@aws-sdk/client-shield 3.43.0 → 3.47.0

package/dist-types/models/models_0.d.ts

@@ -7,12 +7,6 @@ export interface AccessDeniedException extends __SmithyException, $MetadataBeare
     $fault: "client";
     message?: string;
 }
-export declare namespace AccessDeniedException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: AccessDeniedException) => any;
-}
 /**
  * <p>In order to grant the necessary access to the Shield Response Team (SRT) the user submitting the request must have the <code>iam:PassRole</code> permission. This error indicates the user did not have the appropriate permissions. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html">Granting a User Permissions to Pass a Role to an Amazon Web Services Service</a>. </p>
  */
@@ -21,11 +15,83 @@ export interface AccessDeniedForDependencyException extends __SmithyException, $
     $fault: "client";
     message?: string;
 }
-export declare namespace AccessDeniedForDependencyException {
+/**
+ * <p>Specifies that Shield Advanced should configure its WAF rules with the WAF <code>Block</code> action. </p>
+ *             <p>This is only used in the context of the <code>ResponseAction</code> setting. </p>
+ *          <p>JSON specification: <code>"Block": {}</code>
+ *          </p>
+ */
+export interface BlockAction {
+}
+export declare namespace BlockAction {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: BlockAction) => any;
+}
+/**
+ * <p>Specifies that Shield Advanced should configure its WAF rules with the WAF <code>Count</code> action. </p>
+ *             <p>This is only used in the context of the <code>ResponseAction</code> setting. </p>
+ *          <p>JSON specification: <code>"Count": {}</code>
+ *          </p>
+ */
+export interface CountAction {
+}
+export declare namespace CountAction {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: CountAction) => any;
+}
+/**
+ * <p>Specifies the action setting that Shield Advanced should use in the WAF rules that it creates on behalf of the
+ *    protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature,
+ *    when you enable or update automatic mitigation. Shield Advanced creates the WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource. </p>
+ */
+export interface ResponseAction {
+    /**
+     * <p>Specifies that Shield Advanced should configure its WAF rules with the WAF <code>Block</code> action. </p>
+     *          <p>You must specify exactly one action, either <code>Block</code> or <code>Count</code>.</p>
+     */
+    Block?: BlockAction;
+    /**
+     * <p>Specifies that Shield Advanced should configure its WAF rules with the WAF <code>Count</code> action. </p>
+     *          <p>You must specify exactly one action, either <code>Block</code> or <code>Count</code>.</p>
+     */
+    Count?: CountAction;
+}
+export declare namespace ResponseAction {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: ResponseAction) => any;
+}
+export declare enum ApplicationLayerAutomaticResponseStatus {
+    DISABLED = "DISABLED",
+    ENABLED = "ENABLED"
+}
+/**
+ * <p>The automatic application layer DDoS mitigation settings for a <a>Protection</a>.
+ *        This configuration determines whether Shield Advanced automatically
+ *        manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks. </p>
+ */
+export interface ApplicationLayerAutomaticResponseConfiguration {
+    /**
+     * <p>Indicates whether automatic application layer DDoS mitigation is enabled for the protection. </p>
+     */
+    Status: ApplicationLayerAutomaticResponseStatus | string | undefined;
+    /**
+     * <p>Specifies the action setting that Shield Advanced should use in the WAF rules that it creates on behalf of the
+     *    protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature,
+     *    when you enable or update automatic mitigation. Shield Advanced creates the WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource. </p>
+     */
+    Action: ResponseAction | undefined;
+}
+export declare namespace ApplicationLayerAutomaticResponseConfiguration {
     /**
      * @internal
      */
-    const filterSensitiveLog: (obj: AccessDeniedForDependencyException) => any;
+    const filterSensitiveLog: (obj: ApplicationLayerAutomaticResponseConfiguration) => any;
 }
 export interface AssociateDRTLogBucketRequest {
     /**
@@ -48,20 +114,13 @@ export declare namespace AssociateDRTLogBucketResponse {
     const filterSensitiveLog: (obj: AssociateDRTLogBucketResponse) => any;
 }
 /**
- * <p>Exception that indicates that a problem occurred with the service infrastructure. You
- *          can retry the request.</p>
+ * <p>Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.</p>
  */
 export interface InternalErrorException extends __SmithyException, $MetadataBearer {
     name: "InternalErrorException";
     $fault: "server";
     message?: string;
 }
-export declare namespace InternalErrorException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: InternalErrorException) => any;
-}
 /**
  * <p>Exception that indicates that the operation would not cause any change to occur.</p>
  */
@@ -70,12 +129,6 @@ export interface InvalidOperationException extends __SmithyException, $MetadataB
     $fault: "client";
     message?: string;
 }
-export declare namespace InvalidOperationException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: InvalidOperationException) => any;
-}
 /**
  * <p>Provides information about a particular parameter passed inside a request that resulted in an exception.</p>
  */
@@ -115,12 +168,6 @@ export interface InvalidParameterException extends __SmithyException, $MetadataB
      */
     fields?: ValidationExceptionField[];
 }
-export declare namespace InvalidParameterException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: InvalidParameterException) => any;
-}
 /**
  * <p>Exception that indicates that the operation would exceed a limit.</p>
  */
@@ -137,12 +184,6 @@ export interface LimitsExceededException extends __SmithyException, $MetadataBea
      */
     Limit?: number;
 }
-export declare namespace LimitsExceededException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: LimitsExceededException) => any;
-}
 /**
  * <p>The ARN of the role that you specifed does not exist.</p>
  */
@@ -151,12 +192,6 @@ export interface NoAssociatedRoleException extends __SmithyException, $MetadataB
     $fault: "client";
     message?: string;
 }
-export declare namespace NoAssociatedRoleException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: NoAssociatedRoleException) => any;
-}
 /**
  * <p>Exception that indicates that the resource state has been modified by another
  *          client. Retrieve the resource and then retry your request.</p>
@@ -166,12 +201,6 @@ export interface OptimisticLockException extends __SmithyException, $MetadataBea
     $fault: "client";
     message?: string;
 }
-export declare namespace OptimisticLockException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: OptimisticLockException) => any;
-}
 /**
  * <p>Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties. </p>
  */
@@ -184,12 +213,6 @@ export interface ResourceNotFoundException extends __SmithyException, $MetadataB
      */
     resourceType?: string;
 }
-export declare namespace ResourceNotFoundException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ResourceNotFoundException) => any;
-}
 export interface AssociateDRTRoleRequest {
     /**
      * <p>The Amazon Resource Name (ARN) of the role the SRT will use to access your Amazon Web Services account.</p>
@@ -235,6 +258,14 @@ export declare namespace AssociateHealthCheckResponse {
      */
     const filterSensitiveLog: (obj: AssociateHealthCheckResponse) => any;
 }
+/**
+ * <p>Exception that indicates that the resource is invalid. You might not have access to the resource, or the resource might not exist.</p>
+ */
+export interface InvalidResourceException extends __SmithyException, $MetadataBearer {
+    name: "InvalidResourceException";
+    $fault: "client";
+    message?: string;
+}
 /**
  * <p>Contact information that the SRT can use to contact you if you have proactive engagement enabled, for escalations to the SRT and to initiate proactive customer support.</p>
  */
@@ -332,11 +363,11 @@ export declare enum AttackPropertyIdentifier {
     WORDPRESS_PINGBACK_SOURCE = "WORDPRESS_PINGBACK_SOURCE"
 }
 /**
- * <p>A contributor to the attack and their contribution.</p>
+ * <p>A contributor to the attack and their contribution. </p>
  */
 export interface Contributor {
     /**
-     * <p>The name of the contributor. This is dependent on the <code>AttackPropertyIdentifier</code>. For example, if the <code>AttackPropertyIdentifier</code> is <code>SOURCE_COUNTRY</code>, the <code>Name</code> could be <code>United States</code>.</p>
+     * <p>The name of the contributor. The type of name that you'll find here depends on the <code>AttackPropertyIdentifier</code> setting in the <code>AttackProperty</code> where this contributor is defined. For example, if the <code>AttackPropertyIdentifier</code> is <code>SOURCE_COUNTRY</code>, the <code>Name</code> could be <code>United States</code>.</p>
      */
     Name?: string;
     /**
@@ -364,7 +395,7 @@ export interface AttackProperty {
      * <p>The type of Shield event that was observed. <code>NETWORK</code> indicates layer 3 and layer 4 events and <code>APPLICATION</code>
      *          indicates layer 7 events.</p>
      *          <p>For infrastructure
-     *   layer events (L3 and L4 events) after January 25, 2021, you can view metrics for top contributors in Amazon CloudWatch metrics.
+     *   layer events (L3 and L4 events), you can view metrics for top contributors in Amazon CloudWatch metrics.
      *            For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#set-ddos-alarms">Shield metrics and alarms</a>
      *                in the <i>WAF Developer Guide</i>. </p>
      */
@@ -376,7 +407,7 @@ export interface AttackProperty {
      */
     AttackPropertyIdentifier?: AttackPropertyIdentifier | string;
     /**
-     * <p>Contributor objects for the top five contributors to a Shield event. </p>
+     * <p>Contributor objects for the top five contributors to a Shield event. A contributor is a source of traffic that Shield Advanced identifies as responsible for some or all of an event.</p>
      */
     TopContributors?: Contributor[];
     /**
@@ -477,11 +508,11 @@ export interface AttackDetail {
      */
     SubResources?: SubResourceSummary[];
     /**
-     * <p>The time the attack started, in Unix time in seconds. For more information see <a href="http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types">timestamp</a>.</p>
+     * <p>The time the attack started, in Unix time in seconds. </p>
      */
     StartTime?: Date;
     /**
-     * <p>The time the attack ended, in Unix time in seconds. For more information see <a href="http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types">timestamp</a>.</p>
+     * <p>The time the attack ended, in Unix time in seconds. </p>
      */
     EndTime?: Date;
     /**
@@ -491,7 +522,7 @@ export interface AttackDetail {
     /**
      * <p>The array of objects that provide details of the Shield event. </p>
      *          <p>For infrastructure
-     *   layer events (L3 and L4 events) after January 25, 2021, you can view metrics for top contributors in Amazon CloudWatch metrics.
+     *   layer events (L3 and L4 events), you can view metrics for top contributors in Amazon CloudWatch metrics.
      *            For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#set-ddos-alarms">Shield metrics and alarms</a>
      *                in the <i>WAF Developer Guide</i>. </p>
      */
@@ -648,11 +679,11 @@ export interface AttackSummary {
      */
     ResourceArn?: string;
     /**
-     * <p>The start time of the attack, in Unix time in seconds. For more information see <a href="http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types">timestamp</a>.</p>
+     * <p>The start time of the attack, in Unix time in seconds. </p>
      */
     StartTime?: Date;
     /**
-     * <p>The end time of the attack, in Unix time in seconds. For more information see <a href="http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types">timestamp</a>.</p>
+     * <p>The end time of the attack, in Unix time in seconds. </p>
      */
     EndTime?: Date;
     /**
@@ -719,7 +750,7 @@ export interface CreateProtectionRequest {
      *                </p>
      *             </li>
      *             <li>
-     *                <p>For Amazon Route 53: <code>arn:aws:route53:::hostedzone/<i>hosted-zone-id</i>
+     *                <p>For Amazon Route 53: <code>arn:aws:route53:::hostedzone/<i>hosted-zone-id</i>
      *                   </code>
      *                </p>
      *             </li>
@@ -754,20 +785,6 @@ export declare namespace CreateProtectionResponse {
      */
     const filterSensitiveLog: (obj: CreateProtectionResponse) => any;
 }
-/**
- * <p>Exception that indicates that the resource is invalid. You might not have access to the resource, or the resource might not exist.</p>
- */
-export interface InvalidResourceException extends __SmithyException, $MetadataBearer {
-    name: "InvalidResourceException";
-    $fault: "client";
-    message?: string;
-}
-export declare namespace InvalidResourceException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: InvalidResourceException) => any;
-}
 /**
  * <p>Exception indicating the specified resource already exists. If available, this exception includes details in additional properties. </p>
  */
@@ -780,12 +797,6 @@ export interface ResourceAlreadyExistsException extends __SmithyException, $Meta
      */
     resourceType?: string;
 }
-export declare namespace ResourceAlreadyExistsException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ResourceAlreadyExistsException) => any;
-}
 export declare enum ProtectionGroupAggregation {
     MAX = "MAX",
     MEAN = "MEAN",
@@ -937,15 +948,9 @@ export interface LockedSubscriptionException extends __SmithyException, $Metadat
     $fault: "client";
     message?: string;
 }
-export declare namespace LockedSubscriptionException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: LockedSubscriptionException) => any;
-}
 export interface DescribeAttackRequest {
     /**
-     * <p>The unique identifier (ID) for the attack that to be described.</p>
+     * <p>The unique identifier (ID) for the attack.</p>
      */
     AttackId: string | undefined;
 }
@@ -980,11 +985,11 @@ export declare namespace DescribeAttackStatisticsRequest {
  */
 export interface TimeRange {
     /**
-     * <p>The start time, in Unix time in seconds. For more information see <a href="http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types">timestamp</a>.</p>
+     * <p>The start time, in Unix time in seconds. </p>
      */
     FromInclusive?: Date;
     /**
-     * <p>The end time, in Unix time in seconds. For more information see <a href="http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types">timestamp</a>.</p>
+     * <p>The end time, in Unix time in seconds. </p>
      */
     ToExclusive?: Date;
 }
@@ -1089,13 +1094,19 @@ export interface Protection {
      */
     ResourceArn?: string;
     /**
-     * <p>The unique identifier (ID) for the Route 53 health check that's associated with the protection. </p>
+     * <p>The unique identifier (ID) for the Route 53 health check that's associated with the protection. </p>
      */
     HealthCheckIds?: string[];
     /**
      * <p>The ARN (Amazon Resource Name) of the protection.</p>
      */
     ProtectionArn?: string;
+    /**
+     * <p>The automatic application layer DDoS mitigation settings for the protection.
+     *        This configuration determines whether Shield Advanced automatically
+     *        manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks. </p>
+     */
+    ApplicationLayerAutomaticResponseConfiguration?: ApplicationLayerAutomaticResponseConfiguration;
 }
 export declare namespace Protection {
     /**
@@ -1306,7 +1317,7 @@ export declare namespace SubscriptionLimits {
  */
 export interface Subscription {
     /**
-     * <p>The start time of the subscription, in Unix time in seconds. For more information see <a href="http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types">timestamp</a>.</p>
+     * <p>The start time of the subscription, in Unix time in seconds. </p>
      */
     StartTime?: Date;
     /**
@@ -1359,6 +1370,26 @@ export declare namespace DescribeSubscriptionResponse {
      */
     const filterSensitiveLog: (obj: DescribeSubscriptionResponse) => any;
 }
+export interface DisableApplicationLayerAutomaticResponseRequest {
+    /**
+     * <p>The ARN (Amazon Resource Name) of the resource.</p>
+     */
+    ResourceArn: string | undefined;
+}
+export declare namespace DisableApplicationLayerAutomaticResponseRequest {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: DisableApplicationLayerAutomaticResponseRequest) => any;
+}
+export interface DisableApplicationLayerAutomaticResponseResponse {
+}
+export declare namespace DisableApplicationLayerAutomaticResponseResponse {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: DisableApplicationLayerAutomaticResponseResponse) => any;
+}
 export interface DisableProactiveEngagementRequest {
 }
 export declare namespace DisableProactiveEngagementRequest {
@@ -1435,6 +1466,32 @@ export declare namespace DisassociateHealthCheckResponse {
      */
     const filterSensitiveLog: (obj: DisassociateHealthCheckResponse) => any;
 }
+export interface EnableApplicationLayerAutomaticResponseRequest {
+    /**
+     * <p>The ARN (Amazon Resource Name) of the resource.</p>
+     */
+    ResourceArn: string | undefined;
+    /**
+     * <p>Specifies the action setting that Shield Advanced should use in the WAF rules that it creates on behalf of the
+     *    protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature,
+     *    when you enable or update automatic mitigation. Shield Advanced creates the WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource. </p>
+     */
+    Action: ResponseAction | undefined;
+}
+export declare namespace EnableApplicationLayerAutomaticResponseRequest {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: EnableApplicationLayerAutomaticResponseRequest) => any;
+}
+export interface EnableApplicationLayerAutomaticResponseResponse {
+}
+export declare namespace EnableApplicationLayerAutomaticResponseResponse {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: EnableApplicationLayerAutomaticResponseResponse) => any;
+}
 export interface EnableProactiveEngagementRequest {
 }
 export declare namespace EnableProactiveEngagementRequest {
@@ -1477,26 +1534,35 @@ export declare namespace GetSubscriptionStateResponse {
 }
 export interface ListAttacksRequest {
     /**
-     * <p>The ARN (Amazon Resource Name) of the resource that was attacked. If this is left
+     * <p>The ARNs (Amazon Resource Names) of the resources that were attacked. If you leave this
      *          blank, all applicable resources for this account will be included.</p>
      */
     ResourceArns?: string[];
     /**
-     * <p>The start of the time period for the attacks. This is a <code>timestamp</code> type. The sample request above indicates a <code>number</code> type because the default used by WAF is Unix time in seconds. However any valid <a href="http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types">timestamp format</a>  is allowed.  </p>
+     * <p>The start of the time period for the attacks. This is a <code>timestamp</code> type. The request syntax listing for this call indicates a <code>number</code> type,
+     *            but you can provide the time in any valid <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters-types.html#parameter-type-timestamp">timestamp format</a> setting.  </p>
      */
     StartTime?: TimeRange;
     /**
-     * <p>The end of the time period for the attacks. This is a <code>timestamp</code> type. The sample request above indicates a <code>number</code> type because the default used by WAF is Unix time in seconds. However any valid <a href="http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types">timestamp format</a>  is allowed.  </p>
+     * <p>The end of the time period for the attacks. This is a <code>timestamp</code> type. The request syntax listing for this call indicates a <code>number</code> type,
+     *            but you can provide the time in any valid <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters-types.html#parameter-type-timestamp">timestamp format</a> setting.  </p>
      */
     EndTime?: TimeRange;
     /**
-     * <p>The <code>ListAttacksRequest.NextMarker</code> value from a previous call to <code>ListAttacksRequest</code>. Pass null if this is the first call.</p>
+     * <p>When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects,
+     *            Shield Advanced includes a <code>NextToken</code> value in the response. You can retrieve the next batch of objects by requesting the list again and
+     *            providing the token that was returned by the prior call in your request. </p>
+     *            <p>You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the <code>MaxResults</code>
+     *            setting. Shield Advanced will not return more than <code>MaxResults</code> objects, but may return fewer, even if more objects are still available.</p>
+     *            <p>Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a <code>NextToken</code> value.</p>
+     *          <p>On your first call to a list operation, leave this setting empty.</p>
      */
     NextToken?: string;
     /**
-     * <p>The maximum number of <a>AttackSummary</a> objects to return. If you leave this blank,
-     *          Shield Advanced returns the first 20 results.</p>
-     *          <p>This is a maximum value. Shield Advanced might return the results in smaller batches. That is, the number of objects returned could be less than <code>MaxResults</code>, even if there are still more objects yet to return. If there are more objects to return, Shield Advanced returns a value in <code>NextToken</code> that you can use in your next request, to get the next batch of objects.</p>
+     * <p>The greatest number of objects that you want Shield Advanced to return to the list request. Shield Advanced might return fewer objects
+     *          than you indicate in this setting, even if more objects are available. If there are more objects remaining, Shield Advanced will always also return a <code>NextToken</code> value
+     *          in the response.</p>
+     *          <p>The default setting is 20.</p>
      */
     MaxResults?: number;
 }
@@ -1512,11 +1578,12 @@ export interface ListAttacksResponse {
      */
     AttackSummaries?: AttackSummary[];
     /**
-     * <p>The token returned by a previous call to indicate that there is more data available.
-     *          If not null, more results are available. Pass this value for the <code>NextMarker</code>
-     *          parameter in a subsequent call to <code>ListAttacks</code> to retrieve the next set of
-     *          items.</p>
-     *          <p>Shield Advanced might return the list of <a>AttackSummary</a> objects in batches smaller than the number specified by MaxResults. If there are more attack summary objects to return, Shield Advanced will always also return a <code>NextToken</code>.</p>
+     * <p>When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects,
+     *            Shield Advanced includes a <code>NextToken</code> value in the response. You can retrieve the next batch of objects by requesting the list again and
+     *            providing the token that was returned by the prior call in your request. </p>
+     *            <p>You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the <code>MaxResults</code>
+     *            setting. Shield Advanced will not return more than <code>MaxResults</code> objects, but may return fewer, even if more objects are still available.</p>
+     *            <p>Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a <code>NextToken</code> value.</p>
      */
     NextToken?: string;
 }
@@ -1527,28 +1594,29 @@ export declare namespace ListAttacksResponse {
     const filterSensitiveLog: (obj: ListAttacksResponse) => any;
 }
 /**
- * <p>Exception that indicates that the NextToken specified in the request is invalid. Submit the request using the NextToken value that was returned in the response.</p>
+ * <p>Exception that indicates that the <code>NextToken</code> specified in the request is invalid. Submit the request using the <code>NextToken</code> value that was returned in the prior response.</p>
  */
 export interface InvalidPaginationTokenException extends __SmithyException, $MetadataBearer {
     name: "InvalidPaginationTokenException";
     $fault: "client";
     message?: string;
 }
-export declare namespace InvalidPaginationTokenException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: InvalidPaginationTokenException) => any;
-}
 export interface ListProtectionGroupsRequest {
     /**
-     * <p>The next token value from a previous call to <code>ListProtectionGroups</code>. Pass null if this is the first call.</p>
+     * <p>When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects,
+     *            Shield Advanced includes a <code>NextToken</code> value in the response. You can retrieve the next batch of objects by requesting the list again and
+     *            providing the token that was returned by the prior call in your request. </p>
+     *            <p>You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the <code>MaxResults</code>
+     *            setting. Shield Advanced will not return more than <code>MaxResults</code> objects, but may return fewer, even if more objects are still available.</p>
+     *            <p>Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a <code>NextToken</code> value.</p>
+     *          <p>On your first call to a list operation, leave this setting empty.</p>
      */
     NextToken?: string;
     /**
-     * <p>The maximum number of <a>ProtectionGroup</a> objects to return. If you leave this blank,
-     *          Shield Advanced returns the first 20 results.</p>
-     *          <p>This is a maximum value. Shield Advanced might return the results in smaller batches. That is, the number of objects returned could be less than <code>MaxResults</code>, even if there are still more objects yet to return. If there are more objects to return, Shield Advanced returns a value in <code>NextToken</code> that you can use in your next request, to get the next batch of objects.</p>
+     * <p>The greatest number of objects that you want Shield Advanced to return to the list request. Shield Advanced might return fewer objects
+     *          than you indicate in this setting, even if more objects are available. If there are more objects remaining, Shield Advanced will always also return a <code>NextToken</code> value
+     *          in the response.</p>
+     *          <p>The default setting is 20.</p>
      */
     MaxResults?: number;
 }
@@ -1564,7 +1632,12 @@ export interface ListProtectionGroupsResponse {
      */
     ProtectionGroups: ProtectionGroup[] | undefined;
     /**
-     * <p>If you specify a value for <code>MaxResults</code> and you have more protection groups than the value of MaxResults, Shield Advanced returns this token that you can use in your next request, to get the next batch of objects. </p>
+     * <p>When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects,
+     *            Shield Advanced includes a <code>NextToken</code> value in the response. You can retrieve the next batch of objects by requesting the list again and
+     *            providing the token that was returned by the prior call in your request. </p>
+     *            <p>You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the <code>MaxResults</code>
+     *            setting. Shield Advanced will not return more than <code>MaxResults</code> objects, but may return fewer, even if more objects are still available.</p>
+     *            <p>Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a <code>NextToken</code> value.</p>
      */
     NextToken?: string;
 }
@@ -1576,13 +1649,20 @@ export declare namespace ListProtectionGroupsResponse {
 }
 export interface ListProtectionsRequest {
     /**
-     * <p>The <code>ListProtectionsRequest.NextToken</code> value from a previous call to <code>ListProtections</code>. Pass null if this is the first call.</p>
+     * <p>When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects,
+     *            Shield Advanced includes a <code>NextToken</code> value in the response. You can retrieve the next batch of objects by requesting the list again and
+     *            providing the token that was returned by the prior call in your request. </p>
+     *            <p>You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the <code>MaxResults</code>
+     *            setting. Shield Advanced will not return more than <code>MaxResults</code> objects, but may return fewer, even if more objects are still available.</p>
+     *            <p>Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a <code>NextToken</code> value.</p>
+     *          <p>On your first call to a list operation, leave this setting empty.</p>
      */
     NextToken?: string;
     /**
-     * <p>The maximum number of <a>Protection</a> objects to return. If you leave this blank,
-     *          Shield Advanced returns the first 20 results.</p>
-     *          <p>This is a maximum value. Shield Advanced might return the results in smaller batches. That is, the number of objects returned could be less than <code>MaxResults</code>, even if there are still more objects yet to return. If there are more objects to return, Shield Advanced returns a value in <code>NextToken</code> that you can use in your next request, to get the next batch of objects.</p>
+     * <p>The greatest number of objects that you want Shield Advanced to return to the list request. Shield Advanced might return fewer objects
+     *          than you indicate in this setting, even if more objects are available. If there are more objects remaining, Shield Advanced will always also return a <code>NextToken</code> value
+     *          in the response.</p>
+     *          <p>The default setting is 20.</p>
      */
     MaxResults?: number;
 }
@@ -1598,8 +1678,12 @@ export interface ListProtectionsResponse {
      */
     Protections?: Protection[];
     /**
-     * <p>If you specify a value for <code>MaxResults</code> and you have more Protections than the value of MaxResults, Shield Advanced returns a NextToken value in the response that allows you to list another group of Protections. For the second and subsequent ListProtections requests, specify the value of NextToken from the previous response to get information about another batch of Protections.</p>
-     *          <p>Shield Advanced might return the list of <a>Protection</a> objects in batches smaller than the number specified by MaxResults. If there are more <a>Protection</a> objects to return, Shield Advanced will always also return a <code>NextToken</code>.</p>
+     * <p>When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects,
+     *            Shield Advanced includes a <code>NextToken</code> value in the response. You can retrieve the next batch of objects by requesting the list again and
+     *            providing the token that was returned by the prior call in your request. </p>
+     *            <p>You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the <code>MaxResults</code>
+     *            setting. Shield Advanced will not return more than <code>MaxResults</code> objects, but may return fewer, even if more objects are still available.</p>
+     *            <p>Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a <code>NextToken</code> value.</p>
      */
     NextToken?: string;
 }
@@ -1615,13 +1699,20 @@ export interface ListResourcesInProtectionGroupRequest {
      */
     ProtectionGroupId: string | undefined;
     /**
-     * <p>The next token value from a previous call to <code>ListResourcesInProtectionGroup</code>. Pass null if this is the first call.</p>
+     * <p>When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects,
+     *            Shield Advanced includes a <code>NextToken</code> value in the response. You can retrieve the next batch of objects by requesting the list again and
+     *            providing the token that was returned by the prior call in your request. </p>
+     *            <p>You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the <code>MaxResults</code>
+     *            setting. Shield Advanced will not return more than <code>MaxResults</code> objects, but may return fewer, even if more objects are still available.</p>
+     *            <p>Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a <code>NextToken</code> value.</p>
+     *          <p>On your first call to a list operation, leave this setting empty.</p>
      */
     NextToken?: string;
     /**
-     * <p>The maximum number of resource ARN objects to return. If you leave this blank,
-     *          Shield Advanced returns the first 20 results.</p>
-     *          <p>This is a maximum value. Shield Advanced might return the results in smaller batches. That is, the number of objects returned could be less than <code>MaxResults</code>, even if there are still more objects yet to return. If there are more objects to return, Shield Advanced returns a value in <code>NextToken</code> that you can use in your next request, to get the next batch of objects.</p>
+     * <p>The greatest number of objects that you want Shield Advanced to return to the list request. Shield Advanced might return fewer objects
+     *          than you indicate in this setting, even if more objects are available. If there are more objects remaining, Shield Advanced will always also return a <code>NextToken</code> value
+     *          in the response.</p>
+     *          <p>The default setting is 20.</p>
      */
     MaxResults?: number;
 }
@@ -1637,7 +1728,12 @@ export interface ListResourcesInProtectionGroupResponse {
      */
     ResourceArns: string[] | undefined;
     /**
-     * <p>If you specify a value for <code>MaxResults</code> and you have more resources in the protection group than the value of MaxResults, Shield Advanced returns this token that you can use in your next request, to get the next batch of objects. </p>
+     * <p>When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects,
+     *            Shield Advanced includes a <code>NextToken</code> value in the response. You can retrieve the next batch of objects by requesting the list again and
+     *            providing the token that was returned by the prior call in your request. </p>
+     *            <p>You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the <code>MaxResults</code>
+     *            setting. Shield Advanced will not return more than <code>MaxResults</code> objects, but may return fewer, even if more objects are still available.</p>
+     *            <p>Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a <code>NextToken</code> value.</p>
      */
     NextToken?: string;
 }
@@ -1719,6 +1815,32 @@ export declare namespace UntagResourceResponse {
      */
     const filterSensitiveLog: (obj: UntagResourceResponse) => any;
 }
+export interface UpdateApplicationLayerAutomaticResponseRequest {
+    /**
+     * <p>The ARN (Amazon Resource Name) of the resource.</p>
+     */
+    ResourceArn: string | undefined;
+    /**
+     * <p>Specifies the action setting that Shield Advanced should use in the WAF rules that it creates on behalf of the
+     *    protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature,
+     *    when you enable or update automatic mitigation. Shield Advanced creates the WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource. </p>
+     */
+    Action: ResponseAction | undefined;
+}
+export declare namespace UpdateApplicationLayerAutomaticResponseRequest {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: UpdateApplicationLayerAutomaticResponseRequest) => any;
+}
+export interface UpdateApplicationLayerAutomaticResponseResponse {
+}
+export declare namespace UpdateApplicationLayerAutomaticResponseResponse {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: UpdateApplicationLayerAutomaticResponseResponse) => any;
+}
 export interface UpdateEmergencyContactSettingsRequest {
     /**
      * <p>A list of email addresses and phone numbers that the Shield Response Team (SRT) can use to contact you if you have proactive engagement enabled, for escalations to the SRT and to initiate proactive customer support.</p>