npm - @pgarbe/cdk-ecr-sync - Versions diffs - 0.5.27 → 0.5.28 - Mend

@pgarbe/cdk-ecr-sync 0.5.27 → 0.5.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (152) hide show

package/node_modules/aws-sdk/clients/grafana.d.ts CHANGED Viewed

@@ -27,6 +27,14 @@ declare class Grafana extends Service {
    * Creates a workspace. In a workspace, you can create Grafana dashboards and visualizations to analyze your metrics, logs, and traces. You don't have to build, package, or deploy any hardware to run the Grafana server. Don't use CreateWorkspace to modify an existing workspace. Instead, use UpdateWorkspace.
    */
   createWorkspace(callback?: (err: AWSError, data: Grafana.Types.CreateWorkspaceResponse) => void): Request<Grafana.Types.CreateWorkspaceResponse, AWSError>;
+  /**
+   * Creates an API key for the workspace. This key can be used to authenticate requests sent to the workspace's HTTP API. See  https://docs.aws.amazon.com/grafana/latest/userguide/Using-Grafana-APIs.html for available APIs and example requests.
+   */
+  createWorkspaceApiKey(params: Grafana.Types.CreateWorkspaceApiKeyRequest, callback?: (err: AWSError, data: Grafana.Types.CreateWorkspaceApiKeyResponse) => void): Request<Grafana.Types.CreateWorkspaceApiKeyResponse, AWSError>;
+  /**
+   * Creates an API key for the workspace. This key can be used to authenticate requests sent to the workspace's HTTP API. See  https://docs.aws.amazon.com/grafana/latest/userguide/Using-Grafana-APIs.html for available APIs and example requests.
+   */
+  createWorkspaceApiKey(callback?: (err: AWSError, data: Grafana.Types.CreateWorkspaceApiKeyResponse) => void): Request<Grafana.Types.CreateWorkspaceApiKeyResponse, AWSError>;
   /**
    * Deletes an Amazon Managed Grafana workspace.
    */
@@ -35,6 +43,14 @@ declare class Grafana extends Service {
    * Deletes an Amazon Managed Grafana workspace.
    */
   deleteWorkspace(callback?: (err: AWSError, data: Grafana.Types.DeleteWorkspaceResponse) => void): Request<Grafana.Types.DeleteWorkspaceResponse, AWSError>;
+  /**
+   * Deletes an API key for a workspace.
+   */
+  deleteWorkspaceApiKey(params: Grafana.Types.DeleteWorkspaceApiKeyRequest, callback?: (err: AWSError, data: Grafana.Types.DeleteWorkspaceApiKeyResponse) => void): Request<Grafana.Types.DeleteWorkspaceApiKeyResponse, AWSError>;
+  /**
+   * Deletes an API key for a workspace.
+   */
+  deleteWorkspaceApiKey(callback?: (err: AWSError, data: Grafana.Types.DeleteWorkspaceApiKeyResponse) => void): Request<Grafana.Types.DeleteWorkspaceApiKeyResponse, AWSError>;
   /**
    * Displays information about one Amazon Managed Grafana workspace.
    */
@@ -128,6 +144,8 @@ declare namespace Grafana {
   export type AccountAccessType = "CURRENT_ACCOUNT"|"ORGANIZATION"|string;
   export type AllowedOrganization = string;
   export type AllowedOrganizations = AllowedOrganization[];
+  export type ApiKeyName = string;
+  export type ApiKeyToken = string;
   export type AssertionAttribute = string;
   export interface AssertionAttributes {
     /**
@@ -205,6 +223,39 @@ declare namespace Grafana {
   }
   export type Boolean = boolean;
   export type ClientToken = string;
+  export interface CreateWorkspaceApiKeyRequest {
+    /**
+     * Specifies the name of the key to create. Key names must be unique to the workspace.
+     */
+    keyName: ApiKeyName;
+    /**
+     * Specifies the permission level of the key. Valid Values: VIEWER | EDITOR | ADMIN
+     */
+    keyRole: String;
+    /**
+     * Specifies the time in seconds until the key expires. Keys can be valid for up to 30 days.
+     */
+    secondsToLive: CreateWorkspaceApiKeyRequestSecondsToLiveInteger;
+    /**
+     * The ID of the workspace in which to create an API key.
+     */
+    workspaceId: WorkspaceId;
+  }
+  export type CreateWorkspaceApiKeyRequestSecondsToLiveInteger = number;
+  export interface CreateWorkspaceApiKeyResponse {
+    /**
+     * The key token that was created. Use this value as a bearer token to authenticate HTTP requests to the workspace.
+     */
+    key: ApiKeyToken;
+    /**
+     * The name of the key that was created.
+     */
+    keyName: ApiKeyName;
+    /**
+     * The ID of the workspace that the key is valid for.
+     */
+    workspaceId: WorkspaceId;
+  }
   export interface CreateWorkspaceRequest {
     /**
      * Specifies whether the workspace can access Amazon Web Services resources in this Amazon Web Services account only, or whether it can also access Amazon Web Services resources in other accounts in the same organization. If you specify ORGANIZATION, you must specify which organizational units the workspace can access in the workspaceOrganizationalUnits parameter.
@@ -267,6 +318,26 @@ declare namespace Grafana {
   }
   export type DataSourceType = "AMAZON_OPENSEARCH_SERVICE"|"CLOUDWATCH"|"PROMETHEUS"|"XRAY"|"TIMESTREAM"|"SITEWISE"|"ATHENA"|"REDSHIFT"|string;
   export type DataSourceTypesList = DataSourceType[];
+  export interface DeleteWorkspaceApiKeyRequest {
+    /**
+     * The name of the API key to delete.
+     */
+    keyName: ApiKeyName;
+    /**
+     * The ID of the workspace to delete.
+     */
+    workspaceId: WorkspaceId;
+  }
+  export interface DeleteWorkspaceApiKeyResponse {
+    /**
+     * The name of the API key that was deleted.
+     */
+    keyName: ApiKeyName;
+    /**
+     * The ID of the workspace where the key was deleted.
+     */
+    workspaceId: WorkspaceId;
+  }
   export interface DeleteWorkspaceRequest {
     /**
      * The ID of the workspace to delete.
@@ -424,7 +495,7 @@ declare namespace Grafana {
   }
   export type PermissionEntryList = PermissionEntry[];
   export type PermissionType = "CUSTOMER_MANAGED"|"SERVICE_MANAGED"|string;
-  export type Role = "ADMIN"|"EDITOR"|string;
+  export type Role = "ADMIN"|"EDITOR"|"VIEWER"|string;
   export type RoleValue = string;
   export type RoleValueList = RoleValue[];
   export interface RoleValues {

package/node_modules/aws-sdk/clients/guardduty.d.ts CHANGED Viewed

@@ -180,11 +180,11 @@ declare class GuardDuty extends Service {
    */
   disassociateFromMasterAccount(callback?: (err: AWSError, data: GuardDuty.Types.DisassociateFromMasterAccountResponse) => void): Request<GuardDuty.Types.DisassociateFromMasterAccountResponse, AWSError>;
   /**
-   * Disassociates GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs.
+   * Disassociates GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs. Member accounts added through Invitation get deleted from the current GuardDuty administrator account after 30 days of disassociation.
    */
   disassociateMembers(params: GuardDuty.Types.DisassociateMembersRequest, callback?: (err: AWSError, data: GuardDuty.Types.DisassociateMembersResponse) => void): Request<GuardDuty.Types.DisassociateMembersResponse, AWSError>;
   /**
-   * Disassociates GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs.
+   * Disassociates GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs. Member accounts added through Invitation get deleted from the current GuardDuty administrator account after 30 days of disassociation.
    */
   disassociateMembers(callback?: (err: AWSError, data: GuardDuty.Types.DisassociateMembersResponse) => void): Request<GuardDuty.Types.DisassociateMembersResponse, AWSError>;
   /**
@@ -607,6 +607,9 @@ declare namespace GuardDuty {
      * The error code of the failed Amazon Web Services API action.
      */
     ErrorCode?: String;
+    /**
+     * The agent through which the API request was made.
+     */
     UserAgent?: String;
     /**
      * The remote IP information of the connection that initiated the Amazon Web Services API call.
@@ -819,7 +822,7 @@ declare namespace GuardDuty {
      */
     Rank?: FilterRank;
     /**
-     * Represents the criteria to be used in the filter for querying findings. You can only use the following attributes to query findings:   accountId   region   confidence   id   resource.accessKeyDetails.accessKeyId   resource.accessKeyDetails.principalId   resource.accessKeyDetails.userName   resource.accessKeyDetails.userType   resource.instanceDetails.iamInstanceProfile.id   resource.instanceDetails.imageId   resource.instanceDetails.instanceId   resource.instanceDetails.outpostArn   resource.instanceDetails.networkInterfaces.ipv6Addresses   resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress   resource.instanceDetails.networkInterfaces.publicDnsName   resource.instanceDetails.networkInterfaces.publicIp   resource.instanceDetails.networkInterfaces.securityGroups.groupId   resource.instanceDetails.networkInterfaces.securityGroups.groupName   resource.instanceDetails.networkInterfaces.subnetId   resource.instanceDetails.networkInterfaces.vpcId   resource.instanceDetails.tags.key   resource.instanceDetails.tags.value   resource.resourceType   service.action.actionType   service.action.awsApiCallAction.api   service.action.awsApiCallAction.callerType   service.action.awsApiCallAction.errorCode   service.action.awsApiCallAction.remoteIpDetails.city.cityName   service.action.awsApiCallAction.remoteIpDetails.country.countryName   service.action.awsApiCallAction.remoteIpDetails.ipAddressV4   service.action.awsApiCallAction.remoteIpDetails.organization.asn   service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg   service.action.awsApiCallAction.serviceName   service.action.dnsRequestAction.domain   service.action.networkConnectionAction.blocked   service.action.networkConnectionAction.connectionDirection   service.action.networkConnectionAction.localPortDetails.port   service.action.networkConnectionAction.protocol   service.action.networkConnectionAction.localIpDetails.ipAddressV4   service.action.networkConnectionAction.remoteIpDetails.city.cityName   service.action.networkConnectionAction.remoteIpDetails.country.countryName   service.action.networkConnectionAction.remoteIpDetails.ipAddressV4   service.action.networkConnectionAction.remoteIpDetails.organization.asn   service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg   service.action.networkConnectionAction.remotePortDetails.port   service.additionalInfo.threatListName   resource.s3BucketDetails.publicAccess.effectivePermissions   resource.s3BucketDetails.name   resource.s3BucketDetails.tags.key   resource.s3BucketDetails.tags.value   resource.s3BucketDetails.type   service.archived When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.   service.resourceRole   severity   type   updatedAt Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.
+     * Represents the criteria to be used in the filter for querying findings. You can only use the following attributes to query findings:   accountId   region   confidence   id   resource.accessKeyDetails.accessKeyId   resource.accessKeyDetails.principalId   resource.accessKeyDetails.userName   resource.accessKeyDetails.userType   resource.instanceDetails.iamInstanceProfile.id   resource.instanceDetails.imageId   resource.instanceDetails.instanceId   resource.instanceDetails.outpostArn   resource.instanceDetails.networkInterfaces.ipv6Addresses   resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress   resource.instanceDetails.networkInterfaces.publicDnsName   resource.instanceDetails.networkInterfaces.publicIp   resource.instanceDetails.networkInterfaces.securityGroups.groupId   resource.instanceDetails.networkInterfaces.securityGroups.groupName   resource.instanceDetails.networkInterfaces.subnetId   resource.instanceDetails.networkInterfaces.vpcId   resource.instanceDetails.tags.key   resource.instanceDetails.tags.value   resource.resourceType   service.action.actionType   service.action.awsApiCallAction.api   service.action.awsApiCallAction.callerType   service.action.awsApiCallAction.errorCode   service.action.awsApiCallAction.userAgent   service.action.awsApiCallAction.remoteIpDetails.city.cityName   service.action.awsApiCallAction.remoteIpDetails.country.countryName   service.action.awsApiCallAction.remoteIpDetails.ipAddressV4   service.action.awsApiCallAction.remoteIpDetails.organization.asn   service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg   service.action.awsApiCallAction.serviceName   service.action.dnsRequestAction.domain   service.action.networkConnectionAction.blocked   service.action.networkConnectionAction.connectionDirection   service.action.networkConnectionAction.localPortDetails.port   service.action.networkConnectionAction.protocol   service.action.networkConnectionAction.localIpDetails.ipAddressV4   service.action.networkConnectionAction.remoteIpDetails.city.cityName   service.action.networkConnectionAction.remoteIpDetails.country.countryName   service.action.networkConnectionAction.remoteIpDetails.ipAddressV4   service.action.networkConnectionAction.remoteIpDetails.organization.asn   service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg   service.action.networkConnectionAction.remotePortDetails.port   service.additionalInfo.threatListName   resource.s3BucketDetails.publicAccess.effectivePermissions   resource.s3BucketDetails.name   resource.s3BucketDetails.tags.key   resource.s3BucketDetails.tags.value   resource.s3BucketDetails.type   service.archived When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.   service.resourceRole   severity   type   updatedAt Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.
      */
     FindingCriteria: FindingCriteria;
     /**

package/node_modules/aws-sdk/clients/iot.d.ts CHANGED Viewed

@@ -2827,6 +2827,7 @@ declare namespace Iot {
   }
   export type Boolean = boolean;
   export type BooleanKey = boolean;
+  export type BooleanWrapperObject = boolean;
   export interface Bucket {
     /**
      * The value counted for the particular bucket.
@@ -3572,7 +3573,7 @@ declare namespace Iot {
      */
     presignedUrlConfig?: PresignedUrlConfig;
     /**
-     * Specifies whether the job will continue to run (CONTINUOUS), or will be complete after all those things specified as targets have completed the job (SNAPSHOT). If continuous, the job may also be run on a thing when a change is detected in a target. For example, a job will run on a thing when the thing is added to a target group, even after the job was completed by all things originally in the group.
+     * Specifies whether the job will continue to run (CONTINUOUS), or will be complete after all those things specified as targets have completed the job (SNAPSHOT). If continuous, the job may also be run on a thing when a change is detected in a target. For example, a job will run on a thing when the thing is added to a target group, even after the job was completed by all things originally in the group.  We recommend that you use continuous jobs instead of snapshot jobs for dynamic thing group targets. By using continuous jobs, devices that join the group receive the job execution even after the job has been created.
      */
     targetSelection?: TargetSelection;
     /**
@@ -3604,7 +3605,7 @@ declare namespace Iot {
      */
     jobExecutionsRetryConfig?: JobExecutionsRetryConfig;
     /**
-     * Parameters of a managed template that you can specify to create the job document.
+     * Parameters of an Amazon Web Services managed template that you can specify to create the job document.   documentParameters can only be used when creating jobs from Amazon Web Services managed templates. This parameter can't be used with custom job templates or to create jobs from them.
      */
     documentParameters?: ParameterMap;
   }
@@ -4229,11 +4230,11 @@ declare namespace Iot {
      */
     certificateChain?: CodeSigningCertificateChain;
     /**
-     * The hash algorithm used to code sign the file.
+     * The hash algorithm used to code sign the file. You can use a string as the algorithm name if the target over-the-air (OTA) update devices are able to verify the signature that was generated using the same signature algorithm. For example, FreeRTOS uses SHA256 or SHA1, so you can pass either of them based on which was used for generating the signature.
      */
     hashAlgorithm?: HashAlgorithm;
     /**
-     * The signature algorithm used to code sign the file.
+     * The signature algorithm used to code sign the file. You can use a string as the algorithm name if the target over-the-air (OTA) update devices are able to verify the signature that was generated using the same signature algorithm. For example, FreeRTOS uses ECDSA or RSA, so you can pass either of them based on which was used for generating the signature.
      */
     signatureAlgorithm?: SignatureAlgorithm;
   }
@@ -5099,7 +5100,7 @@ declare namespace Iot {
      */
     environments?: Environments;
     /**
-     * A map of key-value pairs that you can use as guidance to specify the inputs for creating a job from a managed template.
+     * A map of key-value pairs that you can use as guidance to specify the inputs for creating a job from a managed template.   documentParameters can only be used when creating jobs from Amazon Web Services managed templates. This parameter can't be used with custom job templates or to create jobs from them.
      */
     documentParameters?: DocumentParameters;
     /**
@@ -6452,7 +6453,7 @@ declare namespace Iot {
      */
     jobId?: JobId;
     /**
-     * Specifies whether the job will continue to run (CONTINUOUS), or will be complete after all those things specified as targets have completed the job (SNAPSHOT). If continuous, the job may also be run on a thing when a change is detected in a target. For example, a job will run on a device when the thing representing the device is added to a target group, even after the job was completed by all things originally in the group.
+     * Specifies whether the job will continue to run (CONTINUOUS), or will be complete after all those things specified as targets have completed the job (SNAPSHOT). If continuous, the job may also be run on a thing when a change is detected in a target. For example, a job will run on a device when the thing representing the device is added to a target group, even after the job was completed by all things originally in the group.   We recommend that you use continuous jobs instead of snapshot jobs for dynamic thing group targets. By using continuous jobs, devices that join the group receive the job execution even after the job has been created.
      */
     targetSelection?: TargetSelection;
     /**
@@ -6524,9 +6525,10 @@ declare namespace Iot {
      */
     jobExecutionsRetryConfig?: JobExecutionsRetryConfig;
     /**
-     * A key-value map that pairs the patterns that need to be replaced in a managed template job document schema. You can use the description of each key as a guidance to specify the inputs during runtime when creating a job.
+     * A key-value map that pairs the patterns that need to be replaced in a managed template job document schema. You can use the description of each key as a guidance to specify the inputs during runtime when creating a job.   documentParameters can only be used when creating jobs from Amazon Web Services managed templates. This parameter can't be used with custom job templates or to create jobs from them.
      */
     documentParameters?: ParameterMap;
+    isConcurrent?: BooleanWrapperObject;
   }
   export type JobArn = string;
   export type JobDescription = string;
@@ -6704,7 +6706,7 @@ declare namespace Iot {
      */
     thingGroupId?: ThingGroupId;
     /**
-     * Specifies whether the job will continue to run (CONTINUOUS), or will be complete after all those things specified as targets have completed the job (SNAPSHOT). If continuous, the job may also be run on a thing when a change is detected in a target. For example, a job will run on a thing when the thing is added to a target group, even after the job was completed by all things originally in the group.
+     * Specifies whether the job will continue to run (CONTINUOUS), or will be complete after all those things specified as targets have completed the job (SNAPSHOT). If continuous, the job may also be run on a thing when a change is detected in a target. For example, a job will run on a thing when the thing is added to a target group, even after the job was completed by all things originally in the group.  We recommend that you use continuous jobs instead of snapshot jobs for dynamic thing group targets. By using continuous jobs, devices that join the group receive the job execution even after the job has been created.
      */
     targetSelection?: TargetSelection;
     /**
@@ -6723,6 +6725,7 @@ declare namespace Iot {
      * The time, in seconds since the epoch, when the job completed.
      */
     completedAt?: DateType;
+    isConcurrent?: BooleanWrapperObject;
   }
   export type JobSummaryList = JobSummary[];
   export type JobTargets = TargetArn[];
@@ -7442,7 +7445,7 @@ declare namespace Iot {
      */
     status?: JobStatus;
     /**
-     * Specifies whether the job will continue to run (CONTINUOUS), or will be complete after all those things specified as targets have completed the job (SNAPSHOT). If continuous, the job may also be run on a thing when a change is detected in a target. For example, a job will run on a thing when the thing is added to a target group, even after the job was completed by all things originally in the group.
+     * Specifies whether the job will continue to run (CONTINUOUS), or will be complete after all those things specified as targets have completed the job (SNAPSHOT). If continuous, the job may also be run on a thing when a change is detected in a target. For example, a job will run on a thing when the thing is added to a target group, even after the job was completed by all things originally in the group.   We recommend that you use continuous jobs instead of snapshot jobs for dynamic thing group targets. By using continuous jobs, devices that join the group receive the job execution even after the job has been created.
      */
     targetSelection?: TargetSelection;
     /**

package/node_modules/aws-sdk/clients/iotsecuretunneling.d.ts CHANGED Viewed

@@ -12,19 +12,19 @@ declare class IoTSecureTunneling extends Service {
   constructor(options?: IoTSecureTunneling.Types.ClientConfiguration)
   config: Config & IoTSecureTunneling.Types.ClientConfiguration;
   /**
-   * Closes a tunnel identified by the unique tunnel id. When a CloseTunnel request is received, we close the WebSocket connections between the client and proxy server so no data can be transmitted.
+   * Closes a tunnel identified by the unique tunnel id. When a CloseTunnel request is received, we close the WebSocket connections between the client and proxy server so no data can be transmitted. Requires permission to access the CloseTunnel action.
    */
   closeTunnel(params: IoTSecureTunneling.Types.CloseTunnelRequest, callback?: (err: AWSError, data: IoTSecureTunneling.Types.CloseTunnelResponse) => void): Request<IoTSecureTunneling.Types.CloseTunnelResponse, AWSError>;
   /**
-   * Closes a tunnel identified by the unique tunnel id. When a CloseTunnel request is received, we close the WebSocket connections between the client and proxy server so no data can be transmitted.
+   * Closes a tunnel identified by the unique tunnel id. When a CloseTunnel request is received, we close the WebSocket connections between the client and proxy server so no data can be transmitted. Requires permission to access the CloseTunnel action.
    */
   closeTunnel(callback?: (err: AWSError, data: IoTSecureTunneling.Types.CloseTunnelResponse) => void): Request<IoTSecureTunneling.Types.CloseTunnelResponse, AWSError>;
   /**
-   * Gets information about a tunnel identified by the unique tunnel id.
+   * Gets information about a tunnel identified by the unique tunnel id. Requires permission to access the DescribeTunnel action.
    */
   describeTunnel(params: IoTSecureTunneling.Types.DescribeTunnelRequest, callback?: (err: AWSError, data: IoTSecureTunneling.Types.DescribeTunnelResponse) => void): Request<IoTSecureTunneling.Types.DescribeTunnelResponse, AWSError>;
   /**
-   * Gets information about a tunnel identified by the unique tunnel id.
+   * Gets information about a tunnel identified by the unique tunnel id. Requires permission to access the DescribeTunnel action.
    */
   describeTunnel(callback?: (err: AWSError, data: IoTSecureTunneling.Types.DescribeTunnelResponse) => void): Request<IoTSecureTunneling.Types.DescribeTunnelResponse, AWSError>;
   /**
@@ -36,21 +36,29 @@ declare class IoTSecureTunneling extends Service {
    */
   listTagsForResource(callback?: (err: AWSError, data: IoTSecureTunneling.Types.ListTagsForResourceResponse) => void): Request<IoTSecureTunneling.Types.ListTagsForResourceResponse, AWSError>;
   /**
-   * List all tunnels for an AWS account. Tunnels are listed by creation time in descending order, newer tunnels will be listed before older tunnels.
+   * List all tunnels for an Amazon Web Services account. Tunnels are listed by creation time in descending order, newer tunnels will be listed before older tunnels. Requires permission to access the ListTunnels action.
    */
   listTunnels(params: IoTSecureTunneling.Types.ListTunnelsRequest, callback?: (err: AWSError, data: IoTSecureTunneling.Types.ListTunnelsResponse) => void): Request<IoTSecureTunneling.Types.ListTunnelsResponse, AWSError>;
   /**
-   * List all tunnels for an AWS account. Tunnels are listed by creation time in descending order, newer tunnels will be listed before older tunnels.
+   * List all tunnels for an Amazon Web Services account. Tunnels are listed by creation time in descending order, newer tunnels will be listed before older tunnels. Requires permission to access the ListTunnels action.
    */
   listTunnels(callback?: (err: AWSError, data: IoTSecureTunneling.Types.ListTunnelsResponse) => void): Request<IoTSecureTunneling.Types.ListTunnelsResponse, AWSError>;
   /**
-   * Creates a new tunnel, and returns two client access tokens for clients to use to connect to the AWS IoT Secure Tunneling proxy server.
+   * Creates a new tunnel, and returns two client access tokens for clients to use to connect to the IoT Secure Tunneling proxy server. Requires permission to access the OpenTunnel action.
    */
   openTunnel(params: IoTSecureTunneling.Types.OpenTunnelRequest, callback?: (err: AWSError, data: IoTSecureTunneling.Types.OpenTunnelResponse) => void): Request<IoTSecureTunneling.Types.OpenTunnelResponse, AWSError>;
   /**
-   * Creates a new tunnel, and returns two client access tokens for clients to use to connect to the AWS IoT Secure Tunneling proxy server.
+   * Creates a new tunnel, and returns two client access tokens for clients to use to connect to the IoT Secure Tunneling proxy server. Requires permission to access the OpenTunnel action.
    */
   openTunnel(callback?: (err: AWSError, data: IoTSecureTunneling.Types.OpenTunnelResponse) => void): Request<IoTSecureTunneling.Types.OpenTunnelResponse, AWSError>;
+  /**
+   * Revokes the current client access token (CAT) and returns new CAT for clients to use when reconnecting to secure tunneling to access the same tunnel. Requires permission to access the RotateTunnelAccessToken action.  Rotating the CAT doesn't extend the tunnel duration. For example, say the tunnel duration is 12 hours and the tunnel has already been open for 4 hours. When you rotate the access tokens, the new tokens that are generated can only be used for the remaining 8 hours.
+   */
+  rotateTunnelAccessToken(params: IoTSecureTunneling.Types.RotateTunnelAccessTokenRequest, callback?: (err: AWSError, data: IoTSecureTunneling.Types.RotateTunnelAccessTokenResponse) => void): Request<IoTSecureTunneling.Types.RotateTunnelAccessTokenResponse, AWSError>;
+  /**
+   * Revokes the current client access token (CAT) and returns new CAT for clients to use when reconnecting to secure tunneling to access the same tunnel. Requires permission to access the RotateTunnelAccessToken action.  Rotating the CAT doesn't extend the tunnel duration. For example, say the tunnel duration is 12 hours and the tunnel has already been open for 4 hours. When you rotate the access tokens, the new tokens that are generated can only be used for the remaining 8 hours.
+   */
+  rotateTunnelAccessToken(callback?: (err: AWSError, data: IoTSecureTunneling.Types.RotateTunnelAccessTokenResponse) => void): Request<IoTSecureTunneling.Types.RotateTunnelAccessTokenResponse, AWSError>;
   /**
    * A resource tag.
    */
@@ -71,13 +79,14 @@ declare class IoTSecureTunneling extends Service {
 declare namespace IoTSecureTunneling {
   export type AmazonResourceName = string;
   export type ClientAccessToken = string;
+  export type ClientMode = "SOURCE"|"DESTINATION"|"ALL"|string;
   export interface CloseTunnelRequest {
     /**
      * The ID of the tunnel to close.
      */
     tunnelId: TunnelId;
     /**
-     * When set to true, AWS IoT Secure Tunneling deletes the tunnel data immediately.
+     * When set to true, IoT Secure Tunneling deletes the tunnel data immediately.
      */
     delete?: DeleteFlag;
   }
@@ -115,7 +124,7 @@ declare namespace IoTSecureTunneling {
      */
     thingName?: ThingName;
     /**
-     * A list of service names that identity the target application. The AWS IoT client running on the destination device reads this value and uses it to look up a port or an IP address and a port. The AWS IoT client instantiates the local proxy which uses this information to connect to the destination application.
+     * A list of service names that identify the target application. The IoT client running on the destination device reads this value and uses it to look up a port or an IP address and a port. The IoT client instantiates the local proxy, which uses this information to connect to the destination application.
      */
     services: ServiceList;
   }
@@ -141,17 +150,17 @@ declare namespace IoTSecureTunneling {
      */
     maxResults?: MaxResults;
     /**
-     * A token to retrieve the next set of results.
+     * To retrieve the next set of results, the nextToken value from a previous response; otherwise null to receive the first set of results.
      */
     nextToken?: NextToken;
   }
   export interface ListTunnelsResponse {
     /**
-     * A short description of the tunnels in an AWS account.
+     * A short description of the tunnels in an Amazon Web Services account.
      */
     tunnelSummaries?: TunnelSummaryList;
     /**
-     * A token to used to retrieve the next set of results.
+     * The token to use to get the next set of results, or null if there are no additional results.
      */
     nextToken?: NextToken;
   }
@@ -181,15 +190,40 @@ declare namespace IoTSecureTunneling {
      */
     tunnelId?: TunnelId;
     /**
-     * The Amazon Resource Name for the tunnel. The tunnel ARN format is arn:aws:tunnel:&lt;region&gt;:&lt;account-id&gt;:tunnel/&lt;tunnel-id&gt;
+     * The Amazon Resource Name for the tunnel.
+     */
+    tunnelArn?: TunnelArn;
+    /**
+     * The access token the source local proxy uses to connect to IoT Secure Tunneling.
+     */
+    sourceAccessToken?: ClientAccessToken;
+    /**
+     * The access token the destination local proxy uses to connect to IoT Secure Tunneling.
+     */
+    destinationAccessToken?: ClientAccessToken;
+  }
+  export interface RotateTunnelAccessTokenRequest {
+    /**
+     * The tunnel for which you want to rotate the access tokens.
+     */
+    tunnelId: TunnelId;
+    /**
+     * The mode of the client that will use the client token, which can be either the source or destination, or both source and destination.
+     */
+    clientMode: ClientMode;
+    destinationConfig?: DestinationConfig;
+  }
+  export interface RotateTunnelAccessTokenResponse {
+    /**
+     * The Amazon Resource Name for the tunnel.
      */
     tunnelArn?: TunnelArn;
     /**
-     * The access token the source local proxy uses to connect to AWS IoT Secure Tunneling.
+     * The client access token that the source local proxy uses to connect to IoT Secure Tunneling.
      */
     sourceAccessToken?: ClientAccessToken;
     /**
-     * The access token the destination local proxy uses to connect to AWS IoT Secure Tunneling.
+     * The client access token that the destination local proxy uses to connect to IoT Secure Tunneling.
      */
     destinationAccessToken?: ClientAccessToken;
   }
@@ -235,7 +269,7 @@ declare namespace IoTSecureTunneling {
      */
     tunnelId?: TunnelId;
     /**
-     * The Amazon Resource Name (ARN) of a tunnel. The tunnel ARN format is arn:aws:tunnel:&lt;region&gt;:&lt;account-id&gt;:tunnel/&lt;tunnel-id&gt;
+     * The Amazon Resource Name (ARN) of a tunnel.
      */
     tunnelArn?: TunnelArn;
     /**
@@ -284,7 +318,7 @@ declare namespace IoTSecureTunneling {
      */
     tunnelId?: TunnelId;
     /**
-     * The Amazon Resource Name of the tunnel. The tunnel ARN format is arn:aws:tunnel:&lt;region&gt;:&lt;account-id&gt;:tunnel/&lt;tunnel-id&gt;
+     * The Amazon Resource Name of the tunnel.
      */
     tunnelArn?: TunnelArn;
     /**