@pgarbe/cdk-ecr-sync 0.5.20 → 0.5.24

package/node_modules/aws-sdk/clients/detective.d.ts

@@ -28,37 +28,57 @@ declare class Detective extends Service {
    */
   createGraph(callback?: (err: AWSError, data: Detective.Types.CreateGraphResponse) => void): Request<Detective.Types.CreateGraphResponse, AWSError>;
   /**
-   * Sends a request to invite the specified AWS accounts to be member accounts in the behavior graph. This operation can only be called by the administrator account for a behavior graph.   CreateMembers verifies the accounts and then invites the verified accounts. The administrator can optionally specify to not send invitation emails to the member accounts. This would be used when the administrator manages their member accounts centrally. The request provides the behavior graph ARN and the list of accounts to invite. The response separates the requested accounts into two lists:   The accounts that CreateMembers was able to start the verification for. This list includes member accounts that are being verified, that have passed verification and are to be invited, and that have failed verification.   The accounts that CreateMembers was unable to process. This list includes accounts that were already invited to be member accounts in the behavior graph.  
+   *  CreateMembers is used to send invitations to accounts. For the organization behavior graph, the Detective administrator account uses CreateMembers to enable organization accounts as member accounts. For invited accounts, CreateMembers sends a request to invite the specified Amazon Web Services accounts to be member accounts in the behavior graph. This operation can only be called by the administrator account for a behavior graph.   CreateMembers verifies the accounts and then invites the verified accounts. The administrator can optionally specify to not send invitation emails to the member accounts. This would be used when the administrator manages their member accounts centrally. For organization accounts in the organization behavior graph, CreateMembers attempts to enable the accounts. The organization accounts do not receive invitations. The request provides the behavior graph ARN and the list of accounts to invite or to enable. The response separates the requested accounts into two lists:   The accounts that CreateMembers was able to process. For invited accounts, includes member accounts that are being verified, that have passed verification and are to be invited, and that have failed verification. For organization accounts in the organization behavior graph, includes accounts that can be enabled and that cannot be enabled.   The accounts that CreateMembers was unable to process. This list includes accounts that were already invited to be member accounts in the behavior graph.  
    */
   createMembers(params: Detective.Types.CreateMembersRequest, callback?: (err: AWSError, data: Detective.Types.CreateMembersResponse) => void): Request<Detective.Types.CreateMembersResponse, AWSError>;
   /**
-   * Sends a request to invite the specified AWS accounts to be member accounts in the behavior graph. This operation can only be called by the administrator account for a behavior graph.   CreateMembers verifies the accounts and then invites the verified accounts. The administrator can optionally specify to not send invitation emails to the member accounts. This would be used when the administrator manages their member accounts centrally. The request provides the behavior graph ARN and the list of accounts to invite. The response separates the requested accounts into two lists:   The accounts that CreateMembers was able to start the verification for. This list includes member accounts that are being verified, that have passed verification and are to be invited, and that have failed verification.   The accounts that CreateMembers was unable to process. This list includes accounts that were already invited to be member accounts in the behavior graph.  
+   *  CreateMembers is used to send invitations to accounts. For the organization behavior graph, the Detective administrator account uses CreateMembers to enable organization accounts as member accounts. For invited accounts, CreateMembers sends a request to invite the specified Amazon Web Services accounts to be member accounts in the behavior graph. This operation can only be called by the administrator account for a behavior graph.   CreateMembers verifies the accounts and then invites the verified accounts. The administrator can optionally specify to not send invitation emails to the member accounts. This would be used when the administrator manages their member accounts centrally. For organization accounts in the organization behavior graph, CreateMembers attempts to enable the accounts. The organization accounts do not receive invitations. The request provides the behavior graph ARN and the list of accounts to invite or to enable. The response separates the requested accounts into two lists:   The accounts that CreateMembers was able to process. For invited accounts, includes member accounts that are being verified, that have passed verification and are to be invited, and that have failed verification. For organization accounts in the organization behavior graph, includes accounts that can be enabled and that cannot be enabled.   The accounts that CreateMembers was unable to process. This list includes accounts that were already invited to be member accounts in the behavior graph.  
    */
   createMembers(callback?: (err: AWSError, data: Detective.Types.CreateMembersResponse) => void): Request<Detective.Types.CreateMembersResponse, AWSError>;
   /**
-   * Disables the specified behavior graph and queues it to be deleted. This operation removes the graph from each member account's list of behavior graphs.  DeleteGraph can only be called by the administrator account for a behavior graph.
+   * Disables the specified behavior graph and queues it to be deleted. This operation removes the behavior graph from each member account's list of behavior graphs.  DeleteGraph can only be called by the administrator account for a behavior graph.
    */
   deleteGraph(params: Detective.Types.DeleteGraphRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
-   * Disables the specified behavior graph and queues it to be deleted. This operation removes the graph from each member account's list of behavior graphs.  DeleteGraph can only be called by the administrator account for a behavior graph.
+   * Disables the specified behavior graph and queues it to be deleted. This operation removes the behavior graph from each member account's list of behavior graphs.  DeleteGraph can only be called by the administrator account for a behavior graph.
    */
   deleteGraph(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
-   * Deletes one or more member accounts from the administrator account's behavior graph. This operation can only be called by a Detective administrator account. That account cannot use DeleteMembers to delete their own account from the behavior graph. To disable a behavior graph, the administrator account uses the DeleteGraph API method.
+   * Removes the specified member accounts from the behavior graph. The removed accounts no longer contribute data to the behavior graph. This operation can only be called by the administrator account for the behavior graph. For invited accounts, the removed accounts are deleted from the list of accounts in the behavior graph. To restore the account, the administrator account must send another invitation. For organization accounts in the organization behavior graph, the Detective administrator account can always enable the organization account again. Organization accounts that are not enabled as member accounts are not included in the ListMembers results for the organization behavior graph. An administrator account cannot use DeleteMembers to remove their own account from the behavior graph. To disable a behavior graph, the administrator account uses the DeleteGraph API method.
    */
   deleteMembers(params: Detective.Types.DeleteMembersRequest, callback?: (err: AWSError, data: Detective.Types.DeleteMembersResponse) => void): Request<Detective.Types.DeleteMembersResponse, AWSError>;
   /**
-   * Deletes one or more member accounts from the administrator account's behavior graph. This operation can only be called by a Detective administrator account. That account cannot use DeleteMembers to delete their own account from the behavior graph. To disable a behavior graph, the administrator account uses the DeleteGraph API method.
+   * Removes the specified member accounts from the behavior graph. The removed accounts no longer contribute data to the behavior graph. This operation can only be called by the administrator account for the behavior graph. For invited accounts, the removed accounts are deleted from the list of accounts in the behavior graph. To restore the account, the administrator account must send another invitation. For organization accounts in the organization behavior graph, the Detective administrator account can always enable the organization account again. Organization accounts that are not enabled as member accounts are not included in the ListMembers results for the organization behavior graph. An administrator account cannot use DeleteMembers to remove their own account from the behavior graph. To disable a behavior graph, the administrator account uses the DeleteGraph API method.
    */
   deleteMembers(callback?: (err: AWSError, data: Detective.Types.DeleteMembersResponse) => void): Request<Detective.Types.DeleteMembersResponse, AWSError>;
   /**
-   * Removes the member account from the specified behavior graph. This operation can only be called by a member account that has the ENABLED status.
+   * Returns information about the configuration for the organization behavior graph. Currently indicates whether to automatically enable new organization accounts as member accounts. Can only be called by the Detective administrator account for the organization. 
+   */
+  describeOrganizationConfiguration(params: Detective.Types.DescribeOrganizationConfigurationRequest, callback?: (err: AWSError, data: Detective.Types.DescribeOrganizationConfigurationResponse) => void): Request<Detective.Types.DescribeOrganizationConfigurationResponse, AWSError>;
+  /**
+   * Returns information about the configuration for the organization behavior graph. Currently indicates whether to automatically enable new organization accounts as member accounts. Can only be called by the Detective administrator account for the organization. 
+   */
+  describeOrganizationConfiguration(callback?: (err: AWSError, data: Detective.Types.DescribeOrganizationConfigurationResponse) => void): Request<Detective.Types.DescribeOrganizationConfigurationResponse, AWSError>;
+  /**
+   * Removes the Detective administrator account for the organization in the current Region. Deletes the behavior graph for that account. Can only be called by the organization management account. Before you can select a different Detective administrator account, you must remove the Detective administrator account in all Regions.
+   */
+  disableOrganizationAdminAccount(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
+  /**
+   * Removes the member account from the specified behavior graph. This operation can only be called by an invited member account that has the ENABLED status.  DisassociateMembership cannot be called by an organization account in the organization behavior graph. For the organization behavior graph, the Detective administrator account determines which organization accounts to enable or disable as member accounts.
    */
   disassociateMembership(params: Detective.Types.DisassociateMembershipRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
-   * Removes the member account from the specified behavior graph. This operation can only be called by a member account that has the ENABLED status.
+   * Removes the member account from the specified behavior graph. This operation can only be called by an invited member account that has the ENABLED status.  DisassociateMembership cannot be called by an organization account in the organization behavior graph. For the organization behavior graph, the Detective administrator account determines which organization accounts to enable or disable as member accounts.
    */
   disassociateMembership(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
+  /**
+   * Designates the Detective administrator account for the organization in the current Region. If the account does not have Detective enabled, then enables Detective for that account and creates a new behavior graph. Can only be called by the organization management account. The Detective administrator account for an organization must be the same in all Regions. If you already designated a Detective administrator account in another Region, then you must designate the same account.
+   */
+  enableOrganizationAdminAccount(params: Detective.Types.EnableOrganizationAdminAccountRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
+  /**
+   * Designates the Detective administrator account for the organization in the current Region. If the account does not have Detective enabled, then enables Detective for that account and creates a new behavior graph. Can only be called by the organization management account. The Detective administrator account for an organization must be the same in all Regions. If you already designated a Detective administrator account in another Region, then you must designate the same account.
+   */
+  enableOrganizationAdminAccount(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
    * Returns the membership details for specified member accounts for a behavior graph.
    */
@@ -76,21 +96,29 @@ declare class Detective extends Service {
    */
   listGraphs(callback?: (err: AWSError, data: Detective.Types.ListGraphsResponse) => void): Request<Detective.Types.ListGraphsResponse, AWSError>;
   /**
-   * Retrieves the list of open and accepted behavior graph invitations for the member account. This operation can only be called by a member account. Open invitations are invitations that the member account has not responded to. The results do not include behavior graphs for which the member account declined the invitation. The results also do not include behavior graphs that the member account resigned from or was removed from.
+   * Retrieves the list of open and accepted behavior graph invitations for the member account. This operation can only be called by an invited member account. Open invitations are invitations that the member account has not responded to. The results do not include behavior graphs for which the member account declined the invitation. The results also do not include behavior graphs that the member account resigned from or was removed from.
    */
   listInvitations(params: Detective.Types.ListInvitationsRequest, callback?: (err: AWSError, data: Detective.Types.ListInvitationsResponse) => void): Request<Detective.Types.ListInvitationsResponse, AWSError>;
   /**
-   * Retrieves the list of open and accepted behavior graph invitations for the member account. This operation can only be called by a member account. Open invitations are invitations that the member account has not responded to. The results do not include behavior graphs for which the member account declined the invitation. The results also do not include behavior graphs that the member account resigned from or was removed from.
+   * Retrieves the list of open and accepted behavior graph invitations for the member account. This operation can only be called by an invited member account. Open invitations are invitations that the member account has not responded to. The results do not include behavior graphs for which the member account declined the invitation. The results also do not include behavior graphs that the member account resigned from or was removed from.
    */
   listInvitations(callback?: (err: AWSError, data: Detective.Types.ListInvitationsResponse) => void): Request<Detective.Types.ListInvitationsResponse, AWSError>;
   /**
-   * Retrieves the list of member accounts for a behavior graph. Does not return member accounts that were removed from the behavior graph.
+   * Retrieves the list of member accounts for a behavior graph. For invited accounts, the results do not include member accounts that were removed from the behavior graph. For the organization behavior graph, the results do not include organization accounts that the Detective administrator account has not enabled as member accounts.
    */
   listMembers(params: Detective.Types.ListMembersRequest, callback?: (err: AWSError, data: Detective.Types.ListMembersResponse) => void): Request<Detective.Types.ListMembersResponse, AWSError>;
   /**
-   * Retrieves the list of member accounts for a behavior graph. Does not return member accounts that were removed from the behavior graph.
+   * Retrieves the list of member accounts for a behavior graph. For invited accounts, the results do not include member accounts that were removed from the behavior graph. For the organization behavior graph, the results do not include organization accounts that the Detective administrator account has not enabled as member accounts.
    */
   listMembers(callback?: (err: AWSError, data: Detective.Types.ListMembersResponse) => void): Request<Detective.Types.ListMembersResponse, AWSError>;
+  /**
+   * Returns information about the Detective administrator account for an organization. Can only be called by the organization management account.
+   */
+  listOrganizationAdminAccounts(params: Detective.Types.ListOrganizationAdminAccountsRequest, callback?: (err: AWSError, data: Detective.Types.ListOrganizationAdminAccountsResponse) => void): Request<Detective.Types.ListOrganizationAdminAccountsResponse, AWSError>;
+  /**
+   * Returns information about the Detective administrator account for an organization. Can only be called by the organization management account.
+   */
+  listOrganizationAdminAccounts(callback?: (err: AWSError, data: Detective.Types.ListOrganizationAdminAccountsResponse) => void): Request<Detective.Types.ListOrganizationAdminAccountsResponse, AWSError>;
   /**
    * Returns the tag values that are assigned to a behavior graph.
    */
@@ -100,11 +128,11 @@ declare class Detective extends Service {
    */
   listTagsForResource(callback?: (err: AWSError, data: Detective.Types.ListTagsForResourceResponse) => void): Request<Detective.Types.ListTagsForResourceResponse, AWSError>;
   /**
-   * Rejects an invitation to contribute the account data to a behavior graph. This operation must be called by a member account that has the INVITED status.
+   * Rejects an invitation to contribute the account data to a behavior graph. This operation must be called by an invited member account that has the INVITED status.  RejectInvitation cannot be called by an organization account in the organization behavior graph. In the organization behavior graph, organization accounts do not receive an invitation.
    */
   rejectInvitation(params: Detective.Types.RejectInvitationRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
-   * Rejects an invitation to contribute the account data to a behavior graph. This operation must be called by a member account that has the INVITED status.
+   * Rejects an invitation to contribute the account data to a behavior graph. This operation must be called by an invited member account that has the INVITED status.  RejectInvitation cannot be called by an organization account in the organization behavior graph. In the organization behavior graph, organization accounts do not receive an invitation.
    */
   rejectInvitation(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
@@ -131,6 +159,14 @@ declare class Detective extends Service {
    * Removes tags from a behavior graph.
    */
   untagResource(callback?: (err: AWSError, data: Detective.Types.UntagResourceResponse) => void): Request<Detective.Types.UntagResourceResponse, AWSError>;
+  /**
+   * Updates the configuration for the Organizations integration in the current Region. Can only be called by the Detective administrator account for the organization.
+   */
+  updateOrganizationConfiguration(params: Detective.Types.UpdateOrganizationConfigurationRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
+  /**
+   * Updates the configuration for the Organizations integration in the current Region. Can only be called by the Detective administrator account for the organization.
+   */
+  updateOrganizationConfiguration(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
 }
 declare namespace Detective {
   export interface AcceptInvitationRequest {
@@ -141,17 +177,32 @@ declare namespace Detective {
   }
   export interface Account {
     /**
-     * The account identifier of the AWS account.
+     * The account identifier of the Amazon Web Services account.
      */
     AccountId: AccountId;
     /**
-     * The AWS account root user email address for the AWS account.
+     * The Amazon Web Services account root user email address for the Amazon Web Services account.
      */
     EmailAddress: EmailAddress;
   }
   export type AccountId = string;
   export type AccountIdList = AccountId[];
   export type AccountList = Account[];
+  export interface Administrator {
+    /**
+     * The Amazon Web Services account identifier of the Detective administrator account for the organization.
+     */
+    AccountId?: AccountId;
+    /**
+     * The ARN of the organization behavior graph.
+     */
+    GraphArn?: GraphArn;
+    /**
+     * The date and time when the Detective administrator account was enabled. The value is an ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.
+     */
+    DelegationTime?: Timestamp;
+  }
+  export type AdministratorList = Administrator[];
   export type Boolean = boolean;
   export type ByteValue = number;
   export interface CreateGraphRequest {
@@ -168,7 +219,7 @@ declare namespace Detective {
   }
   export interface CreateMembersRequest {
     /**
-     * The ARN of the behavior graph to invite the member accounts to contribute their data to.
+     * The ARN of the behavior graph.
      */
     GraphArn: GraphArn;
     /**
@@ -176,21 +227,21 @@ declare namespace Detective {
      */
     Message?: EmailMessage;
     /**
-     * if set to true, then the member accounts do not receive email notifications. By default, this is set to false, and the member accounts receive email notifications.
+     * if set to true, then the invited accounts do not receive email notifications. By default, this is set to false, and the invited accounts receive email notifications. Organization accounts in the organization behavior graph do not receive email notifications.
      */
     DisableEmailNotification?: Boolean;
     /**
-     * The list of AWS accounts to invite to become member accounts in the behavior graph. You can invite up to 50 accounts at a time. For each invited account, the account list contains the account identifier and the AWS account root user email address.
+     * The list of Amazon Web Services accounts to invite or to enable. You can invite or enable up to 50 accounts at a time. For each invited account, the account list contains the account identifier and the Amazon Web Services account root user email address. For organization accounts in the organization behavior graph, the email address is not required.
      */
     Accounts: AccountList;
   }
   export interface CreateMembersResponse {
     /**
-     * The set of member account invitation requests that Detective was able to process. This includes accounts that are being verified, that failed verification, and that passed verification and are being sent an invitation.
+     * The set of member account invitation or enablement requests that Detective was able to process. This includes accounts that are being verified, that failed verification, and that passed verification and are being sent an invitation or are being enabled.
      */
     Members?: MemberDetailList;
     /**
-     * The list of accounts for which Detective was unable to process the invitation request. For each account, the list provides the reason why the request could not be processed. The list includes accounts that are already member accounts in the behavior graph.
+     * The list of accounts for which Detective was unable to process the invitation or enablement request. For each account, the list provides the reason why the request could not be processed. The list includes accounts that are already member accounts in the behavior graph.
      */
     UnprocessedAccounts?: UnprocessedAccountList;
   }
@@ -202,24 +253,36 @@ declare namespace Detective {
   }
   export interface DeleteMembersRequest {
     /**
-     * The ARN of the behavior graph to delete members from.
+     * The ARN of the behavior graph to remove members from.
      */
     GraphArn: GraphArn;
     /**
-     * The list of AWS account identifiers for the member accounts to delete from the behavior graph. You can delete up to 50 member accounts at a time.
+     * The list of Amazon Web Services account identifiers for the member accounts to remove from the behavior graph. You can remove up to 50 member accounts at a time.
      */
     AccountIds: AccountIdList;
   }
   export interface DeleteMembersResponse {
     /**
-     * The list of AWS account identifiers for the member accounts that Detective successfully deleted from the behavior graph.
+     * The list of Amazon Web Services account identifiers for the member accounts that Detective successfully removed from the behavior graph.
      */
     AccountIds?: AccountIdList;
     /**
-     * The list of member accounts that Detective was not able to delete from the behavior graph. For each member account, provides the reason that the deletion could not be processed.
+     * The list of member accounts that Detective was not able to remove from the behavior graph. For each member account, provides the reason that the deletion could not be processed.
      */
     UnprocessedAccounts?: UnprocessedAccountList;
   }
+  export interface DescribeOrganizationConfigurationRequest {
+    /**
+     * The ARN of the organization behavior graph.
+     */
+    GraphArn: GraphArn;
+  }
+  export interface DescribeOrganizationConfigurationResponse {
+    /**
+     * Indicates whether to automatically enable new organization accounts as member accounts in the organization behavior graph.
+     */
+    AutoEnable?: Boolean;
+  }
   export interface DisassociateMembershipRequest {
     /**
      * The ARN of the behavior graph to remove the member account from. The member account's member status in the behavior graph must be ENABLED.
@@ -228,13 +291,19 @@ declare namespace Detective {
   }
   export type EmailAddress = string;
   export type EmailMessage = string;
+  export interface EnableOrganizationAdminAccountRequest {
+    /**
+     * The Amazon Web Services account identifier of the account to designate as the Detective administrator account for the organization.
+     */
+    AccountId: AccountId;
+  }
   export interface GetMembersRequest {
     /**
      * The ARN of the behavior graph for which to request the member details.
      */
     GraphArn: GraphArn;
     /**
-     * The list of AWS account identifiers for the member account for which to return member details. You can request details for up to 50 member accounts at a time. You cannot use GetMembers to retrieve information about member accounts that were removed from the behavior graph.
+     * The list of Amazon Web Services account identifiers for the member account for which to return member details. You can request details for up to 50 member accounts at a time. You cannot use GetMembers to retrieve information about member accounts that were removed from the behavior graph.
      */
     AccountIds: AccountIdList;
   }
@@ -254,12 +323,13 @@ declare namespace Detective {
      */
     Arn?: GraphArn;
     /**
-     * The date and time that the behavior graph was created. The value is in milliseconds since the epoch.
+     * The date and time that the behavior graph was created. The value is an ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.
      */
     CreatedTime?: Timestamp;
   }
   export type GraphArn = string;
   export type GraphList = Graph[];
+  export type InvitationType = "INVITATION"|"ORGANIZATION"|string;
   export interface ListGraphsRequest {
     /**
      * For requests to get the next page of results, the pagination token that was returned with the previous set of results. The initial request does not include a pagination token.
@@ -316,11 +386,31 @@ declare namespace Detective {
   }
   export interface ListMembersResponse {
     /**
-     * The list of member accounts in the behavior graph. The results include member accounts that did not pass verification and member accounts that have not yet accepted the invitation to the behavior graph. The results do not include member accounts that were removed from the behavior graph.
+     * The list of member accounts in the behavior graph. For invited accounts, the results include member accounts that did not pass verification and member accounts that have not yet accepted the invitation to the behavior graph. The results do not include member accounts that were removed from the behavior graph. For the organization behavior graph, the results do not include organization accounts that the Detective administrator account has not enabled as member accounts.
      */
     MemberDetails?: MemberDetailList;
     /**
-     * If there are more member accounts remaining in the results, then this is the pagination token to use to request the next page of member accounts.
+     * If there are more member accounts remaining in the results, then use this pagination token to request the next page of member accounts.
+     */
+    NextToken?: PaginationToken;
+  }
+  export interface ListOrganizationAdminAccountsRequest {
+    /**
+     * For requests to get the next page of results, the pagination token that was returned with the previous set of results. The initial request does not include a pagination token.
+     */
+    NextToken?: PaginationToken;
+    /**
+     * The maximum number of results to return.
+     */
+    MaxResults?: MemberResultsLimit;
+  }
+  export interface ListOrganizationAdminAccountsResponse {
+    /**
+     * The list of delegated administrator accounts.
+     */
+    Administrators?: AdministratorList;
+    /**
+     * If there are more accounts remaining in the results, then this is the pagination token to use to request the next page of accounts.
      */
     NextToken?: PaginationToken;
   }
@@ -338,27 +428,27 @@ declare namespace Detective {
   }
   export interface MemberDetail {
     /**
-     * The AWS account identifier for the member account.
+     * The Amazon Web Services account identifier for the member account.
      */
     AccountId?: AccountId;
     /**
-     * The AWS account root user email address for the member account.
+     * The Amazon Web Services account root user email address for the member account.
      */
     EmailAddress?: EmailAddress;
     /**
-     * The ARN of the behavior graph that the member account was invited to.
+     * The ARN of the behavior graph.
      */
     GraphArn?: GraphArn;
     /**
-     * The AWS account identifier of the administrator account for the behavior graph.
+     * The Amazon Web Services account identifier of the administrator account for the behavior graph.
      */
     MasterId?: AccountId;
     /**
-     * The AWS account identifier of the administrator account for the behavior graph.
+     * The Amazon Web Services account identifier of the administrator account for the behavior graph.
      */
     AdministratorId?: AccountId;
     /**
-     * The current membership status of the member account. The status can have one of the following values:    INVITED - Indicates that the member was sent an invitation but has not yet responded.    VERIFICATION_IN_PROGRESS - Indicates that Detective is verifying that the account identifier and email address provided for the member account match. If they do match, then Detective sends the invitation. If the email address and account identifier don't match, then the member cannot be added to the behavior graph.    VERIFICATION_FAILED - Indicates that the account and email address provided for the member account do not match, and Detective did not send an invitation to the account.    ENABLED - Indicates that the member account accepted the invitation to contribute to the behavior graph.    ACCEPTED_BUT_DISABLED - Indicates that the member account accepted the invitation but is prevented from contributing data to the behavior graph. DisabledReason provides the reason why the member account is not enabled.   Member accounts that declined an invitation or that were removed from the behavior graph are not included.
+     * The current membership status of the member account. The status can have one of the following values:    INVITED - For invited accounts only. Indicates that the member was sent an invitation but has not yet responded.    VERIFICATION_IN_PROGRESS - For invited accounts only, indicates that Detective is verifying that the account identifier and email address provided for the member account match. If they do match, then Detective sends the invitation. If the email address and account identifier don't match, then the member cannot be added to the behavior graph. For organization accounts in the organization behavior graph, indicates that Detective is verifying that the account belongs to the organization.    VERIFICATION_FAILED - For invited accounts only. Indicates that the account and email address provided for the member account do not match, and Detective did not send an invitation to the account.    ENABLED - Indicates that the member account currently contributes data to the behavior graph. For invited accounts, the member account accepted the invitation. For organization accounts in the organization behavior graph, the Detective administrator account enabled the organization account as a member account.    ACCEPTED_BUT_DISABLED - The account accepted the invitation, or was enabled by the Detective administrator account, but is prevented from contributing data to the behavior graph. DisabledReason provides the reason why the member account is not enabled.   Invited accounts that declined an invitation or that were removed from the behavior graph are not included. In the organization behavior graph, organization accounts that the Detective administrator account did not enable are not included.
      */
     Status?: MemberStatus;
     /**
@@ -366,11 +456,11 @@ declare namespace Detective {
      */
     DisabledReason?: MemberDisabledReason;
     /**
-     * The date and time that Detective sent the invitation to the member account. The value is in milliseconds since the epoch.
+     * For invited accounts, the date and time that Detective sent the invitation to the account. The value is an ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.
      */
     InvitedTime?: Timestamp;
     /**
-     * The date and time that the member account was last updated. The value is in milliseconds since the epoch.
+     * The date and time that the member account was last updated. The value is an ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.
      */
     UpdatedTime?: Timestamp;
     /**
@@ -378,7 +468,7 @@ declare namespace Detective {
      */
     VolumeUsageInBytes?: ByteValue;
     /**
-     * The data and time when the member account data volume was last updated.
+     * The data and time when the member account data volume was last updated. The value is an ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.
      */
     VolumeUsageUpdatedTime?: Timestamp;
     /**
@@ -386,9 +476,13 @@ declare namespace Detective {
      */
     PercentOfGraphUtilization?: Percentage;
     /**
-     * The date and time when the graph utilization percentage was last updated.
+     * The date and time when the graph utilization percentage was last updated. The value is an ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.
      */
     PercentOfGraphUtilizationUpdatedTime?: Timestamp;
+    /**
+     * The type of behavior graph membership. For an organization account in the organization behavior graph, the type is ORGANIZATION. For an account that was invited to a behavior graph, the type is INVITATION. 
+     */
+    InvitationType?: InvitationType;
   }
   export type MemberDetailList = MemberDetail[];
   export type MemberDisabledReason = "VOLUME_TOO_HIGH"|"VOLUME_UNKNOWN"|string;
@@ -431,7 +525,7 @@ declare namespace Detective {
   export type Timestamp = Date;
   export interface UnprocessedAccount {
     /**
-     * The AWS account identifier of the member account that was not processed.
+     * The Amazon Web Services account identifier of the member account that was not processed.
      */
     AccountId?: AccountId;
     /**
@@ -453,6 +547,16 @@ declare namespace Detective {
   }
   export interface UntagResourceResponse {
   }
+  export interface UpdateOrganizationConfigurationRequest {
+    /**
+     * The ARN of the organization behavior graph.
+     */
+    GraphArn: GraphArn;
+    /**
+     * Indicates whether to automatically enable new organization accounts as member accounts in the organization behavior graph.
+     */
+    AutoEnable?: Boolean;
+  }
   /**
    * A string in YYYY-MM-DD format that represents the latest possible API version that can be used in this service. Specify 'latest' to use the latest possible version.
    */