@pgarbe/cdk-ecr-sync 0.5.25 → 0.5.28

package/node_modules/aws-sdk/clients/appstream.d.ts

@@ -1031,6 +1031,10 @@ declare namespace AppStream {
      * The USB device filter strings that specify which USB devices a user can redirect to the fleet streaming session, when using the Windows native client. This is allowed but not required for Elastic fleets.
      */
     UsbDeviceFilterStrings?: UsbDeviceFilterStrings;
+    /**
+     * The S3 location of the session scripts configuration zip file. This only applies to Elastic fleets.
+     */
+    SessionScriptS3Location?: S3Location;
   }
   export interface CreateFleetResult {
     /**
@@ -2000,8 +2004,12 @@ declare namespace AppStream {
      * The USB device filter strings associated with the fleet.
      */
     UsbDeviceFilterStrings?: UsbDeviceFilterStrings;
+    /**
+     * The S3 location of the session scripts configuration zip file. This only applies to Elastic fleets.
+     */
+    SessionScriptS3Location?: S3Location;
   }
-  export type FleetAttribute = "VPC_CONFIGURATION"|"VPC_CONFIGURATION_SECURITY_GROUP_IDS"|"DOMAIN_JOIN_INFO"|"IAM_ROLE_ARN"|"USB_DEVICE_FILTER_STRINGS"|string;
+  export type FleetAttribute = "VPC_CONFIGURATION"|"VPC_CONFIGURATION_SECURITY_GROUP_IDS"|"DOMAIN_JOIN_INFO"|"IAM_ROLE_ARN"|"USB_DEVICE_FILTER_STRINGS"|"SESSION_SCRIPT_S3_LOCATION"|string;
   export type FleetAttributes = FleetAttribute[];
   export interface FleetError {
     /**
@@ -2756,6 +2764,10 @@ declare namespace AppStream {
      * The USB device filter strings that specify which USB devices a user can redirect to the fleet streaming session, when using the Windows native client. This is allowed but not required for Elastic fleets.
      */
     UsbDeviceFilterStrings?: UsbDeviceFilterStrings;
+    /**
+     * The S3 location of the session scripts configuration zip file. This only applies to Elastic fleets. 
+     */
+    SessionScriptS3Location?: S3Location;
   }
   export interface UpdateFleetResult {
     /**

package/node_modules/aws-sdk/clients/athena.d.ts

@@ -267,6 +267,14 @@ declare class Athena extends Service {
    * Updates the data catalog that has the specified name.
    */
   updateDataCatalog(callback?: (err: AWSError, data: Athena.Types.UpdateDataCatalogOutput) => void): Request<Athena.Types.UpdateDataCatalogOutput, AWSError>;
+  /**
+   * Updates a NamedQuery object. The database or workgroup cannot be updated.
+   */
+  updateNamedQuery(params: Athena.Types.UpdateNamedQueryInput, callback?: (err: AWSError, data: Athena.Types.UpdateNamedQueryOutput) => void): Request<Athena.Types.UpdateNamedQueryOutput, AWSError>;
+  /**
+   * Updates a NamedQuery object. The database or workgroup cannot be updated.
+   */
+  updateNamedQuery(callback?: (err: AWSError, data: Athena.Types.UpdateNamedQueryOutput) => void): Request<Athena.Types.UpdateNamedQueryOutput, AWSError>;
   /**
    * Updates a prepared statement.
    */
@@ -285,7 +293,31 @@ declare class Athena extends Service {
   updateWorkGroup(callback?: (err: AWSError, data: Athena.Types.UpdateWorkGroupOutput) => void): Request<Athena.Types.UpdateWorkGroupOutput, AWSError>;
 }
 declare namespace Athena {
+  export interface AclConfiguration {
+    /**
+     * The Amazon S3 canned ACL that Athena should specify when storing query results. Currently the only supported canned ACL is BUCKET_OWNER_FULL_CONTROL. If a query runs in a workgroup and the workgroup overrides client-side settings, then the Amazon S3 canned ACL specified in the workgroup's settings is used for all queries that run in the workgroup. For more information about Amazon S3 canned ACLs, see Canned ACL in the Amazon S3 User Guide.
+     */
+    S3AclOption: S3AclOption;
+  }
   export type AmazonResourceName = string;
+  export interface AthenaError {
+    /**
+     * An integer value that specifies the category of a query failure error. The following list shows the category for each integer value.  1 - System  2 - User  3 - Other
+     */
+    ErrorCategory?: ErrorCategory;
+    /**
+     * An integer value that provides specific information about an Athena query error. For the meaning of specific values, see the Error Type Reference in the Amazon Athena User Guide.
+     */
+    ErrorType?: ErrorType;
+    /**
+     * True if the query might succeed if resubmitted.
+     */
+    Retryable?: Boolean;
+    /**
+     * Contains a short description of the error that occurred.
+     */
+    ErrorMessage?: String;
+  }
   export interface BatchGetNamedQueryInput {
     /**
      * An array of query IDs.
@@ -384,7 +416,7 @@ declare namespace Athena {
   export type CommentString = string;
   export interface CreateDataCatalogInput {
     /**
-     * The name of the data catalog to create. The catalog name must be unique for the Amazon Web Services account and can use a maximum of 128 alphanumeric, underscore, at sign, or hyphen characters.
+     * The name of the data catalog to create. The catalog name must be unique for the Amazon Web Services account and can use a maximum of 127 alphanumeric, underscore, at sign, or hyphen characters. The remainder of the length constraint of 256 is reserved for use by Athena.
      */
     Name: CatalogNameString;
     /**
@@ -480,7 +512,7 @@ declare namespace Athena {
   }
   export interface DataCatalog {
     /**
-     * The name of the data catalog. The catalog name must be unique for the Amazon Web Services account and can use a maximum of 128 alphanumeric, underscore, at sign, or hyphen characters.
+     * The name of the data catalog. The catalog name must be unique for the Amazon Web Services account and can use a maximum of 127 alphanumeric, underscore, at sign, or hyphen characters. The remainder of the length constraint of 256 is reserved for use by Athena.
      */
     Name: CatalogNameString;
     /**
@@ -498,7 +530,7 @@ declare namespace Athena {
   }
   export interface DataCatalogSummary {
     /**
-     * The name of the data catalog.
+     * The name of the data catalog. The catalog name is unique for the Amazon Web Services account and can use a maximum of 127 alphanumeric, underscore, at sign, or hyphen characters. The remainder of the length constraint of 256 is reserved for use by Athena.
      */
     CatalogName?: CatalogNameString;
     /**
@@ -574,11 +606,11 @@ declare namespace Athena {
   export type DescriptionString = string;
   export interface EncryptionConfiguration {
     /**
-     * Indicates whether Amazon S3 server-side encryption with Amazon S3-managed keys (SSE-S3), server-side encryption with KMS-managed keys (SSE-KMS), or client-side encryption with KMS-managed keys (CSE-KMS) is used. If a query runs in a workgroup and the workgroup overrides client-side settings, then the workgroup's setting for encryption is used. It specifies whether query results must be encrypted, for all queries that run in this workgroup. 
+     * Indicates whether Amazon S3 server-side encryption with Amazon S3-managed keys (SSE_S3), server-side encryption with KMS-managed keys (SSE_KMS), or client-side encryption with KMS-managed keys (CSE_KMS) is used. If a query runs in a workgroup and the workgroup overrides client-side settings, then the workgroup's setting for encryption is used. It specifies whether query results must be encrypted, for all queries that run in this workgroup. 
      */
     EncryptionOption: EncryptionOption;
     /**
-     * For SSE-KMS and CSE-KMS, this is the KMS key ARN or ID.
+     * For SSE_KMS and CSE_KMS, this is the KMS key ARN or ID.
      */
     KmsKey?: String;
   }
@@ -594,8 +626,10 @@ declare namespace Athena {
     EffectiveEngineVersion?: NameString;
   }
   export type EngineVersionsList = EngineVersion[];
+  export type ErrorCategory = number;
   export type ErrorCode = string;
   export type ErrorMessage = string;
+  export type ErrorType = number;
   export type ExpressionString = string;
   export interface GetDataCatalogInput {
     /**
@@ -966,7 +1000,7 @@ declare namespace Athena {
      */
     Database: DatabaseString;
     /**
-     * The SQL query statements that comprise the query.
+     * The SQL statements that make up the query.
      */
     QueryString: QueryString;
     /**
@@ -978,6 +1012,7 @@ declare namespace Athena {
      */
     WorkGroup?: WorkGroupName;
   }
+  export type NamedQueryDescriptionString = string;
   export type NamedQueryId = string;
   export type NamedQueryIdList = NamedQueryId[];
   export type NamedQueryList = NamedQuery[];
@@ -1115,6 +1150,10 @@ declare namespace Athena {
      * The date and time that the query completed.
      */
     CompletionDateTime?: _Date;
+    /**
+     * Provides information about an Athena query error.
+     */
+    AthenaError?: AthenaError;
   }
   export type QueryString = string;
   export interface ResultConfiguration {
@@ -1123,9 +1162,17 @@ declare namespace Athena {
      */
     OutputLocation?: String;
     /**
-     * If query results are encrypted in Amazon S3, indicates the encryption option used (for example, SSE-KMS or CSE-KMS) and key information. This is a client-side setting. If workgroup settings override client-side settings, then the query uses the encryption configuration that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See WorkGroupConfiguration$EnforceWorkGroupConfiguration and Workgroup Settings Override Client-Side Settings.
+     * If query results are encrypted in Amazon S3, indicates the encryption option used (for example, SSE_KMS or CSE_KMS) and key information. This is a client-side setting. If workgroup settings override client-side settings, then the query uses the encryption configuration that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See WorkGroupConfiguration$EnforceWorkGroupConfiguration and Workgroup Settings Override Client-Side Settings.
      */
     EncryptionConfiguration?: EncryptionConfiguration;
+    /**
+     * The Amazon Web Services account ID that you expect to be the owner of the Amazon S3 bucket specified by ResultConfiguration$OutputLocation. If set, Athena uses the value for ExpectedBucketOwner when it makes Amazon S3 calls to your specified output location. If the ExpectedBucketOwner Amazon Web Services account ID does not match the actual owner of the Amazon S3 bucket, the call fails with a permissions error. This is a client-side setting. If workgroup settings override client-side settings, then the query uses the ExpectedBucketOwner setting that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See WorkGroupConfiguration$EnforceWorkGroupConfiguration and Workgroup Settings Override Client-Side Settings.
+     */
+    ExpectedBucketOwner?: String;
+    /**
+     * Indicates that an Amazon S3 canned ACL should be set to control ownership of stored query results. Currently the only supported canned ACL is BUCKET_OWNER_FULL_CONTROL. This is a client-side setting. If workgroup settings override client-side settings, then the query uses the ACL configuration that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. For more information, see WorkGroupConfiguration$EnforceWorkGroupConfiguration and Workgroup Settings Override Client-Side Settings.
+     */
+    AclConfiguration?: AclConfiguration;
   }
   export interface ResultConfigurationUpdates {
     /**
@@ -1144,6 +1191,22 @@ declare namespace Athena {
      * If set to "true", indicates that the previously-specified encryption configuration (also known as the client-side setting) for queries in this workgroup should be ignored and set to null. If set to "false" or not set, and a value is present in the EncryptionConfiguration in ResultConfigurationUpdates (the client-side setting), the EncryptionConfiguration in the workgroup's ResultConfiguration will be updated with the new value. For more information, see Workgroup Settings Override Client-Side Settings.
      */
     RemoveEncryptionConfiguration?: BoxedBoolean;
+    /**
+     * The Amazon Web Services account ID that you expect to be the owner of the Amazon S3 bucket specified by ResultConfiguration$OutputLocation. If set, Athena uses the value for ExpectedBucketOwner when it makes Amazon S3 calls to your specified output location. If the ExpectedBucketOwner Amazon Web Services account ID does not match the actual owner of the Amazon S3 bucket, the call fails with a permissions error. If workgroup settings override client-side settings, then the query uses the ExpectedBucketOwner setting that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See WorkGroupConfiguration$EnforceWorkGroupConfiguration and Workgroup Settings Override Client-Side Settings.
+     */
+    ExpectedBucketOwner?: String;
+    /**
+     * If set to "true", removes the Amazon Web Services account ID previously specified for ResultConfiguration$ExpectedBucketOwner. If set to "false" or not set, and a value is present in the ExpectedBucketOwner in ResultConfigurationUpdates (the client-side setting), the ExpectedBucketOwner in the workgroup's ResultConfiguration is updated with the new value. For more information, see Workgroup Settings Override Client-Side Settings.
+     */
+    RemoveExpectedBucketOwner?: BoxedBoolean;
+    /**
+     * The ACL configuration for the query results.
+     */
+    AclConfiguration?: AclConfiguration;
+    /**
+     * If set to true, indicates that the previously-specified ACL configuration for queries in this workgroup should be ignored and set to null. If set to false or not set, and a value is present in the AclConfiguration of ResultConfigurationUpdates, the AclConfiguration in the workgroup's ResultConfiguration is updated with the new value. For more information, see Workgroup Settings Override Client-Side Settings.
+     */
+    RemoveAclConfiguration?: BoxedBoolean;
   }
   export interface ResultSet {
     /**
@@ -1168,6 +1231,7 @@ declare namespace Athena {
     Data?: datumList;
   }
   export type RowList = Row[];
+  export type S3AclOption = "BUCKET_OWNER_FULL_CONTROL"|string;
   export interface StartQueryExecutionInput {
     /**
      * The SQL query statements to be executed.
@@ -1312,7 +1376,7 @@ declare namespace Athena {
   }
   export interface UpdateDataCatalogInput {
     /**
-     * The name of the data catalog to update. The catalog name must be unique for the Amazon Web Services account and can use a maximum of 128 alphanumeric, underscore, at sign, or hyphen characters.
+     * The name of the data catalog to update. The catalog name must be unique for the Amazon Web Services account and can use a maximum of 127 alphanumeric, underscore, at sign, or hyphen characters. The remainder of the length constraint of 256 is reserved for use by Athena.
      */
     Name: CatalogNameString;
     /**
@@ -1330,6 +1394,26 @@ declare namespace Athena {
   }
   export interface UpdateDataCatalogOutput {
   }
+  export interface UpdateNamedQueryInput {
+    /**
+     * The unique identifier (UUID) of the query.
+     */
+    NamedQueryId: NamedQueryId;
+    /**
+     * The name of the query.
+     */
+    Name: NameString;
+    /**
+     * The query description.
+     */
+    Description?: NamedQueryDescriptionString;
+    /**
+     * The contents of the query with all query statements.
+     */
+    QueryString: QueryString;
+  }
+  export interface UpdateNamedQueryOutput {
+  }
   export interface UpdatePreparedStatementInput {
     /**
      * The name of the prepared statement.

package/node_modules/aws-sdk/clients/auditmanager.d.ts

@@ -116,11 +116,11 @@ declare class AuditManager extends Service {
    */
   deleteAssessmentFrameworkShare(callback?: (err: AWSError, data: AuditManager.Types.DeleteAssessmentFrameworkShareResponse) => void): Request<AuditManager.Types.DeleteAssessmentFrameworkShareResponse, AWSError>;
   /**
-   *  Deletes an assessment report from an assessment in Audit Manager. 
+   * Deletes an assessment report in Audit Manager.  When you run the DeleteAssessmentReport operation, Audit Manager attempts to delete the following data:   The specified assessment report that’s stored in your S3 bucket   The associated metadata that’s stored in Audit Manager   If Audit Manager can’t access the assessment report in your S3 bucket, the report isn’t deleted. In this event, the DeleteAssessmentReport operation doesn’t fail. Instead, it proceeds to delete the associated metadata only. You must then delete the assessment report from the S3 bucket yourself.  This scenario happens when Audit Manager receives a 403 (Forbidden) or 404 (Not Found) error from Amazon S3. To avoid this, make sure that your S3 bucket is available, and that you configured the correct permissions for Audit Manager to delete resources in your S3 bucket. For an example permissions policy that you can use, see Assessment report destination permissions in the Audit Manager User Guide. For information about the issues that could cause a 403 (Forbidden) or 404 (Not Found) error from Amazon S3, see List of Error Codes in the Amazon Simple Storage Service API Reference. 
    */
   deleteAssessmentReport(params: AuditManager.Types.DeleteAssessmentReportRequest, callback?: (err: AWSError, data: AuditManager.Types.DeleteAssessmentReportResponse) => void): Request<AuditManager.Types.DeleteAssessmentReportResponse, AWSError>;
   /**
-   *  Deletes an assessment report from an assessment in Audit Manager. 
+   * Deletes an assessment report in Audit Manager.  When you run the DeleteAssessmentReport operation, Audit Manager attempts to delete the following data:   The specified assessment report that’s stored in your S3 bucket   The associated metadata that’s stored in Audit Manager   If Audit Manager can’t access the assessment report in your S3 bucket, the report isn’t deleted. In this event, the DeleteAssessmentReport operation doesn’t fail. Instead, it proceeds to delete the associated metadata only. You must then delete the assessment report from the S3 bucket yourself.  This scenario happens when Audit Manager receives a 403 (Forbidden) or 404 (Not Found) error from Amazon S3. To avoid this, make sure that your S3 bucket is available, and that you configured the correct permissions for Audit Manager to delete resources in your S3 bucket. For an example permissions policy that you can use, see Assessment report destination permissions in the Audit Manager User Guide. For information about the issues that could cause a 403 (Forbidden) or 404 (Not Found) error from Amazon S3, see List of Error Codes in the Amazon Simple Storage Service API Reference. 
    */
   deleteAssessmentReport(callback?: (err: AWSError, data: AuditManager.Types.DeleteAssessmentReportResponse) => void): Request<AuditManager.Types.DeleteAssessmentReportResponse, AWSError>;
   /**
@@ -132,19 +132,19 @@ declare class AuditManager extends Service {
    */
   deleteControl(callback?: (err: AWSError, data: AuditManager.Types.DeleteControlResponse) => void): Request<AuditManager.Types.DeleteControlResponse, AWSError>;
   /**
-   *  Deregisters an account in Audit Manager. 
+   *  Deregisters an account in Audit Manager.   When you deregister your account from Audit Manager, your data isn’t deleted. If you want to delete your resource data, you must perform that task separately before you deregister your account. Either, you can do this in the Audit Manager console. Or, you can use one of the delete API operations that are provided by Audit Manager.  To delete your Audit Manager resource data, see the following instructions:     DeleteAssessment (see also: Deleting an assessment in the Audit Manager User Guide)    DeleteAssessmentFramework (see also: Deleting a custom framework in the Audit Manager User Guide)    DeleteAssessmentFrameworkShare (see also: Deleting a share request in the Audit Manager User Guide)    DeleteAssessmentReport (see also: Deleting an assessment report in the Audit Manager User Guide)    DeleteControl (see also: Deleting a custom control in the Audit Manager User Guide)   At this time, Audit Manager doesn't provide an option to delete evidence. All available delete operations are listed above. 
    */
   deregisterAccount(params: AuditManager.Types.DeregisterAccountRequest, callback?: (err: AWSError, data: AuditManager.Types.DeregisterAccountResponse) => void): Request<AuditManager.Types.DeregisterAccountResponse, AWSError>;
   /**
-   *  Deregisters an account in Audit Manager. 
+   *  Deregisters an account in Audit Manager.   When you deregister your account from Audit Manager, your data isn’t deleted. If you want to delete your resource data, you must perform that task separately before you deregister your account. Either, you can do this in the Audit Manager console. Or, you can use one of the delete API operations that are provided by Audit Manager.  To delete your Audit Manager resource data, see the following instructions:     DeleteAssessment (see also: Deleting an assessment in the Audit Manager User Guide)    DeleteAssessmentFramework (see also: Deleting a custom framework in the Audit Manager User Guide)    DeleteAssessmentFrameworkShare (see also: Deleting a share request in the Audit Manager User Guide)    DeleteAssessmentReport (see also: Deleting an assessment report in the Audit Manager User Guide)    DeleteControl (see also: Deleting a custom control in the Audit Manager User Guide)   At this time, Audit Manager doesn't provide an option to delete evidence. All available delete operations are listed above. 
    */
   deregisterAccount(callback?: (err: AWSError, data: AuditManager.Types.DeregisterAccountResponse) => void): Request<AuditManager.Types.DeregisterAccountResponse, AWSError>;
   /**
-   * Removes the specified member Amazon Web Services account as a delegated administrator for Audit Manager.   When you remove a delegated administrator from your Audit Manager settings, you continue to have access to the evidence that you previously collected under that account. This is also the case when you deregister a delegated administrator from Audit Manager. However, Audit Manager will stop collecting and attaching evidence to that delegated administrator account moving forward. 
+   * Removes the specified Amazon Web Services account as a delegated administrator for Audit Manager.   When you remove a delegated administrator from your Audit Manager settings, you continue to have access to the evidence that you previously collected under that account. This is also the case when you deregister a delegated administrator from Organizations. However, Audit Manager will stop collecting and attaching evidence to that delegated administrator account moving forward.   When you deregister a delegated administrator account for Audit Manager, the data for that account isn’t deleted. If you want to delete resource data for a delegated administrator account, you must perform that task separately before you deregister the account. Either, you can do this in the Audit Manager console. Or, you can use one of the delete API operations that are provided by Audit Manager.  To delete your Audit Manager resource data, see the following instructions:     DeleteAssessment (see also: Deleting an assessment in the Audit Manager User Guide)    DeleteAssessmentFramework (see also: Deleting a custom framework in the Audit Manager User Guide)    DeleteAssessmentFrameworkShare (see also: Deleting a share request in the Audit Manager User Guide)    DeleteAssessmentReport (see also: Deleting an assessment report in the Audit Manager User Guide)    DeleteControl (see also: Deleting a custom control in the Audit Manager User Guide)   At this time, Audit Manager doesn't provide an option to delete evidence. All available delete operations are listed above. 
    */
   deregisterOrganizationAdminAccount(params: AuditManager.Types.DeregisterOrganizationAdminAccountRequest, callback?: (err: AWSError, data: AuditManager.Types.DeregisterOrganizationAdminAccountResponse) => void): Request<AuditManager.Types.DeregisterOrganizationAdminAccountResponse, AWSError>;
   /**
-   * Removes the specified member Amazon Web Services account as a delegated administrator for Audit Manager.   When you remove a delegated administrator from your Audit Manager settings, you continue to have access to the evidence that you previously collected under that account. This is also the case when you deregister a delegated administrator from Audit Manager. However, Audit Manager will stop collecting and attaching evidence to that delegated administrator account moving forward. 
+   * Removes the specified Amazon Web Services account as a delegated administrator for Audit Manager.   When you remove a delegated administrator from your Audit Manager settings, you continue to have access to the evidence that you previously collected under that account. This is also the case when you deregister a delegated administrator from Organizations. However, Audit Manager will stop collecting and attaching evidence to that delegated administrator account moving forward.   When you deregister a delegated administrator account for Audit Manager, the data for that account isn’t deleted. If you want to delete resource data for a delegated administrator account, you must perform that task separately before you deregister the account. Either, you can do this in the Audit Manager console. Or, you can use one of the delete API operations that are provided by Audit Manager.  To delete your Audit Manager resource data, see the following instructions:     DeleteAssessment (see also: Deleting an assessment in the Audit Manager User Guide)    DeleteAssessmentFramework (see also: Deleting a custom framework in the Audit Manager User Guide)    DeleteAssessmentFrameworkShare (see also: Deleting a share request in the Audit Manager User Guide)    DeleteAssessmentReport (see also: Deleting an assessment report in the Audit Manager User Guide)    DeleteControl (see also: Deleting a custom control in the Audit Manager User Guide)   At this time, Audit Manager doesn't provide an option to delete evidence. All available delete operations are listed above. 
    */
   deregisterOrganizationAdminAccount(callback?: (err: AWSError, data: AuditManager.Types.DeregisterOrganizationAdminAccountResponse) => void): Request<AuditManager.Types.DeregisterOrganizationAdminAccountResponse, AWSError>;
   /**
@@ -1440,7 +1440,7 @@ declare namespace AuditManager {
     /**
      *  The unique identifier of the control. 
      */
-    id?: UUID;
+    id: UUID;
   }
   export interface CreateAssessmentFrameworkControlSet {
     /**
@@ -2730,11 +2730,11 @@ declare namespace AuditManager {
   export type SourceFrequency = "DAILY"|"WEEKLY"|"MONTHLY"|string;
   export interface SourceKeyword {
     /**
-     *  The method of input for the keyword. 
+     *  The input method for the keyword. 
      */
     keywordInputType?: KeywordInputType;
     /**
-     *  The value of the keyword that's used to search CloudTrail logs, Config rules, Security Hub checks, and Amazon Web Services API names when mapping a control data source. 
+     *  The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call.  If you’re mapping a data source to a rule in Config, the keywordValue that you specify depends on the type of rule:   For managed rules, you can use the rule identifier as the keywordValue. You can find the rule identifier from the list of Config managed rules.   Managed rule name: s3-bucket-acl-prohibited   keywordValue: S3_BUCKET_ACL_PROHIBITED      For custom rules, you form the keywordValue by adding the Custom_ prefix to the rule name. This prefix distinguishes the rule from a managed rule.   Custom rule name: my-custom-config-rule  keywordValue: Custom_my-custom-config-rule      For service-linked rules, you form the keywordValue by adding the Custom_ prefix to the rule name. In addition, you remove the suffix ID that appears at the end of the rule name.   Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w  keywordValue: Custom_CustomRuleForAccount-conformance-pack    Service-linked rule name: securityhub-api-gw-cache-encrypted-101104e1  keywordValue: Custom_securityhub-api-gw-cache-encrypted    Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba  keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled     
      */
     keywordValue?: KeywordValue;
   }
@@ -2874,7 +2874,7 @@ declare namespace AuditManager {
     /**
      *  The list of controls that are contained within the control set. 
      */
-    controls?: CreateAssessmentFrameworkControls;
+    controls: CreateAssessmentFrameworkControls;
   }
   export type UpdateAssessmentFrameworkControlSets = UpdateAssessmentFrameworkControlSet[];
   export interface UpdateAssessmentFrameworkRequest {