@pulumi/aws-native 1.31.0-alpha.1750420541 → 1.31.0-alpha.1750422093

package/types/output.d.ts

@@ -61,6 +61,7 @@ export declare namespace accessanalyzer {
      * The configuration for the analyzer
      */
     interface AnalyzerConfigurationProperties {
+        internalAccessConfiguration?: outputs.accessanalyzer.AnalyzerInternalAccessConfiguration;
         /**
          * Specifies the configuration of an unused access analyzer for an AWS organization or account.
          */
@@ -88,6 +89,41 @@ export declare namespace accessanalyzer {
          */
         property: string;
     }
+    /**
+     * The criteria for an analysis rule for an internal access analyzer.
+     */
+    interface AnalyzerInternalAccessAnalysisRuleCriteria {
+        /**
+         * A list of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers and cannot include the organization owner account.
+         */
+        accountIds?: string[];
+        /**
+         * A list of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.
+         */
+        resourceArns?: string[];
+        /**
+         * A list of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types.
+         */
+        resourceTypes?: string[];
+    }
+    /**
+     * Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates internal access within your AWS environment.
+     */
+    interface AnalyzerInternalAccessConfiguration {
+        /**
+         * Contains information about analysis rules for the internal access analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.
+         */
+        internalAccessAnalysisRule?: outputs.accessanalyzer.AnalyzerInternalAccessConfigurationInternalAccessAnalysisRuleProperties;
+    }
+    /**
+     * Contains information about analysis rules for the internal access analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.
+     */
+    interface AnalyzerInternalAccessConfigurationInternalAccessAnalysisRuleProperties {
+        /**
+         * A list of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings.
+         */
+        inclusions?: outputs.accessanalyzer.AnalyzerInternalAccessAnalysisRuleCriteria[];
+    }
     /**
      * A key-value pair to associate with a resource.
      */
@@ -763,6 +799,24 @@ export declare namespace amplify {
          */
         value: string;
     }
+    interface AppJobConfig {
+        /**
+         * Specifies the size of the build instance. Amplify supports three instance sizes: `STANDARD_8GB` , `LARGE_16GB` , and `XLARGE_72GB` . If you don't specify a value, Amplify uses the `STANDARD_8GB` default.
+         *
+         * The following list describes the CPU, memory, and storage capacity for each build instance type:
+         *
+         * - **STANDARD_8GB** - - vCPUs: 4
+         * - Memory: 8 GiB
+         * - Disk space: 128 GB
+         * - **LARGE_16GB** - - vCPUs: 8
+         * - Memory: 16 GiB
+         * - Disk space: 128 GB
+         * - **XLARGE_72GB** - - vCPUs: 36
+         * - Memory: 72 GiB
+         * - Disk space: 256 GB
+         */
+        buildComputeType: enums.amplify.AppJobConfigBuildComputeType;
+    }
     interface BranchBackend {
         /**
          * The Amazon Resource Name (ARN) for the AWS CloudFormation stack.
@@ -12176,6 +12230,15 @@ export declare namespace bedrock {
          */
         filtersConfig: outputs.bedrock.GuardrailContextualGroundingFilterConfig[];
     }
+    /**
+     * The system-defined guardrail profile that you’re using with your guardrail
+     */
+    interface GuardrailCrossRegionConfig {
+        /**
+         * The Amazon Resource Name (ARN) of the guardrail profile
+         */
+        guardrailProfileArn: string;
+    }
     /**
      * A managed words config.
      */
@@ -13951,7 +14014,7 @@ export declare namespace cleanrooms {
          *
          * *Allowed Values* : `CAN_QUERY` | `CAN_RECEIVE_RESULTS`
          */
-        memberAbilities: enums.cleanrooms.CollaborationMemberAbility[];
+        memberAbilities?: enums.cleanrooms.CollaborationMemberAbility[];
         /**
          * The ML abilities granted to the collaboration member.
          */
@@ -18838,6 +18901,12 @@ export declare namespace connect {
          */
         requiredFields?: outputs.connect.TaskTemplateRequiredFieldInfo[];
     }
+    interface EvaluationFormAutoEvaluationConfiguration {
+        /**
+         * Auto Evaluation enablement status.
+         */
+        enabled?: boolean;
+    }
     /**
      * An item at the root level. All items must be sections.
      */
@@ -18864,10 +18933,11 @@ export declare namespace connect {
      * Information about the automation configuration in numeric questions.
      */
     interface EvaluationFormNumericQuestionAutomation {
+        answerSource?: any;
         /**
          * The property value of the automation.
          */
-        propertyValue: outputs.connect.EvaluationFormNumericQuestionPropertyValueAutomation;
+        propertyValue?: outputs.connect.EvaluationFormNumericQuestionPropertyValueAutomation;
     }
     /**
      * Information about the option range used for scoring in numeric questions.
@@ -19979,6 +20049,7 @@ export declare namespace connectcampaignsv2 {
          * The CommunicationLimits that apply to all channel subtypes defined in an outbound campaign.
          */
         allChannelsSubtypes?: outputs.connectcampaignsv2.CampaignCommunicationLimits;
+        instanceLimitsHandling?: enums.connectcampaignsv2.CampaignInstanceLimitsHandling;
     }
     /**
      * Campaign communication time config
@@ -20322,6 +20393,14 @@ export declare namespace customerprofiles {
      * The relative time period over which data is included in the aggregation.
      */
     interface CalculatedAttributeDefinitionRange {
+        /**
+         * The format the timestamp field in your JSON object is specified. This value should be one of EPOCHMILLI or ISO_8601. E.g. if your object type is MyType and source JSON is {"generatedAt": {"timestamp": "2001-07-04T12:08:56.235Z"}}, then TimestampFormat should be "ISO_8601".
+         */
+        timestampFormat?: string;
+        /**
+         * An expression specifying the field in your JSON object from which the date should be parsed. The expression should follow the structure of \"{ObjectTypeName.<Location of timestamp field in JSON pointer format>}\". E.g. if your object type is MyType and source JSON is {"generatedAt": {"timestamp": "1737587945945"}}, then TimestampSource should be "{MyType.generatedAt.timestamp}".
+         */
+        timestampSource?: string;
         /**
          * The unit of time.
          */
@@ -20329,7 +20408,21 @@ export declare namespace customerprofiles {
         /**
          * The amount of time of the specified unit.
          */
-        value: number;
+        value?: number;
+        valueRange?: outputs.customerprofiles.CalculatedAttributeDefinitionValueRange;
+    }
+    /**
+     * The readiness status of the calculated attribute.
+     */
+    interface CalculatedAttributeDefinitionReadiness {
+        /**
+         * Any information pertaining to the status of the calculated attribute if required.
+         */
+        message?: string;
+        /**
+         * The progress percentage for including historical data in your calculated attribute.
+         */
+        progressPercentage?: number;
     }
     /**
      * The threshold for the calculated attribute.
@@ -20344,6 +20437,19 @@ export declare namespace customerprofiles {
          */
         value: string;
     }
+    /**
+     * A structure specifying the endpoints of the relative time period over which data is included in the aggregation.
+     */
+    interface CalculatedAttributeDefinitionValueRange {
+        /**
+         * The ending point for this range. Positive numbers indicate how many days in the past data should be included, and negative numbers indicate how many days in the future.
+         */
+        end: number;
+        /**
+         * The starting point for this range. Positive numbers indicate how many days in the past data should be included, and negative numbers indicate how many days in the future.
+         */
+        start: number;
+    }
     /**
      * Details regarding the Kinesis stream.
      */
@@ -20990,6 +21096,7 @@ export declare namespace customerprofiles {
         partyTypeString?: outputs.customerprofiles.SegmentDefinitionProfileDimension;
         personalEmailAddress?: outputs.customerprofiles.SegmentDefinitionProfileDimension;
         phoneNumber?: outputs.customerprofiles.SegmentDefinitionProfileDimension;
+        profileType?: outputs.customerprofiles.SegmentDefinitionProfileTypeDimension;
         shippingAddress?: outputs.customerprofiles.SegmentDefinitionAddressDimension;
     }
     /**
@@ -20999,16 +21106,23 @@ export declare namespace customerprofiles {
         dimensionType: enums.customerprofiles.SegmentDefinitionStringDimensionType;
         values: string[];
     }
+    /**
+     * Specifies profile type based criteria for a segment.
+     */
+    interface SegmentDefinitionProfileTypeDimension {
+        dimensionType: enums.customerprofiles.SegmentDefinitionProfileTypeDimensionType;
+        values: enums.customerprofiles.SegmentDefinitionProfileType[];
+    }
     /**
      * Defines the range to be applied to the calculated attribute definition.
      */
     interface SegmentDefinitionRangeOverride {
         /**
-         * The ending point for this overridden range.
+         * The ending point for this overridden range. Positive numbers indicate how many days in the past data should be included, and negative numbers indicate how many days in the future.
          */
         end?: number;
         /**
-         * The starting point for this overridden range.
+         * The starting point for this overridden range. Positive numbers indicate how many days in the past data should be included, and negative numbers indicate how many days in the future.
          */
         start: number;
         /**
@@ -25846,18 +25960,14 @@ export declare namespace ec2 {
          */
         throughput?: number;
         /**
-         * Specifies the Amazon EBS Provisioned Rate for Volume Initialization (volume initialization rate), in MiB/s, at which to download the snapshot blocks from Amazon S3 to the volume. This is also known as *volume initialization* . Specifying a volume initialization rate ensures that the volume is initialized at a predictable and consistent rate after creation.
-         *
-         * This parameter is supported only for volumes created from snapshots. Omit this parameter if:
-         *
-         * - You want to create the volume using fast snapshot restore. You must specify a snapshot that is enabled for fast snapshot restore. In this case, the volume is fully initialized at creation.
-         *
-         * > If you specify a snapshot that is enabled for fast snapshot restore and a volume initialization rate, the volume will be initialized at the specified rate instead of fast snapshot restore.
-         * - You want to create a volume that is initialized at the default rate.
+         * Specifies the Amazon EBS Provisioned Rate for Volume Initialization (volume initialization rate), in MiB/s, at which to download the snapshot blocks from Amazon S3 to the volume. This is also known as *volume initialization*. Specifying a volume initialization rate ensures that the volume is initialized at a predictable and consistent rate after creation.
+         *  This parameter is supported only for volumes created from snapshots. Omit this parameter if:
+         *   +  You want to create the volume using fast snapshot restore. You must specify a snapshot that is enabled for fast snapshot restore. In this case, the volume is fully initialized at creation.
+         *   If you specify a snapshot that is enabled for fast snapshot restore and a volume initialization rate, the volume will be initialized at the specified rate instead of fast snapshot restore.
+         *    +  You want to create a volume that is initialized at the default rate.
          *
-         * For more information, see [Initialize Amazon EBS volumes](https://docs.aws.amazon.com/ebs/latest/userguide/initalize-volume.html) in the *Amazon EC2 User Guide* .
-         *
-         * Valid range: 100 - 300 MiB/s
+         *  For more information, see [Initialize Amazon EBS volumes](https://docs.aws.amazon.com/ebs/latest/userguide/initalize-volume.html) in the *Amazon EC2 User Guide*.
+         *  Valid range: 100 - 300 MiB/s
          */
         volumeInitializationRate?: number;
         /**
@@ -38377,6 +38487,9 @@ export declare namespace inspectorv2 {
          * Details of the AWS account IDs used to filter findings.
          */
         awsAccountId?: outputs.inspectorv2.FilterStringFilter[];
+        codeVulnerabilityDetectorName?: outputs.inspectorv2.FilterStringFilter[];
+        codeVulnerabilityDetectorTags?: outputs.inspectorv2.FilterStringFilter[];
+        codeVulnerabilityFilePath?: outputs.inspectorv2.FilterStringFilter[];
         /**
          * Details of the component IDs used to filter findings.
          */
@@ -38421,6 +38534,8 @@ export declare namespace inspectorv2 {
          * The tags attached to the Amazon ECR container image.
          */
         ecrImageTags?: outputs.inspectorv2.FilterStringFilter[];
+        epssScore?: outputs.inspectorv2.FilterNumberFilter[];
+        exploitAvailable?: outputs.inspectorv2.FilterStringFilter[];
         /**
          * Details on the finding ARNs used to filter findings.
          */
@@ -38437,10 +38552,16 @@ export declare namespace inspectorv2 {
          * Details on the date and time a finding was first seen used to filter findings.
          */
         firstObservedAt?: outputs.inspectorv2.FilterDateFilter[];
+        fixAvailable?: outputs.inspectorv2.FilterStringFilter[];
         /**
          * The Amazon Inspector score to filter on.
          */
         inspectorScore?: outputs.inspectorv2.FilterNumberFilter[];
+        lambdaFunctionExecutionRoleArn?: outputs.inspectorv2.FilterStringFilter[];
+        lambdaFunctionLastModifiedAt?: outputs.inspectorv2.FilterDateFilter[];
+        lambdaFunctionLayers?: outputs.inspectorv2.FilterStringFilter[];
+        lambdaFunctionName?: outputs.inspectorv2.FilterStringFilter[];
+        lambdaFunctionRuntime?: outputs.inspectorv2.FilterStringFilter[];
         /**
          * Details on the date and time a finding was last seen used to filter findings.
          */
@@ -38514,8 +38635,10 @@ export declare namespace inspectorv2 {
     interface FilterPackageFilter {
         architecture?: outputs.inspectorv2.FilterStringFilter;
         epoch?: outputs.inspectorv2.FilterNumberFilter;
+        filePath?: outputs.inspectorv2.FilterStringFilter;
         name?: outputs.inspectorv2.FilterStringFilter;
         release?: outputs.inspectorv2.FilterStringFilter;
+        sourceLambdaLayerArn?: outputs.inspectorv2.FilterStringFilter;
         sourceLayerHash?: outputs.inspectorv2.FilterStringFilter;
         version?: outputs.inspectorv2.FilterStringFilter;
     }
@@ -46650,7 +46773,7 @@ export declare namespace lambda {
         schemaRegistryConfig?: outputs.lambda.EventSourceMappingSchemaRegistryConfig;
     }
     /**
-     * A configuration object that specifies the destination of an event after Lambda processes it.
+     * A configuration object that specifies the destination of an event after Lambda processes it. For more information, see [Adding a destination](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html#invocation-async-destinations).
      */
     interface EventSourceMappingDestinationConfig {
         /**
@@ -46712,7 +46835,7 @@ export declare namespace lambda {
         metrics?: enums.lambda.EventSourceMappingMetricsConfigMetricsItem[];
     }
     /**
-     * A destination for events that failed processing. See [Capturing records of Lambda asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html) for more information.
+     * A destination for events that failed processing. For more information, see [Adding a destination](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html#invocation-async-destinations).
      */
     interface EventSourceMappingOnFailure {
         /**
@@ -46745,37 +46868,16 @@ export declare namespace lambda {
         maximumConcurrency?: number;
     }
     interface EventSourceMappingSchemaRegistryAccessConfig {
-        /**
-         * The type of authentication Lambda uses to access your schema registry.
-         */
         type?: enums.lambda.EventSourceMappingSchemaRegistryAccessConfigType;
-        /**
-         * The URI of the secret (Secrets Manager secret ARN) to authenticate with your schema registry.
-         */
         uri?: string;
     }
     interface EventSourceMappingSchemaRegistryConfig {
-        /**
-         * An array of access configuration objects that tell Lambda how to authenticate with your schema registry.
-         */
         accessConfigs?: outputs.lambda.EventSourceMappingSchemaRegistryAccessConfig[];
-        /**
-         * The record format that Lambda delivers to your function after schema validation.
-         */
         eventRecordFormat?: enums.lambda.EventSourceMappingSchemaRegistryConfigEventRecordFormat;
-        /**
-         * The URI for your schema registry. The correct URI format depends on the type of schema registry you're using.
-         */
         schemaRegistryUri?: string;
-        /**
-         * An array of schema validation configuration objects, which tell Lambda the message attributes you want to validate and filter using your schema registry.
-         */
         schemaValidationConfigs?: outputs.lambda.EventSourceMappingSchemaValidationConfig[];
     }
     interface EventSourceMappingSchemaValidationConfig {
-        /**
-         * The attribute you want your schema registry to validate and filter for.
-         */
         attribute?: enums.lambda.EventSourceMappingSchemaValidationConfigAttribute;
     }
     /**
@@ -52034,6 +52136,16 @@ export declare namespace mediatailor {
          */
         enabled?: boolean;
     }
+    interface PlaybackConfigurationAdsInteractionLog {
+        /**
+         * Indicates that MediaTailor won't emit the selected events in the logs for playback sessions that are initialized with this configuration.
+         */
+        excludeEventTypes?: string[];
+        /**
+         * Indicates that MediaTailor emits RAW_ADS_RESPONSE logs for playback sessions that are initialized with this configuration.
+         */
+        publishOptInEventTypes?: string[];
+    }
     /**
      * The configuration for avail suppression, also known as ad suppression. For more information about ad suppression, see Ad Suppression (https://docs.aws.amazon.com/mediatailor/latest/ug/ad-behavior.html).
      */
@@ -52113,6 +52225,24 @@ export declare namespace mediatailor {
          */
         maxDurationSeconds?: number;
     }
+    interface PlaybackConfigurationLogConfiguration {
+        /**
+         * The event types that MediaTailor emits in logs for interactions with the ADS.
+         */
+        adsInteractionLog?: outputs.mediatailor.PlaybackConfigurationAdsInteractionLog;
+        /**
+         * The method used for collecting logs from AWS Elemental MediaTailor. To configure MediaTailor to send logs directly to Amazon CloudWatch Logs, choose LEGACY_CLOUDWATCH. To configure MediaTailor to send logs to CloudWatch, which then vends the logs to your destination of choice, choose VENDED_LOGS. Supported destinations are CloudWatch Logs log group, Amazon S3 bucket, and Amazon Data Firehose stream. To use vended logs, you must configure the delivery destination in Amazon CloudWatch
+         */
+        enabledLoggingStrategies?: string[];
+        /**
+         * The event types that MediaTailor emits in logs for interactions with the origin server.
+         */
+        manifestServiceInteractionLog?: outputs.mediatailor.PlaybackConfigurationManifestServiceInteractionLog;
+        /**
+         * The percentage of session logs that MediaTailor sends to your CloudWatch Logs account. For example, if your playback configuration has 1000 sessions and percentEnabled is set to 60, MediaTailor sends logs for 600 of the sessions to CloudWatch Logs. MediaTailor decides at random which of the playback configuration sessions to send logs for. If you want to view logs for a specific session, you can use the debug log mode.
+         */
+        percentEnabled: number;
+    }
     /**
      * The configuration for manifest processing rules. Manifest processing rules enable customization of the personalized manifests created by MediaTailor.
      */
@@ -52122,6 +52252,12 @@ export declare namespace mediatailor {
          */
         adMarkerPassthrough?: outputs.mediatailor.PlaybackConfigurationAdMarkerPassthrough;
     }
+    interface PlaybackConfigurationManifestServiceInteractionLog {
+        /**
+         * Indicates that MediaTailor won't emit the selected events in the logs for playback sessions that are initialized with this configuration.
+         */
+        excludeEventTypes?: string[];
+    }
     /**
      * <p>Access configuration parameters.</p>
      */
@@ -53364,7 +53500,7 @@ export declare namespace networkfirewall {
          * - You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
          * - You can't use certificates issued by AWS Private Certificate Authority .
          *
-         * For more information about configuring certificates for outbound inspection, see [Using SSL/TLS certificates with certificates with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html) in the *AWS Network Firewall Developer Guide* .
+         * For more information about configuring certificates for outbound inspection, see [Using SSL/TLS certificates with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html) in the *AWS Network Firewall Developer Guide* .
          *
          * For information about working with certificates in ACM, see [Importing certificates](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *AWS Certificate Manager User Guide* .
          */
@@ -86139,6 +86275,18 @@ export declare namespace redshiftserverless {
          */
         snapshotRetentionPeriod?: number;
     }
+    interface Snapshot {
+        adminUsername?: string;
+        kmsKeyId?: string;
+        namespaceArn?: string;
+        namespaceName?: string;
+        ownerAccount?: string;
+        retentionPeriod?: number;
+        snapshotArn?: string;
+        snapshotCreateTime?: string;
+        snapshotName?: string;
+        status?: enums.redshiftserverless.SnapshotStatus;
+    }
     interface Workgroup {
         /**
          * The base data warehouse capacity of the workgroup in Redshift Processing Units (RPUs).
@@ -94205,6 +94353,209 @@ export declare namespace securityhub {
          */
         value: string;
     }
+    /**
+     * Allows you to configure automated responses
+     */
+    interface AutomationRuleV2AutomationRulesActionV2 {
+        externalIntegrationConfiguration?: outputs.securityhub.AutomationRuleV2ExternalIntegrationConfiguration;
+        findingFieldsUpdate?: outputs.securityhub.AutomationRuleV2AutomationRulesFindingFieldsUpdateV2;
+        /**
+         * The category of action to be executed by the automation rule
+         */
+        type: enums.securityhub.AutomationRuleV2AutomationRulesActionV2Type;
+    }
+    /**
+     * The changes to be applied to fields in a security finding when an automation rule is triggered
+     */
+    interface AutomationRuleV2AutomationRulesFindingFieldsUpdateV2 {
+        /**
+         * Notes or contextual information for findings that are modified by the automation rule
+         */
+        comment?: string;
+        /**
+         * The severity level to be assigned to findings that match the automation rule criteria
+         */
+        severityId?: number;
+        /**
+         * The status to be applied to findings that match automation rule criteria
+         */
+        statusId?: number;
+    }
+    /**
+     * Boolean filter for querying findings
+     */
+    interface AutomationRuleV2BooleanFilter {
+        /**
+         * The value of the boolean
+         */
+        value: boolean;
+    }
+    /**
+     * Enables the creation of filtering criteria for security findings
+     */
+    interface AutomationRuleV2CompositeFilter {
+        /**
+         * Enables filtering based on boolean field values
+         */
+        booleanFilters?: outputs.securityhub.AutomationRuleV2OcsfBooleanFilter[];
+        /**
+         * Enables filtering based on date and timestamp fields
+         */
+        dateFilters?: outputs.securityhub.AutomationRuleV2OcsfDateFilter[];
+        /**
+         * Enables filtering based on map field value
+         */
+        mapFilters?: outputs.securityhub.AutomationRuleV2OcsfMapFilter[];
+        /**
+         * Enables filtering based on numerical field values
+         */
+        numberFilters?: outputs.securityhub.AutomationRuleV2OcsfNumberFilter[];
+        operator?: enums.securityhub.AutomationRuleV2AllowedOperators;
+        /**
+         * Enables filtering based on string field values
+         */
+        stringFilters?: outputs.securityhub.AutomationRuleV2OcsfStringFilter[];
+    }
+    /**
+     * Defines the parameters and conditions used to evaluate and filter security findings
+     */
+    interface AutomationRuleV2Criteria {
+        ocsfFindingCriteria?: outputs.securityhub.AutomationRuleV2OcsfFindingFilters;
+    }
+    /**
+     * A date filter for querying findings
+     */
+    interface AutomationRuleV2DateFilter {
+        dateRange?: outputs.securityhub.AutomationRuleV2DateRange;
+        end?: string;
+        start?: string;
+    }
+    /**
+     * A date range for the date filter
+     */
+    interface AutomationRuleV2DateRange {
+        /**
+         * A date range unit for the date filter
+         */
+        unit: enums.securityhub.AutomationRuleV2DateRangeUnit;
+        /**
+         * A date range value for the date filter
+         */
+        value: number;
+    }
+    /**
+     * The settings for integrating automation rule actions with external systems or service
+     */
+    interface AutomationRuleV2ExternalIntegrationConfiguration {
+        /**
+         * The ARN of the connector that establishes the integration
+         */
+        connectorArn?: string;
+    }
+    /**
+     * A map filter for filtering findings
+     */
+    interface AutomationRuleV2MapFilter {
+        /**
+         * The condition to apply to the key value when filtering findings with a map filter
+         */
+        comparison: enums.securityhub.AutomationRuleV2MapFilterComparison;
+        /**
+         * The key of the map filter
+         */
+        key: string;
+        /**
+         * The value for the key in the map filter
+         */
+        value: string;
+    }
+    /**
+     * A number filter for querying findings
+     */
+    interface AutomationRuleV2NumberFilter {
+        /**
+         * The equal-to condition to be applied to a single field when querying for findings
+         */
+        eq?: number;
+        /**
+         * The greater-than-equal condition to be applied to a single field when querying for findings
+         */
+        gte?: number;
+        /**
+         * The less-than-equal condition to be applied to a single field when querying for findings
+         */
+        lte?: number;
+    }
+    /**
+     * Enables filtering of security findings based on boolean field values in OCSF
+     */
+    interface AutomationRuleV2OcsfBooleanFilter {
+        /**
+         * The name of the field
+         */
+        fieldName: enums.securityhub.AutomationRuleV2OcsfBooleanFilterFieldName;
+        filter: outputs.securityhub.AutomationRuleV2BooleanFilter;
+    }
+    /**
+     * Enables filtering of security findings based on date and timestamp fields in OCSF
+     */
+    interface AutomationRuleV2OcsfDateFilter {
+        /**
+         * The name of the field
+         */
+        fieldName: enums.securityhub.AutomationRuleV2OcsfDateFilterFieldName;
+        filter: outputs.securityhub.AutomationRuleV2DateFilter;
+    }
+    /**
+     * The filtering conditions that align with OCSF standards
+     */
+    interface AutomationRuleV2OcsfFindingFilters {
+        /**
+         * Enables the creation of complex filtering conditions by combining filter
+         */
+        compositeFilters?: outputs.securityhub.AutomationRuleV2CompositeFilter[];
+        compositeOperator?: enums.securityhub.AutomationRuleV2AllowedOperators;
+    }
+    /**
+     * Enables filtering of security findings based on map field values in OCSF
+     */
+    interface AutomationRuleV2OcsfMapFilter {
+        /**
+         * The name of the field
+         */
+        fieldName: enums.securityhub.AutomationRuleV2OcsfMapFilterFieldName;
+        filter: outputs.securityhub.AutomationRuleV2MapFilter;
+    }
+    /**
+     * Enables filtering of security findings based on numerical field values in OCSF
+     */
+    interface AutomationRuleV2OcsfNumberFilter {
+        /**
+         * The name of the field
+         */
+        fieldName: enums.securityhub.AutomationRuleV2OcsfNumberFilterFieldName;
+        filter: outputs.securityhub.AutomationRuleV2NumberFilter;
+    }
+    /**
+     * Enables filtering of security findings based on string field values in OCSF
+     */
+    interface AutomationRuleV2OcsfStringFilter {
+        fieldName: enums.securityhub.AutomationRuleV2OcsfStringField;
+        filter: outputs.securityhub.AutomationRuleV2StringFilter;
+    }
+    /**
+     * A string filter for filtering findings
+     */
+    interface AutomationRuleV2StringFilter {
+        /**
+         * The condition to apply to a string value when filtering findings
+         */
+        comparison: enums.securityhub.AutomationRuleV2StringFilterComparison;
+        /**
+         * The string filter value
+         */
+        value: string;
+    }
     /**
      * Used to update information about the investigation into the finding.
      */
@@ -95121,7 +95472,7 @@ export declare namespace securityhub {
          * - `ResourceType NOT_EQUALS AwsIamPolicy`
          * - `ResourceType NOT_EQUALS AwsEc2NetworkInterface`
          *
-         * `CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *AWS Security Hub User Guide* .
+         * `CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules V1. `CONTAINS_WORD` operator is only supported in `GetFindingsV2` , `GetFindingStatisticsV2` , `GetResourcesV2` , and `GetResourceStatisticsV2` APIs. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *AWS Security Hub User Guide* .
          */
         comparison: enums.securityhub.InsightStringFilterComparison;
         /**
@@ -97330,6 +97681,10 @@ export declare namespace synthetics {
         environmentVariables?: {
             [key: string]: string;
         };
+        /**
+         * Provide ephemeralStorage available for canary in MB
+         */
+        ephemeralStorage?: number;
         /**
          * Provide maximum memory available for canary in MB
          */
@@ -98630,7 +98985,13 @@ export declare namespace wafv2 {
         statements: outputs.wafv2.RuleGroupStatement[];
     }
     interface RuleGroupAsnMatchStatement {
+        /**
+         * Contains one or more Autonomous System Numbers (ASNs). ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
+         */
         asnList?: number[];
+        /**
+         * The configuration for inspecting IP addresses to match against an ASN in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.
+         */
         forwardedIpConfig?: outputs.wafv2.RuleGroupForwardedIpConfiguration;
     }
     /**
@@ -99310,6 +99671,9 @@ export declare namespace wafv2 {
      * Specifies a single custom aggregate key for a rate-base rule.
      */
     interface RuleGroupRateBasedStatementCustomKey {
+        /**
+         * Use an Autonomous System Number (ASN) derived from the request's originating or forwarded IP address as an aggregate key. Each distinct ASN contributes to the aggregation instance.
+         */
         asn?: outputs.wafv2.RuleGroupRateLimitAsn;
         /**
          * Use the value of a cookie in the request as an aggregate key. Each distinct value in the cookie contributes to the aggregation instance. If you use a single cookie as your custom key, then each value fully defines an aggregation instance.
@@ -99639,6 +100003,11 @@ export declare namespace wafv2 {
          * A logical rule statement used to combine other rule statements with AND logic. You provide more than one `Statement` within the `AndStatement` .
          */
         andStatement?: outputs.wafv2.RuleGroupAndStatement;
+        /**
+         * A rule statement that inspects web traffic based on the Autonomous System Number (ASN) associated with the request's IP address.
+         *
+         * For additional details, see [ASN match rule statement](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-asn-match.html) in the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) .
+         */
         asnMatchStatement?: outputs.wafv2.RuleGroupAsnMatchStatement;
         /**
          * A rule statement that defines a string match search for AWS WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want AWS WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the AWS WAF console and the developer guide, this is called a string match statement.
@@ -99838,7 +100207,13 @@ export declare namespace wafv2 {
         statements: outputs.wafv2.WebAclStatement[];
     }
     interface WebAclAsnMatchStatement {
+        /**
+         * Contains one or more Autonomous System Numbers (ASNs). ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
+         */
         asnList?: number[];
+        /**
+         * The configuration for inspecting IP addresses to match against an ASN in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.
+         */
         forwardedIpConfig?: outputs.wafv2.WebAclForwardedIpConfiguration;
     }
     /**
@@ -99897,7 +100272,21 @@ export declare namespace wafv2 {
      * Configures how to use the AntiDDOS AWS managed rule group in the web ACL
      */
     interface WebAclAwsManagedRulesAntiDDoSRuleSet {
+        /**
+         * Configures the request handling that's applied by the managed rule group rules `ChallengeAllDuringEvent` and `ChallengeDDoSRequests` during a distributed denial of service (DDoS) attack.
+         */
         clientSideActionConfig: outputs.wafv2.WebAclClientSideActionConfig;
+        /**
+         * The sensitivity that the rule group rule `DDoSRequests` uses when matching against the DDoS suspicion labeling on a request. The managed rule group adds the labeling during DDoS events, before the `DDoSRequests` rule runs.
+         *
+         * The higher the sensitivity, the more levels of labeling that the rule matches:
+         *
+         * - Low sensitivity is less sensitive, causing the rule to match only on the most likely participants in an attack, which are the requests with the high suspicion label `awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request` .
+         * - Medium sensitivity causes the rule to match on the medium and high suspicion labels.
+         * - High sensitivity causes the rule to match on all of the suspicion labels: low, medium, and high.
+         *
+         * Default: `LOW`
+         */
         sensitivityToBlock?: enums.wafv2.WebAclSensitivityToAct;
     }
     /**
@@ -100077,14 +100466,62 @@ export declare namespace wafv2 {
      * Client side action config for AntiDDOS AMR.
      */
     interface WebAclClientSideAction {
+        /**
+         * The regular expression to match against the web request URI, used to identify requests that can't handle a silent browser challenge. When the `ClientSideAction` setting `UsageOfAction` is enabled, the managed rule group uses this setting to determine which requests to label with `awswaf:managed:aws:anti-ddos:challengeable-request` . If `UsageOfAction` is disabled, this setting has no effect and the managed rule group doesn't add the label to any requests.
+         *
+         * The anti-DDoS managed rule group doesn't evaluate the rules `ChallengeDDoSRequests` or `ChallengeAllDuringEvent` for web requests whose URIs match this regex. This is true regardless of whether you override the rule action for either of the rules in your web ACL configuration.
+         *
+         * AWS recommends using a regular expression.
+         *
+         * This setting is required if `UsageOfAction` is set to `ENABLED` . If required, you can provide between 1 and 5 regex objects in the array of settings.
+         *
+         * AWS recommends starting with the following setting. Review and update it for your application's needs:
+         *
+         * `\/api\/|\.(acc|avi|css|gif|jpe?g|js|mp[34]|ogg|otf|pdf|png|tiff?|ttf|webm|webp|woff2?)$`
+         */
         exemptUriRegularExpressions?: outputs.wafv2.WebAclRegex[];
+        /**
+         * The sensitivity that the rule group rule `ChallengeDDoSRequests` uses when matching against the DDoS suspicion labeling on a request. The managed rule group adds the labeling during DDoS events, before the `ChallengeDDoSRequests` rule runs.
+         *
+         * The higher the sensitivity, the more levels of labeling that the rule matches:
+         *
+         * - Low sensitivity is less sensitive, causing the rule to match only on the most likely participants in an attack, which are the requests with the high suspicion label `awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request` .
+         * - Medium sensitivity causes the rule to match on the medium and high suspicion labels.
+         * - High sensitivity causes the rule to match on all of the suspicion labels: low, medium, and high.
+         *
+         * Default: `HIGH`
+         */
         sensitivity?: enums.wafv2.WebAclSensitivityToAct;
+        /**
+         * Determines whether to use the `AWSManagedRulesAntiDDoSRuleSet` rules `ChallengeAllDuringEvent` and `ChallengeDDoSRequests` in the rule group evaluation and the related label `awswaf:managed:aws:anti-ddos:challengeable-request` .
+         *
+         * - If usage is enabled:
+         *
+         * - The managed rule group adds the label `awswaf:managed:aws:anti-ddos:challengeable-request` to any web request whose URL does *NOT* match the regular expressions provided in the `ClientSideAction` setting `ExemptUriRegularExpressions` .
+         * - The two rules are evaluated against web requests for protected resources that are experiencing a DDoS attack. The two rules only apply their action to matching requests that have the label `awswaf:managed:aws:anti-ddos:challengeable-request` .
+         * - If usage is disabled:
+         *
+         * - The managed rule group doesn't add the label `awswaf:managed:aws:anti-ddos:challengeable-request` to any web requests.
+         * - The two rules are not evaluated.
+         * - None of the other `ClientSideAction` settings have any effect.
+         *
+         * > This setting only enables or disables the use of the two anti-DDOS rules `ChallengeAllDuringEvent` and `ChallengeDDoSRequests` in the anti-DDoS managed rule group.
+         * >
+         * > This setting doesn't alter the action setting in the two rules. To override the actions used by the rules `ChallengeAllDuringEvent` and `ChallengeDDoSRequests` , enable this setting, and then override the rule actions in the usual way, in your managed rule group configuration.
+         */
         usageOfAction: enums.wafv2.WebAclUsageOfAction;
     }
     /**
      * Client side action config for AntiDDOS AMR.
      */
     interface WebAclClientSideActionConfig {
+        /**
+         * Configuration for the use of the `AWSManagedRulesAntiDDoSRuleSet` rules `ChallengeAllDuringEvent` and `ChallengeDDoSRequests` .
+         *
+         * > This setting isn't related to the configuration of the `Challenge` action itself. It only configures the use of the two anti-DDoS rules named here.
+         *
+         * You can enable or disable the use of these rules, and you can configure how to use them when they are enabled.
+         */
         challenge: outputs.wafv2.WebAclClientSideAction;
     }
     /**
@@ -100627,6 +101064,11 @@ export declare namespace wafv2 {
          * For information about using the ACFP managed rule group, see [AWS WAF Fraud Control account creation fraud prevention (ACFP) rule group](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-acfp.html) and [AWS WAF Fraud Control account creation fraud prevention (ACFP)](https://docs.aws.amazon.com/waf/latest/developerguide/waf-acfp.html) in the *AWS WAF Developer Guide* .
          */
         awsManagedRulesAcfpRuleSet?: outputs.wafv2.WebAclAwsManagedRulesAcfpRuleSet;
+        /**
+         * Additional configuration for using the anti-DDoS managed rule group, `AWSManagedRulesAntiDDoSRuleSet` . Use this to configure anti-DDoS behavior for the rule group.
+         *
+         * For information about using the anti-DDoS managed rule group, see [AWS WAF Anti-DDoS rule group](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-anti-ddos.html) and [Distributed Denial of Service (DDoS) prevention](https://docs.aws.amazon.com/waf/latest/developerguide/waf-anti-ddos.html) in the *AWS WAF Developer Guide* .
+         */
         awsManagedRulesAntiDDoSRuleSet?: outputs.wafv2.WebAclAwsManagedRulesAntiDDoSRuleSet;
         /**
          * Additional configuration for using the account takeover prevention (ATP) managed rule group, `AWSManagedRulesATPRuleSet` . Use this to provide login request information to the rule group. For web ACLs that protect CloudFront distributions, use this to also provide the information about how your distribution responds to login requests.
@@ -100699,6 +101141,9 @@ export declare namespace wafv2 {
      * Configures the options for on-source DDoS protection provided by supported resource type.
      */
     interface WebAclOnSourceDDoSProtectionConfig {
+        /**
+         * The level of DDoS protection that applies to web ACLs associated with Application Load Balancers. `ACTIVE_UNDER_DDOS` protection is enabled by default whenever a web ACL is associated with an Application Load Balancer. In the event that an Application Load Balancer experiences high-load conditions or suspected DDoS attacks, the `ACTIVE_UNDER_DDOS` protection automatically rate limits traffic from known low reputation sources without disrupting Application Load Balancer availability. `ALWAYS_ON` protection provides constant, always-on monitoring of known low reputation sources for suspected DDoS attacks. While this provides a higher level of protection, there may be potential impacts on legitimate traffic.
+         */
         albLowReputationMode: enums.wafv2.WebAclOnSourceDDoSProtectionConfigAlbLowReputationMode;
     }
     interface WebAclOrStatement {
@@ -100782,6 +101227,9 @@ export declare namespace wafv2 {
      * Specifies a single custom aggregate key for a rate-base rule.
      */
     interface WebAclRateBasedStatementCustomKey {
+        /**
+         * Use an Autonomous System Number (ASN) derived from the request's originating or forwarded IP address as an aggregate key. Each distinct ASN contributes to the aggregation instance.
+         */
         asn?: outputs.wafv2.WebAclRateLimitAsn;
         /**
          * Use the value of a cookie in the request as an aggregate key. Each distinct value in the cookie contributes to the aggregation instance. If you use a single cookie as your custom key, then each value fully defines an aggregation instance.
@@ -101389,6 +101837,11 @@ export declare namespace wafv2 {
          * A logical rule statement used to combine other rule statements with AND logic. You provide more than one `Statement` within the `AndStatement` .
          */
         andStatement?: outputs.wafv2.WebAclAndStatement;
+        /**
+         * A rule statement that inspects web traffic based on the Autonomous System Number (ASN) associated with the request's IP address.
+         *
+         * For additional details, see [ASN match rule statement](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-asn-match.html) in the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) .
+         */
         asnMatchStatement?: outputs.wafv2.WebAclAsnMatchStatement;
         /**
          * A rule statement that defines a string match search for AWS WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want AWS WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the AWS WAF console and the developer guide, this is called a string match statement.