@aws-sdk/client-shield 3.131.0 → 3.141.0

package/dist-es/protocols/Aws_json1_1.js

@@ -2872,16 +2872,40 @@ var serializeAws_json1_1EnableProactiveEngagementRequest = function (input, cont
 var serializeAws_json1_1GetSubscriptionStateRequest = function (input, context) {
     return {};
 };
+var serializeAws_json1_1InclusionProtectionFilters = function (input, context) {
+    return __assign(__assign(__assign({}, (input.ProtectionNames != null && {
+        ProtectionNames: serializeAws_json1_1ProtectionNameFilters(input.ProtectionNames, context),
+    })), (input.ResourceArns != null && {
+        ResourceArns: serializeAws_json1_1ResourceArnFilters(input.ResourceArns, context),
+    })), (input.ResourceTypes != null && {
+        ResourceTypes: serializeAws_json1_1ProtectedResourceTypeFilters(input.ResourceTypes, context),
+    }));
+};
+var serializeAws_json1_1InclusionProtectionGroupFilters = function (input, context) {
+    return __assign(__assign(__assign(__assign({}, (input.Aggregations != null && {
+        Aggregations: serializeAws_json1_1ProtectionGroupAggregationFilters(input.Aggregations, context),
+    })), (input.Patterns != null && {
+        Patterns: serializeAws_json1_1ProtectionGroupPatternFilters(input.Patterns, context),
+    })), (input.ProtectionGroupIds != null && {
+        ProtectionGroupIds: serializeAws_json1_1ProtectionGroupIdFilters(input.ProtectionGroupIds, context),
+    })), (input.ResourceTypes != null && {
+        ResourceTypes: serializeAws_json1_1ProtectedResourceTypeFilters(input.ResourceTypes, context),
+    }));
+};
 var serializeAws_json1_1ListAttacksRequest = function (input, context) {
     return __assign(__assign(__assign(__assign(__assign({}, (input.EndTime != null && { EndTime: serializeAws_json1_1TimeRange(input.EndTime, context) })), (input.MaxResults != null && { MaxResults: input.MaxResults })), (input.NextToken != null && { NextToken: input.NextToken })), (input.ResourceArns != null && {
         ResourceArns: serializeAws_json1_1ResourceArnFilterList(input.ResourceArns, context),
     })), (input.StartTime != null && { StartTime: serializeAws_json1_1TimeRange(input.StartTime, context) }));
 };
 var serializeAws_json1_1ListProtectionGroupsRequest = function (input, context) {
-    return __assign(__assign({}, (input.MaxResults != null && { MaxResults: input.MaxResults })), (input.NextToken != null && { NextToken: input.NextToken }));
+    return __assign(__assign(__assign({}, (input.InclusionFilters != null && {
+        InclusionFilters: serializeAws_json1_1InclusionProtectionGroupFilters(input.InclusionFilters, context),
+    })), (input.MaxResults != null && { MaxResults: input.MaxResults })), (input.NextToken != null && { NextToken: input.NextToken }));
 };
 var serializeAws_json1_1ListProtectionsRequest = function (input, context) {
-    return __assign(__assign({}, (input.MaxResults != null && { MaxResults: input.MaxResults })), (input.NextToken != null && { NextToken: input.NextToken }));
+    return __assign(__assign(__assign({}, (input.InclusionFilters != null && {
+        InclusionFilters: serializeAws_json1_1InclusionProtectionFilters(input.InclusionFilters, context),
+    })), (input.MaxResults != null && { MaxResults: input.MaxResults })), (input.NextToken != null && { NextToken: input.NextToken }));
 };
 var serializeAws_json1_1ListResourcesInProtectionGroupRequest = function (input, context) {
     return __assign(__assign(__assign({}, (input.MaxResults != null && { MaxResults: input.MaxResults })), (input.NextToken != null && { NextToken: input.NextToken })), (input.ProtectionGroupId != null && { ProtectionGroupId: input.ProtectionGroupId }));
@@ -2889,6 +2913,36 @@ var serializeAws_json1_1ListResourcesInProtectionGroupRequest = function (input,
 var serializeAws_json1_1ListTagsForResourceRequest = function (input, context) {
     return __assign({}, (input.ResourceARN != null && { ResourceARN: input.ResourceARN }));
 };
+var serializeAws_json1_1ProtectedResourceTypeFilters = function (input, context) {
+    return input
+        .filter(function (e) { return e != null; })
+        .map(function (entry) {
+        if (entry === null) {
+            return null;
+        }
+        return entry;
+    });
+};
+var serializeAws_json1_1ProtectionGroupAggregationFilters = function (input, context) {
+    return input
+        .filter(function (e) { return e != null; })
+        .map(function (entry) {
+        if (entry === null) {
+            return null;
+        }
+        return entry;
+    });
+};
+var serializeAws_json1_1ProtectionGroupIdFilters = function (input, context) {
+    return input
+        .filter(function (e) { return e != null; })
+        .map(function (entry) {
+        if (entry === null) {
+            return null;
+        }
+        return entry;
+    });
+};
 var serializeAws_json1_1ProtectionGroupMembers = function (input, context) {
     return input
         .filter(function (e) { return e != null; })
@@ -2899,6 +2953,26 @@ var serializeAws_json1_1ProtectionGroupMembers = function (input, context) {
         return entry;
     });
 };
+var serializeAws_json1_1ProtectionGroupPatternFilters = function (input, context) {
+    return input
+        .filter(function (e) { return e != null; })
+        .map(function (entry) {
+        if (entry === null) {
+            return null;
+        }
+        return entry;
+    });
+};
+var serializeAws_json1_1ProtectionNameFilters = function (input, context) {
+    return input
+        .filter(function (e) { return e != null; })
+        .map(function (entry) {
+        if (entry === null) {
+            return null;
+        }
+        return entry;
+    });
+};
 var serializeAws_json1_1ResourceArnFilterList = function (input, context) {
     return input
         .filter(function (e) { return e != null; })
@@ -2909,6 +2983,16 @@ var serializeAws_json1_1ResourceArnFilterList = function (input, context) {
         return entry;
     });
 };
+var serializeAws_json1_1ResourceArnFilters = function (input, context) {
+    return input
+        .filter(function (e) { return e != null; })
+        .map(function (entry) {
+        if (entry === null) {
+            return null;
+        }
+        return entry;
+    });
+};
 var serializeAws_json1_1ResponseAction = function (input, context) {
     return __assign(__assign({}, (input.Block != null && { Block: serializeAws_json1_1BlockAction(input.Block, context) })), (input.Count != null && { Count: serializeAws_json1_1CountAction(input.Count, context) }));
 };

package/dist-types/Shield.d.ts

@@ -45,7 +45,7 @@ import { ShieldClient } from "./ShieldClient";
 export declare class Shield extends ShieldClient {
     /**
      * <p>Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources. You can associate up to 10 Amazon S3 buckets with your subscription.</p>
-     *          <p>To use the services of the SRT and make an <code>AssociateDRTLogBucket</code> request, you must be subscribed to the <a href="https://docs.aws.amazon.com/premiumsupport/business-support/">Business Support plan</a> or the <a href="https://docs.aws.amazon.com/premiumsupport/enterprise-support/">Enterprise Support plan</a>.</p>
+     *          <p>To use the services of the SRT and make an <code>AssociateDRTLogBucket</code> request, you must be subscribed to the <a href="http://aws.amazon.com/premiumsupport/business-support/">Business Support plan</a> or the <a href="http://aws.amazon.com/premiumsupport/enterprise-support/">Enterprise Support plan</a>.</p>
      */
     associateDRTLogBucket(args: AssociateDRTLogBucketCommandInput, options?: __HttpHandlerOptions): Promise<AssociateDRTLogBucketCommandOutput>;
     associateDRTLogBucket(args: AssociateDRTLogBucketCommandInput, cb: (err: any, data?: AssociateDRTLogBucketCommandOutput) => void): void;
@@ -58,7 +58,7 @@ export declare class Shield extends ShieldClient {
      *
      *          <p>The SRT will have access only to your WAF and Shield resources. By submitting this request, you authorize the SRT to inspect your WAF and Shield configuration and create and update WAF rules and web ACLs on your behalf. The SRT takes these actions only if explicitly authorized by you.</p>
      *          <p>You must have the <code>iam:PassRole</code> permission to make an <code>AssociateDRTRole</code> request. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html">Granting a user permissions to pass a role to an Amazon Web Services service</a>. </p>
-     *          <p>To use the services of the SRT and make an <code>AssociateDRTRole</code> request, you must be subscribed to the <a href="https://docs.aws.amazon.com/premiumsupport/business-support/">Business Support plan</a> or the <a href="https://docs.aws.amazon.com/premiumsupport/enterprise-support/">Enterprise Support plan</a>.</p>
+     *          <p>To use the services of the SRT and make an <code>AssociateDRTRole</code> request, you must be subscribed to the <a href="http://aws.amazon.com/premiumsupport/business-support/">Business Support plan</a> or the <a href="http://aws.amazon.com/premiumsupport/enterprise-support/">Enterprise Support plan</a>.</p>
      */
     associateDRTRole(args: AssociateDRTRoleCommandInput, options?: __HttpHandlerOptions): Promise<AssociateDRTRoleCommandOutput>;
     associateDRTRole(args: AssociateDRTRoleCommandInput, cb: (err: any, data?: AssociateDRTRoleCommandOutput) => void): void;
@@ -82,7 +82,7 @@ export declare class Shield extends ShieldClient {
     associateProactiveEngagementDetails(args: AssociateProactiveEngagementDetailsCommandInput, cb: (err: any, data?: AssociateProactiveEngagementDetailsCommandOutput) => void): void;
     associateProactiveEngagementDetails(args: AssociateProactiveEngagementDetailsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: AssociateProactiveEngagementDetailsCommandOutput) => void): void;
     /**
-     * <p>Enables Shield Advanced for a specific Amazon Web Services resource. The resource can be an Amazon CloudFront distribution, Elastic Load Balancing load balancer, Global Accelerator accelerator, Elastic IP Address, or an Amazon Route 53 hosted zone.</p>
+     * <p>Enables Shield Advanced for a specific Amazon Web Services resource. The resource can be an Amazon CloudFront distribution, Amazon Route 53 hosted zone, Global Accelerator standard accelerator, Elastic IP Address, Application Load Balancer, or a Classic Load Balancer. You can protect Amazon EC2 instances and Network Load Balancers by association with protected Amazon EC2 Elastic IP addresses.</p>
      *          <p>You can add protection to only a single resource with each <code>CreateProtection</code> request. You can add protection to multiple resources
      *           at once through the Shield Advanced console at <a href="https://console.aws.amazon.com/wafv2/shieldv2#/">https://console.aws.amazon.com/wafv2/shieldv2#/</a>.
      *               For more information see
@@ -100,8 +100,11 @@ export declare class Shield extends ShieldClient {
     createProtectionGroup(args: CreateProtectionGroupCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreateProtectionGroupCommandOutput) => void): void;
     /**
      * <p>Activates Shield Advanced for an account.</p>
-     *
-     *          <p>When you initally create a subscription, your subscription is set to be automatically renewed at the end of the existing subscription period.  You can change this by submitting an <code>UpdateSubscription</code> request. </p>
+     *          <note>
+     *             <p>For accounts that are members of an Organizations organization, Shield Advanced subscriptions are billed against the organization's payer account,
+     *               regardless of whether the payer account itself is subscribed. </p>
+     *          </note>
+     *          <p>When you initially create a subscription, your subscription is set to be automatically renewed at the end of the existing subscription period.  You can change this by submitting an <code>UpdateSubscription</code> request. </p>
      */
     createSubscription(args: CreateSubscriptionCommandInput, options?: __HttpHandlerOptions): Promise<CreateSubscriptionCommandOutput>;
     createSubscription(args: CreateSubscriptionCommandInput, cb: (err: any, data?: CreateSubscriptionCommandOutput) => void): void;
@@ -171,7 +174,7 @@ export declare class Shield extends ShieldClient {
     describeSubscription(args: DescribeSubscriptionCommandInput, cb: (err: any, data?: DescribeSubscriptionCommandOutput) => void): void;
     describeSubscription(args: DescribeSubscriptionCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DescribeSubscriptionCommandOutput) => void): void;
     /**
-     * <p>Disable the Shield Advanced automatic application layer DDoS mitigation feature for the resource. This
+     * <p>Disable the Shield Advanced automatic application layer DDoS mitigation feature for the protected resource. This
      *        stops Shield Advanced from creating, verifying, and applying WAF rules for attacks that it detects for the resource. </p>
      */
     disableApplicationLayerAutomaticResponse(args: DisableApplicationLayerAutomaticResponseCommandInput, options?: __HttpHandlerOptions): Promise<DisableApplicationLayerAutomaticResponseCommandOutput>;
@@ -203,19 +206,20 @@ export declare class Shield extends ShieldClient {
     disassociateHealthCheck(args: DisassociateHealthCheckCommandInput, cb: (err: any, data?: DisassociateHealthCheckCommandOutput) => void): void;
     disassociateHealthCheck(args: DisassociateHealthCheckCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DisassociateHealthCheckCommandOutput) => void): void;
     /**
-     * <p>Enable the Shield Advanced automatic application layer DDoS mitigation for the resource. </p>
+     * <p>Enable the Shield Advanced automatic application layer DDoS mitigation for the protected resource. </p>
      *          <note>
-     *             <p>This feature is available for Amazon CloudFront distributions only.</p>
+     *             <p>This feature is available for Amazon CloudFront distributions and Application Load Balancers only.</p>
      *          </note>
      *          <p>This causes Shield Advanced to create, verify, and apply WAF rules for DDoS attacks that it detects for the
      *        resource. Shield Advanced applies the rules in a Shield rule group inside the web ACL that you've associated
      *            with the resource. For information about how automatic mitigation works and the requirements for using it, see
      *    <a href="https://docs.aws.amazon.com/waf/latest/developerguide/ddos-advanced-automatic-app-layer-response.html">Shield Advanced automatic application layer DDoS mitigation</a>.</p>
-     *          <p>Don't use this action to make changes to automatic mitigation settings when it's already enabled for a resource. Instead, use <a>UpdateApplicationLayerAutomaticResponse</a>.</p>
+     *          <note>
+     *             <p>Don't use this action to make changes to automatic mitigation settings when it's already enabled for a resource. Instead, use <a>UpdateApplicationLayerAutomaticResponse</a>.</p>
+     *          </note>
      *          <p>To use this feature, you must associate a web ACL with the protected resource. The web ACL must be created using the latest version of WAF (v2). You can associate the web ACL through the Shield Advanced console
      *            at <a href="https://console.aws.amazon.com/wafv2/shieldv2#/">https://console.aws.amazon.com/wafv2/shieldv2#/</a>. For more information,
-     *                see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-ddos.html">Getting Started with Shield Advanced</a>.</p>
-     *          <p>You can also do this through the WAF console or the WAF API, but you must manage Shield Advanced automatic mitigation through Shield Advanced. For information about WAF, see
+     *                see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-ddos.html">Getting Started with Shield Advanced</a>. You can also associate the web ACL to the resource through the WAF console or the WAF API, but you must manage Shield Advanced automatic mitigation through Shield Advanced. For information about WAF, see
      *        <a href="https://docs.aws.amazon.com/waf/latest/developerguide/">WAF Developer Guide</a>.</p>
      */
     enableApplicationLayerAutomaticResponse(args: EnableApplicationLayerAutomaticResponseCommandInput, options?: __HttpHandlerOptions): Promise<EnableApplicationLayerAutomaticResponseCommandOutput>;
@@ -241,13 +245,15 @@ export declare class Shield extends ShieldClient {
     listAttacks(args: ListAttacksCommandInput, cb: (err: any, data?: ListAttacksCommandOutput) => void): void;
     listAttacks(args: ListAttacksCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListAttacksCommandOutput) => void): void;
     /**
-     * <p>Retrieves the <a>ProtectionGroup</a> objects for the account.</p>
+     * <p>Retrieves <a>ProtectionGroup</a> objects for the account. You can retrieve all protection groups or you can provide
+     *        filtering criteria and retrieve just the subset of protection groups that match the criteria. </p>
      */
     listProtectionGroups(args: ListProtectionGroupsCommandInput, options?: __HttpHandlerOptions): Promise<ListProtectionGroupsCommandOutput>;
     listProtectionGroups(args: ListProtectionGroupsCommandInput, cb: (err: any, data?: ListProtectionGroupsCommandOutput) => void): void;
     listProtectionGroups(args: ListProtectionGroupsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListProtectionGroupsCommandOutput) => void): void;
     /**
-     * <p>Lists all <a>Protection</a> objects for the account.</p>
+     * <p>Retrieves <a>Protection</a> objects for the account. You can retrieve all protections or you can provide
+     *        filtering criteria and retrieve just the subset of protections that match the criteria. </p>
      */
     listProtections(args: ListProtectionsCommandInput, options?: __HttpHandlerOptions): Promise<ListProtectionsCommandOutput>;
     listProtections(args: ListProtectionsCommandInput, cb: (err: any, data?: ListProtectionsCommandOutput) => void): void;
@@ -296,6 +302,10 @@ export declare class Shield extends ShieldClient {
     updateProtectionGroup(args: UpdateProtectionGroupCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UpdateProtectionGroupCommandOutput) => void): void;
     /**
      * <p>Updates the details of an existing subscription. Only enter values for parameters you want to change. Empty parameters are not updated.</p>
+     *          <note>
+     *             <p>For accounts that are members of an Organizations organization, Shield Advanced subscriptions are billed against the organization's payer account,
+     *               regardless of whether the payer account itself is subscribed. </p>
+     *          </note>
      */
     updateSubscription(args: UpdateSubscriptionCommandInput, options?: __HttpHandlerOptions): Promise<UpdateSubscriptionCommandOutput>;
     updateSubscription(args: UpdateSubscriptionCommandInput, cb: (err: any, data?: UpdateSubscriptionCommandOutput) => void): void;

package/dist-types/commands/AssociateDRTLogBucketCommand.d.ts

@@ -8,7 +8,7 @@ export interface AssociateDRTLogBucketCommandOutput extends AssociateDRTLogBucke
 }
 /**
  * <p>Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources. You can associate up to 10 Amazon S3 buckets with your subscription.</p>
- *          <p>To use the services of the SRT and make an <code>AssociateDRTLogBucket</code> request, you must be subscribed to the <a href="https://docs.aws.amazon.com/premiumsupport/business-support/">Business Support plan</a> or the <a href="https://docs.aws.amazon.com/premiumsupport/enterprise-support/">Enterprise Support plan</a>.</p>
+ *          <p>To use the services of the SRT and make an <code>AssociateDRTLogBucket</code> request, you must be subscribed to the <a href="http://aws.amazon.com/premiumsupport/business-support/">Business Support plan</a> or the <a href="http://aws.amazon.com/premiumsupport/enterprise-support/">Enterprise Support plan</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/AssociateDRTRoleCommand.d.ts

@@ -14,7 +14,7 @@ export interface AssociateDRTRoleCommandOutput extends AssociateDRTRoleResponse,
  *
  *          <p>The SRT will have access only to your WAF and Shield resources. By submitting this request, you authorize the SRT to inspect your WAF and Shield configuration and create and update WAF rules and web ACLs on your behalf. The SRT takes these actions only if explicitly authorized by you.</p>
  *          <p>You must have the <code>iam:PassRole</code> permission to make an <code>AssociateDRTRole</code> request. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html">Granting a user permissions to pass a role to an Amazon Web Services service</a>. </p>
- *          <p>To use the services of the SRT and make an <code>AssociateDRTRole</code> request, you must be subscribed to the <a href="https://docs.aws.amazon.com/premiumsupport/business-support/">Business Support plan</a> or the <a href="https://docs.aws.amazon.com/premiumsupport/enterprise-support/">Enterprise Support plan</a>.</p>
+ *          <p>To use the services of the SRT and make an <code>AssociateDRTRole</code> request, you must be subscribed to the <a href="http://aws.amazon.com/premiumsupport/business-support/">Business Support plan</a> or the <a href="http://aws.amazon.com/premiumsupport/enterprise-support/">Enterprise Support plan</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/CreateProtectionCommand.d.ts

@@ -7,7 +7,7 @@ export interface CreateProtectionCommandInput extends CreateProtectionRequest {
 export interface CreateProtectionCommandOutput extends CreateProtectionResponse, __MetadataBearer {
 }
 /**
- * <p>Enables Shield Advanced for a specific Amazon Web Services resource. The resource can be an Amazon CloudFront distribution, Elastic Load Balancing load balancer, Global Accelerator accelerator, Elastic IP Address, or an Amazon Route 53 hosted zone.</p>
+ * <p>Enables Shield Advanced for a specific Amazon Web Services resource. The resource can be an Amazon CloudFront distribution, Amazon Route 53 hosted zone, Global Accelerator standard accelerator, Elastic IP Address, Application Load Balancer, or a Classic Load Balancer. You can protect Amazon EC2 instances and Network Load Balancers by association with protected Amazon EC2 Elastic IP addresses.</p>
  *          <p>You can add protection to only a single resource with each <code>CreateProtection</code> request. You can add protection to multiple resources
  *           at once through the Shield Advanced console at <a href="https://console.aws.amazon.com/wafv2/shieldv2#/">https://console.aws.amazon.com/wafv2/shieldv2#/</a>.
  *               For more information see

package/dist-types/commands/CreateSubscriptionCommand.d.ts

@@ -8,8 +8,11 @@ export interface CreateSubscriptionCommandOutput extends CreateSubscriptionRespo
 }
 /**
  * <p>Activates Shield Advanced for an account.</p>
- *
- *          <p>When you initally create a subscription, your subscription is set to be automatically renewed at the end of the existing subscription period.  You can change this by submitting an <code>UpdateSubscription</code> request. </p>
+ *          <note>
+ *             <p>For accounts that are members of an Organizations organization, Shield Advanced subscriptions are billed against the organization's payer account,
+ *               regardless of whether the payer account itself is subscribed. </p>
+ *          </note>
+ *          <p>When you initially create a subscription, your subscription is set to be automatically renewed at the end of the existing subscription period.  You can change this by submitting an <code>UpdateSubscription</code> request. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/DisableApplicationLayerAutomaticResponseCommand.d.ts

@@ -7,7 +7,7 @@ export interface DisableApplicationLayerAutomaticResponseCommandInput extends Di
 export interface DisableApplicationLayerAutomaticResponseCommandOutput extends DisableApplicationLayerAutomaticResponseResponse, __MetadataBearer {
 }
 /**
- * <p>Disable the Shield Advanced automatic application layer DDoS mitigation feature for the resource. This
+ * <p>Disable the Shield Advanced automatic application layer DDoS mitigation feature for the protected resource. This
  *        stops Shield Advanced from creating, verifying, and applying WAF rules for attacks that it detects for the resource. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

package/dist-types/commands/EnableApplicationLayerAutomaticResponseCommand.d.ts

@@ -7,19 +7,20 @@ export interface EnableApplicationLayerAutomaticResponseCommandInput extends Ena
 export interface EnableApplicationLayerAutomaticResponseCommandOutput extends EnableApplicationLayerAutomaticResponseResponse, __MetadataBearer {
 }
 /**
- * <p>Enable the Shield Advanced automatic application layer DDoS mitigation for the resource. </p>
+ * <p>Enable the Shield Advanced automatic application layer DDoS mitigation for the protected resource. </p>
  *          <note>
- *             <p>This feature is available for Amazon CloudFront distributions only.</p>
+ *             <p>This feature is available for Amazon CloudFront distributions and Application Load Balancers only.</p>
  *          </note>
  *          <p>This causes Shield Advanced to create, verify, and apply WAF rules for DDoS attacks that it detects for the
  *        resource. Shield Advanced applies the rules in a Shield rule group inside the web ACL that you've associated
  *            with the resource. For information about how automatic mitigation works and the requirements for using it, see
  *    <a href="https://docs.aws.amazon.com/waf/latest/developerguide/ddos-advanced-automatic-app-layer-response.html">Shield Advanced automatic application layer DDoS mitigation</a>.</p>
- *          <p>Don't use this action to make changes to automatic mitigation settings when it's already enabled for a resource. Instead, use <a>UpdateApplicationLayerAutomaticResponse</a>.</p>
+ *          <note>
+ *             <p>Don't use this action to make changes to automatic mitigation settings when it's already enabled for a resource. Instead, use <a>UpdateApplicationLayerAutomaticResponse</a>.</p>
+ *          </note>
  *          <p>To use this feature, you must associate a web ACL with the protected resource. The web ACL must be created using the latest version of WAF (v2). You can associate the web ACL through the Shield Advanced console
  *            at <a href="https://console.aws.amazon.com/wafv2/shieldv2#/">https://console.aws.amazon.com/wafv2/shieldv2#/</a>. For more information,
- *                see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-ddos.html">Getting Started with Shield Advanced</a>.</p>
- *          <p>You can also do this through the WAF console or the WAF API, but you must manage Shield Advanced automatic mitigation through Shield Advanced. For information about WAF, see
+ *                see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-ddos.html">Getting Started with Shield Advanced</a>. You can also associate the web ACL to the resource through the WAF console or the WAF API, but you must manage Shield Advanced automatic mitigation through Shield Advanced. For information about WAF, see
  *        <a href="https://docs.aws.amazon.com/waf/latest/developerguide/">WAF Developer Guide</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

package/dist-types/commands/ListProtectionGroupsCommand.d.ts

@@ -7,7 +7,8 @@ export interface ListProtectionGroupsCommandInput extends ListProtectionGroupsRe
 export interface ListProtectionGroupsCommandOutput extends ListProtectionGroupsResponse, __MetadataBearer {
 }
 /**
- * <p>Retrieves the <a>ProtectionGroup</a> objects for the account.</p>
+ * <p>Retrieves <a>ProtectionGroup</a> objects for the account. You can retrieve all protection groups or you can provide
+ *        filtering criteria and retrieve just the subset of protection groups that match the criteria. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/ListProtectionsCommand.d.ts

@@ -7,7 +7,8 @@ export interface ListProtectionsCommandInput extends ListProtectionsRequest {
 export interface ListProtectionsCommandOutput extends ListProtectionsResponse, __MetadataBearer {
 }
 /**
- * <p>Lists all <a>Protection</a> objects for the account.</p>
+ * <p>Retrieves <a>Protection</a> objects for the account. You can retrieve all protections or you can provide
+ *        filtering criteria and retrieve just the subset of protections that match the criteria. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/UpdateSubscriptionCommand.d.ts

@@ -8,6 +8,10 @@ export interface UpdateSubscriptionCommandOutput extends UpdateSubscriptionRespo
 }
 /**
  * <p>Updates the details of an existing subscription. Only enter values for parameters you want to change. Empty parameters are not updated.</p>
+ *          <note>
+ *             <p>For accounts that are members of an Organizations organization, Shield Advanced subscriptions are billed against the organization's payer account,
+ *               regardless of whether the payer account itself is subscribed. </p>
+ *          </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript