoreRequest {
      *          </ul>
      * @public
      */
-    XksProxyUriEndpoint?: string;
+    XksProxyUriEndpoint?: string | undefined;
     /**
      * <p>Specifies the base path to the proxy APIs for this external key store. To find this value,
      *       see the documentation for your external key store proxy. This parameter is required for all
@@ -640,7 +640,7 @@ export interface CreateCustomKeyStoreRequest {
      *          </ul>
      * @public
      */
-    XksProxyUriPath?: string;
+    XksProxyUriPath?: string | undefined;
     /**
      * <p>Specifies the name of the Amazon VPC endpoint service for interface endpoints that is used to
      *       communicate with your external key store proxy (XKS proxy). This parameter is required when
@@ -660,7 +660,7 @@ export interface CreateCustomKeyStoreRequest {
      *          </ul>
      * @public
      */
-    XksProxyVpcEndpointServiceName?: string;
+    XksProxyVpcEndpointServiceName?: string | undefined;
     /**
      * <p>Specifies an authentication credential for the external key store proxy (XKS proxy). This
      *       parameter is required for all custom key stores with a <code>CustomKeyStoreType</code> of
@@ -676,7 +676,7 @@ export interface CreateCustomKeyStoreRequest {
      *       operation to provide the new credential to KMS.</p>
      * @public
      */
-    XksProxyAuthenticationCredential?: XksProxyAuthenticationCredentialType;
+    XksProxyAuthenticationCredential?: XksProxyAuthenticationCredentialType | undefined;
     /**
      * <p>Indicates how KMS communicates with the external key store proxy. This parameter is
      *       required for custom key stores with a <code>CustomKeyStoreType</code> of
@@ -696,7 +696,7 @@ export interface CreateCustomKeyStoreRequest {
      *       your corporate data center.</p>
      * @public
      */
-    XksProxyConnectivity?: XksProxyConnectivityType;
+    XksProxyConnectivity?: XksProxyConnectivityType | undefined;
 }
 /**
  * @public
@@ -706,7 +706,7 @@ export interface CreateCustomKeyStoreResponse {
      * <p>A unique identifier for the new custom key store.</p>
      * @public
      */
-    CustomKeyStoreId?: string;
+    CustomKeyStoreId?: string | undefined;
 }
 /**
  * <p>The request was rejected because the specified custom key store name is already assigned
@@ -901,14 +901,14 @@ export interface GrantConstraints {
      *       can include additional key-value pairs.</p>
      * @public
      */
-    EncryptionContextSubset?: Record<string, string>;
+    EncryptionContextSubset?: Record<string, string> | undefined;
     /**
      * <p>A list of key-value pairs that must match the encryption context in the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operation</a>
      *       request. The grant allows the operation only when the encryption context in the request is the
      *       same as the encryption context specified in this constraint.</p>
      * @public
      */
-    EncryptionContextEquals?: Record<string, string>;
+    EncryptionContextEquals?: Record<string, string> | undefined;
 }
 /**
  * @public
@@ -987,7 +987,7 @@ export interface CreateGrantRequest {
      *         revoking grants</a> in the <i>Key Management Service Developer Guide</i>. </p>
      * @public
      */
-    RetiringPrincipal?: string;
+    RetiringPrincipal?: string | undefined;
     /**
      * <p>A list of operations that the grant permits. </p>
      *          <p>This list must include only operations that are permitted in a grant. Also, the operation
@@ -1028,14 +1028,14 @@ export interface CreateGrantRequest {
      *             </i>. </p>
      * @public
      */
-    Constraints?: GrantConstraints;
+    Constraints?: GrantConstraints | undefined;
     /**
      * <p>A list of grant tokens. </p>
      *          <p>Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved <i>eventual consistency</i>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant token</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token">Using a grant token</a> in the
      *     <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    GrantTokens?: string[];
+    GrantTokens?: string[] | undefined;
     /**
      * <p>A friendly name for the grant. Use this value to prevent the unintended creation of
      *       duplicate grants when retrying this request.</p>
@@ -1052,13 +1052,13 @@ export interface CreateGrantRequest {
      *       All grant tokens for the same grant ID can be used interchangeably.</p>
      * @public
      */
-    Name?: string;
+    Name?: string | undefined;
     /**
      * <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter. </p>
      *          <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    DryRun?: boolean;
+    DryRun?: boolean | undefined;
 }
 /**
  * @public
@@ -1070,13 +1070,13 @@ export interface CreateGrantResponse {
      *     <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    GrantToken?: string;
+    GrantToken?: string | undefined;
     /**
      * <p>The unique identifier for the grant.</p>
      *          <p>You can use the <code>GrantId</code> in a <a>ListGrants</a>, <a>RetireGrant</a>, or <a>RevokeGrant</a> operation.</p>
      * @public
      */
-    GrantId?: string;
+    GrantId?: string | undefined;
 }
 /**
  * <p>The request was rejected because the specified KMS key is not enabled.</p>
@@ -1242,7 +1242,7 @@ export interface CreateKeyRequest {
      *             </i>.</p>
      * @public
      */
-    Policy?: string;
+    Policy?: string | undefined;
     /**
      * <p>A description of the KMS key. Use a description that helps you decide whether the KMS key
      *       is appropriate for a task. The default value is an empty string (no description).</p>
@@ -1252,7 +1252,7 @@ export interface CreateKeyRequest {
      *          <p>To set or change the description after the key is created, use <a>UpdateKeyDescription</a>.</p>
      * @public
      */
-    Description?: string;
+    Description?: string | undefined;
     /**
      * <p>Determines the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operations</a> for which you can use the KMS key. The default value is
      *         <code>ENCRYPT_DECRYPT</code>. This parameter is optional when you are creating a symmetric
@@ -1286,7 +1286,7 @@ export interface CreateKeyRequest {
      *          </ul>
      * @public
      */
-    KeyUsage?: KeyUsageType;
+    KeyUsage?: KeyUsageType | undefined;
     /**
      * @deprecated
      *
@@ -1296,7 +1296,7 @@ export interface CreateKeyRequest {
      *       code. However, to avoid breaking changes, KMS supports both parameters.</p>
      * @public
      */
-    CustomerMasterKeySpec?: CustomerMasterKeySpec;
+    CustomerMasterKeySpec?: CustomerMasterKeySpec | undefined;
     /**
      * <p>Specifies the type of KMS key to create. The default value,
      *       <code>SYMMETRIC_DEFAULT</code>, creates a KMS key with a 256-bit AES-GCM key that is used for
@@ -1413,7 +1413,7 @@ export interface CreateKeyRequest {
      *          </ul>
      * @public
      */
-    KeySpec?: KeySpec;
+    KeySpec?: KeySpec | undefined;
     /**
      * <p>The source of the key material for the KMS key. You cannot change the origin after you
      *       create the KMS key. The default is <code>AWS_KMS</code>, which means that KMS creates the
@@ -1436,7 +1436,7 @@ export interface CreateKeyRequest {
      *         <code>KeySpec</code> value must be <code>SYMMETRIC_DEFAULT</code>.</p>
      * @public
      */
-    Origin?: OriginType;
+    Origin?: OriginType | undefined;
     /**
      * <p>Creates the KMS key in the specified <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>. The <code>ConnectionState</code> of
      *       the custom key store must be <code>CONNECTED</code>. To find the CustomKeyStoreID and
@@ -1449,7 +1449,7 @@ export interface CreateKeyRequest {
      *       specify an external key that serves as key material for the KMS key.</p>
      * @public
      */
-    CustomKeyStoreId?: string;
+    CustomKeyStoreId?: string | undefined;
     /**
      * <p>Skips ("bypasses") the key policy lockout safety check. The default value is false.</p>
      *          <important>
@@ -1462,7 +1462,7 @@ export interface CreateKeyRequest {
      *       request on the KMS key.</p>
      * @public
      */
-    BypassPolicyLockoutSafetyCheck?: boolean;
+    BypassPolicyLockoutSafetyCheck?: boolean | undefined;
     /**
      * <p>Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is
      *       created. To tag an existing KMS key, use the <a>TagResource</a> operation.</p>
@@ -1482,7 +1482,7 @@ export interface CreateKeyRequest {
      *               see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">Tagging Keys</a>.</p>
      * @public
      */
-    Tags?: Tag[];
+    Tags?: Tag[] | undefined;
     /**
      * <p>Creates a multi-Region primary key that you can replicate into other Amazon Web Services Regions. You
      *       cannot change this value after you create the KMS key. </p>
@@ -1500,7 +1500,7 @@ export interface CreateKeyRequest {
      *       a custom key store.</p>
      * @public
      */
-    MultiRegion?: boolean;
+    MultiRegion?: boolean | undefined;
     /**
      * <p>Identifies the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key">external key</a> that
      *       serves as key material for the KMS key in an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html">external key store</a>. Specify the ID that
@@ -1524,7 +1524,7 @@ export interface CreateKeyRequest {
      *         encryption</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    XksKeyId?: string;
+    XksKeyId?: string | undefined;
 }
 /**
  * @public
@@ -1628,12 +1628,12 @@ export interface MultiRegionKey {
      * <p>Displays the key ARN of a primary or replica key of a multi-Region key.</p>
      * @public
      */
-    Arn?: string;
+    Arn?: string | undefined;
     /**
      * <p>Displays the Amazon Web Services Region of a primary or replica key in a multi-Region key.</p>
      * @public
      */
-    Region?: string;
+    Region?: string | undefined;
 }
 /**
  * <p>Describes the configuration of this multi-Region key. This field appears only when the KMS
@@ -1648,19 +1648,19 @@ export interface MultiRegionConfiguration {
      *       key.</p>
      * @public
      */
-    MultiRegionKeyType?: MultiRegionKeyType;
+    MultiRegionKeyType?: MultiRegionKeyType | undefined;
     /**
      * <p>Displays the key ARN and Region of the primary key. This field includes the current KMS
      *       key if it is the primary key.</p>
      * @public
      */
-    PrimaryKey?: MultiRegionKey;
+    PrimaryKey?: MultiRegionKey | undefined;
     /**
      * <p>displays the key ARNs and Regions of all replica keys. This field includes the current KMS
      *       key if it is a replica key.</p>
      * @public
      */
-    ReplicaKeys?: MultiRegionKey[];
+    ReplicaKeys?: MultiRegionKey[] | undefined;
 }
 /**
  * @public
@@ -1700,7 +1700,7 @@ export interface XksKeyConfigurationType {
      *       key store proxy uses to identify the external key.</p>
      * @public
      */
-    Id?: string;
+    Id?: string | undefined;
 }
 /**
  * <p>Contains metadata about a KMS key.</p>
@@ -1712,7 +1712,7 @@ export interface KeyMetadata {
      * <p>The twelve-digit account ID of the Amazon Web Services account that owns the KMS key.</p>
      * @public
      */
-    AWSAccountId?: string;
+    AWSAccountId?: string | undefined;
     /**
      * <p>The globally unique identifier for the KMS key.</p>
      * @public
@@ -1723,35 +1723,35 @@ export interface KeyMetadata {
      *         Reference</i>.</p>
      * @public
      */
-    Arn?: string;
+    Arn?: string | undefined;
     /**
      * <p>The date and time when the KMS key was created.</p>
      * @public
      */
-    CreationDate?: Date;
+    CreationDate?: Date | undefined;
     /**
      * <p>Specifies whether the KMS key is enabled. When <code>KeyState</code> is
      *         <code>Enabled</code> this value is true, otherwise it is false.</p>
      * @public
      */
-    Enabled?: boolean;
+    Enabled?: boolean | undefined;
     /**
      * <p>The description of the KMS key.</p>
      * @public
      */
-    Description?: string;
+    Description?: string | undefined;
     /**
      * <p>The <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operations</a> for which you can use the KMS key.</p>
      * @public
      */
-    KeyUsage?: KeyUsageType;
+    KeyUsage?: KeyUsageType | undefined;
     /**
      * <p>The current status of the KMS key.</p>
      *          <p>For more information about how key state affects the use of a KMS key, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in
      *       the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    KeyState?: KeyState;
+    KeyState?: KeyState | undefined;
     /**
      * <p>The date and time after which KMS deletes this KMS key. This value is present only when
      *       the KMS key is scheduled for deletion, that is, when its <code>KeyState</code> is
@@ -1761,7 +1761,7 @@ export interface KeyMetadata {
      *       period is displayed in the <code>PendingDeletionWindowInDays</code> field.</p>
      * @public
      */
-    DeletionDate?: Date;
+    DeletionDate?: Date | undefined;
     /**
      * <p>The time at which the imported key material expires. When the key material expires, KMS
      *       deletes the key material and the KMS key becomes unusable. This value is present only for KMS
@@ -1769,7 +1769,7 @@ export interface KeyMetadata {
      *       is <code>KEY_MATERIAL_EXPIRES</code>, otherwise this value is omitted.</p>
      * @public
      */
-    ValidTo?: Date;
+    ValidTo?: Date | undefined;
     /**
      * <p>The source of the key material for the KMS key. When this value is <code>AWS_KMS</code>,
      *       KMS created the key material. When this value is <code>EXTERNAL</code>, the key material was
@@ -1778,13 +1778,13 @@ export interface KeyMetadata {
      *       a custom key store.</p>
      * @public
      */
-    Origin?: OriginType;
+    Origin?: OriginType | undefined;
     /**
      * <p>A unique identifier for the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a> that contains the KMS key. This field is
      *       present only when the KMS key is created in a custom key store.</p>
      * @public
      */
-    CustomKeyStoreId?: string;
+    CustomKeyStoreId?: string | undefined;
     /**
      * <p>The cluster ID of the CloudHSM cluster that contains the key material for the KMS key. When
      *       you create a KMS key in an CloudHSM <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>, KMS creates the key material for the KMS
@@ -1792,19 +1792,19 @@ export interface KeyMetadata {
      *       an CloudHSM key store.</p>
      * @public
      */
-    CloudHsmClusterId?: string;
+    CloudHsmClusterId?: string | undefined;
     /**
      * <p>Specifies whether the KMS key's key material expires. This value is present only when
      *         <code>Origin</code> is <code>EXTERNAL</code>, otherwise this value is omitted.</p>
      * @public
      */
-    ExpirationModel?: ExpirationModelType;
+    ExpirationModel?: ExpirationModelType | undefined;
     /**
      * <p>The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or
      *       Amazon Web Services managed. For more information about the difference, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys">KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    KeyManager?: KeyManagerType;
+    KeyManager?: KeyManagerType | undefined;
     /**
      * @deprecated
      *
@@ -1814,12 +1814,12 @@ export interface KeyMetadata {
      *       avoid breaking changes, KMS supports both fields.</p>
      * @public
      */
-    CustomerMasterKeySpec?: CustomerMasterKeySpec;
+    CustomerMasterKeySpec?: CustomerMasterKeySpec | undefined;
     /**
      * <p>Describes the type of key material in the KMS key.</p>
      * @public
      */
-    KeySpec?: KeySpec;
+    KeySpec?: KeySpec | undefined;
     /**
      * <p>The encryption algorithms that the KMS key supports. You cannot use the KMS key with other
      *       encryption algorithms within KMS.</p>
@@ -1827,7 +1827,7 @@ export interface KeyMetadata {
      *         <code>ENCRYPT_DECRYPT</code>.</p>
      * @public
      */
-    EncryptionAlgorithms?: EncryptionAlgorithmSpec[];
+    EncryptionAlgorithms?: EncryptionAlgorithmSpec[] | undefined;
     /**
      * <p>The signing algorithms that the KMS key supports. You cannot use the KMS key with other
      *       signing algorithms within KMS.</p>
@@ -1835,12 +1835,12 @@ export interface KeyMetadata {
      *         <code>SIGN_VERIFY</code>.</p>
      * @public
      */
-    SigningAlgorithms?: SigningAlgorithmSpec[];
+    SigningAlgorithms?: SigningAlgorithmSpec[] | undefined;
     /**
      * <p>The key agreement algorithm used to derive a shared secret.</p>
      * @public
      */
-    KeyAgreementAlgorithms?: KeyAgreementAlgorithmSpec[];
+    KeyAgreementAlgorithms?: KeyAgreementAlgorithmSpec[] | undefined;
     /**
      * <p>Indicates whether the KMS key is a multi-Region (<code>True</code>) or regional
      *         (<code>False</code>) key. This value is <code>True</code> for multi-Region primary and
@@ -1848,7 +1848,7 @@ export interface KeyMetadata {
      *          <p>For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Multi-Region keys in KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    MultiRegion?: boolean;
+    MultiRegion?: boolean | undefined;
     /**
      * <p>Lists the primary and replica keys in same multi-Region key. This field is present only
      *       when the value of the <code>MultiRegion</code> field is <code>True</code>.</p>
@@ -1873,7 +1873,7 @@ export interface KeyMetadata {
      *          </ul>
      * @public
      */
-    MultiRegionConfiguration?: MultiRegionConfiguration;
+    MultiRegionConfiguration?: MultiRegionConfiguration | undefined;
     /**
      * <p>The waiting period before the primary key in a multi-Region key is deleted. This waiting
      *       period begins when the last of its replica keys is deleted. This value is present only when
@@ -1889,14 +1889,14 @@ export interface KeyMetadata {
      *       and the deletion date appears in the <code>DeletionDate</code> field.</p>
      * @public
      */
-    PendingDeletionWindowInDays?: number;
+    PendingDeletionWindowInDays?: number | undefined;
     /**
      * <p>The message authentication code (MAC) algorithm that the HMAC KMS key supports.</p>
      *          <p>This value is present only when the <code>KeyUsage</code> of the KMS key is
      *         <code>GENERATE_VERIFY_MAC</code>.</p>
      * @public
      */
-    MacAlgorithms?: MacAlgorithmSpec[];
+    MacAlgorithms?: MacAlgorithmSpec[] | undefined;
     /**
      * <p>Information about the external key that is associated with a KMS key in an external key
      *       store.</p>
@@ -1904,7 +1904,7 @@ export interface KeyMetadata {
      *       <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    XksKeyConfiguration?: XksKeyConfigurationType;
+    XksKeyConfiguration?: XksKeyConfigurationType | undefined;
 }
 /**
  * @public
@@ -1914,7 +1914,7 @@ export interface CreateKeyResponse {
      * <p>Metadata associated with the KMS key.</p>
      * @public
      */
-    KeyMetadata?: KeyMetadata;
+    KeyMetadata?: KeyMetadata | undefined;
 }
 /**
  * <p>The request was rejected because the specified policy is not syntactically or semantically
@@ -2029,13 +2029,13 @@ export interface XksProxyConfigurationType {
      *       service to communicate with KMS.</p>
      * @public
      */
-    Connectivity?: XksProxyConnectivityType;
+    Connectivity?: XksProxyConnectivityType | undefined;
     /**
      * <p>The part of the external key store <a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateCustomKeyStore.html#KMS-CreateCustomKeyStore-request-XksProxyAuthenticationCredential">proxy authentication credential</a> that uniquely identifies the secret access
      *       key.</p>
      * @public
      */
-    AccessKeyId?: string;
+    AccessKeyId?: string | undefined;
     /**
      * <p>The URI endpoint for the external key store proxy.</p>
      *          <p>If the external key store proxy has a public endpoint, it is displayed here.</p>
@@ -2043,19 +2043,19 @@ export interface XksProxyConfigurationType {
      *       the private DNS name associated with the VPC endpoint service.</p>
      * @public
      */
-    UriEndpoint?: string;
+    UriEndpoint?: string | undefined;
     /**
      * <p>The path to the external key store proxy APIs.</p>
      * @public
      */
-    UriPath?: string;
+    UriPath?: string | undefined;
     /**
      * <p>The Amazon VPC endpoint service used to communicate with the external key store proxy. This
      *       field appears only when the external key store proxy uses an Amazon VPC endpoint service to
      *       communicate with KMS.</p>
      * @public
      */
-    VpcEndpointServiceName?: string;
+    VpcEndpointServiceName?: string | undefined;
 }
 /**
  * <p>Contains information about each custom key store in the custom key store list.</p>
@@ -2066,19 +2066,19 @@ export interface CustomKeyStoresListEntry {
      * <p>A unique identifier for the custom key store.</p>
      * @public
      */
-    CustomKeyStoreId?: string;
+    CustomKeyStoreId?: string | undefined;
     /**
      * <p>The user-specified friendly name for the custom key store.</p>
      * @public
      */
-    CustomKeyStoreName?: string;
+    CustomKeyStoreName?: string | undefined;
     /**
      * <p>A unique identifier for the CloudHSM cluster that is associated with an CloudHSM key store. This
      *       field appears only when the <code>CustomKeyStoreType</code> is
      *       <code>AWS_CLOUDHSM</code>.</p>
      * @public
      */
-    CloudHsmClusterId?: string;
+    CloudHsmClusterId?: string | undefined;
     /**
      * <p>The trust anchor certificate of the CloudHSM cluster associated with an CloudHSM key store. When
      *       you <a href="https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr">initialize
@@ -2088,7 +2088,7 @@ export interface CustomKeyStoresListEntry {
      *         <code>AWS_CLOUDHSM</code>.</p>
      * @public
      */
-    TrustAnchorCertificate?: string;
+    TrustAnchorCertificate?: string | undefined;
     /**
      * <p>Indicates whether the custom key store is connected to its backing key store. For an CloudHSM
      *       key store, the <code>ConnectionState</code> indicates whether it is connected to its CloudHSM
@@ -2110,7 +2110,7 @@ export interface CustomKeyStoresListEntry {
      *       <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    ConnectionState?: ConnectionStateType;
+    ConnectionState?: ConnectionStateType | undefined;
     /**
      * <p>Describes the connection error. This field appears in the response only when the
      *         <code>ConnectionState</code> is <code>FAILED</code>.</p>
@@ -2297,19 +2297,19 @@ export interface CustomKeyStoresListEntry {
      *          </ul>
      * @public
      */
-    ConnectionErrorCode?: ConnectionErrorCodeType;
+    ConnectionErrorCode?: ConnectionErrorCodeType | undefined;
     /**
      * <p>The date and time when the custom key store was created.</p>
      * @public
      */
-    CreationDate?: Date;
+    CreationDate?: Date | undefined;
     /**
      * <p>Indicates the type of the custom key store. <code>AWS_CLOUDHSM</code> indicates a custom
      *       key store backed by an CloudHSM cluster. <code>EXTERNAL_KEY_STORE</code> indicates a custom key
      *       store backed by an external key store proxy and external key manager outside of Amazon Web Services.</p>
      * @public
      */
-    CustomKeyStoreType?: CustomKeyStoreType;
+    CustomKeyStoreType?: CustomKeyStoreType | undefined;
     /**
      * <p>Configuration settings for the external key store proxy (XKS proxy). The external key
      *       store proxy translates KMS requests into a format that your external key manager can
@@ -2319,7 +2319,7 @@ export interface CustomKeyStoresListEntry {
      *         <code>EXTERNAL_KEY_STORE</code>.</p>
      * @public
      */
-    XksProxyConfiguration?: XksProxyConfigurationType;
+    XksProxyConfiguration?: XksProxyConfigurationType | undefined;
 }
 /**
  * @public
@@ -2376,13 +2376,13 @@ export interface RecipientInfo {
      *         <code>RSAES_OAEP_SHA_256</code>.</p>
      * @public
      */
-    KeyEncryptionAlgorithm?: KeyEncryptionMechanism;
+    KeyEncryptionAlgorithm?: KeyEncryptionMechanism | undefined;
     /**
      * <p>The attestation document for an Amazon Web Services Nitro Enclave. This document includes the enclave's
      *       public key.</p>
      * @public
      */
-    AttestationDocument?: Uint8Array;
+    AttestationDocument?: Uint8Array | undefined;
 }
 /**
  * @public
@@ -2403,14 +2403,14 @@ export interface DecryptRequest {
      * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    EncryptionContext?: Record<string, string>;
+    EncryptionContext?: Record<string, string> | undefined;
     /**
      * <p>A list of grant tokens. </p>
      *          <p>Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved <i>eventual consistency</i>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant token</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token">Using a grant token</a> in the
      *     <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    GrantTokens?: string[];
+    GrantTokens?: string[] | undefined;
     /**
      * <p>Specifies the KMS key that KMS uses to decrypt the ciphertext.</p>
      *          <p>Enter a key ID of the KMS key that was used to encrypt the ciphertext. If you identify a
@@ -2443,7 +2443,7 @@ export interface DecryptRequest {
      *          <p>To get the key ID and key ARN for a KMS key, use <a>ListKeys</a> or <a>DescribeKey</a>. To get the alias name and alias ARN, use <a>ListAliases</a>.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>Specifies the encryption algorithm that will be used to decrypt the ciphertext. Specify
      *       the same algorithm that was used to encrypt the data. If you specify a different algorithm,
@@ -2453,7 +2453,7 @@ export interface DecryptRequest {
      *       algorithm that is valid for symmetric encryption KMS keys.</p>
      * @public
      */
-    EncryptionAlgorithm?: EncryptionAlgorithmSpec;
+    EncryptionAlgorithm?: EncryptionAlgorithmSpec | undefined;
     /**
      * <p>A signed <a href="https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-concepts.html#term-attestdoc">attestation
      *         document</a> from an Amazon Web Services Nitro enclave and the encryption algorithm to use with the
@@ -2468,13 +2468,13 @@ export interface DecryptRequest {
      *          <p>For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves uses KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    Recipient?: RecipientInfo;
+    Recipient?: RecipientInfo | undefined;
     /**
      * <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter. </p>
      *          <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    DryRun?: boolean;
+    DryRun?: boolean | undefined;
 }
 /**
  * @public
@@ -2484,19 +2484,19 @@ export interface DecryptResponse {
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the KMS key that was used to decrypt the ciphertext.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>Decrypted plaintext data. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
      *          <p>If the response includes the <code>CiphertextForRecipient</code> field, the
      *         <code>Plaintext</code> field is null or empty.</p>
      * @public
      */
-    Plaintext?: Uint8Array;
+    Plaintext?: Uint8Array | undefined;
     /**
      * <p>The encryption algorithm that was used to decrypt the ciphertext.</p>
      * @public
      */
-    EncryptionAlgorithm?: EncryptionAlgorithmSpec;
+    EncryptionAlgorithm?: EncryptionAlgorithmSpec | undefined;
     /**
      * <p>The plaintext data encrypted with the public key in the attestation document. </p>
      *          <p>This field is included in the response only when the <code>Recipient</code> parameter in
@@ -2504,7 +2504,7 @@ export interface DecryptResponse {
      *       For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves uses KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    CiphertextForRecipient?: Uint8Array;
+    CiphertextForRecipient?: Uint8Array | undefined;
 }
 /**
  * <p>The request was rejected because the specified KMS key cannot decrypt the data. The
@@ -2691,13 +2691,13 @@ export interface DeriveSharedSecretRequest {
      *     <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    GrantTokens?: string[];
+    GrantTokens?: string[] | undefined;
     /**
      * <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter. </p>
      *          <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    DryRun?: boolean;
+    DryRun?: boolean | undefined;
     /**
      * <p>A signed <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc">attestation document</a> from
      *       an Amazon Web Services Nitro enclave and the encryption algorithm to use with the enclave's public key. The
@@ -2717,7 +2717,7 @@ export interface DeriveSharedSecretRequest {
      *          <p>For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves uses KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    Recipient?: RecipientInfo;
+    Recipient?: RecipientInfo | undefined;
 }
 /**
  * @public
@@ -2727,7 +2727,7 @@ export interface DeriveSharedSecretResponse {
      * <p>Identifies the KMS key used to derive the shared secret.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>The raw secret derived from the specified key agreement algorithm, private key in the
      *       asymmetric KMS key, and your peer's public key.</p>
@@ -2735,7 +2735,7 @@ export interface DeriveSharedSecretResponse {
      *       empty.</p>
      * @public
      */
-    SharedSecret?: Uint8Array;
+    SharedSecret?: Uint8Array | undefined;
     /**
      * <p>The plaintext shared secret encrypted with the public key in the attestation document.</p>
      *          <p>This field is included in the response only when the <code>Recipient</code> parameter in
@@ -2743,12 +2743,12 @@ export interface DeriveSharedSecretResponse {
      *       For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves uses KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    CiphertextForRecipient?: Uint8Array;
+    CiphertextForRecipient?: Uint8Array | undefined;
     /**
      * <p>Identifies the key agreement algorithm used to derive the shared secret.</p>
      * @public
      */
-    KeyAgreementAlgorithm?: KeyAgreementAlgorithmSpec;
+    KeyAgreementAlgorithm?: KeyAgreementAlgorithmSpec | undefined;
     /**
      * <p>The source of the key material for the specified KMS key.</p>
      *          <p>When this value is <code>AWS_KMS</code>, KMS created the key material. When this value is <code>EXTERNAL</code>,
@@ -2758,7 +2758,7 @@ export interface DeriveSharedSecretResponse {
      *       <code>EXTERNAL_KEY_STORE</code>.</p>
      * @public
      */
-    KeyOrigin?: OriginType;
+    KeyOrigin?: OriginType | undefined;
 }
 /**
  * @public
@@ -2772,7 +2772,7 @@ export interface DescribeCustomKeyStoresRequest {
      *       both.</p>
      * @public
      */
-    CustomKeyStoreId?: string;
+    CustomKeyStoreId?: string | undefined;
     /**
      * <p>Gets only information about the specified custom key store. Enter the friendly name of the
      *       custom key store.</p>
@@ -2782,21 +2782,21 @@ export interface DescribeCustomKeyStoresRequest {
      *       both.</p>
      * @public
      */
-    CustomKeyStoreName?: string;
+    CustomKeyStoreName?: string | undefined;
     /**
      * <p>Use this parameter to specify the maximum number of items to return. When this
      *     value is present, KMS does not return more than the specified number of items, but it might
      *     return fewer.</p>
      * @public
      */
-    Limit?: number;
+    Limit?: number | undefined;
     /**
      * <p>Use this parameter in a subsequent request after you receive a response with
      *     truncated results. Set it to the value of <code>NextMarker</code> from the truncated response
      *     you just received.</p>
      * @public
      */
-    Marker?: string;
+    Marker?: string | undefined;
 }
 /**
  * @public
@@ -2806,13 +2806,13 @@ export interface DescribeCustomKeyStoresResponse {
      * <p>Contains metadata about each custom key store.</p>
      * @public
      */
-    CustomKeyStores?: CustomKeyStoresListEntry[];
+    CustomKeyStores?: CustomKeyStoresListEntry[] | undefined;
     /**
      * <p>When <code>Truncated</code> is true, this element is present and contains the
      *     value to use for the <code>Marker</code> parameter in a subsequent request.</p>
      * @public
      */
-    NextMarker?: string;
+    NextMarker?: string | undefined;
     /**
      * <p>A flag that indicates whether there are more items in the list. When this
      *     value is true, the list in this response is truncated. To get more items, pass the value of
@@ -2820,7 +2820,7 @@ export interface DescribeCustomKeyStoresResponse {
      *     subsequent request.</p>
      * @public
      */
-    Truncated?: boolean;
+    Truncated?: boolean | undefined;
 }
 /**
  * <p>The request was rejected because the marker that specifies where pagination should next
@@ -2874,7 +2874,7 @@ export interface DescribeKeyRequest {
      *     <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    GrantTokens?: string[];
+    GrantTokens?: string[] | undefined;
 }
 /**
  * @public
@@ -2884,7 +2884,7 @@ export interface DescribeKeyResponse {
      * <p>Metadata associated with the key.</p>
      * @public
      */
-    KeyMetadata?: KeyMetadata;
+    KeyMetadata?: KeyMetadata | undefined;
 }
 /**
  * @public
@@ -3008,7 +3008,7 @@ export interface EnableKeyRotationRequest {
      *          <p> </p>
      * @public
      */
-    RotationPeriodInDays?: number;
+    RotationPeriodInDays?: number | undefined;
 }
 /**
  * @public
@@ -3060,14 +3060,14 @@ export interface EncryptRequest {
      * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    EncryptionContext?: Record<string, string>;
+    EncryptionContext?: Record<string, string> | undefined;
     /**
      * <p>A list of grant tokens.</p>
      *          <p>Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved <i>eventual consistency</i>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant token</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token">Using a grant token</a> in the
      *     <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    GrantTokens?: string[];
+    GrantTokens?: string[] | undefined;
     /**
      * <p>Specifies the encryption algorithm that KMS will use to encrypt the plaintext message.
      *       The algorithm must be compatible with the KMS key that you specify.</p>
@@ -3077,13 +3077,13 @@ export interface EncryptRequest {
      *          <p>The SM2PKE algorithm is only available in China Regions.</p>
      * @public
      */
-    EncryptionAlgorithm?: EncryptionAlgorithmSpec;
+    EncryptionAlgorithm?: EncryptionAlgorithmSpec | undefined;
     /**
      * <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter. </p>
      *          <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    DryRun?: boolean;
+    DryRun?: boolean | undefined;
 }
 /**
  * @public
@@ -3093,17 +3093,17 @@ export interface EncryptResponse {
      * <p>The encrypted plaintext. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
      * @public
      */
-    CiphertextBlob?: Uint8Array;
+    CiphertextBlob?: Uint8Array | undefined;
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the KMS key that was used to encrypt the plaintext.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>The encryption algorithm that was used to encrypt the plaintext.</p>
      * @public
      */
-    EncryptionAlgorithm?: EncryptionAlgorithmSpec;
+    EncryptionAlgorithm?: EncryptionAlgorithmSpec | undefined;
 }
 /**
  * <p>The request was rejected because the specified import token is expired. Use <a>GetParametersForImport</a> to get a new import token and public key, use the new
@@ -3162,7 +3162,7 @@ export interface GenerateDataKeyRequest {
      * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    EncryptionContext?: Record<string, string>;
+    EncryptionContext?: Record<string, string> | undefined;
     /**
      * <p>Specifies the length of the data key in bytes. For example, use the value 64 to generate a
      *       512-bit data key (64 bytes is 512 bits). For 128-bit (16-byte) and 256-bit (32-byte) data
@@ -3171,7 +3171,7 @@ export interface GenerateDataKeyRequest {
      *       parameter (but not both) in every <code>GenerateDataKey</code> request.</p>
      * @public
      */
-    NumberOfBytes?: number;
+    NumberOfBytes?: number | undefined;
     /**
      * <p>Specifies the length of the data key. Use <code>AES_128</code> to generate a 128-bit
      *       symmetric key, or <code>AES_256</code> to generate a 256-bit symmetric key.</p>
@@ -3179,14 +3179,14 @@ export interface GenerateDataKeyRequest {
      *       parameter (but not both) in every <code>GenerateDataKey</code> request.</p>
      * @public
      */
-    KeySpec?: DataKeySpec;
+    KeySpec?: DataKeySpec | undefined;
     /**
      * <p>A list of grant tokens.</p>
      *          <p>Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved <i>eventual consistency</i>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant token</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token">Using a grant token</a> in the
      *     <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    GrantTokens?: string[];
+    GrantTokens?: string[] | undefined;
     /**
      * <p>A signed <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc">attestation document</a> from
      *       an Amazon Web Services Nitro enclave and the encryption algorithm to use with the enclave's public key. The
@@ -3203,13 +3203,13 @@ export interface GenerateDataKeyRequest {
      *          <p>For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves uses KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    Recipient?: RecipientInfo;
+    Recipient?: RecipientInfo | undefined;
     /**
      * <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter. </p>
      *          <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    DryRun?: boolean;
+    DryRun?: boolean | undefined;
 }
 /**
  * @public
@@ -3219,7 +3219,7 @@ export interface GenerateDataKeyResponse {
      * <p>The encrypted copy of the data key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
      * @public
      */
-    CiphertextBlob?: Uint8Array;
+    CiphertextBlob?: Uint8Array | undefined;
     /**
      * <p>The plaintext data key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. Use this data key to encrypt your data outside of
      *       KMS. Then, remove it from memory as soon as possible.</p>
@@ -3227,12 +3227,12 @@ export interface GenerateDataKeyResponse {
      *         <code>Plaintext</code> field is null or empty.</p>
      * @public
      */
-    Plaintext?: Uint8Array;
+    Plaintext?: Uint8Array | undefined;
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the KMS key that encrypted the data key.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>The plaintext data key encrypted with the public key from the Nitro enclave. This
      *       ciphertext can be decrypted only by using a private key in the Nitro enclave. </p>
@@ -3241,7 +3241,7 @@ export interface GenerateDataKeyResponse {
      *       For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves uses KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    CiphertextForRecipient?: Uint8Array;
+    CiphertextForRecipient?: Uint8Array | undefined;
 }
 /**
  * @public
@@ -3260,7 +3260,7 @@ export interface GenerateDataKeyPairRequest {
      * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    EncryptionContext?: Record<string, string>;
+    EncryptionContext?: Record<string, string> | undefined;
     /**
      * <p>Specifies the symmetric encryption KMS key that encrypts the private key in the data key
      *       pair. You cannot specify an asymmetric KMS key or a KMS key in a custom key store. To get the
@@ -3301,7 +3301,7 @@ export interface GenerateDataKeyPairRequest {
      *     <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    GrantTokens?: string[];
+    GrantTokens?: string[] | undefined;
     /**
      * <p>A signed <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc">attestation document</a> from
      *       an Amazon Web Services Nitro enclave and the encryption algorithm to use with the enclave's public key. The
@@ -3320,13 +3320,13 @@ export interface GenerateDataKeyPairRequest {
      *          <p>For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves uses KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    Recipient?: RecipientInfo;
+    Recipient?: RecipientInfo | undefined;
     /**
      * <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter. </p>
      *          <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    DryRun?: boolean;
+    DryRun?: boolean | undefined;
 }
 /**
  * @public
@@ -3336,29 +3336,29 @@ export interface GenerateDataKeyPairResponse {
      * <p>The encrypted copy of the private key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
      * @public
      */
-    PrivateKeyCiphertextBlob?: Uint8Array;
+    PrivateKeyCiphertextBlob?: Uint8Array | undefined;
     /**
      * <p>The plaintext copy of the private key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
      *          <p>If the response includes the <code>CiphertextForRecipient</code> field, the
      *         <code>PrivateKeyPlaintext</code> field is null or empty.</p>
      * @public
      */
-    PrivateKeyPlaintext?: Uint8Array;
+    PrivateKeyPlaintext?: Uint8Array | undefined;
     /**
      * <p>The public key (in plaintext). When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
      * @public
      */
-    PublicKey?: Uint8Array;
+    PublicKey?: Uint8Array | undefined;
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the KMS key that encrypted the private key.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>The type of data key pair that was generated.</p>
      * @public
      */
-    KeyPairSpec?: DataKeyPairSpec;
+    KeyPairSpec?: DataKeyPairSpec | undefined;
     /**
      * <p>The plaintext private data key encrypted with the public key from the Nitro enclave. This
      *       ciphertext can be decrypted only by using a private key in the Nitro enclave. </p>
@@ -3367,7 +3367,7 @@ export interface GenerateDataKeyPairResponse {
      *       For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves uses KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    CiphertextForRecipient?: Uint8Array;
+    CiphertextForRecipient?: Uint8Array | undefined;
 }
 /**
  * @public
@@ -3386,7 +3386,7 @@ export interface GenerateDataKeyPairWithoutPlaintextRequest {
      * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    EncryptionContext?: Record<string, string>;
+    EncryptionContext?: Record<string, string> | undefined;
     /**
      * <p>Specifies the symmetric encryption KMS key that encrypts the private key in the data key
      *       pair. You cannot specify an asymmetric KMS key or a KMS key in a custom key store. To get the
@@ -3427,13 +3427,13 @@ export interface GenerateDataKeyPairWithoutPlaintextRequest {
      *     <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    GrantTokens?: string[];
+    GrantTokens?: string[] | undefined;
     /**
      * <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter. </p>
      *          <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    DryRun?: boolean;
+    DryRun?: boolean | undefined;
 }
 /**
  * @public
@@ -3443,22 +3443,22 @@ export interface GenerateDataKeyPairWithoutPlaintextResponse {
      * <p>The encrypted copy of the private key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
      * @public
      */
-    PrivateKeyCiphertextBlob?: Uint8Array;
+    PrivateKeyCiphertextBlob?: Uint8Array | undefined;
     /**
      * <p>The public key (in plaintext). When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
      * @public
      */
-    PublicKey?: Uint8Array;
+    PublicKey?: Uint8Array | undefined;
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the KMS key that encrypted the private key.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>The type of data key pair that was generated.</p>
      * @public
      */
-    KeyPairSpec?: DataKeyPairSpec;
+    KeyPairSpec?: DataKeyPairSpec | undefined;
 }
 /**
  * @public
@@ -3504,33 +3504,33 @@ export interface GenerateDataKeyWithoutPlaintextRequest {
      * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    EncryptionContext?: Record<string, string>;
+    EncryptionContext?: Record<string, string> | undefined;
     /**
      * <p>The length of the data key. Use <code>AES_128</code> to generate a 128-bit symmetric key,
      *       or <code>AES_256</code> to generate a 256-bit symmetric key.</p>
      * @public
      */
-    KeySpec?: DataKeySpec;
+    KeySpec?: DataKeySpec | undefined;
     /**
      * <p>The length of the data key in bytes. For example, use the value 64 to generate a 512-bit
      *       data key (64 bytes is 512 bits). For common key lengths (128-bit and 256-bit symmetric keys),
      *       we recommend that you use the <code>KeySpec</code> field instead of this one.</p>
      * @public
      */
-    NumberOfBytes?: number;
+    NumberOfBytes?: number | undefined;
     /**
      * <p>A list of grant tokens.</p>
      *          <p>Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved <i>eventual consistency</i>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant token</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token">Using a grant token</a> in the
      *     <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    GrantTokens?: string[];
+    GrantTokens?: string[] | undefined;
     /**
      * <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter. </p>
      *          <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    DryRun?: boolean;
+    DryRun?: boolean | undefined;
 }
 /**
  * @public
@@ -3540,12 +3540,12 @@ export interface GenerateDataKeyWithoutPlaintextResponse {
      * <p>The encrypted data key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
      * @public
      */
-    CiphertextBlob?: Uint8Array;
+    CiphertextBlob?: Uint8Array | undefined;
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the KMS key that encrypted the data key.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
 }
 /**
  * @public
@@ -3582,13 +3582,13 @@ export interface GenerateMacRequest {
      *     <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    GrantTokens?: string[];
+    GrantTokens?: string[] | undefined;
     /**
      * <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter. </p>
      *          <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    DryRun?: boolean;
+    DryRun?: boolean | undefined;
 }
 /**
  * @public
@@ -3600,17 +3600,17 @@ export interface GenerateMacResponse {
      *          <p>This is the standard, raw HMAC defined in <a href="https://datatracker.ietf.org/doc/html/rfc2104">RFC 2104</a>.</p>
      * @public
      */
-    Mac?: Uint8Array;
+    Mac?: Uint8Array | undefined;
     /**
      * <p>The MAC algorithm that was used to generate the HMAC.</p>
      * @public
      */
-    MacAlgorithm?: MacAlgorithmSpec;
+    MacAlgorithm?: MacAlgorithmSpec | undefined;
     /**
      * <p>The HMAC KMS key used in the operation.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
 }
 /**
  * @public
@@ -3620,7 +3620,7 @@ export interface GenerateRandomRequest {
      * <p>The length of the random byte string. This parameter is required.</p>
      * @public
      */
-    NumberOfBytes?: number;
+    NumberOfBytes?: number | undefined;
     /**
      * <p>Generates the random byte string in the CloudHSM cluster that is associated with the
      *       specified CloudHSM key store. To find the ID of a custom key store, use the <a>DescribeCustomKeyStores</a> operation.</p>
@@ -3629,7 +3629,7 @@ export interface GenerateRandomRequest {
      *         <code>UnsupportedOperationException</code>.</p>
      * @public
      */
-    CustomKeyStoreId?: string;
+    CustomKeyStoreId?: string | undefined;
     /**
      * <p>A signed <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc">attestation document</a> from
      *       an Amazon Web Services Nitro enclave and the encryption algorithm to use with the enclave's public key. The
@@ -3644,7 +3644,7 @@ export interface GenerateRandomRequest {
      *          <p>For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves uses KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    Recipient?: RecipientInfo;
+    Recipient?: RecipientInfo | undefined;
 }
 /**
  * @public
@@ -3656,7 +3656,7 @@ export interface GenerateRandomResponse {
      *         <code>Plaintext</code> field is null or empty.</p>
      * @public
      */
-    Plaintext?: Uint8Array;
+    Plaintext?: Uint8Array | undefined;
     /**
      * <p>The plaintext random bytes encrypted with the public key from the Nitro enclave. This
      *       ciphertext can be decrypted only by using a private key in the Nitro enclave. </p>
@@ -3665,7 +3665,7 @@ export interface GenerateRandomResponse {
      *       For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves uses KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    CiphertextForRecipient?: Uint8Array;
+    CiphertextForRecipient?: Uint8Array | undefined;
 }
 /**
  * @public
@@ -3694,7 +3694,7 @@ export interface GetKeyPolicyRequest {
      *       the names of key policies, use <a>ListKeyPolicies</a>.</p>
      * @public
      */
-    PolicyName?: string;
+    PolicyName?: string | undefined;
 }
 /**
  * @public
@@ -3704,12 +3704,12 @@ export interface GetKeyPolicyResponse {
      * <p>A key policy document in JSON format.</p>
      * @public
      */
-    Policy?: string;
+    Policy?: string | undefined;
     /**
      * <p>The name of the key policy. The only valid value is <code>default</code>.</p>
      * @public
      */
-    PolicyName?: string;
+    PolicyName?: string | undefined;
 }
 /**
  * @public
@@ -3743,22 +3743,22 @@ export interface GetKeyRotationStatusResponse {
      * <p>A Boolean value that specifies whether key rotation is enabled.</p>
      * @public
      */
-    KeyRotationEnabled?: boolean;
+    KeyRotationEnabled?: boolean | undefined;
     /**
      * <p>Identifies the specified symmetric encryption KMS key.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>The number of days between each automatic rotation. The default value is 365 days.</p>
      * @public
      */
-    RotationPeriodInDays?: number;
+    RotationPeriodInDays?: number | undefined;
     /**
      * <p>The next date that KMS will automatically rotate the key material.</p>
      * @public
      */
-    NextRotationDate?: Date;
+    NextRotationDate?: Date | undefined;
     /**
      * <p>Identifies the date and time that an in progress on-demand rotation was initiated.</p>
      *          <p>The KMS API follows an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">eventual consistency</a> model
@@ -3768,7 +3768,7 @@ export interface GetKeyRotationStatusResponse {
      *       on-demand rotation.</p>
      * @public
      */
-    OnDemandRotationStartDate?: Date;
+    OnDemandRotationStartDate?: Date | undefined;
 }
 /**
  * @public
@@ -3870,25 +3870,25 @@ export interface GetParametersForImportResponse {
      *       request.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>The import token to send in a subsequent <a>ImportKeyMaterial</a>
      *       request.</p>
      * @public
      */
-    ImportToken?: Uint8Array;
+    ImportToken?: Uint8Array | undefined;
     /**
      * <p>The public key to use to encrypt the key material before importing it with <a>ImportKeyMaterial</a>.</p>
      * @public
      */
-    PublicKey?: Uint8Array;
+    PublicKey?: Uint8Array | undefined;
     /**
      * <p>The time at which the import token and public key are no longer valid. After this time,
      *       you cannot use them to make an <a>ImportKeyMaterial</a> request and you must send
      *       another <code>GetParametersForImport</code> request to get new ones.</p>
      * @public
      */
-    ParametersValidTo?: Date;
+    ParametersValidTo?: Date | undefined;
 }
 /**
  * @public
@@ -3926,7 +3926,7 @@ export interface GetPublicKeyRequest {
      *     <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    GrantTokens?: string[];
+    GrantTokens?: string[] | undefined;
 }
 /**
  * @public
@@ -3937,7 +3937,7 @@ export interface GetPublicKeyResponse {
      *       downloaded.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>The exported public key. </p>
      *          <p>The value is a DER-encoded X.509 public key, also known as
@@ -3945,7 +3945,7 @@ export interface GetPublicKeyResponse {
      *          <p></p>
      * @public
      */
-    PublicKey?: Uint8Array;
+    PublicKey?: Uint8Array | undefined;
     /**
      * @deprecated
      *
@@ -3956,12 +3956,12 @@ export interface GetPublicKeyResponse {
      *       avoid breaking changes, KMS supports both fields.</p>
      * @public
      */
-    CustomerMasterKeySpec?: CustomerMasterKeySpec;
+    CustomerMasterKeySpec?: CustomerMasterKeySpec | undefined;
     /**
      * <p>The type of the of the public key that was downloaded.</p>
      * @public
      */
-    KeySpec?: KeySpec;
+    KeySpec?: KeySpec | undefined;
     /**
      * <p>The permitted use of the public key. Valid values for asymmetric key pairs are <code>ENCRYPT_DECRYPT</code>,
      *         <code>SIGN_VERIFY</code>, and <code>KEY_AGREEMENT</code>. </p>
@@ -3969,7 +3969,7 @@ export interface GetPublicKeyResponse {
      *       encrypts data outside of KMS, the ciphertext cannot be decrypted. </p>
      * @public
      */
-    KeyUsage?: KeyUsageType;
+    KeyUsage?: KeyUsageType | undefined;
     /**
      * <p>The encryption algorithms that KMS supports for this key. </p>
      *          <p>This information is critical. If a public key encrypts data outside of KMS by using an
@@ -3978,19 +3978,19 @@ export interface GetPublicKeyResponse {
      *       is <code>ENCRYPT_DECRYPT</code>.</p>
      * @public
      */
-    EncryptionAlgorithms?: EncryptionAlgorithmSpec[];
+    EncryptionAlgorithms?: EncryptionAlgorithmSpec[] | undefined;
     /**
      * <p>The signing algorithms that KMS supports for this key.</p>
      *          <p>This field appears in the response only when the <code>KeyUsage</code> of the public key
      *       is <code>SIGN_VERIFY</code>.</p>
      * @public
      */
-    SigningAlgorithms?: SigningAlgorithmSpec[];
+    SigningAlgorithms?: SigningAlgorithmSpec[] | undefined;
     /**
      * <p>The key agreement algorithm used to derive a shared secret. This field is present only when the KMS key has a <code>KeyUsage</code> value of <code>KEY_AGREEMENT</code>.</p>
      * @public
      */
-    KeyAgreementAlgorithms?: KeyAgreementAlgorithmSpec[];
+    KeyAgreementAlgorithms?: KeyAgreementAlgorithmSpec[] | undefined;
 }
 /**
  * <p>Contains information about a grant.</p>
@@ -4001,22 +4001,22 @@ export interface GrantListEntry {
      * <p>The unique identifier for the KMS key to which the grant applies.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>The unique identifier for the grant.</p>
      * @public
      */
-    GrantId?: string;
+    GrantId?: string | undefined;
     /**
      * <p>The friendly name that identifies the grant. If a name was provided in the <a>CreateGrant</a> request, that name is returned. Otherwise this value is null.</p>
      * @public
      */
-    Name?: string;
+    Name?: string | undefined;
     /**
      * <p>The date and time when the grant was created.</p>
      * @public
      */
-    CreationDate?: Date;
+    CreationDate?: Date | undefined;
     /**
      * <p>The identity that gets the permissions in the grant.</p>
      *          <p>The <code>GranteePrincipal</code> field in the <code>ListGrants</code> response usually contains the
@@ -4026,28 +4026,28 @@ export interface GrantListEntry {
      *           principal</a>, which might represent several different grantee principals.</p>
      * @public
      */
-    GranteePrincipal?: string;
+    GranteePrincipal?: string | undefined;
     /**
      * <p>The principal that can retire the grant.</p>
      * @public
      */
-    RetiringPrincipal?: string;
+    RetiringPrincipal?: string | undefined;
     /**
      * <p>The Amazon Web Services account under which the grant was issued.</p>
      * @public
      */
-    IssuingAccount?: string;
+    IssuingAccount?: string | undefined;
     /**
      * <p>The list of operations permitted by the grant.</p>
      * @public
      */
-    Operations?: GrantOperation[];
+    Operations?: GrantOperation[] | undefined;
     /**
      * <p>A list of key-value pairs that must be present in the encryption context of certain
      *       subsequent operations that the grant allows.</p>
      * @public
      */
-    Constraints?: GrantConstraints;
+    Constraints?: GrantConstraints | undefined;
 }
 /**
  * @public
@@ -4105,7 +4105,7 @@ export interface ImportKeyMaterialRequest {
      *       current import after the request completes. To change either value, you must delete (<a>DeleteImportedKeyMaterial</a>) and reimport the key material.</p>
      * @public
      */
-    ValidTo?: Date;
+    ValidTo?: Date | undefined;
     /**
      * <p>Specifies whether the key material expires. The default is
      *         <code>KEY_MATERIAL_EXPIRES</code>. For help with this choice, see <a href="https://docs.aws.amazon.com/en_us/kms/latest/developerguide/importing-keys.html#importing-keys-expiration">Setting an expiration time</a> in the <i>Key Management Service Developer Guide</i>.</p>
@@ -4118,7 +4118,7 @@ export interface ImportKeyMaterialRequest {
      *       material.</p>
      * @public
      */
-    ExpirationModel?: ExpirationModelType;
+    ExpirationModel?: ExpirationModelType | undefined;
 }
 /**
  * @public
@@ -4172,12 +4172,12 @@ export interface KeyListEntry {
      * <p>Unique identifier of the key.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>ARN of the key.</p>
      * @public
      */
-    KeyArn?: string;
+    KeyArn?: string | undefined;
 }
 /**
  * <p>The request was rejected because the HMAC verification failed. HMAC verification fails
@@ -4231,7 +4231,7 @@ export interface ListAliasesRequest {
      *          <p>To get the key ID and key ARN for a KMS key, use <a>ListKeys</a> or <a>DescribeKey</a>.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>Use this parameter to specify the maximum number of items to return. When this
      *     value is present, KMS does not return more than the specified number of items, but it might
@@ -4240,14 +4240,14 @@ export interface ListAliasesRequest {
      *     and 100, inclusive. If you do not include a value, it defaults to 50.</p>
      * @public
      */
-    Limit?: number;
+    Limit?: number | undefined;
     /**
      * <p>Use this parameter in a subsequent request after you receive a response with
      *     truncated results. Set it to the value of <code>NextMarker</code> from the truncated response
      *     you just received.</p>
      * @public
      */
-    Marker?: string;
+    Marker?: string | undefined;
 }
 /**
  * @public
@@ -4257,13 +4257,13 @@ export interface ListAliasesResponse {
      * <p>A list of aliases.</p>
      * @public
      */
-    Aliases?: AliasListEntry[];
+    Aliases?: AliasListEntry[] | undefined;
     /**
      * <p>When <code>Truncated</code> is true, this element is present and contains the
      *     value to use for the <code>Marker</code> parameter in a subsequent request.</p>
      * @public
      */
-    NextMarker?: string;
+    NextMarker?: string | undefined;
     /**
      * <p>A flag that indicates whether there are more items in the list. When this
      *     value is true, the list in this response is truncated. To get more items, pass the value of
@@ -4271,7 +4271,7 @@ export interface ListAliasesResponse {
      *     subsequent request.</p>
      * @public
      */
-    Truncated?: boolean;
+    Truncated?: boolean | undefined;
 }
 /**
  * @public
@@ -4285,14 +4285,14 @@ export interface ListGrantsRequest {
      *     and 100, inclusive. If you do not include a value, it defaults to 50.</p>
      * @public
      */
-    Limit?: number;
+    Limit?: number | undefined;
     /**
      * <p>Use this parameter in a subsequent request after you receive a response with
      *     truncated results. Set it to the value of <code>NextMarker</code> from the truncated response
      *     you just received.</p>
      * @public
      */
-    Marker?: string;
+    Marker?: string | undefined;
     /**
      * <p>Returns only grants for the specified KMS key. This parameter is required.</p>
      *          <p>Specify the key ID or key ARN of the KMS key. To specify a KMS key in a
@@ -4317,13 +4317,13 @@ export interface ListGrantsRequest {
      *       grant. </p>
      * @public
      */
-    GrantId?: string;
+    GrantId?: string | undefined;
     /**
      * <p>Returns only grants where the specified principal is the grantee principal for the
      *       grant.</p>
      * @public
      */
-    GranteePrincipal?: string;
+    GranteePrincipal?: string | undefined;
 }
 /**
  * @public
@@ -4333,13 +4333,13 @@ export interface ListGrantsResponse {
      * <p>A list of grants.</p>
      * @public
      */
-    Grants?: GrantListEntry[];
+    Grants?: GrantListEntry[] | undefined;
     /**
      * <p>When <code>Truncated</code> is true, this element is present and contains the
      *     value to use for the <code>Marker</code> parameter in a subsequent request.</p>
      * @public
      */
-    NextMarker?: string;
+    NextMarker?: string | undefined;
     /**
      * <p>A flag that indicates whether there are more items in the list. When this
      *     value is true, the list in this response is truncated. To get more items, pass the value of
@@ -4347,7 +4347,7 @@ export interface ListGrantsResponse {
      *     subsequent request.</p>
      * @public
      */
-    Truncated?: boolean;
+    Truncated?: boolean | undefined;
 }
 /**
  * @public
@@ -4380,14 +4380,14 @@ export interface ListKeyPoliciesRequest {
      *          <p>Only one policy can be attached to a key.</p>
      * @public
      */
-    Limit?: number;
+    Limit?: number | undefined;
     /**
      * <p>Use this parameter in a subsequent request after you receive a response with
      *     truncated results. Set it to the value of <code>NextMarker</code> from the truncated response
      *     you just received.</p>
      * @public
      */
-    Marker?: string;
+    Marker?: string | undefined;
 }
 /**
  * @public
@@ -4397,13 +4397,13 @@ export interface ListKeyPoliciesResponse {
      * <p>A list of key policy names. The only valid value is <code>default</code>.</p>
      * @public
      */
-    PolicyNames?: string[];
+    PolicyNames?: string[] | undefined;
     /**
      * <p>When <code>Truncated</code> is true, this element is present and contains the
      *     value to use for the <code>Marker</code> parameter in a subsequent request.</p>
      * @public
      */
-    NextMarker?: string;
+    NextMarker?: string | undefined;
     /**
      * <p>A flag that indicates whether there are more items in the list. When this
      *     value is true, the list in this response is truncated. To get more items, pass the value of
@@ -4411,7 +4411,7 @@ export interface ListKeyPoliciesResponse {
      *     subsequent request.</p>
      * @public
      */
-    Truncated?: boolean;
+    Truncated?: boolean | undefined;
 }
 /**
  * @public
@@ -4443,14 +4443,14 @@ export interface ListKeyRotationsRequest {
      *     1 and 1000, inclusive. If you do not include a value, it defaults to 100.</p>
      * @public
      */
-    Limit?: number;
+    Limit?: number | undefined;
     /**
      * <p>Use this parameter in a subsequent request after you receive a response with
      *     truncated results. Set it to the value of <code>NextMarker</code> from the truncated response
      *     you just received.</p>
      * @public
      */
-    Marker?: string;
+    Marker?: string | undefined;
 }
 /**
  * @public
@@ -4473,17 +4473,17 @@ export interface RotationsListEntry {
      * <p>Unique identifier of the key.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>Date and time that the key material rotation completed. Formatted as Unix time.</p>
      * @public
      */
-    RotationDate?: Date;
+    RotationDate?: Date | undefined;
     /**
      * <p>Identifies whether the key material rotation was a scheduled <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-enable-disable">automatic rotation</a> or an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-on-demand">on-demand rotation</a>.</p>
      * @public
      */
-    RotationType?: RotationType;
+    RotationType?: RotationType | undefined;
 }
 /**
  * @public
@@ -4493,13 +4493,13 @@ export interface ListKeyRotationsResponse {
      * <p>A list of completed key material rotations.</p>
      * @public
      */
-    Rotations?: RotationsListEntry[];
+    Rotations?: RotationsListEntry[] | undefined;
     /**
      * <p>When <code>Truncated</code> is true, this element is present and contains the
      *     value to use for the <code>Marker</code> parameter in a subsequent request.</p>
      * @public
      */
-    NextMarker?: string;
+    NextMarker?: string | undefined;
     /**
      * <p>A flag that indicates whether there are more items in the list. When this
      *     value is true, the list in this response is truncated. To get more items, pass the value of
@@ -4507,7 +4507,7 @@ export interface ListKeyRotationsResponse {
      *     subsequent request.</p>
      * @public
      */
-    Truncated?: boolean;
+    Truncated?: boolean | undefined;
 }
 /**
  * @public
@@ -4521,14 +4521,14 @@ export interface ListKeysRequest {
      *     1 and 1000, inclusive. If you do not include a value, it defaults to 100.</p>
      * @public
      */
-    Limit?: number;
+    Limit?: number | undefined;
     /**
      * <p>Use this parameter in a subsequent request after you receive a response with
      *     truncated results. Set it to the value of <code>NextMarker</code> from the truncated response
      *     you just received.</p>
      * @public
      */
-    Marker?: string;
+    Marker?: string | undefined;
 }
 /**
  * @public
@@ -4538,13 +4538,13 @@ export interface ListKeysResponse {
      * <p>A list of KMS keys.</p>
      * @public
      */
-    Keys?: KeyListEntry[];
+    Keys?: KeyListEntry[] | undefined;
     /**
      * <p>When <code>Truncated</code> is true, this element is present and contains the
      *     value to use for the <code>Marker</code> parameter in a subsequent request.</p>
      * @public
      */
-    NextMarker?: string;
+    NextMarker?: string | undefined;
     /**
      * <p>A flag that indicates whether there are more items in the list. When this
      *     value is true, the list in this response is truncated. To get more items, pass the value of
@@ -4552,7 +4552,7 @@ export interface ListKeysResponse {
      *     subsequent request.</p>
      * @public
      */
-    Truncated?: boolean;
+    Truncated?: boolean | undefined;
 }
 /**
  * @public
@@ -4584,7 +4584,7 @@ export interface ListResourceTagsRequest {
      *       you do not include a value, it defaults to 50.</p>
      * @public
      */
-    Limit?: number;
+    Limit?: number | undefined;
     /**
      * <p>Use this parameter in a subsequent request after you receive a response with
      *     truncated results. Set it to the value of <code>NextMarker</code> from the truncated response
@@ -4593,7 +4593,7 @@ export interface ListResourceTagsRequest {
      *       the truncated response you just received.</p>
      * @public
      */
-    Marker?: string;
+    Marker?: string | undefined;
 }
 /**
  * @public
@@ -4606,14 +4606,14 @@ export interface ListResourceTagsResponse {
      *          </note>
      * @public
      */
-    Tags?: Tag[];
+    Tags?: Tag[] | undefined;
     /**
      * <p>When <code>Truncated</code> is true, this element is present and contains the
      *     value to use for the <code>Marker</code> parameter in a subsequent request.</p>
      *          <p>Do not assume or infer any information from this value.</p>
      * @public
      */
-    NextMarker?: string;
+    NextMarker?: string | undefined;
     /**
      * <p>A flag that indicates whether there are more items in the list. When this
      *     value is true, the list in this response is truncated. To get more items, pass the value of
@@ -4621,7 +4621,7 @@ export interface ListResourceTagsResponse {
      *     subsequent request.</p>
      * @public
      */
-    Truncated?: boolean;
+    Truncated?: boolean | undefined;
 }
 /**
  * @public
@@ -4635,14 +4635,14 @@ export interface ListRetirableGrantsRequest {
      *     and 100, inclusive. If you do not include a value, it defaults to 50.</p>
      * @public
      */
-    Limit?: number;
+    Limit?: number | undefined;
     /**
      * <p>Use this parameter in a subsequent request after you receive a response with
      *     truncated results. Set it to the value of <code>NextMarker</code> from the truncated response
      *     you just received.</p>
      * @public
      */
-    Marker?: string;
+    Marker?: string | undefined;
     /**
      * <p>The retiring principal for which to list grants. Enter a principal in your
      *       Amazon Web Services account.</p>
@@ -4694,7 +4694,7 @@ export interface PutKeyPolicyRequest {
      * <p>The name of the key policy. If no policy name is specified, the default value is <code>default</code>. The only valid value is <code>default</code>.</p>
      * @public
      */
-    PolicyName?: string;
+    PolicyName?: string | undefined;
     /**
      * <p>The key policy to attach to the KMS key.</p>
      *          <p>The key policy must meet the following criteria:</p>
@@ -4745,7 +4745,7 @@ export interface PutKeyPolicyRequest {
      *       request on the KMS key.</p>
      * @public
      */
-    BypassPolicyLockoutSafetyCheck?: boolean;
+    BypassPolicyLockoutSafetyCheck?: boolean | undefined;
 }
 /**
  * @public
@@ -4766,7 +4766,7 @@ export interface ReEncryptRequest {
      * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    SourceEncryptionContext?: Record<string, string>;
+    SourceEncryptionContext?: Record<string, string> | undefined;
     /**
      * <p>Specifies the KMS key that KMS will use to decrypt the ciphertext before it is
      *       re-encrypted.</p>
@@ -4800,7 +4800,7 @@ export interface ReEncryptRequest {
      *          <p>To get the key ID and key ARN for a KMS key, use <a>ListKeys</a> or <a>DescribeKey</a>. To get the alias name and alias ARN, use <a>ListAliases</a>.</p>
      * @public
      */
-    SourceKeyId?: string;
+    SourceKeyId?: string | undefined;
     /**
      * <p>A unique identifier for the KMS key that is used to reencrypt the data. Specify a
      *       symmetric encryption KMS key or an asymmetric KMS key with a <code>KeyUsage</code> value of
@@ -4845,7 +4845,7 @@ export interface ReEncryptRequest {
      * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    DestinationEncryptionContext?: Record<string, string>;
+    DestinationEncryptionContext?: Record<string, string> | undefined;
     /**
      * <p>Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it
      *       is reencrypted. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the algorithm
@@ -4856,7 +4856,7 @@ export interface ReEncryptRequest {
      *       key.</p>
      * @public
      */
-    SourceEncryptionAlgorithm?: EncryptionAlgorithmSpec;
+    SourceEncryptionAlgorithm?: EncryptionAlgorithmSpec | undefined;
     /**
      * <p>Specifies the encryption algorithm that KMS will use to reecrypt the data after it has
      *       decrypted it. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the encryption
@@ -4865,20 +4865,20 @@ export interface ReEncryptRequest {
      *       key.</p>
      * @public
      */
-    DestinationEncryptionAlgorithm?: EncryptionAlgorithmSpec;
+    DestinationEncryptionAlgorithm?: EncryptionAlgorithmSpec | undefined;
     /**
      * <p>A list of grant tokens.</p>
      *          <p>Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved <i>eventual consistency</i>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant token</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token">Using a grant token</a> in the
      *     <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    GrantTokens?: string[];
+    GrantTokens?: string[] | undefined;
     /**
      * <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter. </p>
      *          <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    DryRun?: boolean;
+    DryRun?: boolean | undefined;
 }
 /**
  * @public
@@ -4888,28 +4888,28 @@ export interface ReEncryptResponse {
      * <p>The reencrypted data. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
      * @public
      */
-    CiphertextBlob?: Uint8Array;
+    CiphertextBlob?: Uint8Array | undefined;
     /**
      * <p>Unique identifier of the KMS key used to originally encrypt the data.</p>
      * @public
      */
-    SourceKeyId?: string;
+    SourceKeyId?: string | undefined;
     /**
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the KMS key that was used to reencrypt the data.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>The encryption algorithm that was used to decrypt the ciphertext before it was
      *       reencrypted.</p>
      * @public
      */
-    SourceEncryptionAlgorithm?: EncryptionAlgorithmSpec;
+    SourceEncryptionAlgorithm?: EncryptionAlgorithmSpec | undefined;
     /**
      * <p>The encryption algorithm that was used to reencrypt the data.</p>
      * @public
      */
-    DestinationEncryptionAlgorithm?: EncryptionAlgorithmSpec;
+    DestinationEncryptionAlgorithm?: EncryptionAlgorithmSpec | undefined;
 }
 /**
  * @public
@@ -4998,7 +4998,7 @@ export interface ReplicateKeyRequest {
      *             </i>.</p>
      * @public
      */
-    Policy?: string;
+    Policy?: string | undefined;
     /**
      * <p>Skips ("bypasses") the key policy lockout safety check. The default value is false.</p>
      *          <important>
@@ -5011,7 +5011,7 @@ export interface ReplicateKeyRequest {
      *       request on the KMS key.</p>
      * @public
      */
-    BypassPolicyLockoutSafetyCheck?: boolean;
+    BypassPolicyLockoutSafetyCheck?: boolean | undefined;
     /**
      * <p>A description of the KMS key. The default value is an empty string (no
      *       description).</p>
@@ -5023,7 +5023,7 @@ export interface ReplicateKeyRequest {
      *       KMS does not synchronize this property.</p>
      * @public
      */
-    Description?: string;
+    Description?: string | undefined;
     /**
      * <p>Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it
      *       is created. To tag an existing KMS key, use the <a>TagResource</a>
@@ -5047,7 +5047,7 @@ export interface ReplicateKeyRequest {
      *               see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">Tagging Keys</a>.</p>
      * @public
      */
-    Tags?: Tag[];
+    Tags?: Tag[] | undefined;
 }
 /**
  * @public
@@ -5059,19 +5059,19 @@ export interface ReplicateKeyResponse {
      *       replica keys.</p>
      * @public
      */
-    ReplicaKeyMetadata?: KeyMetadata;
+    ReplicaKeyMetadata?: KeyMetadata | undefined;
     /**
      * <p>The key policy of the new replica key. The value is a key policy document in JSON
      *       format.</p>
      * @public
      */
-    ReplicaPolicy?: string;
+    ReplicaPolicy?: string | undefined;
     /**
      * <p>The tags on the new replica key. The value is a list of tag key and tag value
      *       pairs.</p>
      * @public
      */
-    ReplicaTags?: Tag[];
+    ReplicaTags?: Tag[] | undefined;
 }
 /**
  * @public
@@ -5085,14 +5085,14 @@ export interface RetireGrantRequest {
      *       and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency">Eventual consistency</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    GrantToken?: string;
+    GrantToken?: string | undefined;
     /**
      * <p>The key ARN KMS key associated with the grant. To find the key ARN, use the <a>ListKeys</a> operation.</p>
      *          <p>For example: <code>arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab</code>
      *          </p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>Identifies the grant to retire. To get the grant ID, use <a>CreateGrant</a>,
      *         <a>ListGrants</a>, or <a>ListRetirableGrants</a>.</p>
@@ -5104,13 +5104,13 @@ export interface RetireGrantRequest {
      *          </ul>
      * @public
      */
-    GrantId?: string;
+    GrantId?: string | undefined;
     /**
      * <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter. </p>
      *          <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    DryRun?: boolean;
+    DryRun?: boolean | undefined;
 }
 /**
  * @public
@@ -5147,7 +5147,7 @@ export interface RevokeGrantRequest {
      *          <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    DryRun?: boolean;
+    DryRun?: boolean | undefined;
 }
 /**
  * @public
@@ -5185,7 +5185,7 @@ export interface RotateKeyOnDemandResponse {
      *       on.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
 }
 /**
  * @public
@@ -5223,7 +5223,7 @@ export interface ScheduleKeyDeletionRequest {
      *       parameter.</p>
      * @public
      */
-    PendingWindowInDays?: number;
+    PendingWindowInDays?: number | undefined;
 }
 /**
  * @public
@@ -5233,7 +5233,7 @@ export interface ScheduleKeyDeletionResponse {
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the KMS key whose deletion is scheduled.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>The date and time after which KMS deletes the KMS key.</p>
      *          <p>If the KMS key is a multi-Region primary key with replica keys, this field does not
@@ -5241,14 +5241,14 @@ export interface ScheduleKeyDeletionResponse {
      *       deleted.</p>
      * @public
      */
-    DeletionDate?: Date;
+    DeletionDate?: Date | undefined;
     /**
      * <p>The current status of the KMS key.</p>
      *          <p>For more information about how key state affects the use of a KMS key, see
      *       <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    KeyState?: KeyState;
+    KeyState?: KeyState | undefined;
     /**
      * <p>The waiting period before the KMS key is deleted. </p>
      *          <p>If the KMS key is a multi-Region primary key with replicas, the waiting period begins when
@@ -5256,7 +5256,7 @@ export interface ScheduleKeyDeletionResponse {
      *       immediately.</p>
      * @public
      */
-    PendingWindowInDays?: number;
+    PendingWindowInDays?: number | undefined;
 }
 /**
  * @public
@@ -5335,14 +5335,14 @@ export interface SignRequest {
      *          </ul>
      * @public
      */
-    MessageType?: MessageType;
+    MessageType?: MessageType | undefined;
     /**
      * <p>A list of grant tokens.</p>
      *          <p>Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved <i>eventual consistency</i>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant token</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token">Using a grant token</a> in the
      *     <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    GrantTokens?: string[];
+    GrantTokens?: string[] | undefined;
     /**
      * <p>Specifies the signing algorithm to use when signing the message. </p>
      *          <p>Choose an algorithm that is compatible with the type and size of the specified asymmetric
@@ -5356,7 +5356,7 @@ export interface SignRequest {
      *          <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    DryRun?: boolean;
+    DryRun?: boolean | undefined;
 }
 /**
  * @public
@@ -5366,7 +5366,7 @@ export interface SignResponse {
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the asymmetric KMS key that was used to sign the message.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>The cryptographic signature that was generated for the message. </p>
      *          <ul>
@@ -5386,12 +5386,12 @@ export interface SignResponse {
      *          <p>When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.</p>
      * @public
      */
-    Signature?: Uint8Array;
+    Signature?: Uint8Array | undefined;
     /**
      * <p>The signing algorithm that was used to sign the message.</p>
      * @public
      */
-    SigningAlgorithm?: SigningAlgorithmSpec;
+    SigningAlgorithm?: SigningAlgorithmSpec | undefined;
 }
 /**
  * @public
@@ -5514,7 +5514,7 @@ export interface UpdateCustomKeyStoreRequest {
      *       be connected or disconnected.</p>
      * @public
      */
-    NewCustomKeyStoreName?: string;
+    NewCustomKeyStoreName?: string | undefined;
     /**
      * <p>Enter the current password of the <code>kmsuser</code> crypto user (CU) in the CloudHSM
      *       cluster that is associated with the custom key store. This parameter is valid only for custom
@@ -5524,7 +5524,7 @@ export interface UpdateCustomKeyStoreRequest {
      *          <p>To change this value, the CloudHSM key store must be disconnected.</p>
      * @public
      */
-    KeyStorePassword?: string;
+    KeyStorePassword?: string | undefined;
     /**
      * <p>Associates the custom key store with a related CloudHSM cluster. This parameter is valid only
      *       for custom key stores with a <code>CustomKeyStoreType</code> of
@@ -5538,7 +5538,7 @@ export interface UpdateCustomKeyStoreRequest {
      *          <p>To change this value, the CloudHSM key store must be disconnected.</p>
      * @public
      */
-    CloudHsmClusterId?: string;
+    CloudHsmClusterId?: string | undefined;
     /**
      * <p>Changes the URI endpoint that KMS uses to connect to your external key store proxy (XKS
      *       proxy). This parameter is valid only for custom key stores with a
@@ -5554,7 +5554,7 @@ export interface UpdateCustomKeyStoreRequest {
      *          <p>To change this value, the external key store must be disconnected.</p>
      * @public
      */
-    XksProxyUriEndpoint?: string;
+    XksProxyUriEndpoint?: string | undefined;
     /**
      * <p>Changes the base path to the proxy APIs for this external key store. To find this value,
      *       see the documentation for your external key manager and external key store proxy (XKS proxy).
@@ -5569,7 +5569,7 @@ export interface UpdateCustomKeyStoreRequest {
      *          <p>You can change this value when the external key store is connected or disconnected.</p>
      * @public
      */
-    XksProxyUriPath?: string;
+    XksProxyUriPath?: string | undefined;
     /**
      * <p>Changes the name that KMS uses to identify the Amazon VPC endpoint service for your external
      *       key store proxy (XKS proxy). This parameter is valid when the <code>CustomKeyStoreType</code>
@@ -5578,7 +5578,7 @@ export interface UpdateCustomKeyStoreRequest {
      *          <p>To change this value, the external key store must be disconnected.</p>
      * @public
      */
-    XksProxyVpcEndpointServiceName?: string;
+    XksProxyVpcEndpointServiceName?: string | undefined;
     /**
      * <p>Changes the credentials that KMS uses to sign requests to the external key store proxy
      *       (XKS proxy). This parameter is valid only for custom key stores with a
@@ -5592,7 +5592,7 @@ export interface UpdateCustomKeyStoreRequest {
      *          <p>You can change this value when the external key store is connected or disconnected.</p>
      * @public
      */
-    XksProxyAuthenticationCredential?: XksProxyAuthenticationCredentialType;
+    XksProxyAuthenticationCredential?: XksProxyAuthenticationCredentialType | undefined;
     /**
      * <p>Changes the connectivity setting for the external key store. To indicate that the external
      *       key store proxy uses a Amazon VPC endpoint service to communicate with KMS, specify
@@ -5606,7 +5606,7 @@ export interface UpdateCustomKeyStoreRequest {
      *          <p>To change this value, the external key store must be disconnected.</p>
      * @public
      */
-    XksProxyConnectivity?: XksProxyConnectivityType;
+    XksProxyConnectivity?: XksProxyConnectivityType | undefined;
 }
 /**
  * @public
@@ -5757,7 +5757,7 @@ export interface VerifyRequest {
      *          </ul>
      * @public
      */
-    MessageType?: MessageType;
+    MessageType?: MessageType | undefined;
     /**
      * <p>The signature that the <code>Sign</code> operation generated.</p>
      * @public
@@ -5775,13 +5775,13 @@ export interface VerifyRequest {
      *     <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    GrantTokens?: string[];
+    GrantTokens?: string[] | undefined;
     /**
      * <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter. </p>
      *          <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    DryRun?: boolean;
+    DryRun?: boolean | undefined;
 }
 /**
  * @public
@@ -5791,7 +5791,7 @@ export interface VerifyResponse {
      * <p>The Amazon Resource Name (<a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>) of the asymmetric KMS key that was used to verify the signature.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>A Boolean value that indicates whether the signature was verified. A value of
      *         <code>True</code> indicates that the <code>Signature</code> was produced by signing the
@@ -5800,12 +5800,12 @@ export interface VerifyResponse {
      *       operation fails with a <code>KMSInvalidSignatureException</code> exception. </p>
      * @public
      */
-    SignatureValid?: boolean;
+    SignatureValid?: boolean | undefined;
     /**
      * <p>The signing algorithm that was used to verify the signature.</p>
      * @public
      */
-    SigningAlgorithm?: SigningAlgorithmSpec;
+    SigningAlgorithm?: SigningAlgorithmSpec | undefined;
 }
 /**
  * @public
@@ -5848,13 +5848,13 @@ export interface VerifyMacRequest {
      *     <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    GrantTokens?: string[];
+    GrantTokens?: string[] | undefined;
     /**
      * <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter. </p>
      *          <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
      * @public
      */
-    DryRun?: boolean;
+    DryRun?: boolean | undefined;
 }
 /**
  * @public
@@ -5864,7 +5864,7 @@ export interface VerifyMacResponse {
      * <p>The HMAC KMS key used in the verification.</p>
      * @public
      */
-    KeyId?: string;
+    KeyId?: string | undefined;
     /**
      * <p>A Boolean value that indicates whether the HMAC was verified. A value of <code>True</code>
      *       indicates that the HMAC (<code>Mac</code>) was generated with the specified
@@ -5875,12 +5875,12 @@ export interface VerifyMacResponse {
      *       the inputs changed since the HMAC was computed.</p>
      * @public
      */
-    MacValid?: boolean;
+    MacValid?: boolean | undefined;
     /**
      * <p>The MAC algorithm used in the verification.</p>
      * @public
      */
-    MacAlgorithm?: MacAlgorithmSpec;
+    MacAlgorithm?: MacAlgorithmSpec | undefined;
 }
 /**
  * @internal