@pulumi/aws-native 1.29.0-alpha.1747978507 → 1.29.0-alpha.1748545062

package/types/input.d.ts

@@ -6147,6 +6147,15 @@ export declare namespace aps {
          */
         subnetIds: pulumi.Input<pulumi.Input<string>[]>;
     }
+    /**
+     * Represents a cloudwatch logs destination for query logging
+     */
+    interface WorkspaceCloudWatchLogDestinationArgs {
+        /**
+         * The ARN of the CloudWatch Logs log group
+         */
+        logGroupArn: pulumi.Input<string>;
+    }
     /**
      * Workspace configuration
      */
@@ -6204,6 +6213,31 @@ export declare namespace aps {
          */
         logGroupArn?: pulumi.Input<string>;
     }
+    /**
+     * Destinations for query logging
+     */
+    interface WorkspaceLoggingDestinationArgs {
+        cloudWatchLogs: pulumi.Input<inputs.aps.WorkspaceCloudWatchLogDestinationArgs>;
+        filters: pulumi.Input<inputs.aps.WorkspaceLoggingFilterArgs>;
+    }
+    /**
+     * Filters for logging
+     */
+    interface WorkspaceLoggingFilterArgs {
+        /**
+         * Query logs with QSP above this limit are vended
+         */
+        qspThreshold: pulumi.Input<number>;
+    }
+    /**
+     * Query logging configuration
+     */
+    interface WorkspaceQueryLoggingConfigurationArgs {
+        /**
+         * The destinations configuration for query logging
+         */
+        destinations: pulumi.Input<pulumi.Input<inputs.aps.WorkspaceLoggingDestinationArgs>[]>;
+    }
 }
 export declare namespace arczonalshift {
     interface ZonalAutoshiftConfigurationControlConditionArgs {
@@ -10923,6 +10957,13 @@ export declare namespace bedrock {
          */
         agentAliasArn: pulumi.Input<string>;
     }
+    interface FlowAliasConcurrencyConfigurationArgs {
+        /**
+         * Number of nodes executed concurrently at a time
+         */
+        maxConcurrency?: pulumi.Input<number>;
+        type: pulumi.Input<enums.bedrock.FlowAliasConcurrencyType>;
+    }
     /**
      * Details about the routing configuration for a Flow alias.
      */
@@ -11044,6 +11085,16 @@ export declare namespace bedrock {
          */
         guardrailVersion?: pulumi.Input<string>;
     }
+    /**
+     * Inline code config strucuture, contains code configs
+     */
+    interface FlowInlineCodeFlowNodeConfigurationArgs {
+        /**
+         * The inline code entered by customers. max size is 5MB.
+         */
+        code: pulumi.Input<string>;
+        language: pulumi.Input<enums.bedrock.FlowSupportedLanguages>;
+    }
     /**
      * Input flow node configuration
      */
@@ -11097,7 +11148,7 @@ export declare namespace bedrock {
         /**
          * Contains configurations for the node.
          */
-        configuration?: pulumi.Input<inputs.bedrock.FlowNodeConfiguration0PropertiesArgs | inputs.bedrock.FlowNodeConfiguration1PropertiesArgs | inputs.bedrock.FlowNodeConfiguration2PropertiesArgs | inputs.bedrock.FlowNodeConfiguration3PropertiesArgs | inputs.bedrock.FlowNodeConfiguration4PropertiesArgs | inputs.bedrock.FlowNodeConfiguration5PropertiesArgs | inputs.bedrock.FlowNodeConfiguration6PropertiesArgs | inputs.bedrock.FlowNodeConfiguration7PropertiesArgs | inputs.bedrock.FlowNodeConfiguration8PropertiesArgs | inputs.bedrock.FlowNodeConfiguration9PropertiesArgs | inputs.bedrock.FlowNodeConfiguration10PropertiesArgs | inputs.bedrock.FlowNodeConfiguration11PropertiesArgs>;
+        configuration?: pulumi.Input<inputs.bedrock.FlowNodeConfiguration0PropertiesArgs | inputs.bedrock.FlowNodeConfiguration1PropertiesArgs | inputs.bedrock.FlowNodeConfiguration2PropertiesArgs | inputs.bedrock.FlowNodeConfiguration3PropertiesArgs | inputs.bedrock.FlowNodeConfiguration4PropertiesArgs | inputs.bedrock.FlowNodeConfiguration5PropertiesArgs | inputs.bedrock.FlowNodeConfiguration6PropertiesArgs | inputs.bedrock.FlowNodeConfiguration7PropertiesArgs | inputs.bedrock.FlowNodeConfiguration8PropertiesArgs | inputs.bedrock.FlowNodeConfiguration9PropertiesArgs | inputs.bedrock.FlowNodeConfiguration10PropertiesArgs | inputs.bedrock.FlowNodeConfiguration11PropertiesArgs | inputs.bedrock.FlowNodeConfiguration12PropertiesArgs>;
         /**
          * List of node inputs in a flow
          */
@@ -11133,6 +11184,12 @@ export declare namespace bedrock {
     interface FlowNodeConfiguration11PropertiesArgs {
         retrieval: pulumi.Input<inputs.bedrock.FlowRetrievalFlowNodeConfigurationArgs>;
     }
+    /**
+     * Node configuration in a flow
+     */
+    interface FlowNodeConfiguration12PropertiesArgs {
+        inlineCode: pulumi.Input<inputs.bedrock.FlowInlineCodeFlowNodeConfigurationArgs>;
+    }
     /**
      * Node configuration in a flow
      */
@@ -15499,9 +15556,8 @@ export declare namespace cloudfront {
          */
         originProtocolPolicy?: pulumi.Input<string>;
         /**
-         * Specifies the minimum SSL/TLS protocol that CloudFront uses when connecting to your origin over HTTPS. Valid values include `SSLv3` , `TLSv1` , `TLSv1.1` , and `TLSv1.2` .
-         *
-         * For more information, see [Minimum Origin SSL Protocol](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginSSLProtocols) in the *Amazon CloudFront Developer Guide* .
+         * Specifies the minimum SSL/TLS protocol that CloudFront uses when connecting to your origin over HTTPS. Valid values include ``SSLv3``, ``TLSv1``, ``TLSv1.1``, and ``TLSv1.2``.
+         *  For more information, see [Minimum Origin SSL Protocol](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginSSLProtocols) in the *Amazon CloudFront Developer Guide*.
          */
         originSslProtocols?: pulumi.Input<pulumi.Input<string>[]>;
     }
@@ -20664,6 +20720,32 @@ export declare namespace datasync {
          */
         azureBlobSasToken: pulumi.Input<string>;
     }
+    /**
+     * Specifies configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed AWS KMS key.
+     */
+    interface LocationAzureBlobCmkSecretConfigArgs {
+        /**
+         * Specifies the ARN for the customer-managed AWS KMS key used to encrypt the secret specified for SecretArn. DataSync provides this key to AWS Secrets Manager.
+         */
+        kmsKeyArn?: pulumi.Input<string>;
+        /**
+         * Specifies the ARN for an AWS Secrets Manager secret, managed by DataSync.
+         */
+        secretArn?: pulumi.Input<string>;
+    }
+    /**
+     * Specifies configuration information for a customer-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and an IAM role that DataSync can assume and access the customer-managed secret.
+     */
+    interface LocationAzureBlobCustomSecretConfigArgs {
+        /**
+         * Specifies the ARN for the AWS Identity and Access Management role that DataSync uses to access the secret specified for SecretArn.
+         */
+        secretAccessRoleArn: pulumi.Input<string>;
+        /**
+         * Specifies the ARN for a customer created AWS Secrets Manager secret.
+         */
+        secretArn: pulumi.Input<string>;
+    }
     /**
      * The subnet and security group that DataSync uses to access target EFS file system.
      */
@@ -20809,6 +20891,32 @@ export declare namespace datasync {
          */
         agentArns: pulumi.Input<pulumi.Input<string>[]>;
     }
+    /**
+     * Specifies configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed AWS KMS key.
+     */
+    interface LocationObjectStorageCmkSecretConfigArgs {
+        /**
+         * Specifies the ARN for the customer-managed AWS KMS key used to encrypt the secret specified for SecretArn. DataSync provides this key to AWS Secrets Manager.
+         */
+        kmsKeyArn?: pulumi.Input<string>;
+        /**
+         * Specifies the ARN for an AWS Secrets Manager secret, managed by DataSync.
+         */
+        secretArn?: pulumi.Input<string>;
+    }
+    /**
+     * Specifies configuration information for a customer-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and an IAM role that DataSync can assume and access the customer-managed secret.
+     */
+    interface LocationObjectStorageCustomSecretConfigArgs {
+        /**
+         * Specifies the ARN for the AWS Identity and Access Management role that DataSync uses to access the secret specified for SecretArn.
+         */
+        secretAccessRoleArn: pulumi.Input<string>;
+        /**
+         * Specifies the ARN for a customer created AWS Secrets Manager secret.
+         */
+        secretArn: pulumi.Input<string>;
+    }
     /**
      * The Amazon Resource Name (ARN) of the AWS IAM role that is used to access an Amazon S3 bucket.
      */
@@ -21651,6 +21759,7 @@ export declare namespace deadline {
     interface FleetCustomerManagedFleetConfigurationArgs {
         mode: pulumi.Input<enums.deadline.FleetAutoScalingMode>;
         storageProfileId?: pulumi.Input<string>;
+        tagPropagationMode?: pulumi.Input<enums.deadline.FleetTagPropagationMode>;
         workerCapabilities: pulumi.Input<inputs.deadline.FleetCustomerManagedWorkerCapabilitiesArgs>;
     }
     interface FleetCustomerManagedWorkerCapabilitiesArgs {
@@ -23798,6 +23907,28 @@ export declare namespace ec2 {
          */
         licenseConfigurationArn: pulumi.Input<string>;
     }
+    interface InstanceMetadataOptionsArgs {
+        /**
+         * Enables or disables the HTTP metadata endpoint on your instances. If you specify a value of disabled, you cannot access your instance metadata.
+         */
+        httpEndpoint?: pulumi.Input<enums.ec2.InstanceMetadataOptionsHttpEndpoint>;
+        /**
+         * Enables or disables the IPv6 endpoint for the instance metadata service. To use this option, the instance must be a Nitro-based instance launched in a subnet that supports IPv6.
+         */
+        httpProtocolIpv6?: pulumi.Input<enums.ec2.InstanceMetadataOptionsHttpProtocolIpv6>;
+        /**
+         * The number of network hops that the metadata token can travel. Maximum is 64.
+         */
+        httpPutResponseHopLimit?: pulumi.Input<number>;
+        /**
+         * Indicates whether IMDSv2 is required.
+         */
+        httpTokens?: pulumi.Input<enums.ec2.InstanceMetadataOptionsHttpTokens>;
+        /**
+         * Indicates whether tags from the instance are propagated to the EBS volumes.
+         */
+        instanceMetadataTags?: pulumi.Input<enums.ec2.InstanceMetadataOptionsInstanceMetadataTags>;
+    }
     interface InstanceNetworkInterfaceArgs {
         /**
          * Not currently supported by AWS CloudFormation.
@@ -27202,12 +27333,14 @@ export declare namespace ecs {
      */
     interface ClusterManagedStorageConfigurationArgs {
         /**
-         * Specify the KMSlong key ID for the Fargate ephemeral storage.
+         * Specify the KMSlong key ID for Fargate ephemeral storage.
+         *  When you specify a ``fargateEphemeralStorageKmsKeyId``, AWS Fargate uses the key to encrypt data at rest in ephemeral storage. For more information about Fargate ephemeral storage encryption, see [Customer managed keys for Fargate ephemeral storage for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/fargate-storage-encryption.html) in the *Amazon Elastic Container Service Developer Guide*.
          *  The key must be a single Region key.
          */
         fargateEphemeralStorageKmsKeyId?: pulumi.Input<string>;
         /**
-         * Specify a KMSlong key ID to encrypt the managed storage.
+         * Specify a KMSlong key ID to encrypt Amazon ECS managed storage.
+         *   When you specify a ``kmsKeyId``, Amazon ECS uses the key to encrypt data volumes managed by Amazon ECS that are attached to tasks in the cluster. The following data volumes are managed by Amazon ECS: Amazon EBS. For more information about encryption of Amazon EBS volumes attached to Amazon ECS tasks, see [Encrypt data stored in Amazon EBS volumes for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ebs-kms-encryption.html) in the *Amazon Elastic Container Service Developer Guide*.
          *  The key must be a single Region key.
          */
         kmsKeyId?: pulumi.Input<string>;
@@ -28426,7 +28559,7 @@ export declare namespace ecs {
          *  The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following:
          *   + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using Fargate.Optional when using EC2. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance.
          *  The following options apply to all supported log drivers.
-         *   + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to the log driver specified using logDriver. The delivery mode you choose affects application availability when the flow of logs from container is interrupted. If you use the blocking mode and the flow of logs is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. You can set a default mode for all containers in a specific Region by using the defaultLogDriverMode account setting. If you don't specify the mode option or configure the account setting, Amazon ECS will default to the blocking mode. For more information about the account setting, see Default log driver mode in the Amazon Elastic Container Service Developer Guide. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost.
+         *   + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to the log driver specified using logDriver. The delivery mode you choose affects application availability when the flow of logs from container is interrupted. If you use the blocking mode and the flow of logs is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. You can set a default mode for all containers in a specific Region by using the defaultLogDriverMode account setting. If you don't specify the mode option or configure the account setting, Amazon ECS will default to the blocking mode. For more information about the account setting, see Default log driver mode in the Amazon Elastic Container Service Developer Guide. On June 25, 2025, Amazon ECS is changing the default log driver mode from blocking to non-blocking to prioritize task availability over logging. To continue using the blocking mode after this change, do one of the following: Set the mode option in your container definition's logConfiguration as blocking. Set the defaultLogDriverMode account setting to blocking. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost.
          *  To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``.
          *  When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker.
          *  Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``.
@@ -92544,7 +92677,7 @@ export declare namespace ses {
         /**
          * The list of actions to execute when the conditions match the incoming email, and none of the "unless conditions" match.
          */
-        actions: pulumi.Input<pulumi.Input<inputs.ses.MailManagerRuleSetRuleAction0PropertiesArgs | inputs.ses.MailManagerRuleSetRuleAction1PropertiesArgs | inputs.ses.MailManagerRuleSetRuleAction2PropertiesArgs | inputs.ses.MailManagerRuleSetRuleAction3PropertiesArgs | inputs.ses.MailManagerRuleSetRuleAction4PropertiesArgs | inputs.ses.MailManagerRuleSetRuleAction5PropertiesArgs | inputs.ses.MailManagerRuleSetRuleAction6PropertiesArgs | inputs.ses.MailManagerRuleSetRuleAction7PropertiesArgs | inputs.ses.MailManagerRuleSetRuleAction8PropertiesArgs>[]>;
+        actions: pulumi.Input<pulumi.Input<inputs.ses.MailManagerRuleSetRuleAction0PropertiesArgs | inputs.ses.MailManagerRuleSetRuleAction1PropertiesArgs | inputs.ses.MailManagerRuleSetRuleAction2PropertiesArgs | inputs.ses.MailManagerRuleSetRuleAction3PropertiesArgs | inputs.ses.MailManagerRuleSetRuleAction4PropertiesArgs | inputs.ses.MailManagerRuleSetRuleAction5PropertiesArgs | inputs.ses.MailManagerRuleSetRuleAction6PropertiesArgs | inputs.ses.MailManagerRuleSetRuleAction7PropertiesArgs | inputs.ses.MailManagerRuleSetRuleAction8PropertiesArgs | inputs.ses.MailManagerRuleSetRuleAction9PropertiesArgs>[]>;
         /**
          * The conditions of this rule. All conditions must match the email for the actions to be executed. An empty list of conditions means that all emails match, but are still subject to any "unless conditions"
          */
@@ -92585,6 +92718,9 @@ export declare namespace ses {
     interface MailManagerRuleSetRuleAction8PropertiesArgs {
         deliverToQBusiness: pulumi.Input<inputs.ses.MailManagerRuleSetDeliverToQBusinessActionArgs>;
     }
+    interface MailManagerRuleSetRuleAction9PropertiesArgs {
+        publishToSns: pulumi.Input<inputs.ses.MailManagerRuleSetSnsActionArgs>;
+    }
     interface MailManagerRuleSetRuleBooleanExpressionArgs {
         evaluate: pulumi.Input<inputs.ses.MailManagerRuleSetRuleBooleanToEvaluate0PropertiesArgs | inputs.ses.MailManagerRuleSetRuleBooleanToEvaluate1PropertiesArgs>;
         operator: pulumi.Input<enums.ses.MailManagerRuleSetRuleBooleanOperator>;
@@ -92669,6 +92805,13 @@ export declare namespace ses {
         actionFailurePolicy?: pulumi.Input<enums.ses.MailManagerRuleSetActionFailurePolicy>;
         roleArn: pulumi.Input<string>;
     }
+    interface MailManagerRuleSetSnsActionArgs {
+        actionFailurePolicy?: pulumi.Input<enums.ses.MailManagerRuleSetActionFailurePolicy>;
+        encoding?: pulumi.Input<enums.ses.MailManagerRuleSetSnsNotificationEncoding>;
+        payloadType?: pulumi.Input<enums.ses.MailManagerRuleSetSnsNotificationPayloadType>;
+        roleArn: pulumi.Input<string>;
+        topicArn: pulumi.Input<string>;
+    }
     interface MailManagerTrafficPolicyIngressAnalysisArgs {
         analyzer: pulumi.Input<string>;
         resultField: pulumi.Input<string>;

package/types/output.d.ts

@@ -6057,6 +6057,15 @@ export declare namespace aps {
          */
         subnetIds: string[];
     }
+    /**
+     * Represents a cloudwatch logs destination for query logging
+     */
+    interface WorkspaceCloudWatchLogDestination {
+        /**
+         * The ARN of the CloudWatch Logs log group
+         */
+        logGroupArn: string;
+    }
     /**
      * Workspace configuration
      */
@@ -6114,6 +6123,31 @@ export declare namespace aps {
          */
         logGroupArn?: string;
     }
+    /**
+     * Destinations for query logging
+     */
+    interface WorkspaceLoggingDestination {
+        cloudWatchLogs: outputs.aps.WorkspaceCloudWatchLogDestination;
+        filters: outputs.aps.WorkspaceLoggingFilter;
+    }
+    /**
+     * Filters for logging
+     */
+    interface WorkspaceLoggingFilter {
+        /**
+         * Query logs with QSP above this limit are vended
+         */
+        qspThreshold: number;
+    }
+    /**
+     * Query logging configuration
+     */
+    interface WorkspaceQueryLoggingConfiguration {
+        /**
+         * The destinations configuration for query logging
+         */
+        destinations: outputs.aps.WorkspaceLoggingDestination[];
+    }
 }
 export declare namespace arczonalshift {
     interface ZonalAutoshiftConfigurationControlCondition {
@@ -10859,6 +10893,13 @@ export declare namespace bedrock {
          */
         agentAliasArn: string;
     }
+    interface FlowAliasConcurrencyConfiguration {
+        /**
+         * Number of nodes executed concurrently at a time
+         */
+        maxConcurrency?: number;
+        type: enums.bedrock.FlowAliasConcurrencyType;
+    }
     /**
      * Details about the routing configuration for a Flow alias.
      */
@@ -10980,6 +11021,16 @@ export declare namespace bedrock {
          */
         guardrailVersion?: string;
     }
+    /**
+     * Inline code config strucuture, contains code configs
+     */
+    interface FlowInlineCodeFlowNodeConfiguration {
+        /**
+         * The inline code entered by customers. max size is 5MB.
+         */
+        code: string;
+        language: enums.bedrock.FlowSupportedLanguages;
+    }
     /**
      * Input flow node configuration
      */
@@ -11033,7 +11084,7 @@ export declare namespace bedrock {
         /**
          * Contains configurations for the node.
          */
-        configuration?: outputs.bedrock.FlowNodeConfiguration0Properties | outputs.bedrock.FlowNodeConfiguration1Properties | outputs.bedrock.FlowNodeConfiguration2Properties | outputs.bedrock.FlowNodeConfiguration3Properties | outputs.bedrock.FlowNodeConfiguration4Properties | outputs.bedrock.FlowNodeConfiguration5Properties | outputs.bedrock.FlowNodeConfiguration6Properties | outputs.bedrock.FlowNodeConfiguration7Properties | outputs.bedrock.FlowNodeConfiguration8Properties | outputs.bedrock.FlowNodeConfiguration9Properties | outputs.bedrock.FlowNodeConfiguration10Properties | outputs.bedrock.FlowNodeConfiguration11Properties;
+        configuration?: outputs.bedrock.FlowNodeConfiguration0Properties | outputs.bedrock.FlowNodeConfiguration1Properties | outputs.bedrock.FlowNodeConfiguration2Properties | outputs.bedrock.FlowNodeConfiguration3Properties | outputs.bedrock.FlowNodeConfiguration4Properties | outputs.bedrock.FlowNodeConfiguration5Properties | outputs.bedrock.FlowNodeConfiguration6Properties | outputs.bedrock.FlowNodeConfiguration7Properties | outputs.bedrock.FlowNodeConfiguration8Properties | outputs.bedrock.FlowNodeConfiguration9Properties | outputs.bedrock.FlowNodeConfiguration10Properties | outputs.bedrock.FlowNodeConfiguration11Properties | outputs.bedrock.FlowNodeConfiguration12Properties;
         /**
          * List of node inputs in a flow
          */
@@ -11069,6 +11120,12 @@ export declare namespace bedrock {
     interface FlowNodeConfiguration11Properties {
         retrieval: outputs.bedrock.FlowRetrievalFlowNodeConfiguration;
     }
+    /**
+     * Node configuration in a flow
+     */
+    interface FlowNodeConfiguration12Properties {
+        inlineCode: outputs.bedrock.FlowInlineCodeFlowNodeConfiguration;
+    }
     /**
      * Node configuration in a flow
      */
@@ -11436,7 +11493,7 @@ export declare namespace bedrock {
         /**
          * Contains configurations for the node.
          */
-        configuration?: outputs.bedrock.FlowVersionFlowNodeConfiguration0Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration1Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration2Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration3Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration4Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration5Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration6Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration7Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration8Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration9Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration10Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration11Properties;
+        configuration?: outputs.bedrock.FlowVersionFlowNodeConfiguration0Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration1Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration2Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration3Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration4Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration5Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration6Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration7Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration8Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration9Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration10Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration11Properties | outputs.bedrock.FlowVersionFlowNodeConfiguration12Properties;
         /**
          * List of node inputs in a flow
          */
@@ -11472,6 +11529,12 @@ export declare namespace bedrock {
     interface FlowVersionFlowNodeConfiguration11Properties {
         collector: outputs.bedrock.FlowVersionCollectorFlowNodeConfiguration;
     }
+    /**
+     * Node configuration in a flow
+     */
+    interface FlowVersionFlowNodeConfiguration12Properties {
+        inlineCode: outputs.bedrock.FlowVersionInlineCodeFlowNodeConfiguration;
+    }
     /**
      * Node configuration in a flow
      */
@@ -11569,6 +11632,16 @@ export declare namespace bedrock {
          */
         guardrailVersion?: string;
     }
+    /**
+     * Inline code config strucuture, contains code configs
+     */
+    interface FlowVersionInlineCodeFlowNodeConfiguration {
+        /**
+         * The inline code entered by customers. max size is 5MB.
+         */
+        code: string;
+        language: enums.bedrock.FlowVersionSupportedLanguages;
+    }
     /**
      * Input flow node configuration
      */
@@ -16205,9 +16278,8 @@ export declare namespace cloudfront {
          */
         originProtocolPolicy?: string;
         /**
-         * Specifies the minimum SSL/TLS protocol that CloudFront uses when connecting to your origin over HTTPS. Valid values include `SSLv3` , `TLSv1` , `TLSv1.1` , and `TLSv1.2` .
-         *
-         * For more information, see [Minimum Origin SSL Protocol](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginSSLProtocols) in the *Amazon CloudFront Developer Guide* .
+         * Specifies the minimum SSL/TLS protocol that CloudFront uses when connecting to your origin over HTTPS. Valid values include ``SSLv3``, ``TLSv1``, ``TLSv1.1``, and ``TLSv1.2``.
+         *  For more information, see [Minimum Origin SSL Protocol](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginSSLProtocols) in the *Amazon CloudFront Developer Guide*.
          */
         originSslProtocols?: string[];
     }
@@ -21509,6 +21581,41 @@ export declare namespace datasync {
          */
         azureBlobSasToken: string;
     }
+    /**
+     * Specifies configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed AWS KMS key.
+     */
+    interface LocationAzureBlobCmkSecretConfig {
+        /**
+         * Specifies the ARN for the customer-managed AWS KMS key used to encrypt the secret specified for SecretArn. DataSync provides this key to AWS Secrets Manager.
+         */
+        kmsKeyArn?: string;
+        /**
+         * Specifies the ARN for an AWS Secrets Manager secret, managed by DataSync.
+         */
+        secretArn?: string;
+    }
+    /**
+     * Specifies configuration information for a customer-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and an IAM role that DataSync can assume and access the customer-managed secret.
+     */
+    interface LocationAzureBlobCustomSecretConfig {
+        /**
+         * Specifies the ARN for the AWS Identity and Access Management role that DataSync uses to access the secret specified for SecretArn.
+         */
+        secretAccessRoleArn: string;
+        /**
+         * Specifies the ARN for a customer created AWS Secrets Manager secret.
+         */
+        secretArn: string;
+    }
+    /**
+     * Specifies configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location. DataSync uses the default AWS-managed KMS key to encrypt this secret in AWS Secrets Manager.
+     */
+    interface LocationAzureBlobManagedSecretConfig {
+        /**
+         * Specifies the ARN for an AWS Secrets Manager secret.
+         */
+        secretArn: string;
+    }
     /**
      * The subnet and security group that DataSync uses to access target EFS file system.
      */
@@ -21654,6 +21761,41 @@ export declare namespace datasync {
          */
         agentArns: string[];
     }
+    /**
+     * Specifies configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and a customer-managed AWS KMS key.
+     */
+    interface LocationObjectStorageCmkSecretConfig {
+        /**
+         * Specifies the ARN for the customer-managed AWS KMS key used to encrypt the secret specified for SecretArn. DataSync provides this key to AWS Secrets Manager.
+         */
+        kmsKeyArn?: string;
+        /**
+         * Specifies the ARN for an AWS Secrets Manager secret, managed by DataSync.
+         */
+        secretArn?: string;
+    }
+    /**
+     * Specifies configuration information for a customer-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location, and an IAM role that DataSync can assume and access the customer-managed secret.
+     */
+    interface LocationObjectStorageCustomSecretConfig {
+        /**
+         * Specifies the ARN for the AWS Identity and Access Management role that DataSync uses to access the secret specified for SecretArn.
+         */
+        secretAccessRoleArn: string;
+        /**
+         * Specifies the ARN for a customer created AWS Secrets Manager secret.
+         */
+        secretArn: string;
+    }
+    /**
+     * Specifies configuration information for a DataSync-managed secret, such as an authentication token or set of credentials that DataSync uses to access a specific transfer location. DataSync uses the default AWS-managed KMS key to encrypt this secret in AWS Secrets Manager.
+     */
+    interface LocationObjectStorageManagedSecretConfig {
+        /**
+         * Specifies the ARN for an AWS Secrets Manager secret.
+         */
+        secretArn: string;
+    }
     /**
      * The Amazon Resource Name (ARN) of the AWS IAM role that is used to access an Amazon S3 bucket.
      */
@@ -22538,6 +22680,7 @@ export declare namespace deadline {
     interface FleetCustomerManagedFleetConfiguration {
         mode: enums.deadline.FleetAutoScalingMode;
         storageProfileId?: string;
+        tagPropagationMode?: enums.deadline.FleetTagPropagationMode;
         workerCapabilities: outputs.deadline.FleetCustomerManagedWorkerCapabilities;
     }
     interface FleetCustomerManagedWorkerCapabilities {
@@ -24705,6 +24848,28 @@ export declare namespace ec2 {
          */
         licenseConfigurationArn: string;
     }
+    interface InstanceMetadataOptions {
+        /**
+         * Enables or disables the HTTP metadata endpoint on your instances. If you specify a value of disabled, you cannot access your instance metadata.
+         */
+        httpEndpoint?: enums.ec2.InstanceMetadataOptionsHttpEndpoint;
+        /**
+         * Enables or disables the IPv6 endpoint for the instance metadata service. To use this option, the instance must be a Nitro-based instance launched in a subnet that supports IPv6.
+         */
+        httpProtocolIpv6?: enums.ec2.InstanceMetadataOptionsHttpProtocolIpv6;
+        /**
+         * The number of network hops that the metadata token can travel. Maximum is 64.
+         */
+        httpPutResponseHopLimit?: number;
+        /**
+         * Indicates whether IMDSv2 is required.
+         */
+        httpTokens?: enums.ec2.InstanceMetadataOptionsHttpTokens;
+        /**
+         * Indicates whether tags from the instance are propagated to the EBS volumes.
+         */
+        instanceMetadataTags?: enums.ec2.InstanceMetadataOptionsInstanceMetadataTags;
+    }
     interface InstanceNetworkInterface {
         /**
          * Not currently supported by AWS CloudFormation.
@@ -28650,12 +28815,14 @@ export declare namespace ecs {
      */
     interface ClusterManagedStorageConfiguration {
         /**
-         * Specify the KMSlong key ID for the Fargate ephemeral storage.
+         * Specify the KMSlong key ID for Fargate ephemeral storage.
+         *  When you specify a ``fargateEphemeralStorageKmsKeyId``, AWS Fargate uses the key to encrypt data at rest in ephemeral storage. For more information about Fargate ephemeral storage encryption, see [Customer managed keys for Fargate ephemeral storage for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/fargate-storage-encryption.html) in the *Amazon Elastic Container Service Developer Guide*.
          *  The key must be a single Region key.
          */
         fargateEphemeralStorageKmsKeyId?: string;
         /**
-         * Specify a KMSlong key ID to encrypt the managed storage.
+         * Specify a KMSlong key ID to encrypt Amazon ECS managed storage.
+         *   When you specify a ``kmsKeyId``, Amazon ECS uses the key to encrypt data volumes managed by Amazon ECS that are attached to tasks in the cluster. The following data volumes are managed by Amazon ECS: Amazon EBS. For more information about encryption of Amazon EBS volumes attached to Amazon ECS tasks, see [Encrypt data stored in Amazon EBS volumes for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ebs-kms-encryption.html) in the *Amazon Elastic Container Service Developer Guide*.
          *  The key must be a single Region key.
          */
         kmsKeyId?: string;
@@ -29874,7 +30041,7 @@ export declare namespace ecs {
          *  The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following:
          *   + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using Fargate.Optional when using EC2. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance.
          *  The following options apply to all supported log drivers.
-         *   + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to the log driver specified using logDriver. The delivery mode you choose affects application availability when the flow of logs from container is interrupted. If you use the blocking mode and the flow of logs is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. You can set a default mode for all containers in a specific Region by using the defaultLogDriverMode account setting. If you don't specify the mode option or configure the account setting, Amazon ECS will default to the blocking mode. For more information about the account setting, see Default log driver mode in the Amazon Elastic Container Service Developer Guide. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost.
+         *   + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to the log driver specified using logDriver. The delivery mode you choose affects application availability when the flow of logs from container is interrupted. If you use the blocking mode and the flow of logs is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. You can set a default mode for all containers in a specific Region by using the defaultLogDriverMode account setting. If you don't specify the mode option or configure the account setting, Amazon ECS will default to the blocking mode. For more information about the account setting, see Default log driver mode in the Amazon Elastic Container Service Developer Guide. On June 25, 2025, Amazon ECS is changing the default log driver mode from blocking to non-blocking to prioritize task availability over logging. To continue using the blocking mode after this change, do one of the following: Set the mode option in your container definition's logConfiguration as blocking. Set the defaultLogDriverMode account setting to blocking. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost.
          *  To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``.
          *  When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker.
          *  Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``.
@@ -94951,7 +95118,7 @@ export declare namespace ses {
         /**
          * The list of actions to execute when the conditions match the incoming email, and none of the "unless conditions" match.
          */
-        actions: (outputs.ses.MailManagerRuleSetRuleAction0Properties | outputs.ses.MailManagerRuleSetRuleAction1Properties | outputs.ses.MailManagerRuleSetRuleAction2Properties | outputs.ses.MailManagerRuleSetRuleAction3Properties | outputs.ses.MailManagerRuleSetRuleAction4Properties | outputs.ses.MailManagerRuleSetRuleAction5Properties | outputs.ses.MailManagerRuleSetRuleAction6Properties | outputs.ses.MailManagerRuleSetRuleAction7Properties | outputs.ses.MailManagerRuleSetRuleAction8Properties)[];
+        actions: (outputs.ses.MailManagerRuleSetRuleAction0Properties | outputs.ses.MailManagerRuleSetRuleAction1Properties | outputs.ses.MailManagerRuleSetRuleAction2Properties | outputs.ses.MailManagerRuleSetRuleAction3Properties | outputs.ses.MailManagerRuleSetRuleAction4Properties | outputs.ses.MailManagerRuleSetRuleAction5Properties | outputs.ses.MailManagerRuleSetRuleAction6Properties | outputs.ses.MailManagerRuleSetRuleAction7Properties | outputs.ses.MailManagerRuleSetRuleAction8Properties | outputs.ses.MailManagerRuleSetRuleAction9Properties)[];
         /**
          * The conditions of this rule. All conditions must match the email for the actions to be executed. An empty list of conditions means that all emails match, but are still subject to any "unless conditions"
          */
@@ -94992,6 +95159,9 @@ export declare namespace ses {
     interface MailManagerRuleSetRuleAction8Properties {
         deliverToQBusiness: outputs.ses.MailManagerRuleSetDeliverToQBusinessAction;
     }
+    interface MailManagerRuleSetRuleAction9Properties {
+        publishToSns: outputs.ses.MailManagerRuleSetSnsAction;
+    }
     interface MailManagerRuleSetRuleBooleanExpression {
         evaluate: outputs.ses.MailManagerRuleSetRuleBooleanToEvaluate0Properties | outputs.ses.MailManagerRuleSetRuleBooleanToEvaluate1Properties;
         operator: enums.ses.MailManagerRuleSetRuleBooleanOperator;
@@ -95076,6 +95246,13 @@ export declare namespace ses {
         actionFailurePolicy?: enums.ses.MailManagerRuleSetActionFailurePolicy;
         roleArn: string;
     }
+    interface MailManagerRuleSetSnsAction {
+        actionFailurePolicy?: enums.ses.MailManagerRuleSetActionFailurePolicy;
+        encoding?: enums.ses.MailManagerRuleSetSnsNotificationEncoding;
+        payloadType?: enums.ses.MailManagerRuleSetSnsNotificationPayloadType;
+        roleArn: string;
+        topicArn: string;
+    }
     interface MailManagerTrafficPolicyIngressAnalysis {
         analyzer: string;
         resultField: string;

package/types/output.js.map

@@ -1 +1 @@
-{"version":3,"file":"output.js","sourceRoot":"","sources":["../../types/output.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAm3lBjF,IAAiB,MAAM,CAgHtB;AAhHD,WAAiB,MAAM;IAoDnB;;OAEG;IACH,SAAgB,yBAAyB,CAAC,GAAe;;QACrD,uCACO,GAAG,KACN,qBAAqB,EAAE,MAAA,CAAC,GAAG,CAAC,qBAAqB,CAAC,mCAAI,CAAC,IACzD;IACN,CAAC;IALe,gCAAyB,4BAKxC,CAAA;AAoDL,CAAC,EAhHgB,MAAM,GAAN,cAAM,KAAN,cAAM,QAgHtB"}
+{"version":3,"file":"output.js","sourceRoot":"","sources":["../../types/output.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAo8lBjF,IAAiB,MAAM,CAgHtB;AAhHD,WAAiB,MAAM;IAoDnB;;OAEG;IACH,SAAgB,yBAAyB,CAAC,GAAe;;QACrD,uCACO,GAAG,KACN,qBAAqB,EAAE,MAAA,CAAC,GAAG,CAAC,qBAAqB,CAAC,mCAAI,CAAC,IACzD;IACN,CAAC;IALe,gCAAyB,4BAKxC,CAAA;AAoDL,CAAC,EAhHgB,MAAM,GAAN,cAAM,KAAN,cAAM,QAgHtB"}