npm - @aws-sdk/client-securityhub - Versions diffs - 3.28.0 → 3.32.0 - Mend

@aws-sdk/client-securityhub 3.28.0 → 3.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/CHANGELOG.md +35 -0
package/dist/cjs/models/models_0.js +209 -209
package/dist/cjs/models/models_0.js.map +1 -1
package/dist/cjs/models/models_1.js +207 -4
package/dist/cjs/models/models_1.js.map +1 -1
package/dist/cjs/package.json +31 -31
package/dist/cjs/protocols/Aws_restJson1.js +1022 -219
package/dist/cjs/protocols/Aws_restJson1.js.map +1 -1
package/dist/es/endpoints.js +1 -2
package/dist/es/endpoints.js.map +1 -1
package/dist/es/models/models_0.js +159 -159
package/dist/es/models/models_0.js.map +1 -1
package/dist/es/models/models_1.js +159 -0
package/dist/es/models/models_1.js.map +1 -1
package/dist/es/package.json +31 -31
package/dist/es/protocols/Aws_restJson1.js +1061 -326
package/dist/es/protocols/Aws_restJson1.js.map +1 -1
package/dist/types/models/models_0.d.ts +882 -763
package/dist/types/models/models_1.d.ts +653 -16
package/dist/types/ts3.4/models/models_0.d.ts +882 -763
package/dist/types/ts3.4/models/models_1.d.ts +653 -16
package/models/models_0.ts +991 -852
package/models/models_1.ts +817 -24
package/package.json +31 -31
package/protocols/Aws_restJson1.ts +1418 -276

package/dist/types/ts3.4/models/models_0.d.ts CHANGED Viewed

@@ -597,6 +597,25 @@ export declare namespace ActionTarget {
      */
     const filterSensitiveLog: (obj: ActionTarget) => any;
 }
+/**
+ * <p>An adjustment to the CVSS metric.</p>
+ */
+export interface Adjustment {
+    /**
+     * <p>The metric to adjust.</p>
+     */
+    Metric?: string;
+    /**
+     * <p>The reason for the adjustment.</p>
+     */
+    Reason?: string;
+}
+export declare namespace Adjustment {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: Adjustment) => any;
+}
 export declare enum AdminStatus {
     DISABLE_IN_PROGRESS = "DISABLE_IN_PROGRESS",
     ENABLED = "ENABLED"
@@ -1205,6 +1224,196 @@ export declare namespace AwsAutoScalingAutoScalingGroupDetails {
      */
     const filterSensitiveLog: (obj: AwsAutoScalingAutoScalingGroupDetails) => any;
 }
+/**
+ * <p>Parameters that are used to automatically set up EBS volumes when an instance is launched.</p>
+ */
+export interface AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails {
+    /**
+     * <p>Whether to delete the volume when the instance is terminated.</p>
+     */
+    DeleteOnTermination?: boolean;
+    /**
+     * <p>Whether to encrypt the volume.</p>
+     */
+    Encrypted?: boolean;
+    /**
+     * <p>The number of input/output (I/O) operations per second (IOPS) to provision for the volume.</p>
+     *          <p>Only supported for <code>gp3</code> or <code>io1</code> volumes. Required for <code>io1</code> volumes. Not used with <code>standard</code>, <code>gp2</code>, <code>st1</code>, or <code>sc1</code> volumes.</p>
+     */
+    Iops?: number;
+    /**
+     * <p>The snapshot ID of the volume to use.</p>
+     *          <p>You must specify either <code>VolumeSize</code> or <code>SnapshotId</code>.</p>
+     */
+    SnapshotId?: string;
+    /**
+     * <p>The volume size, in GiBs. The following are the supported volumes sizes for each volume type:</p>
+     *          <ul>
+     *             <li>
+     *                <p>gp2 and gp3: 1-16,384</p>
+     *             </li>
+     *             <li>
+     *                <p>io1: 4-16,384</p>
+     *             </li>
+     *             <li>
+     *                <p>st1 and sc1: 125-16,384</p>
+     *             </li>
+     *             <li>
+     *                <p>standard: 1-1,024</p>
+     *             </li>
+     *          </ul>
+     *          <p>You must specify either <code>SnapshotId</code> or <code>VolumeSize</code>. If you specify both <code>SnapshotId</code> and <code>VolumeSize</code>, the volume size must be equal or greater than the size of the snapshot.</p>
+     */
+    VolumeSize?: number;
+    /**
+     * <p>The volume type.</p>
+     */
+    VolumeType?: string;
+}
+export declare namespace AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails) => any;
+}
+/**
+ * <p>A block device for the instance.</p>
+ */
+export interface AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails {
+    /**
+     * <p>The device name that is exposed to the EC2 instance. For example, <code>/dev/sdh</code> or <code>xvdh</code>.</p>
+     */
+    DeviceName?: string;
+    /**
+     * <p>Parameters that are used to automatically set up Amazon EBS volumes when an instance is launched.</p>
+     */
+    Ebs?: AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails;
+    /**
+     * <p>Whether to suppress the device that is included in the block device mapping of the Amazon Machine Image (AMI).</p>
+     *          <p>If <code>NoDevice</code> is <code>true</code>, then you cannot specify <code>Ebs</code>.></p>
+     */
+    NoDevice?: boolean;
+    /**
+     * <p>The name of the virtual device (for example, <code>ephemeral0</code>).</p>
+     *          <p>You can provide either <code>VirtualName</code> or <code>Ebs</code>, but not both.</p>
+     */
+    VirtualName?: string;
+}
+export declare namespace AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails) => any;
+}
+/**
+ * <p>Information about the type of monitoring for instances in the group.</p>
+ */
+export interface AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails {
+    /**
+     * <p>If set to <code>true</code>, then instances in the group launch with detailed
+     *          monitoring.</p>
+     *          <p>If set to <code>false</code>, then instances in the group launch with basic
+     *          monitoring.</p>
+     */
+    Enabled?: boolean;
+}
+export declare namespace AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails) => any;
+}
+/**
+ * <p>Details about a launch configuration.</p>
+ */
+export interface AwsAutoScalingLaunchConfigurationDetails {
+    /**
+     * <p>For Auto Scaling groups that run in a VPC, specifies whether to assign a public IP address to the group's instances.</p>
+     */
+    AssociatePublicIpAddress?: boolean;
+    /**
+     * <p>Specifies the block devices for the instance.</p>
+     */
+    BlockDeviceMappings?: AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails[];
+    /**
+     * <p>The identifier of a ClassicLink-enabled VPC that EC2-Classic instances are linked to.</p>
+     */
+    ClassicLinkVpcId?: string;
+    /**
+     * <p>The identifiers of one or more security groups for the VPC that is specified in <code>ClassicLinkVPCId</code>.</p>
+     */
+    ClassicLinkVpcSecurityGroups?: string[];
+    /**
+     * <p>The creation date and time for the launch configuration.</p>
+     *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
+     *          Date/Time Format</a>. The value cannot contain spaces. For example,
+     *          <code>2020-03-22T13:22:13.933Z</code>.</p>
+     */
+    CreatedTime?: string;
+    /**
+     * <p>Whether the launch configuration is optimized for Amazon EBS I/O.</p>
+     */
+    EbsOptimized?: boolean;
+    /**
+     * <p>The name or the ARN of the instance profile associated with the IAM role for the
+     *          instance. The instance profile contains the IAM role.</p>
+     */
+    IamInstanceProfile?: string;
+    /**
+     * <p>The identifier of the Amazon Machine Image (AMI) that is used to launch EC2
+     *          instances.</p>
+     */
+    ImageId?: string;
+    /**
+     * <p>Indicates the type of monitoring for instances in the group.</p>
+     */
+    InstanceMonitoring?: AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails;
+    /**
+     * <p>The instance type for the instances.</p>
+     */
+    InstanceType?: string;
+    /**
+     * <p>The identifier of the kernel associated with the AMI.</p>
+     */
+    KernelId?: string;
+    /**
+     * <p>The name of the key pair.</p>
+     */
+    KeyName?: string;
+    /**
+     * <p>The name of the launch configuration.</p>
+     */
+    LaunchConfigurationName?: string;
+    /**
+     * <p>The tenancy of the instance. An instance with <code>dedicated</code> tenancy runs on
+     *          isolated, single-tenant hardware and can only be launched into a VPC.</p>
+     */
+    PlacementTenancy?: string;
+    /**
+     * <p>The identifier of the RAM disk associated with the AMI.</p>
+     */
+    RamdiskId?: string;
+    /**
+     * <p>The security groups to assign to the instances in the Auto Scaling group.</p>
+     */
+    SecurityGroups?: string[];
+    /**
+     * <p>The maximum hourly price to be paid for any Spot Instance that is launched to fulfill the
+     *          request.</p>
+     */
+    SpotPrice?: string;
+    /**
+     * <p>The user data to make available to the launched EC2 instances. Must be base64-encoded
+     *          text.</p>
+     */
+    UserData?: string;
+}
+export declare namespace AwsAutoScalingLaunchConfigurationDetails {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsAutoScalingLaunchConfigurationDetails) => any;
+}
 /**
  * <p>Provides details about the CNAME record that is added to the DNS database for domain
  *          validation.</p>
@@ -2109,10 +2318,10 @@ export declare namespace AwsCodeBuildProjectVpcConfig {
  */
 export interface AwsCodeBuildProjectDetails {
     /**
-     * <p>The KMS customer master key (CMK) used to encrypt the
+     * <p>The KMS key used to encrypt the
      *          build output artifacts.</p>
-     *          <p>You can specify either the ARN of the CMK or, if available, the
-     *          CMK alias (using the format alias/alias-name). </p>
+     *          <p>You can specify either the ARN of the KMS key or, if available, the
+     *          KMS key alias (using the format alias/alias-name). </p>
      */
     EncryptionKey?: string;
     /**
@@ -2385,7 +2594,7 @@ export interface AwsDynamoDbTableReplica {
      */
     GlobalSecondaryIndexes?: AwsDynamoDbTableReplicaGlobalSecondaryIndex[];
     /**
-     * <p>The identifier of the KMS customer master key (CMK) that will be used for KMS
+     * <p>The identifier of the KMS key that will be used for KMS
      *          encryption for the replica.</p>
      */
     KmsMasterKeyId?: string;
@@ -2463,7 +2672,7 @@ export interface AwsDynamoDbTableSseDescription {
      */
     SseType?: string;
     /**
-     * <p>The ARN of the KMS customer master key (CMK) that is used for the KMS
+     * <p>The ARN of the KMS key that is used for the KMS
      *          encryption.</p>
      */
     KmsMasterKeyArn?: string;
@@ -3309,7 +3518,7 @@ export interface AwsEc2VolumeDetails {
      */
     Status?: string;
     /**
-     * <p>The ARN of the KMS customer master key (CMK) that was
+     * <p>The ARN of the KMS key that was
      *          used to protect the volume encryption key for the volume.</p>
      */
     KmsKeyId?: string;
@@ -3377,196 +3586,456 @@ export declare namespace AwsEc2VpcDetails {
     const filterSensitiveLog: (obj: AwsEc2VpcDetails) => any;
 }
 /**
- * <p>Indicates whether to enable CloudWatch Container Insights for the ECS cluster.</p>
+ * <p>The VPN tunnel options.</p>
  */
-export interface AwsEcsClusterClusterSettingsDetails {
+export interface AwsEc2VpnConnectionOptionsTunnelOptionsDetails {
     /**
-     * <p>The name of the setting.</p>
+     * <p>The number of seconds after which a Dead Peer Detection (DPD) timeout occurs.</p>
      */
-    Name?: string;
+    DpdTimeoutSeconds?: number;
     /**
-     * <p>The value of the setting.</p>
+     * <p>The Internet Key Exchange (IKE) versions that are permitted for the VPN tunnel.</p>
      */
-    Value?: string;
-}
-export declare namespace AwsEcsClusterClusterSettingsDetails {
+    IkeVersions?: string[];
     /**
-     * @internal
+     * <p>The external IP address of the VPN tunnel.</p>
      */
-    const filterSensitiveLog: (obj: AwsEcsClusterClusterSettingsDetails) => any;
-}
-/**
- * <p>The log configuration for the results of the run command actions.</p>
- */
-export interface AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails {
+    OutsideIpAddress?: string;
     /**
-     * <p>Whether to enable encryption on the CloudWatch logs.</p>
+     * <p>The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 1 IKE
+     *          negotiations.</p>
      */
-    CloudWatchEncryptionEnabled?: boolean;
+    Phase1DhGroupNumbers?: number[];
     /**
-     * <p>The name of the CloudWatch log group to send the logs to.</p>
+     * <p>The permitted encryption algorithms for the VPN tunnel for phase 1 IKE
+     *          negotiations.</p>
      */
-    CloudWatchLogGroupName?: string;
+    Phase1EncryptionAlgorithms?: string[];
     /**
-     * <p>The name of the S3 bucket to send logs to.</p>
+     * <p>The permitted integrity algorithms for the VPN tunnel for phase 1 IKE
+     *          negotiations.</p>
      */
-    S3BucketName?: string;
+    Phase1IntegrityAlgorithms?: string[];
     /**
-     * <p>Whether to encrypt the logs that are sent to the S3 bucket.</p>
+     * <p>The lifetime for phase 1 of the IKE negotiation, in seconds.</p>
      */
-    S3EncryptionEnabled?: boolean;
+    Phase1LifetimeSeconds?: number;
     /**
-     * <p>Identifies the folder in the S3 bucket to send the logs to.</p>
+     * <p>The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 2 IKE
+     *          negotiations.</p>
      */
-    S3KeyPrefix?: string;
-}
-export declare namespace AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails {
+    Phase2DhGroupNumbers?: number[];
     /**
-     * @internal
+     * <p>The permitted encryption algorithms for the VPN tunnel for phase 2 IKE
+     *          negotiations.</p>
      */
-    const filterSensitiveLog: (obj: AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails) => any;
-}
-/**
- * <p>Contains the run command configuration for the cluster.</p>
- */
-export interface AwsEcsClusterConfigurationExecuteCommandConfigurationDetails {
+    Phase2EncryptionAlgorithms?: string[];
     /**
-     * <p>The identifier of the KMS key that is used to encrypt the data between the local client and the container.</p>
+     * <p>The permitted integrity algorithms for the VPN tunnel for phase 2 IKE
+     *          negotiations.</p>
      */
-    KmsKeyId?: string;
+    Phase2IntegrityAlgorithms?: string[];
     /**
-     * <p>The log configuration for the results of the run command actions. Required if <code>Logging</code> is <code>NONE</code>.</p>
+     * <p>The lifetime for phase 2 of the IKE negotiation, in seconds.</p>
      */
-    LogConfiguration?: AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails;
+    Phase2LifetimeSeconds?: number;
     /**
-     * <p>The log setting to use for redirecting logs for run command results.</p>
+     * <p>The preshared key to establish initial authentication between the virtual private gateway
+     *          and the customer gateway.</p>
      */
-    Logging?: string;
+    PreSharedKey?: string;
+    /**
+     * <p>The percentage of the rekey window, which is determined by
+     *          <code>RekeyMarginTimeSeconds</code> during which the rekey time is randomly selected.</p>
+     */
+    RekeyFuzzPercentage?: number;
+    /**
+     * <p>The margin time, in seconds, before the phase 2 lifetime expires, during which the Amazon Web Services
+     *          side of the VPN connection performs an IKE rekey.</p>
+     */
+    RekeyMarginTimeSeconds?: number;
+    /**
+     * <p>The number of packets in an IKE replay window.</p>
+     */
+    ReplayWindowSize?: number;
+    /**
+     * <p>The range of inside IPv4 addresses for the tunnel.</p>
+     */
+    TunnelInsideCidr?: string;
 }
-export declare namespace AwsEcsClusterConfigurationExecuteCommandConfigurationDetails {
+export declare namespace AwsEc2VpnConnectionOptionsTunnelOptionsDetails {
     /**
      * @internal
      */
-    const filterSensitiveLog: (obj: AwsEcsClusterConfigurationExecuteCommandConfigurationDetails) => any;
+    const filterSensitiveLog: (obj: AwsEc2VpnConnectionOptionsTunnelOptionsDetails) => any;
 }
 /**
- * <p>The run command configuration for the cluster.</p>
+ * <p>VPN connection options.</p>
  */
-export interface AwsEcsClusterConfigurationDetails {
+export interface AwsEc2VpnConnectionOptionsDetails {
     /**
-     * <p>Contains the run command configuration for the cluster.</p>
+     * <p>Whether the VPN connection uses static routes only.</p>
      */
-    ExecuteCommandConfiguration?: AwsEcsClusterConfigurationExecuteCommandConfigurationDetails;
+    StaticRoutesOnly?: boolean;
+    /**
+     * <p>The VPN tunnel options.</p>
+     */
+    TunnelOptions?: AwsEc2VpnConnectionOptionsTunnelOptionsDetails[];
 }
-export declare namespace AwsEcsClusterConfigurationDetails {
+export declare namespace AwsEc2VpnConnectionOptionsDetails {
     /**
      * @internal
      */
-    const filterSensitiveLog: (obj: AwsEcsClusterConfigurationDetails) => any;
+    const filterSensitiveLog: (obj: AwsEc2VpnConnectionOptionsDetails) => any;
 }
 /**
- * <p>The default capacity provider strategy for the cluster. The default capacity provider strategy is used when services or tasks are run without a specified launch type or capacity provider strategy.</p>
+ * <p>A static routes associated with
+ *          the VPN connection.</p>
  */
-export interface AwsEcsClusterDefaultCapacityProviderStrategyDetails {
-    /**
-     * <p>The minimum number of tasks to run on the specified capacity provider.</p>
-     */
-    Base?: number;
+export interface AwsEc2VpnConnectionRoutesDetails {
     /**
-     * <p>The name of the capacity provider.</p>
+     * <p>The CIDR block associated with the local subnet of the customer data center.</p>
      */
-    CapacityProvider?: string;
+    DestinationCidrBlock?: string;
     /**
-     * <p>The relative percentage of the total number of tasks launched that should use the capacity provider.</p>
+     * <p>The current state of the static route.</p>
      */
-    Weight?: number;
+    State?: string;
 }
-export declare namespace AwsEcsClusterDefaultCapacityProviderStrategyDetails {
+export declare namespace AwsEc2VpnConnectionRoutesDetails {
     /**
      * @internal
      */
-    const filterSensitiveLog: (obj: AwsEcsClusterDefaultCapacityProviderStrategyDetails) => any;
+    const filterSensitiveLog: (obj: AwsEc2VpnConnectionRoutesDetails) => any;
 }
 /**
- * <p>provides details about an ECS cluster.</p>
+ * <p>Information about the VPN tunnel.</p>
  */
-export interface AwsEcsClusterDetails {
+export interface AwsEc2VpnConnectionVgwTelemetryDetails {
     /**
-     * <p>The short name of one or more capacity providers to associate with the cluster.</p>
+     * <p>The number of accepted routes.</p>
      */
-    CapacityProviders?: string[];
+    AcceptedRouteCount?: number;
     /**
-     * <p>The setting to use to create the cluster. Specifically used to configure whether to enable CloudWatch Container Insights for the cluster.</p>
+     * <p>The ARN of the VPN tunnel endpoint certificate.</p>
      */
-    ClusterSettings?: AwsEcsClusterClusterSettingsDetails[];
+    CertificateArn?: string;
     /**
-     * <p>The run command configuration for the cluster.</p>
+     * <p>The date and time of the last change in status.</p>
+     *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
+     *          Date/Time Format</a>. The value cannot contain spaces. For example,
+     *          <code>2020-03-22T13:22:13.933Z</code>.</p>
      */
-    Configuration?: AwsEcsClusterConfigurationDetails;
+    LastStatusChange?: string;
     /**
-     * <p>The default capacity provider strategy for the cluster. The default capacity provider strategy is used when services or tasks are run without a specified launch type or capacity provider strategy.</p>
+     * <p>The Internet-routable IP address of the virtual private gateway's outside
+     *          interface.</p>
      */
-    DefaultCapacityProviderStrategy?: AwsEcsClusterDefaultCapacityProviderStrategyDetails[];
+    OutsideIpAddress?: string;
+    /**
+     * <p>The status of the VPN tunnel.</p>
+     */
+    Status?: string;
+    /**
+     * <p>If an error occurs, a description of the error.</p>
+     */
+    StatusMessage?: string;
 }
-export declare namespace AwsEcsClusterDetails {
+export declare namespace AwsEc2VpnConnectionVgwTelemetryDetails {
     /**
      * @internal
      */
-    const filterSensitiveLog: (obj: AwsEcsClusterDetails) => any;
+    const filterSensitiveLog: (obj: AwsEc2VpnConnectionVgwTelemetryDetails) => any;
 }
 /**
- * <p>Strategy item for the capacity provider strategy that the service uses.</p>
+ * <p>Details about an Amazon EC2 VPN
+ *          connection.</p>
  */
-export interface AwsEcsServiceCapacityProviderStrategyDetails {
+export interface AwsEc2VpnConnectionDetails {
     /**
-     * <p>The minimum number of tasks to run on the capacity provider. Only one strategy item can specify a value for <code>Base</code>.</p>
-     *          <p>The value must be between 0 and 100000.</p>
+     * <p>The identifier of the VPN connection.</p>
      */
-    Base?: number;
+    VpnConnectionId?: string;
     /**
-     * <p>The short name of the capacity provider.</p>
+     * <p>The current state of the VPN connection.</p>
      */
-    CapacityProvider?: string;
+    State?: string;
     /**
-     * <p>The relative percentage of the total number of tasks that should use the capacity provider.</p>
-     *          <p>If no weight is specified, the default value is 0. At least one capacity provider must have a weight greater than 0.</p>
-     *          <p>The value can be between 0 and 1000.</p>
+     * <p>The identifier of the customer gateway that is at your end of the VPN connection.</p>
      */
-    Weight?: number;
-}
-export declare namespace AwsEcsServiceCapacityProviderStrategyDetails {
+    CustomerGatewayId?: string;
     /**
-     * @internal
+     * <p>The configuration information for the VPN connection's customer gateway, in the native XML
+     *          format.</p>
      */
-    const filterSensitiveLog: (obj: AwsEcsServiceCapacityProviderStrategyDetails) => any;
-}
-/**
- * <p>Determines whether a service deployment fails if a service cannot reach a steady state.</p>
- */
-export interface AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails {
+    CustomerGatewayConfiguration?: string;
     /**
-     * <p>Whether to enable the deployment circuit breaker logic for the service.</p>
+     * <p>The type of VPN connection.</p>
      */
-    Enable?: boolean;
+    Type?: string;
     /**
-     * <p>Whether to roll back the service if a service deployment fails. If rollback is enabled, when a service deployment fails, the service is rolled back to the last deployment that completed successfully.</p>
+     * <p>The identifier of the virtual private gateway that is at the Amazon Web Services side of the VPN
+     *          connection.</p>
      */
-    Rollback?: boolean;
-}
-export declare namespace AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails {
+    VpnGatewayId?: string;
     /**
-     * @internal
+     * <p>The category of the VPN connection. <code>VPN</code> indicates an Amazon Web Services VPN connection. <code>VPN-Classic</code>
+     *          indicates an Amazon Web Services Classic VPN connection.</p>
      */
-    const filterSensitiveLog: (obj: AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails) => any;
-}
-/**
- * <p>Optional deployment parameters for the service.</p>
- */
-export interface AwsEcsServiceDeploymentConfigurationDetails {
+    Category?: string;
     /**
-     * <p>Determines whether a service deployment fails if a service cannot reach a steady state.</p>
+     * <p>Information about the VPN tunnel.</p>
      */
-    DeploymentCircuitBreaker?: AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails;
+    VgwTelemetry?: AwsEc2VpnConnectionVgwTelemetryDetails[];
+    /**
+     * <p>The VPN connection options.</p>
+     */
+    Options?: AwsEc2VpnConnectionOptionsDetails;
+    /**
+     * <p>The static routes that are associated with the VPN connection.</p>
+     */
+    Routes?: AwsEc2VpnConnectionRoutesDetails[];
+    /**
+     * <p>The identifier of the transit gateway that is associated with the VPN connection.</p>
+     */
+    TransitGatewayId?: string;
+}
+export declare namespace AwsEc2VpnConnectionDetails {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsEc2VpnConnectionDetails) => any;
+}
+/**
+ * <p>Information about an Amazon ECR image.</p>
+ */
+export interface AwsEcrContainerImageDetails {
+    /**
+     * <p>The Amazon Web Services account identifier that is associated with the registry that the image belongs
+     *          to.</p>
+     */
+    RegistryId?: string;
+    /**
+     * <p>The name of the repository that the image belongs to.</p>
+     */
+    RepositoryName?: string;
+    /**
+     * <p>The architecture of the image.</p>
+     */
+    Architecture?: string;
+    /**
+     * <p>The sha256 digest of the image manifest.</p>
+     */
+    ImageDigest?: string;
+    /**
+     * <p>The list of tags that are associated with the image.</p>
+     */
+    ImageTags?: string[];
+    /**
+     * <p>The date and time when the image was pushed to the repository.</p>
+     *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
+     *          Date/Time Format</a>. The value cannot contain spaces. For example,
+     *          <code>2020-03-22T13:22:13.933Z</code>.</p>
+     */
+    ImagePublishedAt?: string;
+}
+export declare namespace AwsEcrContainerImageDetails {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsEcrContainerImageDetails) => any;
+}
+/**
+ * <p>Indicates whether to enable CloudWatch Container Insights for the ECS cluster.</p>
+ */
+export interface AwsEcsClusterClusterSettingsDetails {
+    /**
+     * <p>The name of the setting.</p>
+     */
+    Name?: string;
+    /**
+     * <p>The value of the setting.</p>
+     */
+    Value?: string;
+}
+export declare namespace AwsEcsClusterClusterSettingsDetails {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsEcsClusterClusterSettingsDetails) => any;
+}
+/**
+ * <p>The log configuration for the results of the run command actions.</p>
+ */
+export interface AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails {
+    /**
+     * <p>Whether to enable encryption on the CloudWatch logs.</p>
+     */
+    CloudWatchEncryptionEnabled?: boolean;
+    /**
+     * <p>The name of the CloudWatch log group to send the logs to.</p>
+     */
+    CloudWatchLogGroupName?: string;
+    /**
+     * <p>The name of the S3 bucket to send logs to.</p>
+     */
+    S3BucketName?: string;
+    /**
+     * <p>Whether to encrypt the logs that are sent to the S3 bucket.</p>
+     */
+    S3EncryptionEnabled?: boolean;
+    /**
+     * <p>Identifies the folder in the S3 bucket to send the logs to.</p>
+     */
+    S3KeyPrefix?: string;
+}
+export declare namespace AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails) => any;
+}
+/**
+ * <p>Contains the run command configuration for the cluster.</p>
+ */
+export interface AwsEcsClusterConfigurationExecuteCommandConfigurationDetails {
+    /**
+     * <p>The identifier of the KMS key that is used to encrypt the data between the local client and the container.</p>
+     */
+    KmsKeyId?: string;
+    /**
+     * <p>The log configuration for the results of the run command actions. Required if <code>Logging</code> is <code>NONE</code>.</p>
+     */
+    LogConfiguration?: AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails;
+    /**
+     * <p>The log setting to use for redirecting logs for run command results.</p>
+     */
+    Logging?: string;
+}
+export declare namespace AwsEcsClusterConfigurationExecuteCommandConfigurationDetails {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsEcsClusterConfigurationExecuteCommandConfigurationDetails) => any;
+}
+/**
+ * <p>The run command configuration for the cluster.</p>
+ */
+export interface AwsEcsClusterConfigurationDetails {
+    /**
+     * <p>Contains the run command configuration for the cluster.</p>
+     */
+    ExecuteCommandConfiguration?: AwsEcsClusterConfigurationExecuteCommandConfigurationDetails;
+}
+export declare namespace AwsEcsClusterConfigurationDetails {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsEcsClusterConfigurationDetails) => any;
+}
+/**
+ * <p>The default capacity provider strategy for the cluster. The default capacity provider strategy is used when services or tasks are run without a specified launch type or capacity provider strategy.</p>
+ */
+export interface AwsEcsClusterDefaultCapacityProviderStrategyDetails {
+    /**
+     * <p>The minimum number of tasks to run on the specified capacity provider.</p>
+     */
+    Base?: number;
+    /**
+     * <p>The name of the capacity provider.</p>
+     */
+    CapacityProvider?: string;
+    /**
+     * <p>The relative percentage of the total number of tasks launched that should use the capacity provider.</p>
+     */
+    Weight?: number;
+}
+export declare namespace AwsEcsClusterDefaultCapacityProviderStrategyDetails {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsEcsClusterDefaultCapacityProviderStrategyDetails) => any;
+}
+/**
+ * <p>provides details about an ECS cluster.</p>
+ */
+export interface AwsEcsClusterDetails {
+    /**
+     * <p>The short name of one or more capacity providers to associate with the cluster.</p>
+     */
+    CapacityProviders?: string[];
+    /**
+     * <p>The setting to use to create the cluster. Specifically used to configure whether to enable CloudWatch Container Insights for the cluster.</p>
+     */
+    ClusterSettings?: AwsEcsClusterClusterSettingsDetails[];
+    /**
+     * <p>The run command configuration for the cluster.</p>
+     */
+    Configuration?: AwsEcsClusterConfigurationDetails;
+    /**
+     * <p>The default capacity provider strategy for the cluster. The default capacity provider strategy is used when services or tasks are run without a specified launch type or capacity provider strategy.</p>
+     */
+    DefaultCapacityProviderStrategy?: AwsEcsClusterDefaultCapacityProviderStrategyDetails[];
+}
+export declare namespace AwsEcsClusterDetails {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsEcsClusterDetails) => any;
+}
+/**
+ * <p>Strategy item for the capacity provider strategy that the service uses.</p>
+ */
+export interface AwsEcsServiceCapacityProviderStrategyDetails {
+    /**
+     * <p>The minimum number of tasks to run on the capacity provider. Only one strategy item can specify a value for <code>Base</code>.</p>
+     *          <p>The value must be between 0 and 100000.</p>
+     */
+    Base?: number;
+    /**
+     * <p>The short name of the capacity provider.</p>
+     */
+    CapacityProvider?: string;
+    /**
+     * <p>The relative percentage of the total number of tasks that should use the capacity provider.</p>
+     *          <p>If no weight is specified, the default value is 0. At least one capacity provider must have a weight greater than 0.</p>
+     *          <p>The value can be between 0 and 1000.</p>
+     */
+    Weight?: number;
+}
+export declare namespace AwsEcsServiceCapacityProviderStrategyDetails {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsEcsServiceCapacityProviderStrategyDetails) => any;
+}
+/**
+ * <p>Determines whether a service deployment fails if a service cannot reach a steady state.</p>
+ */
+export interface AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails {
+    /**
+     * <p>Whether to enable the deployment circuit breaker logic for the service.</p>
+     */
+    Enable?: boolean;
+    /**
+     * <p>Whether to roll back the service if a service deployment fails. If rollback is enabled, when a service deployment fails, the service is rolled back to the last deployment that completed successfully.</p>
+     */
+    Rollback?: boolean;
+}
+export declare namespace AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails) => any;
+}
+/**
+ * <p>Optional deployment parameters for the service.</p>
+ */
+export interface AwsEcsServiceDeploymentConfigurationDetails {
+    /**
+     * <p>Determines whether a service deployment fails if a service cannot reach a steady state.</p>
+     */
+    DeploymentCircuitBreaker?: AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails;
     /**
      * <p>For a service that uses the rolling update (<code>ECS</code>) deployment type, the maximum number of tasks in a service that are allowed in the <code>RUNNING</code> or <code>PENDING</code> state during a deployment, and for tasks that use the EC2 launch type, when any container instances are in the <code>DRAINING</code> state. Provided as a percentage of the desired number of tasks. The default value is 200%.</p>
      *          <p>For a service that uses the blue/green (<code>CODE_DEPLOY</code>) or <code>EXTERNAL</code> deployment types, and tasks that use the EC2 launch type, the maximum number of tasks in the service that remain in the <code>RUNNING</code> state while the container instances are in the <code>DRAINING</code> state.</p>
@@ -6308,37 +6777,37 @@ export declare namespace AwsIamUserDetails {
     const filterSensitiveLog: (obj: AwsIamUserDetails) => any;
 }
 /**
- * <p>Contains metadata about a customer master key (CMK).</p>
+ * <p>Contains metadata about an KMS key.</p>
  */
 export interface AwsKmsKeyDetails {
     /**
-     * <p>The twelve-digit account ID of the Amazon Web Services account that owns the CMK.</p>
+     * <p>The twelve-digit account ID of the Amazon Web Services account that owns the KMS key.</p>
      */
     AWSAccountId?: string;
     /**
-     * <p>Indicates when the CMK was created.</p>
+     * <p>Indicates when the KMS key was created.</p>
      *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
      *             Date/Time Format</a>. The value cannot contain spaces. For example,
      *             <code>2020-03-22T13:22:13.933Z</code>.</p>
      */
     CreationDate?: number;
     /**
-     * <p>The globally unique identifier for the CMK.</p>
+     * <p>The globally unique identifier for the KMS key.</p>
      */
     KeyId?: string;
     /**
-     * <p>The manager of the CMK. CMKs in your Amazon Web Services account are either customer managed or Amazon Web Services managed.</p>
+     * <p>The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon Web Services managed.</p>
      */
     KeyManager?: string;
     /**
-     * <p>The state of the CMK.</p>
+     * <p>The state of the KMS key.</p>
      */
     KeyState?: string;
     /**
-     * <p>The source of the CMK's key material.</p>
+     * <p>The source of the KMS key material.</p>
      *          <p>When this value is <code>AWS_KMS</code>, KMS created the key material.</p>
      *          <p>When this value is <code>EXTERNAL</code>, the key material was imported from your
-     *          existing key management infrastructure or the CMK lacks key material.</p>
+     *          existing key management infrastructure or the KMS key lacks key material.</p>
      *          <p>When this value is <code>AWS_CLOUDHSM</code>, the key material was created in the CloudHSM cluster associated with a custom key store.</p>
      */
     Origin?: string;
@@ -6346,6 +6815,10 @@ export interface AwsKmsKeyDetails {
      * <p>A description of the key.</p>
      */
     Description?: string;
+    /**
+     * <p>Whether the key has key rotation enabled.</p>
+     */
+    KeyRotationStatus?: boolean;
 }
 export declare namespace AwsKmsKeyDetails {
     /**
@@ -6521,7 +6994,7 @@ export interface AwsLambdaFunctionDetails {
      */
     Handler?: string;
     /**
-     * <p>The KMS key that is used to encrypt the function's environment variables. This key is only returned if you've configured a customer managed CMK.</p>
+     * <p>The KMS key that is used to encrypt the function's environment variables. This key is only returned if you've configured a customer managed customer managed key.</p>
      */
     KmsKeyArn?: string;
     /**
@@ -8698,63 +9171,306 @@ export declare namespace AwsS3BucketBucketLifecycleConfigurationDetails {
     const filterSensitiveLog: (obj: AwsS3BucketBucketLifecycleConfigurationDetails) => any;
 }
 /**
- * <p>Specifies the default server-side encryption to apply to new objects in the
- *          bucket.</p>
+ * <p>Information about logging for
+ *          the S3 bucket</p>
  */
-export interface AwsS3BucketServerSideEncryptionByDefault {
+export interface AwsS3BucketLoggingConfiguration {
     /**
-     * <p>Server-side encryption algorithm to use for the default encryption.</p>
+     * <p>The name of the S3 bucket where log files for the S3 bucket are stored.</p>
      */
-    SSEAlgorithm?: string;
+    DestinationBucketName?: string;
     /**
-     * <p>KMS customer master key (CMK) ID to use for the default encryption.</p>
+     * <p>The prefix added to log files for the S3 bucket.</p>
      */
-    KMSMasterKeyID?: string;
+    LogFilePrefix?: string;
 }
-export declare namespace AwsS3BucketServerSideEncryptionByDefault {
+export declare namespace AwsS3BucketLoggingConfiguration {
     /**
      * @internal
      */
-    const filterSensitiveLog: (obj: AwsS3BucketServerSideEncryptionByDefault) => any;
+    const filterSensitiveLog: (obj: AwsS3BucketLoggingConfiguration) => any;
+}
+export declare enum AwsS3BucketNotificationConfigurationS3KeyFilterRuleName {
+    PREFIX = "Prefix",
+    SUFFIX = "Suffix"
 }
 /**
- * <p>An encryption rule to apply to the S3 bucket.</p>
+ * <p>Details for a filter rule.</p>
  */
-export interface AwsS3BucketServerSideEncryptionRule {
+export interface AwsS3BucketNotificationConfigurationS3KeyFilterRule {
     /**
-     * <p>Specifies the default server-side encryption to apply to new objects in the bucket. If a
-     *             <code>PUT</code> object request doesn't specify any server-side encryption, this default
-     *          encryption is applied.</p>
+     * <p>Indicates whether the filter is based on the prefix or suffix of the Amazon S3 key.</p>
      */
-    ApplyServerSideEncryptionByDefault?: AwsS3BucketServerSideEncryptionByDefault;
+    Name?: AwsS3BucketNotificationConfigurationS3KeyFilterRuleName | string;
+    /**
+     * <p>The filter value.</p>
+     */
+    Value?: string;
 }
-export declare namespace AwsS3BucketServerSideEncryptionRule {
+export declare namespace AwsS3BucketNotificationConfigurationS3KeyFilterRule {
     /**
      * @internal
      */
-    const filterSensitiveLog: (obj: AwsS3BucketServerSideEncryptionRule) => any;
+    const filterSensitiveLog: (obj: AwsS3BucketNotificationConfigurationS3KeyFilterRule) => any;
 }
 /**
- * <p>The encryption configuration for the S3 bucket.</p>
+ * <p>Details for an Amazon S3 filter.</p>
  */
-export interface AwsS3BucketServerSideEncryptionConfiguration {
+export interface AwsS3BucketNotificationConfigurationS3KeyFilter {
     /**
-     * <p>The encryption rules that are applied to the S3 bucket.</p>
+     * <p>The filter rules for the filter.</p>
      */
-    Rules?: AwsS3BucketServerSideEncryptionRule[];
+    FilterRules?: AwsS3BucketNotificationConfigurationS3KeyFilterRule[];
 }
-export declare namespace AwsS3BucketServerSideEncryptionConfiguration {
+export declare namespace AwsS3BucketNotificationConfigurationS3KeyFilter {
     /**
      * @internal
      */
-    const filterSensitiveLog: (obj: AwsS3BucketServerSideEncryptionConfiguration) => any;
+    const filterSensitiveLog: (obj: AwsS3BucketNotificationConfigurationS3KeyFilter) => any;
 }
 /**
- * <p>The details of an Amazon S3 bucket.</p>
+ * <p>Filtering information for the notifications. The
+ *          filtering is based on Amazon S3 key names.</p>
  */
-export interface AwsS3BucketDetails {
+export interface AwsS3BucketNotificationConfigurationFilter {
     /**
-     * <p>The canonical user ID of the owner of the S3 bucket.</p>
+     * <p>Details for an Amazon S3 filter.</p>
+     */
+    S3KeyFilter?: AwsS3BucketNotificationConfigurationS3KeyFilter;
+}
+export declare namespace AwsS3BucketNotificationConfigurationFilter {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsS3BucketNotificationConfigurationFilter) => any;
+}
+/**
+ * <p>Details for an S3 bucket notification configuration.</p>
+ */
+export interface AwsS3BucketNotificationConfigurationDetail {
+    /**
+     * <p>The list of events that trigger a notification.</p>
+     */
+    Events?: string[];
+    /**
+     * <p>The filters that determine which S3 buckets generate notifications.</p>
+     */
+    Filter?: AwsS3BucketNotificationConfigurationFilter;
+    /**
+     * <p>The ARN of the Lambda function, Amazon SQS queue, or Amazon SNS topic that generates the
+     *          notification.</p>
+     */
+    Destination?: string;
+    /**
+     * <p>Indicates the type of notification. Notifications can be generated using Lambda functions,
+     *          Amazon SQS queues or Amazon SNS topics.</p>
+     */
+    Type?: string;
+}
+export declare namespace AwsS3BucketNotificationConfigurationDetail {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsS3BucketNotificationConfigurationDetail) => any;
+}
+/**
+ * <p>The notification
+ *          configuration for the S3 bucket.</p>
+ */
+export interface AwsS3BucketNotificationConfiguration {
+    /**
+     * <p>Configurations for S3 bucket notifications.</p>
+     */
+    Configurations?: AwsS3BucketNotificationConfigurationDetail[];
+}
+export declare namespace AwsS3BucketNotificationConfiguration {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsS3BucketNotificationConfiguration) => any;
+}
+/**
+ * <p>The redirect behavior for requests
+ *          to the website.</p>
+ */
+export interface AwsS3BucketWebsiteConfigurationRedirectTo {
+    /**
+     * <p>The name of the host to redirect requests to.</p>
+     */
+    Hostname?: string;
+    /**
+     * <p>The protocol to use when redirecting requests. By default, uses the same protocol as the
+     *          original request.</p>
+     */
+    Protocol?: string;
+}
+export declare namespace AwsS3BucketWebsiteConfigurationRedirectTo {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsS3BucketWebsiteConfigurationRedirectTo) => any;
+}
+/**
+ * <p>The condition that must be met in order to apply the routing rule.</p>
+ */
+export interface AwsS3BucketWebsiteConfigurationRoutingRuleCondition {
+    /**
+     * <p>Indicates to redirect the request if the HTTP error code matches this value.</p>
+     */
+    HttpErrorCodeReturnedEquals?: string;
+    /**
+     * <p>Indicates to redirect the request if the key prefix matches this value.</p>
+     */
+    KeyPrefixEquals?: string;
+}
+export declare namespace AwsS3BucketWebsiteConfigurationRoutingRuleCondition {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsS3BucketWebsiteConfigurationRoutingRuleCondition) => any;
+}
+/**
+ * <p>The rules to redirect the request if the condition in <code>Condition</code> is
+ *          met.</p>
+ */
+export interface AwsS3BucketWebsiteConfigurationRoutingRuleRedirect {
+    /**
+     * <p>The host name to use in the redirect request.</p>
+     */
+    Hostname?: string;
+    /**
+     * <p>The HTTP redirect code to use in the response.</p>
+     */
+    HttpRedirectCode?: string;
+    /**
+     * <p>The protocol to use to redirect the request. By default, uses the protocol from the
+     *          original request.</p>
+     */
+    Protocol?: string;
+    /**
+     * <p>The object key prefix to use in the redirect request.</p>
+     *          <p>Cannot be provided if <code>ReplaceKeyWith</code> is present.</p>
+     */
+    ReplaceKeyPrefixWith?: string;
+    /**
+     * <p>The specific object key to use in the redirect request.</p>
+     *          <p>Cannot be provided if <code>ReplaceKeyPrefixWith</code> is present.</p>
+     */
+    ReplaceKeyWith?: string;
+}
+export declare namespace AwsS3BucketWebsiteConfigurationRoutingRuleRedirect {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsS3BucketWebsiteConfigurationRoutingRuleRedirect) => any;
+}
+/**
+ * <p>A rule for redirecting requests
+ *          to the website.</p>
+ */
+export interface AwsS3BucketWebsiteConfigurationRoutingRule {
+    /**
+     * <p>Provides the condition that must be met in order to apply the routing rule.</p>
+     */
+    Condition?: AwsS3BucketWebsiteConfigurationRoutingRuleCondition;
+    /**
+     * <p>Provides the rules to redirect the request if the condition in <code>Condition</code> is
+     *          met.</p>
+     */
+    Redirect?: AwsS3BucketWebsiteConfigurationRoutingRuleRedirect;
+}
+export declare namespace AwsS3BucketWebsiteConfigurationRoutingRule {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsS3BucketWebsiteConfigurationRoutingRule) => any;
+}
+/**
+ * <p>Website parameters for the S3
+ *          bucket.</p>
+ */
+export interface AwsS3BucketWebsiteConfiguration {
+    /**
+     * <p>The name of the error document for the website.</p>
+     */
+    ErrorDocument?: string;
+    /**
+     * <p>The name of the index document for the website.</p>
+     */
+    IndexDocumentSuffix?: string;
+    /**
+     * <p>The redirect behavior for requests to the website.</p>
+     */
+    RedirectAllRequestsTo?: AwsS3BucketWebsiteConfigurationRedirectTo;
+    /**
+     * <p>The rules for applying redirects for requests to the website.</p>
+     */
+    RoutingRules?: AwsS3BucketWebsiteConfigurationRoutingRule[];
+}
+export declare namespace AwsS3BucketWebsiteConfiguration {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsS3BucketWebsiteConfiguration) => any;
+}
+/**
+ * <p>Specifies the default server-side encryption to apply to new objects in the
+ *          bucket.</p>
+ */
+export interface AwsS3BucketServerSideEncryptionByDefault {
+    /**
+     * <p>Server-side encryption algorithm to use for the default encryption.</p>
+     */
+    SSEAlgorithm?: string;
+    /**
+     * <p>KMS key ID to use for the default encryption.</p>
+     */
+    KMSMasterKeyID?: string;
+}
+export declare namespace AwsS3BucketServerSideEncryptionByDefault {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsS3BucketServerSideEncryptionByDefault) => any;
+}
+/**
+ * <p>An encryption rule to apply to the S3 bucket.</p>
+ */
+export interface AwsS3BucketServerSideEncryptionRule {
+    /**
+     * <p>Specifies the default server-side encryption to apply to new objects in the bucket. If a
+     *             <code>PUT</code> object request doesn't specify any server-side encryption, this default
+     *          encryption is applied.</p>
+     */
+    ApplyServerSideEncryptionByDefault?: AwsS3BucketServerSideEncryptionByDefault;
+}
+export declare namespace AwsS3BucketServerSideEncryptionRule {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsS3BucketServerSideEncryptionRule) => any;
+}
+/**
+ * <p>The encryption configuration for the S3 bucket.</p>
+ */
+export interface AwsS3BucketServerSideEncryptionConfiguration {
+    /**
+     * <p>The encryption rules that are applied to the S3 bucket.</p>
+     */
+    Rules?: AwsS3BucketServerSideEncryptionRule[];
+}
+export declare namespace AwsS3BucketServerSideEncryptionConfiguration {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: AwsS3BucketServerSideEncryptionConfiguration) => any;
+}
+/**
+ * <p>The details of an Amazon S3 bucket.</p>
+ */
+export interface AwsS3BucketDetails {
+    /**
+     * <p>The canonical user ID of the owner of the S3 bucket.</p>
      */
     OwnerId?: string;
     /**
@@ -8780,6 +9496,22 @@ export interface AwsS3BucketDetails {
      * <p>Provides information about the Amazon S3 Public Access Block configuration for the S3 bucket.</p>
      */
     PublicAccessBlockConfiguration?: AwsS3AccountPublicAccessBlockDetails;
+    /**
+     * <p>The access control list for the S3 bucket.</p>
+     */
+    AccessControlList?: string;
+    /**
+     * <p>The logging configuration for the S3 bucket.</p>
+     */
+    BucketLoggingConfiguration?: AwsS3BucketLoggingConfiguration;
+    /**
+     * <p>The website configuration parameters for the S3 bucket.</p>
+     */
+    BucketWebsiteConfiguration?: AwsS3BucketWebsiteConfiguration;
+    /**
+     * <p>The notification configuration for the S3 bucket.</p>
+     */
+    BucketNotificationConfiguration?: AwsS3BucketNotificationConfiguration;
 }
 export declare namespace AwsS3BucketDetails {
     /**
@@ -8817,8 +9549,7 @@ export interface AwsS3ObjectDetails {
      */
     ServerSideEncryption?: string;
     /**
-     * <p>The identifier of the KMS symmetric customer managed
-     *          customer master key (CMK) that was used for the object.</p>
+     * <p>The identifier of the KMS symmetric customer managed key that was used for the object.</p>
      */
     SSEKMSKeyId?: string;
 }
@@ -8856,7 +9587,7 @@ export interface AwsSecretsManagerSecretDetails {
      */
     RotationOccurredWithinFrequency?: boolean;
     /**
-     * <p>The ARN, Key ID, or alias of the KMS customer master key (CMK) used to encrypt the
+     * <p>The ARN, Key ID, or alias of the KMS key used to encrypt the
      *             <code>SecretString</code> or <code>SecretBinary</code> values for versions of this
      *          secret.</p>
      */
@@ -9128,615 +9859,3 @@ export declare namespace PortRange {
      */
     const filterSensitiveLog: (obj: PortRange) => any;
 }
-/**
- * <p>The details of network-related information about a finding.</p>
- */
-export interface Network {
-    /**
-     * <p>The direction of network traffic associated with a finding.</p>
-     */
-    Direction?: NetworkDirection | string;
-    /**
-     * <p>The protocol of network-related information about a finding.</p>
-     */
-    Protocol?: string;
-    /**
-     * <p>The range of open ports that is present on the network.</p>
-     */
-    OpenPortRange?: PortRange;
-    /**
-     * <p>The source IPv4 address of network-related information about a finding.</p>
-     */
-    SourceIpV4?: string;
-    /**
-     * <p>The source IPv6 address of network-related information about a finding.</p>
-     */
-    SourceIpV6?: string;
-    /**
-     * <p>The source port of network-related information about a finding.</p>
-     */
-    SourcePort?: number;
-    /**
-     * <p>The source domain of network-related information about a finding.</p>
-     */
-    SourceDomain?: string;
-    /**
-     * <p>The source media access control (MAC) address of network-related information about a
-     *          finding.</p>
-     */
-    SourceMac?: string;
-    /**
-     * <p>The destination IPv4 address of network-related information about a finding.</p>
-     */
-    DestinationIpV4?: string;
-    /**
-     * <p>The destination IPv6 address of network-related information about a finding.</p>
-     */
-    DestinationIpV6?: string;
-    /**
-     * <p>The destination port of network-related information about a finding.</p>
-     */
-    DestinationPort?: number;
-    /**
-     * <p>The destination domain of network-related information about a finding.</p>
-     */
-    DestinationDomain?: string;
-}
-export declare namespace Network {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: Network) => any;
-}
-/**
- * <p>Information about the destination of the next component in the network path.</p>
- */
-export interface NetworkPathComponentDetails {
-    /**
-     * <p>The IP addresses of the destination.</p>
-     */
-    Address?: string[];
-    /**
-     * <p>A list of port ranges for the destination.</p>
-     */
-    PortRanges?: PortRange[];
-}
-export declare namespace NetworkPathComponentDetails {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: NetworkPathComponentDetails) => any;
-}
-/**
- * <p>Details about a network path component that occurs before or after the current
- *          component.</p>
- */
-export interface NetworkHeader {
-    /**
-     * <p>The protocol used for the component.</p>
-     */
-    Protocol?: string;
-    /**
-     * <p>Information about the destination of the component.</p>
-     */
-    Destination?: NetworkPathComponentDetails;
-    /**
-     * <p>Information about the origin of the component.</p>
-     */
-    Source?: NetworkPathComponentDetails;
-}
-export declare namespace NetworkHeader {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: NetworkHeader) => any;
-}
-/**
- * <p>Information about a network path component.</p>
- */
-export interface NetworkPathComponent {
-    /**
-     * <p>The identifier of a component in the network path.</p>
-     */
-    ComponentId?: string;
-    /**
-     * <p>The type of component.</p>
-     */
-    ComponentType?: string;
-    /**
-     * <p>Information about the component that comes after the current component in the network
-     *          path.</p>
-     */
-    Egress?: NetworkHeader;
-    /**
-     * <p>Information about the component that comes before the current node in the network
-     *          path.</p>
-     */
-    Ingress?: NetworkHeader;
-}
-export declare namespace NetworkPathComponent {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: NetworkPathComponent) => any;
-}
-/**
- * <p>A user-defined note added to a finding.</p>
- */
-export interface Note {
-    /**
-     * <p>The text of a note.</p>
-     */
-    Text: string | undefined;
-    /**
-     * <p>The principal that created a note.</p>
-     */
-    UpdatedBy: string | undefined;
-    /**
-     * <p>The timestamp of when the note was updated.</p>
-     *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
-     *             Date/Time Format</a>. The value cannot contain spaces. For example,
-     *             <code>2020-03-22T13:22:13.933Z</code>.</p>
-     */
-    UpdatedAt: string | undefined;
-}
-export declare namespace Note {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: Note) => any;
-}
-/**
- * <p>Provides an overview of the patch compliance status for an instance against a selected
- *          compliance standard.</p>
- */
-export interface PatchSummary {
-    /**
-     * <p>The identifier of the compliance standard that was used to determine the patch
-     *          compliance status.</p>
-     */
-    Id: string | undefined;
-    /**
-     * <p>The number of patches from the compliance standard that were installed
-     *          successfully.</p>
-     */
-    InstalledCount?: number;
-    /**
-     * <p>The number of patches that are part of the compliance standard but are not installed.
-     *          The count includes patches that failed to install.</p>
-     */
-    MissingCount?: number;
-    /**
-     * <p>The number of patches from the compliance standard that failed to install.</p>
-     */
-    FailedCount?: number;
-    /**
-     * <p>The number of installed patches that are not part of the compliance standard.</p>
-     */
-    InstalledOtherCount?: number;
-    /**
-     * <p>The number of patches that are installed but are also on a list of patches that the
-     *          customer rejected.</p>
-     */
-    InstalledRejectedCount?: number;
-    /**
-     * <p>The number of patches that were applied, but that require the instance to be rebooted in
-     *          order to be marked as installed.</p>
-     */
-    InstalledPendingReboot?: number;
-    /**
-     * <p>Indicates when the operation started.</p>
-     *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
-     *             Date/Time Format</a>. The value cannot contain spaces. For example,
-     *             <code>2020-03-22T13:22:13.933Z</code>.</p>
-     */
-    OperationStartTime?: string;
-    /**
-     * <p>Indicates when the operation completed.</p>
-     *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
-     *             Date/Time Format</a>. The value cannot contain spaces. For example,
-     *             <code>2020-03-22T13:22:13.933Z</code>.</p>
-     */
-    OperationEndTime?: string;
-    /**
-     * <p>The reboot option specified for the instance.</p>
-     */
-    RebootOption?: string;
-    /**
-     * <p>The type of patch operation performed. For Patch Manager, the values are
-     *             <code>SCAN</code> and <code>INSTALL</code>. </p>
-     */
-    Operation?: string;
-}
-export declare namespace PatchSummary {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: PatchSummary) => any;
-}
-/**
- * <p>The details of process-related information about a finding.</p>
- */
-export interface ProcessDetails {
-    /**
-     * <p>The name of the process.</p>
-     */
-    Name?: string;
-    /**
-     * <p>The path to the process executable.</p>
-     */
-    Path?: string;
-    /**
-     * <p>The process ID.</p>
-     */
-    Pid?: number;
-    /**
-     * <p>The parent process ID.</p>
-     */
-    ParentPid?: number;
-    /**
-     * <p>Indicates when the process was launched.</p>
-     *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
-     *             Date/Time Format</a>. The value cannot contain spaces. For example,
-     *             <code>2020-03-22T13:22:13.933Z</code>.</p>
-     */
-    LaunchedAt?: string;
-    /**
-     * <p>Indicates when the process was terminated.</p>
-     *          <p>Uses the <code>date-time</code> format specified in <a href="https://tools.ietf.org/html/rfc3339#section-5.6">RFC 3339 section 5.6, Internet
-     *             Date/Time Format</a>. The value cannot contain spaces. For example,
-     *             <code>2020-03-22T13:22:13.933Z</code>.</p>
-     */
-    TerminatedAt?: string;
-}
-export declare namespace ProcessDetails {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ProcessDetails) => any;
-}
-export declare enum RecordState {
-    ACTIVE = "ACTIVE",
-    ARCHIVED = "ARCHIVED"
-}
-/**
- * <p>A recommendation on how to remediate the issue identified in a finding.</p>
- */
-export interface Recommendation {
-    /**
-     * <p>Describes the recommended steps to take to remediate an issue identified in a finding.</p>
-     */
-    Text?: string;
-    /**
-     * <p>A URL to a page or site that contains information about how to remediate a finding.</p>
-     */
-    Url?: string;
-}
-export declare namespace Recommendation {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: Recommendation) => any;
-}
-/**
- * <p>Details about the remediation steps for a finding.</p>
- */
-export interface Remediation {
-    /**
-     * <p>A recommendation on the steps to take to remediate the issue identified by a finding.</p>
-     */
-    Recommendation?: Recommendation;
-}
-export declare namespace Remediation {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: Remediation) => any;
-}
-/**
- * <p>An occurrence of sensitive data detected in a Microsoft Excel workbook, comma-separated value (CSV) file, or tab-separated value (TSV) file.</p>
- */
-export interface Cell {
-    /**
-     * <p>The column number of the column that contains the data. For a Microsoft Excel workbook, the column number corresponds to the alphabetical column identifiers. For example, a value of 1 for Column corresponds to the A column in the workbook.</p>
-     */
-    Column?: number;
-    /**
-     * <p>The row number of the row that contains the data.</p>
-     */
-    Row?: number;
-    /**
-     * <p>The name of the column that contains the data.</p>
-     */
-    ColumnName?: string;
-    /**
-     * <p>For a Microsoft Excel workbook, provides the location of the cell, as an absolute cell reference, that contains the data. For example, Sheet2!C5 for cell C5 on Sheet2.</p>
-     */
-    CellReference?: string;
-}
-export declare namespace Cell {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: Cell) => any;
-}
-/**
- * <p>Identifies where the sensitive data begins and ends.</p>
- */
-export interface Range {
-    /**
-     * <p>The number of lines (for a line range) or characters (for an offset range) from the beginning of the file to the end of the sensitive data.</p>
-     */
-    Start?: number;
-    /**
-     * <p>The number of lines (for a line range) or characters (for an offset range) from the beginning of the file to the end of the sensitive data.</p>
-     */
-    End?: number;
-    /**
-     * <p>In the line where the sensitive data starts, the column within the line where the sensitive data starts.</p>
-     */
-    StartColumn?: number;
-}
-export declare namespace Range {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: Range) => any;
-}
-/**
- * <p>An occurrence of sensitive data in an Adobe Portable Document Format (PDF) file.</p>
- */
-export interface Page {
-    /**
-     * <p>The page number of the page that contains the sensitive data.</p>
-     */
-    PageNumber?: number;
-    /**
-     * <p>An occurrence of sensitive data detected in a non-binary text file or a Microsoft Word file. Non-binary text files include files such as HTML, XML, JSON, and TXT files.</p>
-     */
-    LineRange?: Range;
-    /**
-     * <p>An occurrence of sensitive data detected in a binary text file.</p>
-     */
-    OffsetRange?: Range;
-}
-export declare namespace Page {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: Page) => any;
-}
-/**
- * <p>An occurrence of sensitive data in an Apache Avro object container or an Apache Parquet file.</p>
- */
-export interface _Record {
-    /**
-     * <p>The path, as a JSONPath expression, to the field in the record that contains the data. If the field name is longer than 20 characters, it is truncated. If the path is longer than 250 characters, it is truncated.</p>
-     */
-    JsonPath?: string;
-    /**
-     * <p>The record index, starting from 0, for the record that contains the data.</p>
-     */
-    RecordIndex?: number;
-}
-export declare namespace _Record {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: _Record) => any;
-}
-/**
- * <p>The detected occurrences of sensitive data.</p>
- */
-export interface Occurrences {
-    /**
-     * <p>Occurrences of sensitive data detected in a non-binary text file or a Microsoft Word file. Non-binary text files include files such as HTML, XML, JSON, and TXT files.</p>
-     */
-    LineRanges?: Range[];
-    /**
-     * <p>Occurrences of sensitive data detected in a binary text file.</p>
-     */
-    OffsetRanges?: Range[];
-    /**
-     * <p>Occurrences of sensitive data in an Adobe Portable Document Format (PDF) file.</p>
-     */
-    Pages?: Page[];
-    /**
-     * <p>Occurrences of sensitive data in an Apache Avro object container or an Apache Parquet file.</p>
-     */
-    Records?: _Record[];
-    /**
-     * <p>Occurrences of sensitive data detected in Microsoft Excel workbooks, comma-separated value (CSV) files, or tab-separated value (TSV) files.</p>
-     */
-    Cells?: Cell[];
-}
-export declare namespace Occurrences {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: Occurrences) => any;
-}
-/**
- * <p>The list of detected instances of sensitive data.</p>
- */
-export interface CustomDataIdentifiersDetections {
-    /**
-     * <p>The total number of occurrences of sensitive data that were detected.</p>
-     */
-    Count?: number;
-    /**
-     * <p>The ARN of the custom identifier that was used to detect the sensitive data.</p>
-     */
-    Arn?: string;
-    /**
-     * <p>he name of the custom identifier that detected the sensitive data.</p>
-     */
-    Name?: string;
-    /**
-     * <p>Details about the sensitive data that was detected.</p>
-     */
-    Occurrences?: Occurrences;
-}
-export declare namespace CustomDataIdentifiersDetections {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: CustomDataIdentifiersDetections) => any;
-}
-/**
- * <p>Contains an instance of sensitive data that was detected by a customer-defined identifier.</p>
- */
-export interface CustomDataIdentifiersResult {
-    /**
-     * <p>The list of detected instances of sensitive data.</p>
-     */
-    Detections?: CustomDataIdentifiersDetections[];
-    /**
-     * <p>The total number of occurrences of sensitive data.</p>
-     */
-    TotalCount?: number;
-}
-export declare namespace CustomDataIdentifiersResult {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: CustomDataIdentifiersResult) => any;
-}
-/**
- * <p>The list of detected instances of sensitive data.</p>
- */
-export interface SensitiveDataDetections {
-    /**
-     * <p>The total number of occurrences of sensitive data that were detected.</p>
-     */
-    Count?: number;
-    /**
-     * <p>The type of sensitive data that was detected. For example, the type might indicate that the data is an email address.</p>
-     */
-    Type?: string;
-    /**
-     * <p>Details about the sensitive data that was detected.</p>
-     */
-    Occurrences?: Occurrences;
-}
-export declare namespace SensitiveDataDetections {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: SensitiveDataDetections) => any;
-}
-/**
- * <p>Contains a detected instance of sensitive data that are based on built-in identifiers.</p>
- */
-export interface SensitiveDataResult {
-    /**
-     * <p>The category of sensitive data that was detected. For example, the category can indicate that the sensitive data involved credentials, financial information, or personal information.</p>
-     */
-    Category?: string;
-    /**
-     * <p>The list of detected instances of sensitive data.</p>
-     */
-    Detections?: SensitiveDataDetections[];
-    /**
-     * <p>The total number of occurrences of sensitive data.</p>
-     */
-    TotalCount?: number;
-}
-export declare namespace SensitiveDataResult {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: SensitiveDataResult) => any;
-}
-/**
- * <p>Provides details about the current status of the sensitive data detection.</p>
- */
-export interface ClassificationStatus {
-    /**
-     * <p>The code that represents the status of the sensitive data detection.</p>
-     */
-    Code?: string;
-    /**
-     * <p>A longer description of the current status of the sensitive data detection.</p>
-     */
-    Reason?: string;
-}
-export declare namespace ClassificationStatus {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ClassificationStatus) => any;
-}
-/**
- * <p>Details about the sensitive data that was detected on the resource.</p>
- */
-export interface ClassificationResult {
-    /**
-     * <p>The type of content that the finding applies to.</p>
-     */
-    MimeType?: string;
-    /**
-     * <p>The total size in bytes of the affected data.</p>
-     */
-    SizeClassified?: number;
-    /**
-     * <p>Indicates whether there are additional occurrences of sensitive data that are not included in the finding. This occurs when the number of occurrences exceeds the maximum that can be included.</p>
-     */
-    AdditionalOccurrences?: boolean;
-    /**
-     * <p>The current status of the sensitive data detection.</p>
-     */
-    Status?: ClassificationStatus;
-    /**
-     * <p>Provides details about sensitive data that was identified based on built-in configuration.</p>
-     */
-    SensitiveData?: SensitiveDataResult[];
-    /**
-     * <p>Provides details about sensitive data that was identified based on customer-defined configuration.</p>
-     */
-    CustomDataIdentifiers?: CustomDataIdentifiersResult;
-}
-export declare namespace ClassificationResult {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ClassificationResult) => any;
-}
-/**
- * <p>Provides details about sensitive data that was detected on a resource.</p>
- */
-export interface DataClassificationDetails {
-    /**
-     * <p>The path to the folder or file that contains the sensitive data.</p>
-     */
-    DetailedResultsLocation?: string;
-    /**
-     * <p>The details about the sensitive data that was detected on the resource.</p>
-     */
-    Result?: ClassificationResult;
-}
-export declare namespace DataClassificationDetails {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: DataClassificationDetails) => any;
-}
-/**
- * <p>A wrapper type for the attributes of an Amazon SNS subscription.</p>
- */
-export interface AwsSnsTopicSubscription {
-    /**
-     * <p>The subscription's endpoint (format depends on the protocol).</p>
-     */
-    Endpoint?: string;
-    /**
-     * <p>The subscription's protocol.</p>
-     */
-    Protocol?: string;
-}
-export declare namespace AwsSnsTopicSubscription {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: AwsSnsTopicSubscription) => any;
-}