@pgarbe/cdk-ecr-sync 0.5.25 → 0.5.28

package/node_modules/aws-sdk/clients/networkfirewall.d.ts

@@ -20,27 +20,27 @@ declare class NetworkFirewall extends Service {
    */
   associateFirewallPolicy(callback?: (err: AWSError, data: NetworkFirewall.Types.AssociateFirewallPolicyResponse) => void): Request<NetworkFirewall.Types.AssociateFirewallPolicyResponse, AWSError>;
   /**
-   * Associates the specified subnets in the Amazon VPC to the firewall. You can specify one subnet for each of the Availability Zones that the VPC spans.  This request creates an AWS Network Firewall firewall endpoint in each of the subnets. To enable the firewall's protections, you must also modify the VPC's route tables for each subnet's Availability Zone, to redirect the traffic that's coming into and going out of the zone through the firewall endpoint. 
+   * Associates the specified subnets in the Amazon VPC to the firewall. You can specify one subnet for each of the Availability Zones that the VPC spans.  This request creates an Network Firewall firewall endpoint in each of the subnets. To enable the firewall's protections, you must also modify the VPC's route tables for each subnet's Availability Zone, to redirect the traffic that's coming into and going out of the zone through the firewall endpoint. 
    */
   associateSubnets(params: NetworkFirewall.Types.AssociateSubnetsRequest, callback?: (err: AWSError, data: NetworkFirewall.Types.AssociateSubnetsResponse) => void): Request<NetworkFirewall.Types.AssociateSubnetsResponse, AWSError>;
   /**
-   * Associates the specified subnets in the Amazon VPC to the firewall. You can specify one subnet for each of the Availability Zones that the VPC spans.  This request creates an AWS Network Firewall firewall endpoint in each of the subnets. To enable the firewall's protections, you must also modify the VPC's route tables for each subnet's Availability Zone, to redirect the traffic that's coming into and going out of the zone through the firewall endpoint. 
+   * Associates the specified subnets in the Amazon VPC to the firewall. You can specify one subnet for each of the Availability Zones that the VPC spans.  This request creates an Network Firewall firewall endpoint in each of the subnets. To enable the firewall's protections, you must also modify the VPC's route tables for each subnet's Availability Zone, to redirect the traffic that's coming into and going out of the zone through the firewall endpoint. 
    */
   associateSubnets(callback?: (err: AWSError, data: NetworkFirewall.Types.AssociateSubnetsResponse) => void): Request<NetworkFirewall.Types.AssociateSubnetsResponse, AWSError>;
   /**
-   * Creates an AWS Network Firewall Firewall and accompanying FirewallStatus for a VPC.  The firewall defines the configuration settings for an AWS Network Firewall firewall. The settings that you can define at creation include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall AWS resource.  After you create a firewall, you can provide additional settings, like the logging configuration.  To update the settings for a firewall, you use the operations that apply to the settings themselves, for example UpdateLoggingConfiguration, AssociateSubnets, and UpdateFirewallDeleteProtection.  To manage a firewall's tags, use the standard AWS resource tagging operations, ListTagsForResource, TagResource, and UntagResource. To retrieve information about firewalls, use ListFirewalls and DescribeFirewall.
+   * Creates an Network Firewall Firewall and accompanying FirewallStatus for a VPC.  The firewall defines the configuration settings for an Network Firewall firewall. The settings that you can define at creation include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall Amazon Web Services resource.  After you create a firewall, you can provide additional settings, like the logging configuration.  To update the settings for a firewall, you use the operations that apply to the settings themselves, for example UpdateLoggingConfiguration, AssociateSubnets, and UpdateFirewallDeleteProtection.  To manage a firewall's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource. To retrieve information about firewalls, use ListFirewalls and DescribeFirewall.
    */
   createFirewall(params: NetworkFirewall.Types.CreateFirewallRequest, callback?: (err: AWSError, data: NetworkFirewall.Types.CreateFirewallResponse) => void): Request<NetworkFirewall.Types.CreateFirewallResponse, AWSError>;
   /**
-   * Creates an AWS Network Firewall Firewall and accompanying FirewallStatus for a VPC.  The firewall defines the configuration settings for an AWS Network Firewall firewall. The settings that you can define at creation include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall AWS resource.  After you create a firewall, you can provide additional settings, like the logging configuration.  To update the settings for a firewall, you use the operations that apply to the settings themselves, for example UpdateLoggingConfiguration, AssociateSubnets, and UpdateFirewallDeleteProtection.  To manage a firewall's tags, use the standard AWS resource tagging operations, ListTagsForResource, TagResource, and UntagResource. To retrieve information about firewalls, use ListFirewalls and DescribeFirewall.
+   * Creates an Network Firewall Firewall and accompanying FirewallStatus for a VPC.  The firewall defines the configuration settings for an Network Firewall firewall. The settings that you can define at creation include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall Amazon Web Services resource.  After you create a firewall, you can provide additional settings, like the logging configuration.  To update the settings for a firewall, you use the operations that apply to the settings themselves, for example UpdateLoggingConfiguration, AssociateSubnets, and UpdateFirewallDeleteProtection.  To manage a firewall's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource. To retrieve information about firewalls, use ListFirewalls and DescribeFirewall.
    */
   createFirewall(callback?: (err: AWSError, data: NetworkFirewall.Types.CreateFirewallResponse) => void): Request<NetworkFirewall.Types.CreateFirewallResponse, AWSError>;
   /**
-   * Creates the firewall policy for the firewall according to the specifications.  An AWS Network Firewall firewall policy defines the behavior of a firewall, in a collection of stateless and stateful rule groups and other settings. You can use one firewall policy for multiple firewalls. 
+   * Creates the firewall policy for the firewall according to the specifications.  An Network Firewall firewall policy defines the behavior of a firewall, in a collection of stateless and stateful rule groups and other settings. You can use one firewall policy for multiple firewalls. 
    */
   createFirewallPolicy(params: NetworkFirewall.Types.CreateFirewallPolicyRequest, callback?: (err: AWSError, data: NetworkFirewall.Types.CreateFirewallPolicyResponse) => void): Request<NetworkFirewall.Types.CreateFirewallPolicyResponse, AWSError>;
   /**
-   * Creates the firewall policy for the firewall according to the specifications.  An AWS Network Firewall firewall policy defines the behavior of a firewall, in a collection of stateless and stateful rule groups and other settings. You can use one firewall policy for multiple firewalls. 
+   * Creates the firewall policy for the firewall according to the specifications.  An Network Firewall firewall policy defines the behavior of a firewall, in a collection of stateless and stateful rule groups and other settings. You can use one firewall policy for multiple firewalls. 
    */
   createFirewallPolicy(callback?: (err: AWSError, data: NetworkFirewall.Types.CreateFirewallPolicyResponse) => void): Request<NetworkFirewall.Types.CreateFirewallPolicyResponse, AWSError>;
   /**
@@ -164,35 +164,35 @@ declare class NetworkFirewall extends Service {
    */
   listRuleGroups(callback?: (err: AWSError, data: NetworkFirewall.Types.ListRuleGroupsResponse) => void): Request<NetworkFirewall.Types.ListRuleGroupsResponse, AWSError>;
   /**
-   * Retrieves the tags associated with the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each AWS resource, up to 50 tags for a resource. You can tag the AWS resources that you manage through AWS Network Firewall: firewalls, firewall policies, and rule groups. 
+   * Retrieves the tags associated with the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource. You can tag the Amazon Web Services resources that you manage through Network Firewall: firewalls, firewall policies, and rule groups. 
    */
   listTagsForResource(params: NetworkFirewall.Types.ListTagsForResourceRequest, callback?: (err: AWSError, data: NetworkFirewall.Types.ListTagsForResourceResponse) => void): Request<NetworkFirewall.Types.ListTagsForResourceResponse, AWSError>;
   /**
-   * Retrieves the tags associated with the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each AWS resource, up to 50 tags for a resource. You can tag the AWS resources that you manage through AWS Network Firewall: firewalls, firewall policies, and rule groups. 
+   * Retrieves the tags associated with the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource. You can tag the Amazon Web Services resources that you manage through Network Firewall: firewalls, firewall policies, and rule groups. 
    */
   listTagsForResource(callback?: (err: AWSError, data: NetworkFirewall.Types.ListTagsForResourceResponse) => void): Request<NetworkFirewall.Types.ListTagsForResourceResponse, AWSError>;
   /**
-   * Creates or updates an AWS Identity and Access Management policy for your rule group or firewall policy. Use this to share rule groups and firewall policies between accounts. This operation works in conjunction with the AWS Resource Access Manager (RAM) service to manage resource sharing for Network Firewall.  Use this operation to create or update a resource policy for your rule group or firewall policy. In the policy, you specify the accounts that you want to share the resource with and the operations that you want the accounts to be able to perform.  When you add an account in the resource policy, you then run the following Resource Access Manager (RAM) operations to access and accept the shared rule group or firewall policy.     GetResourceShareInvitations - Returns the Amazon Resource Names (ARNs) of the resource share invitations.     AcceptResourceShareInvitation - Accepts the share invitation for a specified resource share.    For additional information about resource sharing using RAM, see AWS Resource Access Manager User Guide.
+   * Creates or updates an IAM policy for your rule group or firewall policy. Use this to share rule groups and firewall policies between accounts. This operation works in conjunction with the Amazon Web Services Resource Access Manager (RAM) service to manage resource sharing for Network Firewall.  Use this operation to create or update a resource policy for your rule group or firewall policy. In the policy, you specify the accounts that you want to share the resource with and the operations that you want the accounts to be able to perform.  When you add an account in the resource policy, you then run the following Resource Access Manager (RAM) operations to access and accept the shared rule group or firewall policy.     GetResourceShareInvitations - Returns the Amazon Resource Names (ARNs) of the resource share invitations.     AcceptResourceShareInvitation - Accepts the share invitation for a specified resource share.    For additional information about resource sharing using RAM, see Resource Access Manager User Guide.
    */
   putResourcePolicy(params: NetworkFirewall.Types.PutResourcePolicyRequest, callback?: (err: AWSError, data: NetworkFirewall.Types.PutResourcePolicyResponse) => void): Request<NetworkFirewall.Types.PutResourcePolicyResponse, AWSError>;
   /**
-   * Creates or updates an AWS Identity and Access Management policy for your rule group or firewall policy. Use this to share rule groups and firewall policies between accounts. This operation works in conjunction with the AWS Resource Access Manager (RAM) service to manage resource sharing for Network Firewall.  Use this operation to create or update a resource policy for your rule group or firewall policy. In the policy, you specify the accounts that you want to share the resource with and the operations that you want the accounts to be able to perform.  When you add an account in the resource policy, you then run the following Resource Access Manager (RAM) operations to access and accept the shared rule group or firewall policy.     GetResourceShareInvitations - Returns the Amazon Resource Names (ARNs) of the resource share invitations.     AcceptResourceShareInvitation - Accepts the share invitation for a specified resource share.    For additional information about resource sharing using RAM, see AWS Resource Access Manager User Guide.
+   * Creates or updates an IAM policy for your rule group or firewall policy. Use this to share rule groups and firewall policies between accounts. This operation works in conjunction with the Amazon Web Services Resource Access Manager (RAM) service to manage resource sharing for Network Firewall.  Use this operation to create or update a resource policy for your rule group or firewall policy. In the policy, you specify the accounts that you want to share the resource with and the operations that you want the accounts to be able to perform.  When you add an account in the resource policy, you then run the following Resource Access Manager (RAM) operations to access and accept the shared rule group or firewall policy.     GetResourceShareInvitations - Returns the Amazon Resource Names (ARNs) of the resource share invitations.     AcceptResourceShareInvitation - Accepts the share invitation for a specified resource share.    For additional information about resource sharing using RAM, see Resource Access Manager User Guide.
    */
   putResourcePolicy(callback?: (err: AWSError, data: NetworkFirewall.Types.PutResourcePolicyResponse) => void): Request<NetworkFirewall.Types.PutResourcePolicyResponse, AWSError>;
   /**
-   * Adds the specified tags to the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each AWS resource, up to 50 tags for a resource. You can tag the AWS resources that you manage through AWS Network Firewall: firewalls, firewall policies, and rule groups. 
+   * Adds the specified tags to the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource. You can tag the Amazon Web Services resources that you manage through Network Firewall: firewalls, firewall policies, and rule groups. 
    */
   tagResource(params: NetworkFirewall.Types.TagResourceRequest, callback?: (err: AWSError, data: NetworkFirewall.Types.TagResourceResponse) => void): Request<NetworkFirewall.Types.TagResourceResponse, AWSError>;
   /**
-   * Adds the specified tags to the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each AWS resource, up to 50 tags for a resource. You can tag the AWS resources that you manage through AWS Network Firewall: firewalls, firewall policies, and rule groups. 
+   * Adds the specified tags to the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource. You can tag the Amazon Web Services resources that you manage through Network Firewall: firewalls, firewall policies, and rule groups. 
    */
   tagResource(callback?: (err: AWSError, data: NetworkFirewall.Types.TagResourceResponse) => void): Request<NetworkFirewall.Types.TagResourceResponse, AWSError>;
   /**
-   * Removes the tags with the specified keys from the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each AWS resource, up to 50 tags for a resource. You can manage tags for the AWS resources that you manage through AWS Network Firewall: firewalls, firewall policies, and rule groups. 
+   * Removes the tags with the specified keys from the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource. You can manage tags for the Amazon Web Services resources that you manage through Network Firewall: firewalls, firewall policies, and rule groups. 
    */
   untagResource(params: NetworkFirewall.Types.UntagResourceRequest, callback?: (err: AWSError, data: NetworkFirewall.Types.UntagResourceResponse) => void): Request<NetworkFirewall.Types.UntagResourceResponse, AWSError>;
   /**
-   * Removes the tags with the specified keys from the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each AWS resource, up to 50 tags for a resource. You can manage tags for the AWS resources that you manage through AWS Network Firewall: firewalls, firewall policies, and rule groups. 
+   * Removes the tags with the specified keys from the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource. You can manage tags for the Amazon Web Services resources that you manage through Network Firewall: firewalls, firewall policies, and rule groups. 
    */
   untagResource(callback?: (err: AWSError, data: NetworkFirewall.Types.UntagResourceResponse) => void): Request<NetworkFirewall.Types.UntagResourceResponse, AWSError>;
   /**
@@ -211,6 +211,14 @@ declare class NetworkFirewall extends Service {
    * Modifies the description for the specified firewall. Use the description to help you identify the firewall when you're working with it. 
    */
   updateFirewallDescription(callback?: (err: AWSError, data: NetworkFirewall.Types.UpdateFirewallDescriptionResponse) => void): Request<NetworkFirewall.Types.UpdateFirewallDescriptionResponse, AWSError>;
+  /**
+   * A complex type that contains settings for encryption of your firewall resources.
+   */
+  updateFirewallEncryptionConfiguration(params: NetworkFirewall.Types.UpdateFirewallEncryptionConfigurationRequest, callback?: (err: AWSError, data: NetworkFirewall.Types.UpdateFirewallEncryptionConfigurationResponse) => void): Request<NetworkFirewall.Types.UpdateFirewallEncryptionConfigurationResponse, AWSError>;
+  /**
+   * A complex type that contains settings for encryption of your firewall resources.
+   */
+  updateFirewallEncryptionConfiguration(callback?: (err: AWSError, data: NetworkFirewall.Types.UpdateFirewallEncryptionConfigurationResponse) => void): Request<NetworkFirewall.Types.UpdateFirewallEncryptionConfigurationResponse, AWSError>;
   /**
    * Updates the properties of the specified firewall policy.
    */
@@ -382,6 +390,10 @@ declare namespace NetworkFirewall {
      * Indicates whether you want Network Firewall to just check the validity of the request, rather than run the request.  If set to TRUE, Network Firewall checks whether the request can run successfully, but doesn't actually make the requested changes. The call returns the value that the request would return if you ran it with dry run set to FALSE, but doesn't make additions or changes to your resources. This option allows you to make sure that you have the required permissions to run the request and that your request parameters are valid.  If set to FALSE, Network Firewall makes the requested changes to your resources. 
      */
     DryRun?: Boolean;
+    /**
+     * A complex type that contains settings for encryption of your firewall policy resources.
+     */
+    EncryptionConfiguration?: EncryptionConfiguration;
   }
   export interface CreateFirewallPolicyResponse {
     /**
@@ -430,6 +442,10 @@ declare namespace NetworkFirewall {
      * The key:value pairs to associate with the resource.
      */
     Tags?: TagList;
+    /**
+     * A complex type that contains settings for encryption of your firewall resources.
+     */
+    EncryptionConfiguration?: EncryptionConfiguration;
   }
   export interface CreateFirewallResponse {
     /**
@@ -474,6 +490,14 @@ declare namespace NetworkFirewall {
      * Indicates whether you want Network Firewall to just check the validity of the request, rather than run the request.  If set to TRUE, Network Firewall checks whether the request can run successfully, but doesn't actually make the requested changes. The call returns the value that the request would return if you ran it with dry run set to FALSE, but doesn't make additions or changes to your resources. This option allows you to make sure that you have the required permissions to run the request and that your request parameters are valid.  If set to FALSE, Network Firewall makes the requested changes to your resources. 
      */
     DryRun?: Boolean;
+    /**
+     * A complex type that contains settings for encryption of your rule group resources.
+     */
+    EncryptionConfiguration?: EncryptionConfiguration;
+    /**
+     * A complex type that contains metadata about the rule group that your own rule group is copied from. You can use the metadata to keep track of updates made to the originating rule group.
+     */
+    SourceMetadata?: SourceMetadata;
   }
   export interface CreateRuleGroupResponse {
     /**
@@ -627,7 +651,7 @@ declare namespace NetworkFirewall {
   }
   export interface DescribeResourcePolicyResponse {
     /**
-     * The AWS Identity and Access Management policy for the resource. 
+     * The IAM policy for the resource. 
      */
     Policy?: PolicyString;
   }
@@ -667,6 +691,10 @@ declare namespace NetworkFirewall {
      */
     Capacity?: RuleCapacity;
     StatefulRuleOptions?: StatefulRuleOptions;
+    /**
+     * The last time that the rule group was changed.
+     */
+    LastModifiedTime?: LastUpdateTime;
   }
   export interface DescribeRuleGroupRequest {
     /**
@@ -688,7 +716,7 @@ declare namespace NetworkFirewall {
      */
     UpdateToken: UpdateToken;
     /**
-     * The object that defines the rules in a rule group. This, along with RuleGroupResponse, define the rule group. You can retrieve all objects for a rule group by calling DescribeRuleGroup.  AWS Network Firewall uses a rule group to inspect and control network traffic. You define stateless rule groups to inspect individual packets and you define stateful rule groups to inspect packets in the context of their traffic flow.  To use a rule group, you include it by reference in an Network Firewall firewall policy, then you use the policy in a firewall. You can reference a rule group from more than one firewall policy, and you can use a firewall policy in more than one firewall. 
+     * The object that defines the rules in a rule group. This, along with RuleGroupResponse, define the rule group. You can retrieve all objects for a rule group by calling DescribeRuleGroup.  Network Firewall uses a rule group to inspect and control network traffic. You define stateless rule groups to inspect individual packets and you define stateful rule groups to inspect packets in the context of their traffic flow.  To use a rule group, you include it by reference in an Network Firewall firewall policy, then you use the policy in a firewall. You can reference a rule group from more than one firewall policy, and you can use a firewall policy in more than one firewall. 
      */
     RuleGroup?: RuleGroup;
     /**
@@ -742,6 +770,17 @@ declare namespace NetworkFirewall {
      */
     UpdateToken?: UpdateToken;
   }
+  export interface EncryptionConfiguration {
+    /**
+     * The ID of the Amazon Web Services Key Management Service (KMS) customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN. For more information, see Key ID in the Amazon Web Services KMS Developer Guide.
+     */
+    KeyId?: KeyId;
+    /**
+     * The type of Amazon Web Services KMS key to use for encryption of your Network Firewall resources.
+     */
+    Type: EncryptionType;
+  }
+  export type EncryptionType = "CUSTOMER_KMS"|"AWS_OWNED_KMS_KEY"|string;
   export type EndpointId = string;
   export interface Firewall {
     /**
@@ -788,6 +827,10 @@ declare namespace NetworkFirewall {
      * 
      */
     Tags?: TagList;
+    /**
+     * A complex type that contains the Amazon Web Services KMS encryption configuration settings for your firewall.
+     */
+    EncryptionConfiguration?: EncryptionConfiguration;
   }
   export interface FirewallMetadata {
     /**
@@ -822,7 +865,7 @@ declare namespace NetworkFirewall {
      */
     StatefulRuleGroupReferences?: StatefulRuleGroupReferences;
     /**
-     * The default actions to take on a packet that doesn't match any stateful rules. The stateful default action is optional, and is only valid when using the strict rule order. Valid values of the stateful default action:   aws:drop_strict   aws:drop_established   aws:alert_strict   aws:alert_established   For more information, see Strict evaluation order in the AWS Network Firewall Developer Guide. 
+     * The default actions to take on a packet that doesn't match any stateful rules. The stateful default action is optional, and is only valid when using the strict rule order. Valid values of the stateful default action:   aws:drop_strict   aws:drop_established   aws:alert_strict   aws:alert_established   For more information, see Strict evaluation order in the Network Firewall Developer Guide. 
      */
     StatefulDefaultActions?: StatefulActions;
     /**
@@ -877,6 +920,14 @@ declare namespace NetworkFirewall {
      * The number of firewalls that are associated with this firewall policy.
      */
     NumberOfAssociations?: NumberOfAssociations;
+    /**
+     * A complex type that contains the Amazon Web Services KMS encryption configuration settings for your firewall policy.
+     */
+    EncryptionConfiguration?: EncryptionConfiguration;
+    /**
+     * The last time that the firewall policy was changed.
+     */
+    LastModifiedTime?: LastUpdateTime;
   }
   export interface FirewallStatus {
     /**
@@ -900,7 +951,7 @@ declare namespace NetworkFirewall {
   export type HashMapValue = string;
   export interface Header {
     /**
-     * The protocol to inspect for. To specify all, you can use IP, because all traffic on AWS and on the internet is IP.
+     * The protocol to inspect for. To specify all, you can use IP, because all traffic on Amazon Web Services and on the internet is IP.
      */
     Protocol: StatefulRuleProtocol;
     /**
@@ -931,7 +982,9 @@ declare namespace NetworkFirewall {
     Definition: VariableDefinitionList;
   }
   export type IPSets = {[key: string]: IPSet};
+  export type KeyId = string;
   export type Keyword = string;
+  export type LastUpdateTime = Date;
   export interface ListFirewallPoliciesRequest {
     /**
      * When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
@@ -989,6 +1042,14 @@ declare namespace NetworkFirewall {
      * The scope of the request. The default setting of ACCOUNT or a setting of NULL returns all of the rule groups in your account. A setting of MANAGED returns all available managed rule groups.
      */
     Scope?: ResourceManagedStatus;
+    /**
+     * Indicates the general category of the Amazon Web Services managed rule group.
+     */
+    ManagedType?: ResourceManagedType;
+    /**
+     * Indicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.
+     */
+    Type?: RuleGroupType;
   }
   export interface ListRuleGroupsResponse {
     /**
@@ -1125,7 +1186,7 @@ declare namespace NetworkFirewall {
      */
     ResourceArn: ResourceArn;
     /**
-     * The AWS Identity and Access Management policy statement that lists the accounts that you want to share your rule group or firewall policy with and the operations that you want the accounts to be able to perform.  For a rule group resource, you can specify the following operations in the Actions section of the statement:   network-firewall:CreateFirewallPolicy   network-firewall:UpdateFirewallPolicy   network-firewall:ListRuleGroups   For a firewall policy resource, you can specify the following operations in the Actions section of the statement:   network-firewall:CreateFirewall   network-firewall:UpdateFirewall   network-firewall:AssociateFirewallPolicy   network-firewall:ListFirewallPolicies   In the Resource section of the statement, you specify the ARNs for the rule groups and firewall policies that you want to share with the account that you specified in Arn.
+     * The IAM policy statement that lists the accounts that you want to share your rule group or firewall policy with and the operations that you want the accounts to be able to perform.  For a rule group resource, you can specify the following operations in the Actions section of the statement:   network-firewall:CreateFirewallPolicy   network-firewall:UpdateFirewallPolicy   network-firewall:ListRuleGroups   For a firewall policy resource, you can specify the following operations in the Actions section of the statement:   network-firewall:CreateFirewall   network-firewall:UpdateFirewall   network-firewall:AssociateFirewallPolicy   network-firewall:ListFirewallPolicies   In the Resource section of the statement, you specify the ARNs for the rule groups and firewall policies that you want to share with the account that you specified in Arn.
      */
     Policy: PolicyString;
   }
@@ -1134,6 +1195,7 @@ declare namespace NetworkFirewall {
   export type ResourceArn = string;
   export type ResourceId = string;
   export type ResourceManagedStatus = "MANAGED"|"ACCOUNT"|string;
+  export type ResourceManagedType = "AWS_MANAGED_THREAT_SIGNATURES"|"AWS_MANAGED_DOMAIN_LISTS"|string;
   export type ResourceName = string;
   export type ResourceStatus = "ACTIVE"|"DELETING"|string;
   export type RuleCapacity = number;
@@ -1212,6 +1274,22 @@ declare namespace NetworkFirewall {
      * The number of firewall policies that use this rule group.
      */
     NumberOfAssociations?: NumberOfAssociations;
+    /**
+     * A complex type that contains the Amazon Web Services KMS encryption configuration settings for your rule group.
+     */
+    EncryptionConfiguration?: EncryptionConfiguration;
+    /**
+     * A complex type that contains metadata about the rule group that your own rule group is copied from. You can use the metadata to track the version updates made to the originating rule group.
+     */
+    SourceMetadata?: SourceMetadata;
+    /**
+     * The Amazon resource name (ARN) of the Amazon Simple Notification Service SNS topic that's used to record changes to the managed rule group. You can subscribe to the SNS topic to receive notifications when the managed rule group is modified, such as for new versions and for version expiration. For more information, see the Amazon Simple Notification Service Developer Guide..
+     */
+    SnsTopic?: ResourceArn;
+    /**
+     * The last time that the rule group was changed.
+     */
+    LastModifiedTime?: LastUpdateTime;
   }
   export type RuleGroupType = "STATELESS"|"STATEFUL"|string;
   export type RuleGroups = RuleGroupMetadata[];
@@ -1275,11 +1353,21 @@ declare namespace NetworkFirewall {
   export type Setting = string;
   export type Settings = Setting[];
   export type Source = string;
+  export interface SourceMetadata {
+    /**
+     * The Amazon Resource Name (ARN) of the rule group that your own rule group is copied from.
+     */
+    SourceArn?: ResourceArn;
+    /**
+     * The update token of the Amazon Web Services managed rule group that your own rule group is copied from. To determine the update token for the managed rule group, call DescribeRuleGroup.
+     */
+    SourceUpdateToken?: UpdateToken;
+  }
   export type StatefulAction = "PASS"|"DROP"|"ALERT"|string;
   export type StatefulActions = CollectionMember_String[];
   export interface StatefulEngineOptions {
     /**
-     * Indicates how to manage the order of stateful rule evaluation for the policy. DEFAULT_ACTION_ORDER is the default behavior. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on certain settings. For more information, see Evaluation order for stateful rules in the AWS Network Firewall Developer Guide. 
+     * Indicates how to manage the order of stateful rule evaluation for the policy. DEFAULT_ACTION_ORDER is the default behavior. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on certain settings. For more information, see Evaluation order for stateful rules in the Network Firewall Developer Guide. 
      */
     RuleOrder?: RuleOrder;
   }
@@ -1321,7 +1409,7 @@ declare namespace NetworkFirewall {
   export type StatefulRuleGroupReferences = StatefulRuleGroupReference[];
   export interface StatefulRuleOptions {
     /**
-     * Indicates how to manage the order of the rule evaluation for the rule group. DEFAULT_ACTION_ORDER is the default behavior. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on certain settings. For more information, see Evaluation order for stateful rules in the AWS Network Firewall Developer Guide. 
+     * Indicates how to manage the order of the rule evaluation for the rule group. DEFAULT_ACTION_ORDER is the default behavior. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on certain settings. For more information, see Evaluation order for stateful rules in the Network Firewall Developer Guide. 
      */
     RuleOrder?: RuleOrder;
   }
@@ -1504,6 +1592,36 @@ declare namespace NetworkFirewall {
      */
     UpdateToken?: UpdateToken;
   }
+  export interface UpdateFirewallEncryptionConfigurationRequest {
+    /**
+     * An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.  To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it. To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn't changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token. 
+     */
+    UpdateToken?: UpdateToken;
+    /**
+     * The Amazon Resource Name (ARN) of the firewall.
+     */
+    FirewallArn?: ResourceArn;
+    /**
+     * The descriptive name of the firewall. You can't change the name of a firewall after you create it.
+     */
+    FirewallName?: ResourceName;
+    EncryptionConfiguration?: EncryptionConfiguration;
+  }
+  export interface UpdateFirewallEncryptionConfigurationResponse {
+    /**
+     * The Amazon Resource Name (ARN) of the firewall.
+     */
+    FirewallArn?: ResourceArn;
+    /**
+     * The descriptive name of the firewall. You can't change the name of a firewall after you create it.
+     */
+    FirewallName?: ResourceName;
+    /**
+     * An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.  To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it. To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn't changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token. 
+     */
+    UpdateToken?: UpdateToken;
+    EncryptionConfiguration?: EncryptionConfiguration;
+  }
   export interface UpdateFirewallPolicyChangeProtectionRequest {
     /**
      * An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.  To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it. To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn't changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token. 
@@ -1565,6 +1683,10 @@ declare namespace NetworkFirewall {
      * Indicates whether you want Network Firewall to just check the validity of the request, rather than run the request.  If set to TRUE, Network Firewall checks whether the request can run successfully, but doesn't actually make the requested changes. The call returns the value that the request would return if you ran it with dry run set to FALSE, but doesn't make additions or changes to your resources. This option allows you to make sure that you have the required permissions to run the request and that your request parameters are valid.  If set to FALSE, Network Firewall makes the requested changes to your resources. 
      */
     DryRun?: Boolean;
+    /**
+     * A complex type that contains settings for encryption of your firewall policy resources.
+     */
+    EncryptionConfiguration?: EncryptionConfiguration;
   }
   export interface UpdateFirewallPolicyResponse {
     /**
@@ -1634,6 +1756,14 @@ declare namespace NetworkFirewall {
      * Indicates whether you want Network Firewall to just check the validity of the request, rather than run the request.  If set to TRUE, Network Firewall checks whether the request can run successfully, but doesn't actually make the requested changes. The call returns the value that the request would return if you ran it with dry run set to FALSE, but doesn't make additions or changes to your resources. This option allows you to make sure that you have the required permissions to run the request and that your request parameters are valid.  If set to FALSE, Network Firewall makes the requested changes to your resources. 
      */
     DryRun?: Boolean;
+    /**
+     * A complex type that contains settings for encryption of your rule group resources.
+     */
+    EncryptionConfiguration?: EncryptionConfiguration;
+    /**
+     * A complex type that contains metadata about the rule group that your own rule group is copied from. You can use the metadata to keep track of updates made to the originating rule group.
+     */
+    SourceMetadata?: SourceMetadata;
   }
   export interface UpdateRuleGroupResponse {
     /**

package/node_modules/aws-sdk/clients/opensearch.d.ts

@@ -115,6 +115,14 @@ declare class OpenSearch extends Service {
    * Provides scheduled Auto-Tune action details for the domain, such as Auto-Tune action type, description, severity, and scheduled date. 
    */
   describeDomainAutoTunes(callback?: (err: AWSError, data: OpenSearch.Types.DescribeDomainAutoTunesResponse) => void): Request<OpenSearch.Types.DescribeDomainAutoTunesResponse, AWSError>;
+  /**
+   * Returns information about the current blue/green deployment happening on a domain, including a change ID, status, and progress stages.
+   */
+  describeDomainChangeProgress(params: OpenSearch.Types.DescribeDomainChangeProgressRequest, callback?: (err: AWSError, data: OpenSearch.Types.DescribeDomainChangeProgressResponse) => void): Request<OpenSearch.Types.DescribeDomainChangeProgressResponse, AWSError>;
+  /**
+   * Returns information about the current blue/green deployment happening on a domain, including a change ID, status, and progress stages.
+   */
+  describeDomainChangeProgress(callback?: (err: AWSError, data: OpenSearch.Types.DescribeDomainChangeProgressResponse) => void): Request<OpenSearch.Types.DescribeDomainChangeProgressResponse, AWSError>;
   /**
    * Provides cluster configuration information about the specified domain, such as the state, creation date, update version, and update date for cluster options. 
    */
@@ -572,6 +580,67 @@ declare namespace OpenSearch {
      */
     ServiceSoftwareOptions?: ServiceSoftwareOptions;
   }
+  export interface ChangeProgressDetails {
+    /**
+     * The unique change identifier associated with a specific domain configuration change.
+     */
+    ChangeId?: GUID;
+    /**
+     * Contains an optional message associated with the domain configuration change.
+     */
+    Message?: Message;
+  }
+  export interface ChangeProgressStage {
+    /**
+     * The name of the specific progress stage.
+     */
+    Name?: ChangeProgressStageName;
+    /**
+     * The overall status of a specific progress stage.
+     */
+    Status?: ChangeProgressStageStatus;
+    /**
+     * The description of the progress stage.
+     */
+    Description?: Description;
+    /**
+     * The last updated timestamp of the progress stage.
+     */
+    LastUpdated?: LastUpdated;
+  }
+  export type ChangeProgressStageList = ChangeProgressStage[];
+  export type ChangeProgressStageName = string;
+  export type ChangeProgressStageStatus = string;
+  export interface ChangeProgressStatusDetails {
+    /**
+     * The unique change identifier associated with a specific domain configuration change.
+     */
+    ChangeId?: GUID;
+    /**
+     * The time at which the configuration change is made on the domain.
+     */
+    StartTime?: UpdateTimestamp;
+    /**
+     * The overall status of the domain configuration change. This field can take the following values: PENDING, PROCESSING, COMPLETED and FAILED
+     */
+    Status?: OverallChangeStatus;
+    /**
+     * The list of properties involved in the domain configuration change that are still in pending.
+     */
+    PendingProperties?: StringList;
+    /**
+     * The list of properties involved in the domain configuration change that are completed.
+     */
+    CompletedProperties?: StringList;
+    /**
+     * The total number of stages required for the configuration change.
+     */
+    TotalNumberOfStages?: TotalNumberOfStages;
+    /**
+     * The specific stages that the domain is going through to perform the configuration change.
+     */
+    ChangeProgressStages?: ChangeProgressStageList;
+  }
   export type CloudWatchLogsLogGroupArn = string;
   export interface ClusterConfig {
     /**
@@ -883,6 +952,22 @@ declare namespace OpenSearch {
      */
     NextToken?: NextToken;
   }
+  export interface DescribeDomainChangeProgressRequest {
+    /**
+     * The domain you want to get the progress information about.
+     */
+    DomainName: DomainName;
+    /**
+     * The specific change ID for which you want to get progress information. This is an optional parameter. If omitted, the service returns information about the most recent configuration change. 
+     */
+    ChangeId?: GUID;
+  }
+  export interface DescribeDomainChangeProgressResponse {
+    /**
+     * Progress information for the configuration change that is requested in the DescribeDomainChangeProgress request. 
+     */
+    ChangeProgressStatus?: ChangeProgressStatusDetails;
+  }
   export interface DescribeDomainConfigRequest {
     /**
      * The domain you want to get information about.
@@ -1067,6 +1152,7 @@ declare namespace OpenSearch {
      */
     ReservedInstances?: ReservedInstanceList;
   }
+  export type Description = string;
   export type DisableTimestamp = Date;
   export interface DissociatePackageRequest {
     /**
@@ -1141,6 +1227,10 @@ declare namespace OpenSearch {
      * Specifies AutoTuneOptions for the domain. 
      */
     AutoTuneOptions?: AutoTuneOptionsStatus;
+    /**
+     * Specifies change details of the domain configuration change.
+     */
+    ChangeProgressDetails?: ChangeProgressDetails;
   }
   export interface DomainEndpointOptions {
     /**
@@ -1323,6 +1413,10 @@ declare namespace OpenSearch {
      * The current status of the domain's Auto-Tune options.
      */
     AutoTuneOptions?: AutoTuneOptionsOutput;
+    /**
+     * Specifies change details of the domain configuration change.
+     */
+    ChangeProgressDetails?: ChangeProgressDetails;
   }
   export type DomainStatusList = DomainStatus[];
   export type Double = number;
@@ -1756,6 +1850,7 @@ declare namespace OpenSearch {
   }
   export type OutboundConnectionStatusCode = "VALIDATING"|"VALIDATION_FAILED"|"PENDING_ACCEPTANCE"|"APPROVED"|"PROVISIONING"|"ACTIVE"|"REJECTING"|"REJECTED"|"DELETING"|"DELETED"|string;
   export type OutboundConnections = OutboundConnection[];
+  export type OverallChangeStatus = "PENDING"|"PROCESSING"|"COMPLETED"|"FAILED"|string;
   export type OwnerId = string;
   export type PackageDescription = string;
   export interface PackageDetails {
@@ -2168,6 +2263,7 @@ declare namespace OpenSearch {
   export type TagList = Tag[];
   export type TagValue = string;
   export type TimeUnit = "HOURS"|string;
+  export type TotalNumberOfStages = number;
   export type UIntValue = number;
   export interface UpdateDomainConfigRequest {
     /**
@@ -2287,6 +2383,7 @@ declare namespace OpenSearch {
      */
     PerformCheckOnly?: Boolean;
     AdvancedOptions?: AdvancedOptions;
+    ChangeProgressDetails?: ChangeProgressDetails;
   }
   export interface UpgradeHistory {
     /**