@pulumi/aws-native 1.30.0-alpha.1749819116 → 1.30.0-alpha.1750076003

package/types/output.d.ts

@@ -6268,6 +6268,10 @@ export declare namespace athena {
          * Role used to access user resources in an Athena for Apache Spark session. This property applies only to Spark-enabled workgroups in Athena.
          */
         executionRole?: string;
+        /**
+         * The configuration for storing results in Athena owned storage, which includes whether this feature is enabled; whether encryption configuration, if any, is used for encrypting query results.
+         */
+        managedQueryResultsConfiguration?: outputs.athena.WorkGroupManagedQueryResultsConfiguration;
         /**
          * Indicates that the Amazon CloudWatch metrics are enabled for the workgroup.
          */
@@ -6291,6 +6295,7 @@ export declare namespace athena {
         enforceWorkGroupConfiguration?: boolean;
         engineVersion?: outputs.athena.WorkGroupEngineVersion;
         executionRole?: string;
+        managedQueryResultsConfiguration?: outputs.athena.WorkGroupManagedQueryResultsConfiguration;
         publishCloudWatchMetricsEnabled?: boolean;
         removeBytesScannedCutoffPerQuery?: boolean;
         removeCustomerContentEncryptionConfiguration?: boolean;
@@ -6334,6 +6339,25 @@ export declare namespace athena {
          */
         selectedEngineVersion?: string;
     }
+    /**
+     * The configuration for the managed query results and encryption option. ResultConfiguration and ManagedQueryResultsConfiguration cannot be set at the same time
+     */
+    interface WorkGroupManagedQueryResultsConfiguration {
+        /**
+         * If set to true, allows you to store query results in Athena owned storage. If set to false, workgroup member stores query results in location specified under `ResultConfiguration$OutputLocation` . The default is false. A workgroup cannot have the `ResultConfiguration$OutputLocation` parameter when you set this field to true.
+         */
+        enabled?: boolean;
+        /**
+         * If you encrypt query and calculation results in Athena owned storage, this field indicates the encryption option (for example, SSE_KMS or CSE_KMS) and key information.
+         */
+        encryptionConfiguration?: outputs.athena.WorkGroupManagedStorageEncryptionConfiguration;
+    }
+    /**
+     * Indicates the encryption configuration for Athena Managed Storage. If not setting this field, Managed Storage will encrypt the query results with Athena's encryption key
+     */
+    interface WorkGroupManagedStorageEncryptionConfiguration {
+        kmsKey?: string;
+    }
     /**
      * The location in Amazon S3 where query results are stored and the encryption option, if any, used for query results. These are known as "client-side settings". If workgroup settings override client-side settings, then the query uses the workgroup settings.
      */
@@ -23922,7 +23946,7 @@ export declare namespace dynamodb {
          */
         keySchema: outputs.dynamodb.TableKeySchema[];
         /**
-         * The maximum number of read and write units for the specified global secondary index. If you use this parameter, you must specify ``MaxReadRequestUnits``, ``MaxWriteRequestUnits``, or both.
+         * The maximum number of read and write units for the specified global secondary index. If you use this parameter, you must specify ``MaxReadRequestUnits``, ``MaxWriteRequestUnits``, or both. You must use either ``OnDemandThroughput`` or ``ProvisionedThroughput`` based on your table's capacity mode.
          */
         onDemandThroughput?: outputs.dynamodb.TableOnDemandThroughput;
         /**
@@ -23930,7 +23954,7 @@ export declare namespace dynamodb {
          */
         projection: outputs.dynamodb.TableProjection;
         /**
-         * Represents the provisioned throughput settings for the specified global secondary index.
+         * Represents the provisioned throughput settings for the specified global secondary index. You must use either ``OnDemandThroughput`` or ``ProvisionedThroughput`` based on your table's capacity mode.
          *  For current minimum and maximum provisioned throughput values, see [Service, Account, and Table Quotas](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html) in the *Amazon DynamoDB Developer Guide*.
          */
         provisionedThroughput?: outputs.dynamodb.TableProvisionedThroughput;
@@ -24188,6 +24212,12 @@ export declare namespace dynamodb {
     }
 }
 export declare namespace ec2 {
+    interface BlockPublicAccessStatesProperties {
+        /**
+         * The mode of VPC BPA. Options here are off, block-bidirectional, block-ingress
+         */
+        internetGatewayBlockMode?: string;
+    }
     interface CapacityReservationCapacityAllocation {
         /**
          * The usage type. `used` indicates that the instance capacity is in use by instances that are running in the Capacity Reservation.
@@ -32927,7 +32957,9 @@ export declare namespace entityresolution {
     }
     interface MatchingWorkflowIncrementalRunConfig {
         /**
-         * The type of incremental run. It takes only one value: `IMMEDIATE` .
+         * The type of incremental run. The only valid value is `IMMEDIATE` . This appears as "Automatic" in the console.
+         *
+         * > For workflows where `resolutionType` is `ML_MATCHING` , incremental processing is not supported.
          */
         incrementalRunType: enums.entityresolution.MatchingWorkflowIncrementalRunConfigIncrementalRunType;
     }
@@ -33886,61 +33918,178 @@ export declare namespace evidently {
     }
 }
 export declare namespace evs {
+    /**
+     * The connectivity configuration for the environment. Amazon EVS requires that you specify two route server peer IDs. During environment creation, the route server endpoints peer with the NSX uplink VLAN for connectivity to the NSX overlay network.
+     */
     interface ConnectivityInfoProperties {
+        /**
+         * The unique IDs for private route server peers.
+         */
         privateRouteServerPeerings: string[];
     }
     interface EnvironmentCheck {
+        /**
+         * The time when environment health began to be impaired.
+         */
         impairedSince?: string;
+        /**
+         * The check result.
+         */
         result: enums.evs.EnvironmentCheckResult;
+        /**
+         * The check type. Amazon EVS performs the following checks.
+         *
+         * - `KEY_REUSE` : checks that the VCF license key is not used by another Amazon EVS environment. This check fails if a used license is added to the environment.
+         * - `KEY_COVERAGE` : checks that your VCF license key allocates sufficient vCPU cores for all deployed hosts. The check fails when any assigned hosts in the EVS environment are not covered by license keys, or when any unassigned hosts cannot be covered by available vCPU cores in keys.
+         * - `REACHABILITY` : checks that the Amazon EVS control plane has a persistent connection to SDDC Manager. If Amazon EVS cannot reach the environment, this check fails.
+         * - `HOST_COUNT` : Checks that your environment has a minimum of 4 hosts, which is a requirement for VCF 5.2.1.
+         *
+         * If this check fails, you will need to add hosts so that your environment meets this minimum requirement. Amazon EVS only supports environments with 4-16 hosts.
+         */
         type: enums.evs.EnvironmentCheckType;
     }
     interface EnvironmentHostInfoForCreate {
+        /**
+         * The unique ID of the Amazon EC2 Dedicated Host.
+         */
         dedicatedHostId?: string;
+        /**
+         * The DNS hostname of the host. DNS hostnames for hosts must be unique across Amazon EVS environments and within VCF.
+         */
         hostName: string;
+        /**
+         * The EC2 instance type that represents the host.
+         */
         instanceType: enums.evs.EnvironmentHostInfoForCreateInstanceType;
+        /**
+         * The name of the SSH key that is used to access the host.
+         */
         keyName: string;
+        /**
+         * The unique ID of the placement group where the host is placed.
+         */
         placementGroupId?: string;
     }
     interface EnvironmentInitialVlanInfo {
+        /**
+         * The CIDR block that you provide to create an Amazon EVS VLAN subnet. Amazon EVS VLAN subnets have a minimum CIDR block size of /28 and a maximum size of /24. Amazon EVS VLAN subnet CIDR blocks must not overlap with other subnets in the VPC.
+         */
         cidr: string;
     }
     interface EnvironmentSecret {
+        /**
+         * The Amazon Resource Name (ARN) of the secret.
+         */
         secretArn?: string;
     }
     /**
      * The initial Vlan configuration only required upon creation. Modification after creation will have no effect
      */
     interface InitialVlansProperties {
+        /**
+         * The edge VTEP VLAN subnet. This VLAN subnet manages traffic flowing between the internal network and external networks, including internet access and other site connections.
+         */
         edgeVTep: outputs.evs.EnvironmentInitialVlanInfo;
+        /**
+         * An additional VLAN subnet that can be used to extend VCF capabilities once configured. For example, you can configure an expansion VLAN subnet to use NSX Federation for centralized management and synchronization of multiple NSX deployments across different locations.
+         */
         expansionVlan1: outputs.evs.EnvironmentInitialVlanInfo;
+        /**
+         * An additional VLAN subnet that can be used to extend VCF capabilities once configured. For example, you can configure an expansion VLAN subnet to use NSX Federation for centralized management and synchronization of multiple NSX deployments across different locations.
+         */
         expansionVlan2: outputs.evs.EnvironmentInitialVlanInfo;
+        /**
+         * The HCX VLAN subnet. This VLAN subnet allows the HCX Interconnnect (IX) and HCX Network Extension (NE) to reach their peers and enable HCX Service Mesh creation.
+         */
         hcx: outputs.evs.EnvironmentInitialVlanInfo;
+        /**
+         * The NSX uplink VLAN subnet. This VLAN subnet allows connectivity to the NSX overlay network.
+         */
         nsxUpLink: outputs.evs.EnvironmentInitialVlanInfo;
+        /**
+         * The vMotion VLAN subnet. This VLAN subnet carries traffic for vSphere vMotion.
+         */
         vMotion: outputs.evs.EnvironmentInitialVlanInfo;
+        /**
+         * The vSAN VLAN subnet. This VLAN subnet carries the communication between ESXi hosts to implement a vSAN shared storage pool.
+         */
         vSan: outputs.evs.EnvironmentInitialVlanInfo;
+        /**
+         * The VTEP VLAN subnet. This VLAN subnet handles internal network traffic between virtual machines within a VCF instance.
+         */
         vTep: outputs.evs.EnvironmentInitialVlanInfo;
+        /**
+         * The VM management VLAN subnet. This VLAN subnet carries traffic for vSphere virtual machines.
+         */
         vmManagement: outputs.evs.EnvironmentInitialVlanInfo;
+        /**
+         * The host VMkernel management VLAN subnet. This VLAN subnet carries traffic for managing ESXi hosts and communicating with VMware vCenter Server.
+         */
         vmkManagement: outputs.evs.EnvironmentInitialVlanInfo;
     }
     /**
      * The license information for an EVS environment
      */
     interface LicenseInfoProperties {
+        /**
+         * The VCF solution key. This license unlocks VMware VCF product features, including vSphere, NSX, SDDC Manager, and vCenter Server.
+         */
         solutionKey: string;
+        /**
+         * The VSAN license key. This license unlocks vSAN features.
+         */
         vsanKey: string;
     }
+    /**
+     * The security groups that allow traffic between the Amazon EVS control plane and your VPC for service access. If a security group is not specified, Amazon EVS uses the default security group in your account for service access.
+     */
     interface ServiceAccessSecurityGroupsProperties {
+        /**
+         * The security groups that allow service access.
+         */
         securityGroups?: string[];
     }
+    /**
+     * The DNS hostnames to be used by the VCF management appliances in your environment.
+     *
+     * For environment creation to be successful, each hostname entry must resolve to a domain name that you've registered in your DNS service of choice and configured in the DHCP option set of your VPC. DNS hostnames cannot be changed after environment creation has started.
+     */
     interface VcfHostnamesProperties {
+        /**
+         * The hostname for VMware Cloud Builder.
+         */
         cloudBuilder: string;
+        /**
+         * The VMware NSX hostname.
+         */
         nsx: string;
+        /**
+         * The hostname for the first NSX Edge node.
+         */
         nsxEdge1: string;
+        /**
+         * The hostname for the second NSX Edge node.
+         */
         nsxEdge2: string;
+        /**
+         * The hostname for the first VMware NSX Manager virtual machine (VM).
+         */
         nsxManager1: string;
+        /**
+         * The hostname for the second VMware NSX Manager virtual machine (VM).
+         */
         nsxManager2: string;
+        /**
+         * The hostname for the third VMware NSX Manager virtual machine (VM).
+         */
         nsxManager3: string;
+        /**
+         * The hostname for SDDC Manager.
+         */
         sddcManager: string;
+        /**
+         * The VMware vCenter hostname.
+         */
         vCenter: string;
     }
 }
@@ -46498,6 +46647,7 @@ export declare namespace lambda {
          * The identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see [Customizable consumer group ID](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-consumer-group-id).
          */
         consumerGroupId?: string;
+        schemaRegistryConfig?: outputs.lambda.EventSourceMappingSchemaRegistryConfig;
     }
     /**
      * A configuration object that specifies the destination of an event after Lambda processes it.
@@ -46562,7 +46712,7 @@ export declare namespace lambda {
         metrics?: enums.lambda.EventSourceMappingMetricsConfigMetricsItem[];
     }
     /**
-     * A destination for events that failed processing.
+     * A destination for events that failed processing. See [Capturing records of Lambda asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html) for more information.
      */
     interface EventSourceMappingOnFailure {
         /**
@@ -46594,6 +46744,40 @@ export declare namespace lambda {
          */
         maximumConcurrency?: number;
     }
+    interface EventSourceMappingSchemaRegistryAccessConfig {
+        /**
+         * The type of authentication Lambda uses to access your schema registry.
+         */
+        type?: enums.lambda.EventSourceMappingSchemaRegistryAccessConfigType;
+        /**
+         * The URI of the secret (Secrets Manager secret ARN) to authenticate with your schema registry.
+         */
+        uri?: string;
+    }
+    interface EventSourceMappingSchemaRegistryConfig {
+        /**
+         * An array of access configuration objects that tell Lambda how to authenticate with your schema registry.
+         */
+        accessConfigs?: outputs.lambda.EventSourceMappingSchemaRegistryAccessConfig[];
+        /**
+         * The record format that Lambda delivers to your function after schema validation.
+         */
+        eventRecordFormat?: enums.lambda.EventSourceMappingSchemaRegistryConfigEventRecordFormat;
+        /**
+         * The URI for your schema registry. The correct URI format depends on the type of schema registry you're using.
+         */
+        schemaRegistryUri?: string;
+        /**
+         * An array of schema validation configuration objects, which tell Lambda the message attributes you want to validate and filter using your schema registry.
+         */
+        schemaValidationConfigs?: outputs.lambda.EventSourceMappingSchemaValidationConfig[];
+    }
+    interface EventSourceMappingSchemaValidationConfig {
+        /**
+         * The attribute you want your schema registry to validate and filter for.
+         */
+        attribute?: enums.lambda.EventSourceMappingSchemaValidationConfigAttribute;
+    }
     /**
      * The self-managed Apache Kafka cluster for your event source.
      */
@@ -46608,9 +46792,10 @@ export declare namespace lambda {
      */
     interface EventSourceMappingSelfManagedKafkaEventSourceConfig {
         /**
-         * The identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see [Customizable consumer group ID](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-consumer-group-id).
+         * The identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see [Customizable consumer group ID](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka-process.html#services-smaa-topic-add).
          */
         consumerGroupId?: string;
+        schemaRegistryConfig?: outputs.lambda.EventSourceMappingSchemaRegistryConfig;
     }
     /**
      * An array of the authentication protocol, VPC components, or virtual host to secure and define your event source.
@@ -46618,15 +46803,15 @@ export declare namespace lambda {
     interface EventSourceMappingSourceAccessConfiguration {
         /**
          * The type of authentication protocol, VPC components, or virtual host for your event source. For example: ``"Type":"SASL_SCRAM_512_AUTH"``.
-         *   +   ``BASIC_AUTH`` – (Amazon MQ) The ASMlong secret that stores your broker credentials.
-         *   +   ``BASIC_AUTH`` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL/PLAIN authentication of your Apache Kafka brokers.
-         *   +   ``VPC_SUBNET`` – (Self-managed Apache Kafka) The subnets associated with your VPC. Lambda connects to these subnets to fetch data from your self-managed Apache Kafka cluster.
-         *   +   ``VPC_SECURITY_GROUP`` – (Self-managed Apache Kafka) The VPC security group used to manage access to your self-managed Apache Kafka brokers.
-         *   +   ``SASL_SCRAM_256_AUTH`` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-256 authentication of your self-managed Apache Kafka brokers.
-         *   +   ``SASL_SCRAM_512_AUTH`` – (Amazon MSK, Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-512 authentication of your self-managed Apache Kafka brokers.
-         *   +   ``VIRTUAL_HOST`` –- (RabbitMQ) The name of the virtual host in your RabbitMQ broker. Lambda uses this RabbitMQ host as the event source. This property cannot be specified in an UpdateEventSourceMapping API call.
-         *   +   ``CLIENT_CERTIFICATE_TLS_AUTH`` – (Amazon MSK, self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the certificate chain (X.509 PEM), private key (PKCS#8 PEM), and private key password (optional) used for mutual TLS authentication of your MSK/Apache Kafka brokers.
-         *   +   ``SERVER_ROOT_CA_CERTIFICATE`` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the root CA certificate (X.509 PEM) used for TLS encryption of your Apache Kafka brokers.
+         *   +  ``BASIC_AUTH`` – (Amazon MQ) The ASMlong secret that stores your broker credentials.
+         *   +  ``BASIC_AUTH`` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL/PLAIN authentication of your Apache Kafka brokers.
+         *   +  ``VPC_SUBNET`` – (Self-managed Apache Kafka) The subnets associated with your VPC. Lambda connects to these subnets to fetch data from your self-managed Apache Kafka cluster.
+         *   +  ``VPC_SECURITY_GROUP`` – (Self-managed Apache Kafka) The VPC security group used to manage access to your self-managed Apache Kafka brokers.
+         *   +  ``SASL_SCRAM_256_AUTH`` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-256 authentication of your self-managed Apache Kafka brokers.
+         *   +  ``SASL_SCRAM_512_AUTH`` – (Amazon MSK, Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL SCRAM-512 authentication of your self-managed Apache Kafka brokers.
+         *   +  ``VIRTUAL_HOST`` –- (RabbitMQ) The name of the virtual host in your RabbitMQ broker. Lambda uses this RabbitMQ host as the event source. This property cannot be specified in an UpdateEventSourceMapping API call.
+         *   +  ``CLIENT_CERTIFICATE_TLS_AUTH`` – (Amazon MSK, self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the certificate chain (X.509 PEM), private key (PKCS#8 PEM), and private key password (optional) used for mutual TLS authentication of your MSK/Apache Kafka brokers.
+         *   +  ``SERVER_ROOT_CA_CERTIFICATE`` – (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the root CA certificate (X.509 PEM) used for TLS encryption of your Apache Kafka brokers.
          */
         type?: enums.lambda.EventSourceMappingSourceAccessConfigurationType;
         /**
@@ -52085,7 +52270,21 @@ export declare namespace msk {
          */
         connectivityInfo?: outputs.msk.ClusterConnectivityInfo;
         /**
-         * The type of Amazon EC2 instances to use for brokers. The following instance types are allowed: kafka.m5.large, kafka.m5.xlarge, kafka.m5.2xlarge, kafka.m5.4xlarge, kafka.m5.8xlarge, kafka.m5.12xlarge, kafka.m5.16xlarge, kafka.m5.24xlarge, and kafka.t3.small.
+         * The type of Amazon EC2 instances to use for brokers. Depending on the [broker type](https://docs.aws.amazon.com/msk/latest/developerguide/broker-instance-types.html) , Amazon MSK supports the following broker sizes:
+         *
+         * *Standard broker sizes*
+         *
+         * - kafka.t3.small
+         *
+         * > You can't select the kafka.t3.small instance type when the metadata mode is KRaft.
+         * - kafka.m5.large, kafka.m5.xlarge, kafka.m5.2xlarge, kafka.m5.4xlarge, kafka.m5.8xlarge, kafka.m5.12xlarge, kafka.m5.16xlarge, kafka.m5.24xlarge
+         * - kafka.m7g.large, kafka.m7g.xlarge, kafka.m7g.2xlarge, kafka.m7g.4xlarge, kafka.m7g.8xlarge, kafka.m7g.12xlarge, kafka.m7g.16xlarge
+         *
+         * *Express broker sizes*
+         *
+         * - express.m7g.large, express.m7g.xlarge, express.m7g.2xlarge, express.m7g.4xlarge, express.m7g.8xlarge, express.m7g.12xlarge, express.m7g.16xlarge
+         *
+         * > Some broker sizes might not be available in certian AWS Regions. See the updated [Pricing tools](https://docs.aws.amazon.com/msk/pricing/) section on the Amazon MSK pricing page for the latest list of available instances by Region.
          */
         instanceType: string;
         /**
@@ -88054,7 +88253,7 @@ export declare namespace s3 {
          */
         httpErrorCodeReturnedEquals?: string;
         /**
-         * The object key name prefix when the redirect is applied. For example, to redirect requests for ``ExamplePage.html``, the key prefix will be ``ExamplePage.html``. To redirect request for all pages with the prefix ``docs/``, the key prefix will be ``/docs``, which identifies all objects in the docs/ folder.
+         * The object key name prefix when the redirect is applied. For example, to redirect requests for ``ExamplePage.html``, the key prefix will be ``ExamplePage.html``. To redirect request for all pages with the prefix ``docs/``, the key prefix will be ``docs/``, which identifies all objects in the docs/ folder.
          *  Required when the parent element ``Condition`` is specified and sibling ``HttpErrorCodeReturnedEquals`` is not specified. If both conditions are specified, both must be true for the redirect to be applied.
          */
         keyPrefixEquals?: string;
@@ -89922,6 +90121,10 @@ export declare namespace sagemaker {
          * The security groups for the Amazon Virtual Private Cloud that the Domain uses for communication between Domain-level apps and user apps.
          */
         securityGroupIds?: string[];
+        /**
+         * The settings that apply to an SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.
+         */
+        unifiedStudioSettings?: outputs.sagemaker.DomainUnifiedStudioSettings;
     }
     /**
      * Specifies options when sharing an Amazon SageMaker Studio notebook. These settings are specified as part of DefaultUserSettings when the CreateDomain API is called, and as part of UserSettings when the CreateUserProfile API is called.
@@ -89961,6 +90164,44 @@ export declare namespace sagemaker {
          */
         hiddenSageMakerImageVersionAliases?: outputs.sagemaker.DomainHiddenSageMakerImage[];
     }
+    /**
+     * A collection of settings that apply to an Amazon SageMaker AI domain when you use it in Amazon SageMaker Unified Studio.
+     */
+    interface DomainUnifiedStudioSettings {
+        /**
+         * The ID of the AWS account that has the Amazon SageMaker Unified Studio domain. The default value, if you don't specify an ID, is the ID of the account that has the Amazon SageMaker AI domain.
+         */
+        domainAccountId?: string;
+        /**
+         * The ID of the Amazon SageMaker Unified Studio domain associated with this domain.
+         */
+        domainId?: string;
+        /**
+         * The AWS Region where the domain is located in Amazon SageMaker Unified Studio. The default value, if you don't specify a Region, is the Region where the Amazon SageMaker AI domain is located.
+         */
+        domainRegion?: string;
+        /**
+         * The ID of the environment that Amazon SageMaker Unified Studio associates with the domain.
+         */
+        environmentId?: string;
+        /**
+         * The ID of the Amazon SageMaker Unified Studio project that corresponds to the domain.
+         */
+        projectId?: string;
+        /**
+         * The location where Amazon S3 stores temporary execution data and other artifacts for the project that corresponds to the domain.
+         */
+        projectS3Path?: string;
+        /**
+         * Sets whether you can access the domain in Amazon SageMaker Studio:
+         *
+         * ENABLED
+         * You can access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it in both studio interfaces.
+         * DISABLED
+         * You can't access the domain in Amazon SageMaker Studio. If you migrate the domain to Amazon SageMaker Unified Studio, you can access it only in that studio interface.
+         */
+        studioWebPortalAccess?: enums.sagemaker.DomainUnifiedStudioSettingsStudioWebPortalAccess;
+    }
     /**
      * A collection of settings that apply to users of Amazon SageMaker Studio. These settings are specified when the CreateUserProfile API is called, and as DefaultUserSettings when the CreateDomain API is called.
      */
@@ -98388,6 +98629,10 @@ export declare namespace wafv2 {
          */
         statements: outputs.wafv2.RuleGroupStatement[];
     }
+    interface RuleGroupAsnMatchStatement {
+        asnList?: number[];
+        forwardedIpConfig?: outputs.wafv2.RuleGroupForwardedIpConfiguration;
+    }
     /**
      * Block traffic towards application.
      */
@@ -99065,6 +99310,7 @@ export declare namespace wafv2 {
      * Specifies a single custom aggregate key for a rate-base rule.
      */
     interface RuleGroupRateBasedStatementCustomKey {
+        asn?: outputs.wafv2.RuleGroupRateLimitAsn;
         /**
          * Use the value of a cookie in the request as an aggregate key. Each distinct value in the cookie contributes to the aggregation instance. If you use a single cookie as your custom key, then each value fully defines an aggregation instance.
          */
@@ -99120,6 +99366,11 @@ export declare namespace wafv2 {
          */
         uriPath?: outputs.wafv2.RuleGroupRateLimitUriPath;
     }
+    /**
+     * Specifies the request's ASN as an aggregate key for a rate-based rule.
+     */
+    interface RuleGroupRateLimitAsn {
+    }
     /**
      * Specifies a cookie as an aggregate key for a rate-based rule.
      */
@@ -99388,6 +99639,7 @@ export declare namespace wafv2 {
          * A logical rule statement used to combine other rule statements with AND logic. You provide more than one `Statement` within the `AndStatement` .
          */
         andStatement?: outputs.wafv2.RuleGroupAndStatement;
+        asnMatchStatement?: outputs.wafv2.RuleGroupAsnMatchStatement;
         /**
          * A rule statement that defines a string match search for AWS WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want AWS WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the AWS WAF console and the developer guide, this is called a string match statement.
          */
@@ -99585,6 +99837,10 @@ export declare namespace wafv2 {
          */
         statements: outputs.wafv2.WebAclStatement[];
     }
+    interface WebAclAsnMatchStatement {
+        asnList?: number[];
+        forwardedIpConfig?: outputs.wafv2.WebAclForwardedIpConfiguration;
+    }
     /**
      * AssociationConfig for body inspection
      */
@@ -99637,6 +99893,13 @@ export declare namespace wafv2 {
          */
         responseInspection?: outputs.wafv2.WebAclResponseInspection;
     }
+    /**
+     * Configures how to use the AntiDDOS AWS managed rule group in the web ACL
+     */
+    interface WebAclAwsManagedRulesAntiDDoSRuleSet {
+        clientSideActionConfig: outputs.wafv2.WebAclClientSideActionConfig;
+        sensitivityToBlock?: enums.wafv2.WebAclSensitivityToAct;
+    }
     /**
      * Configures how to use the Account Takeover Prevention managed rule group in the web ACL
      */
@@ -99810,6 +100073,20 @@ export declare namespace wafv2 {
          */
         immunityTimeProperty?: outputs.wafv2.WebAclImmunityTimeProperty;
     }
+    /**
+     * Client side action config for AntiDDOS AMR.
+     */
+    interface WebAclClientSideAction {
+        exemptUriRegularExpressions?: outputs.wafv2.WebAclRegex[];
+        sensitivity?: enums.wafv2.WebAclSensitivityToAct;
+        usageOfAction: enums.wafv2.WebAclUsageOfAction;
+    }
+    /**
+     * Client side action config for AntiDDOS AMR.
+     */
+    interface WebAclClientSideActionConfig {
+        challenge: outputs.wafv2.WebAclClientSideAction;
+    }
     /**
      * The pattern to look for in the request cookies.
      */
@@ -100350,6 +100627,7 @@ export declare namespace wafv2 {
          * For information about using the ACFP managed rule group, see [AWS WAF Fraud Control account creation fraud prevention (ACFP) rule group](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-acfp.html) and [AWS WAF Fraud Control account creation fraud prevention (ACFP)](https://docs.aws.amazon.com/waf/latest/developerguide/waf-acfp.html) in the *AWS WAF Developer Guide* .
          */
         awsManagedRulesAcfpRuleSet?: outputs.wafv2.WebAclAwsManagedRulesAcfpRuleSet;
+        awsManagedRulesAntiDDoSRuleSet?: outputs.wafv2.WebAclAwsManagedRulesAntiDDoSRuleSet;
         /**
          * Additional configuration for using the account takeover prevention (ATP) managed rule group, `AWSManagedRulesATPRuleSet` . Use this to provide login request information to the rule group. For web ACLs that protect CloudFront distributions, use this to also provide the information about how your distribution responds to login requests.
          *
@@ -100417,6 +100695,12 @@ export declare namespace wafv2 {
          */
         statement: outputs.wafv2.WebAclStatement;
     }
+    /**
+     * Configures the options for on-source DDoS protection provided by supported resource type.
+     */
+    interface WebAclOnSourceDDoSProtectionConfig {
+        albLowReputationMode: enums.wafv2.WebAclOnSourceDDoSProtectionConfigAlbLowReputationMode;
+    }
     interface WebAclOrStatement {
         /**
          * The statements to combine with OR logic. You can use any statements that can be nested.
@@ -100498,6 +100782,7 @@ export declare namespace wafv2 {
      * Specifies a single custom aggregate key for a rate-base rule.
      */
     interface WebAclRateBasedStatementCustomKey {
+        asn?: outputs.wafv2.WebAclRateLimitAsn;
         /**
          * Use the value of a cookie in the request as an aggregate key. Each distinct value in the cookie contributes to the aggregation instance. If you use a single cookie as your custom key, then each value fully defines an aggregation instance.
          */
@@ -100553,6 +100838,11 @@ export declare namespace wafv2 {
          */
         uriPath?: outputs.wafv2.WebAclRateLimitUriPath;
     }
+    /**
+     * Specifies the request's ASN as an aggregate key for a rate-based rule.
+     */
+    interface WebAclRateLimitAsn {
+    }
     /**
      * Specifies a cookie as an aggregate key for a rate-based rule.
      */
@@ -100662,6 +100952,12 @@ export declare namespace wafv2 {
          */
         textTransformations: outputs.wafv2.WebAclTextTransformation[];
     }
+    /**
+     * Regex
+     */
+    interface WebAclRegex {
+        regexString?: string;
+    }
     interface WebAclRegexMatchStatement {
         /**
          * The part of the web request that you want AWS WAF to inspect.
@@ -101093,6 +101389,7 @@ export declare namespace wafv2 {
          * A logical rule statement used to combine other rule statements with AND logic. You provide more than one `Statement` within the `AndStatement` .
          */
         andStatement?: outputs.wafv2.WebAclAndStatement;
+        asnMatchStatement?: outputs.wafv2.WebAclAsnMatchStatement;
         /**
          * A rule statement that defines a string match search for AWS WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want AWS WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the AWS WAF console and the developer guide, this is called a string match statement.
          */

package/types/output.js.map

@@ -1 +1 @@
-{"version":3,"file":"output.js","sourceRoot":"","sources":["../../types/output.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAwvmBjF,IAAiB,MAAM,CAgHtB;AAhHD,WAAiB,MAAM;IAoDnB;;OAEG;IACH,SAAgB,yBAAyB,CAAC,GAAe;;QACrD,uCACO,GAAG,KACN,qBAAqB,EAAE,MAAA,CAAC,GAAG,CAAC,qBAAqB,CAAC,mCAAI,CAAC,IACzD;IACN,CAAC;IALe,gCAAyB,4BAKxC,CAAA;AAoDL,CAAC,EAhHgB,MAAM,GAAN,cAAM,KAAN,cAAM,QAgHtB"}
+{"version":3,"file":"output.js","sourceRoot":"","sources":["../../types/output.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAkxmBjF,IAAiB,MAAM,CAgHtB;AAhHD,WAAiB,MAAM;IAoDnB;;OAEG;IACH,SAAgB,yBAAyB,CAAC,GAAe;;QACrD,uCACO,GAAG,KACN,qBAAqB,EAAE,MAAA,CAAC,GAAG,CAAC,qBAAqB,CAAC,mCAAI,CAAC,IACzD;IACN,CAAC;IALe,gCAAyB,4BAKxC,CAAA;AAoDL,CAAC,EAhHgB,MAAM,GAAN,cAAM,KAAN,cAAM,QAgHtB"}

package/wafv2/getWebAcl.d.ts

@@ -87,9 +87,9 @@ export interface GetWebAclResult {
      */
     readonly labelNamespace?: string;
     /**
-     * Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::WAFv2::WebACL` for more information about the expected schema for this property.
+     * Configures the level of DDoS protection that applies to web ACLs associated with Application Load Balancers.
      */
-    readonly onSourceDDoSProtectionConfig?: any;
+    readonly onSourceDDoSProtectionConfig?: outputs.wafv2.WebAclOnSourceDDoSProtectionConfig;
     /**
      * Collection of Rules.
      */

package/wafv2/webAcl.d.ts

@@ -87,9 +87,9 @@ export declare class WebAcl extends pulumi.CustomResource {
      */
     readonly name: pulumi.Output<string | undefined>;
     /**
-     * Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::WAFv2::WebACL` for more information about the expected schema for this property.
+     * Configures the level of DDoS protection that applies to web ACLs associated with Application Load Balancers.
      */
-    readonly onSourceDDoSProtectionConfig: pulumi.Output<any | undefined>;
+    readonly onSourceDDoSProtectionConfig: pulumi.Output<outputs.wafv2.WebAclOnSourceDDoSProtectionConfig | undefined>;
     /**
      * Collection of Rules.
      */
@@ -174,9 +174,9 @@ export interface WebAclArgs {
      */
     name?: pulumi.Input<string>;
     /**
-     * Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::WAFv2::WebACL` for more information about the expected schema for this property.
+     * Configures the level of DDoS protection that applies to web ACLs associated with Application Load Balancers.
      */
-    onSourceDDoSProtectionConfig?: any;
+    onSourceDDoSProtectionConfig?: pulumi.Input<inputs.wafv2.WebAclOnSourceDDoSProtectionConfigArgs>;
     /**
      * Collection of Rules.
      */