@pulumi/aws-native 1.32.0-alpha.1754026912 → 1.32.0-alpha.1754570277

package/types/output.d.ts

@@ -6274,6 +6274,241 @@ export declare namespace aps {
         destinations: outputs.aps.WorkspaceLoggingDestination[];
     }
 }
+export declare namespace arcregionswitch {
+    interface PlanArcRoutingControlConfiguration {
+        crossAccountRole?: string;
+        externalId?: string;
+        regionAndRoutingControls: {
+            [key: string]: any;
+        };
+        timeoutMinutes?: number;
+    }
+    interface PlanAsg {
+        arn?: string;
+        crossAccountRole?: string;
+        externalId?: string;
+    }
+    interface PlanAssociatedAlarm {
+        /**
+         * The alarm type for an associated alarm. An associated CloudWatch alarm can be an application health alarm or a trigger alarm.
+         */
+        alarmType: enums.arcregionswitch.PlanAlarmType;
+        /**
+         * The cross account role for the configuration.
+         */
+        crossAccountRole?: string;
+        /**
+         * The external ID (secret key) for the configuration.
+         */
+        externalId?: string;
+        /**
+         * The resource identifier for alarms that you associate with a plan.
+         */
+        resourceIdentifier: string;
+    }
+    interface PlanCustomActionLambdaConfiguration {
+        lambdas: outputs.arcregionswitch.PlanLambdas[];
+        regionToRun: enums.arcregionswitch.PlanRegionToRunIn;
+        retryIntervalMinutes: number;
+        timeoutMinutes?: number;
+        ungraceful?: outputs.arcregionswitch.PlanLambdaUngraceful;
+    }
+    interface PlanEc2AsgCapacityIncreaseConfiguration {
+        asgs: outputs.arcregionswitch.PlanAsg[];
+        capacityMonitoringApproach?: any;
+        targetPercent?: number;
+        timeoutMinutes?: number;
+        ungraceful?: outputs.arcregionswitch.PlanEc2Ungraceful;
+    }
+    interface PlanEc2Ungraceful {
+        minimumSuccessPercentage: number;
+    }
+    interface PlanEcsCapacityIncreaseConfiguration {
+        capacityMonitoringApproach?: any;
+        services: outputs.arcregionswitch.PlanService[];
+        targetPercent?: number;
+        timeoutMinutes?: number;
+        ungraceful?: outputs.arcregionswitch.PlanEcsUngraceful;
+    }
+    interface PlanEcsUngraceful {
+        minimumSuccessPercentage: number;
+    }
+    interface PlanEksCluster {
+        clusterArn: string;
+        crossAccountRole?: string;
+        externalId?: string;
+    }
+    interface PlanEksResourceScalingConfiguration {
+        capacityMonitoringApproach?: any;
+        eksClusters?: outputs.arcregionswitch.PlanEksCluster[];
+        kubernetesResourceType: outputs.arcregionswitch.PlanKubernetesResourceType;
+        scalingResources?: {
+            [key: string]: any;
+        }[];
+        targetPercent?: number;
+        timeoutMinutes?: number;
+        ungraceful?: outputs.arcregionswitch.PlanEksResourceScalingUngraceful;
+    }
+    interface PlanEksResourceScalingUngraceful {
+        minimumSuccessPercentage: number;
+    }
+    interface PlanExecutionApprovalConfiguration {
+        approvalRole: string;
+        timeoutMinutes?: number;
+    }
+    interface PlanExecutionBlockConfiguration0Properties {
+        customActionLambdaConfig: outputs.arcregionswitch.PlanCustomActionLambdaConfiguration;
+    }
+    interface PlanExecutionBlockConfiguration1Properties {
+        ec2AsgCapacityIncreaseConfig: outputs.arcregionswitch.PlanEc2AsgCapacityIncreaseConfiguration;
+    }
+    interface PlanExecutionBlockConfiguration2Properties {
+        executionApprovalConfig: outputs.arcregionswitch.PlanExecutionApprovalConfiguration;
+    }
+    interface PlanExecutionBlockConfiguration3Properties {
+        arcRoutingControlConfig: outputs.arcregionswitch.PlanArcRoutingControlConfiguration;
+    }
+    interface PlanExecutionBlockConfiguration4Properties {
+        globalAuroraConfig: outputs.arcregionswitch.PlanGlobalAuroraConfiguration;
+    }
+    interface PlanExecutionBlockConfiguration5Properties {
+        parallelConfig: outputs.arcregionswitch.PlanParallelExecutionBlockConfiguration;
+    }
+    interface PlanExecutionBlockConfiguration6Properties {
+        regionSwitchPlanConfig: outputs.arcregionswitch.PlanRegionSwitchPlanConfiguration;
+    }
+    interface PlanExecutionBlockConfiguration7Properties {
+        ecsCapacityIncreaseConfig: outputs.arcregionswitch.PlanEcsCapacityIncreaseConfiguration;
+    }
+    interface PlanExecutionBlockConfiguration8Properties {
+        eksResourceScalingConfig: outputs.arcregionswitch.PlanEksResourceScalingConfiguration;
+    }
+    interface PlanExecutionBlockConfiguration9Properties {
+        route53HealthCheckConfig: outputs.arcregionswitch.PlanRoute53HealthCheckConfiguration;
+    }
+    interface PlanGlobalAuroraConfiguration {
+        behavior: any;
+        crossAccountRole?: string;
+        databaseClusterArns: string[];
+        externalId?: string;
+        globalClusterIdentifier: string;
+        timeoutMinutes?: number;
+        ungraceful?: outputs.arcregionswitch.PlanGlobalAuroraUngraceful;
+    }
+    interface PlanGlobalAuroraUngraceful {
+        ungraceful?: enums.arcregionswitch.PlanGlobalAuroraUngracefulBehavior;
+    }
+    interface PlanHealthCheckState {
+        healthCheckId?: string;
+        region?: string;
+    }
+    interface PlanKubernetesResourceType {
+        apiVersion: string;
+        kind: string;
+    }
+    interface PlanLambdaUngraceful {
+        behavior?: any;
+    }
+    interface PlanLambdas {
+        arn?: string;
+        crossAccountRole?: string;
+        externalId?: string;
+    }
+    interface PlanParallelExecutionBlockConfiguration {
+        steps: outputs.arcregionswitch.PlanStep[];
+    }
+    interface PlanRegionSwitchPlanConfiguration {
+        arn: string;
+        crossAccountRole?: string;
+        externalId?: string;
+    }
+    interface PlanRoute53HealthCheckConfiguration {
+        crossAccountRole?: string;
+        externalId?: string;
+        hostedZoneId: string;
+        recordName: string;
+        recordSets?: outputs.arcregionswitch.PlanRoute53ResourceRecordSet[];
+        timeoutMinutes?: number;
+    }
+    interface PlanRoute53ResourceRecordSet {
+        recordSetIdentifier?: string;
+        region?: string;
+    }
+    interface PlanService {
+        clusterArn?: string;
+        crossAccountRole?: string;
+        externalId?: string;
+        serviceArn?: string;
+    }
+    interface PlanStep {
+        /**
+         * The description of a step in a workflow.
+         */
+        description?: string;
+        /**
+         * The configuration for an execution block in a workflow.
+         */
+        executionBlockConfiguration: outputs.arcregionswitch.PlanExecutionBlockConfiguration0Properties | outputs.arcregionswitch.PlanExecutionBlockConfiguration1Properties | outputs.arcregionswitch.PlanExecutionBlockConfiguration2Properties | outputs.arcregionswitch.PlanExecutionBlockConfiguration3Properties | outputs.arcregionswitch.PlanExecutionBlockConfiguration4Properties | outputs.arcregionswitch.PlanExecutionBlockConfiguration5Properties | outputs.arcregionswitch.PlanExecutionBlockConfiguration6Properties | outputs.arcregionswitch.PlanExecutionBlockConfiguration7Properties | outputs.arcregionswitch.PlanExecutionBlockConfiguration8Properties | outputs.arcregionswitch.PlanExecutionBlockConfiguration9Properties;
+        /**
+         * The type of an execution block in a workflow.
+         */
+        executionBlockType: enums.arcregionswitch.PlanExecutionBlockType;
+        /**
+         * The name of a step in a workflow.
+         */
+        name: string;
+    }
+    interface PlanTrigger {
+        /**
+         * The action to perform when the trigger fires. Valid values include ACTIVATE and DEACTIVATE.
+         */
+        action: enums.arcregionswitch.PlanWorkflowTargetAction;
+        /**
+         * The conditions that must be met for the trigger to fire.
+         */
+        conditions: outputs.arcregionswitch.PlanTriggerCondition[];
+        /**
+         * The description for a trigger.
+         */
+        description?: string;
+        /**
+         * The minimum time, in minutes, that must elapse between automatic executions of the plan.
+         */
+        minDelayMinutesBetweenExecutions: number;
+        /**
+         * The AWS Region for a trigger.
+         */
+        targetRegion: string;
+    }
+    interface PlanTriggerCondition {
+        /**
+         * The name of the CloudWatch alarm associated with the condition.
+         */
+        associatedAlarmName: string;
+        /**
+         * The condition that must be met. Valid values include ALARM and OK.
+         */
+        condition: enums.arcregionswitch.PlanAlarmCondition;
+    }
+    interface PlanWorkflow {
+        /**
+         * The steps that make up the workflow.
+         */
+        steps?: outputs.arcregionswitch.PlanStep[];
+        /**
+         * The description of the workflow.
+         */
+        workflowDescription?: string;
+        /**
+         * The action that the workflow performs. Valid values include ACTIVATE and DEACTIVATE.
+         */
+        workflowTargetAction: enums.arcregionswitch.PlanWorkflowTargetAction;
+        /**
+         * The AWS Region that the workflow targets.
+         */
+        workflowTargetRegion?: string;
+    }
+}
 export declare namespace arczonalshift {
     interface ZonalAutoshiftConfigurationControlCondition {
         /**
@@ -6485,9 +6720,9 @@ export declare namespace athena {
          */
         encryptionConfiguration?: outputs.athena.WorkGroupEncryptionConfiguration;
         /**
-         * The AWS account ID that you expect to be the owner of the Amazon S3 bucket specified by `ResultConfiguration$OutputLocation` . If set, Athena uses the value for `ExpectedBucketOwner` when it makes Amazon S3 calls to your specified output location. If the `ExpectedBucketOwner` AWS account ID does not match the actual owner of the Amazon S3 bucket, the call fails with a permissions error.
+         * The AWS account ID that you expect to be the owner of the Amazon S3 bucket specified by [](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-athena-workgroup-resultconfiguration.html#cfn-athena-workgroup-resultconfiguration-outputlocation) . If set, Athena uses the value for `ExpectedBucketOwner` when it makes Amazon S3 calls to your specified output location. If the `ExpectedBucketOwner` AWS account ID does not match the actual owner of the Amazon S3 bucket, the call fails with a permissions error.
          *
-         * If workgroup settings override client-side settings, then the query uses the `ExpectedBucketOwner` setting that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See `WorkGroupConfiguration$EnforceWorkGroupConfiguration` and [Workgroup Settings Override Client-Side Settings](https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html) .
+         * If workgroup settings override client-side settings, then the query uses the `ExpectedBucketOwner` setting that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See [](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-athena-workgroup-workgroupconfiguration.html#cfn-athena-workgroup-workgroupconfiguration-enforceworkgroupconfiguration) and [Workgroup Settings Override Client-Side Settings](https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html) .
          */
         expectedBucketOwner?: string;
         /**
@@ -6503,7 +6738,7 @@ export declare namespace athena {
          */
         removeEncryptionConfiguration?: boolean;
         /**
-         * If set to "true", removes the AWS account ID previously specified for `ResultConfiguration$ExpectedBucketOwner` . If set to "false" or not set, and a value is present in the `ExpectedBucketOwner` in `ResultConfigurationUpdates` (the client-side setting), the `ExpectedBucketOwner` in the workgroup's `ResultConfiguration` is updated with the new value. For more information, see [Workgroup Settings Override Client-Side Settings](https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html) .
+         * If set to "true", removes the AWS account ID previously specified for [](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-athena-workgroup-resultconfiguration.html#cfn-athena-workgroup-resultconfiguration-expectedbucketowner) . If set to "false" or not set, and a value is present in the `ExpectedBucketOwner` in `ResultConfigurationUpdates` (the client-side setting), the `ExpectedBucketOwner` in the workgroup's `ResultConfiguration` is updated with the new value. For more information, see [Workgroup Settings Override Client-Side Settings](https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html) .
          */
         removeExpectedBucketOwner?: boolean;
         /**
@@ -9798,6 +10033,16 @@ export declare namespace batch {
          */
         state: enums.batch.JobQueueJobStateTimeLimitActionState;
     }
+    interface JobQueueServiceEnvironmentOrder {
+        /**
+         * The order of the service environment. Job queues with a higher priority are evaluated first when associated with the same service environment.
+         */
+        order: number;
+        /**
+         * The name or ARN of the service environment.
+         */
+        serviceEnvironment: string;
+    }
     /**
      * Fair Share Policy for the Job Queue.
      */
@@ -15989,6 +16234,13 @@ export declare namespace cloudfront {
          *  For more information, see [Using Origin Shield](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html) in the *Amazon CloudFront Developer Guide*.
          */
         originShield?: outputs.cloudfront.DistributionOriginShield;
+        /**
+         * The time (in seconds) that a request from CloudFront to the origin can stay open and wait for a response. If the complete response isn't received from the origin by this time, CloudFront ends the connection.
+         *
+         * The value for `ResponseCompletionTimeout` must be equal to or greater than the value for `OriginReadTimeout` . If you don't set a value for `ResponseCompletionTimeout` , CloudFront doesn't enforce a maximum value.
+         *
+         * For more information, see [Response completion timeout](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesOrigin.html#response-completion-timeout) in the *Amazon CloudFront Developer Guide* .
+         */
         responseCompletionTimeout?: number;
         /**
          * Use this type to specify an origin that is an Amazon S3 bucket that is not configured with static website hosting. To specify any other type of origin, including an Amazon S3 bucket that is configured with static website hosting, use the ``CustomOriginConfig`` type instead.
@@ -16143,6 +16395,11 @@ export declare namespace cloudfront {
          *  For more information about the origin access identity, see [Serving Private Content through CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) in the *Amazon CloudFront Developer Guide*.
          */
         originAccessIdentity?: string;
+        /**
+         * Specifies how long, in seconds, CloudFront waits for a response from the origin. This is also known as the *origin response timeout* . The minimum timeout is 1 second, the maximum is 120 seconds, and the default (if you don't specify otherwise) is 30 seconds.
+         *
+         * For more information, see [Response timeout](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesOrigin.html#DownloadDistValuesOriginResponseTimeout) in the *Amazon CloudFront Developer Guide* .
+         */
         originReadTimeout?: number;
     }
     /**
@@ -17162,7 +17419,7 @@ export declare namespace cloudtrail {
 }
 export declare namespace cloudwatch {
     /**
-     * Dimension is an embedded property of the ``AWS::CloudWatch::Alarm`` type. Dimensions are name/value pairs that can be associated with a CW metric. You can specify a maximum of 10 dimensions for a given metric.
+     * Dimension is an embedded property of the ``AWS::CloudWatch::Alarm`` type. Dimensions are name/value pairs that can be associated with a CW metric. You can specify a maximum of 30 dimensions for a given metric.
      */
     interface AlarmDimension {
         /**
@@ -17219,7 +17476,7 @@ export declare namespace cloudwatch {
          */
         metricStat?: outputs.cloudwatch.AlarmMetricStat;
         /**
-         * The granularity, in seconds, of the returned data points. For metrics with regular resolution, a period can be as short as one minute (60 seconds) and must be a multiple of 60. For high-resolution metrics that are collected at intervals of less than one minute, the period can be 1, 5, 10, 30, 60, or any multiple of 60. High-resolution metrics are those metrics stored by a ``PutMetricData`` operation that includes a ``StorageResolution of 1 second``.
+         * The granularity, in seconds, of the returned data points. For metrics with regular resolution, a period can be as short as one minute (60 seconds) and must be a multiple of 60. For high-resolution metrics that are collected at intervals of less than one minute, the period can be 1, 5, 10, 20, 30, 60, or any multiple of 60. High-resolution metrics are those metrics stored by a ``PutMetricData`` operation that includes a ``StorageResolution of 1 second``.
          */
         period?: number;
         /**
@@ -17231,7 +17488,7 @@ export declare namespace cloudwatch {
     }
     /**
      * This structure defines the metric to be returned, along with the statistics, period, and units.
-     *   ``MetricStat`` is a property of the [MetricDataQuery](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudwatch-alarm-metricdataquery.html) property type.
+     *  ``MetricStat`` is a property of the [MetricDataQuery](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudwatch-alarm-metricdataquery.html) property type.
      */
     interface AlarmMetricStat {
         /**
@@ -17239,7 +17496,7 @@ export declare namespace cloudwatch {
          */
         metric: outputs.cloudwatch.AlarmMetric;
         /**
-         * The granularity, in seconds, of the returned data points. For metrics with regular resolution, a period can be as short as one minute (60 seconds) and must be a multiple of 60. For high-resolution metrics that are collected at intervals of less than one minute, the period can be 1, 5, 10, 30, 60, or any multiple of 60. High-resolution metrics are those metrics stored by a ``PutMetricData`` call that includes a ``StorageResolution`` of 1 second.
+         * The granularity, in seconds, of the returned data points. For metrics with regular resolution, a period can be as short as one minute (60 seconds) and must be a multiple of 60. For high-resolution metrics that are collected at intervals of less than one minute, the period can be 1, 5, 10, 20, 30, 60, or any multiple of 60. High-resolution metrics are those metrics stored by a ``PutMetricData`` call that includes a ``StorageResolution`` of 1 second.
          *  If the ``StartTime`` parameter specifies a time stamp that is greater than 3 hours ago, you must specify the period as follows or no data points in that time range is returned:
          *   +  Start time between 3 hours and 15 days ago - Use a multiple of 60 seconds (1 minute).
          *   +  Start time between 15 and 63 days ago - Use a multiple of 300 seconds (5 minutes).
@@ -23541,6 +23798,7 @@ export declare namespace deadline {
         instanceCapabilities: outputs.deadline.FleetServiceManagedEc2InstanceCapabilities;
         instanceMarketOptions: outputs.deadline.FleetServiceManagedEc2InstanceMarketOptions;
         storageProfileId?: string;
+        vpcConfiguration?: outputs.deadline.FleetVpcConfiguration;
     }
     interface FleetServiceManagedEc2InstanceCapabilities {
         acceleratorCapabilities?: outputs.deadline.FleetAcceleratorCapabilities;
@@ -23561,6 +23819,9 @@ export declare namespace deadline {
         max?: number;
         min: number;
     }
+    interface FleetVpcConfiguration {
+        resourceConfigurationArns?: string[];
+    }
     interface QueueJobAttachmentSettings {
         /**
          * The root prefix.
@@ -25748,17 +26009,17 @@ export declare namespace ec2 {
     }
     interface InstanceElasticGpuSpecification {
         /**
-         * The type of Elastic Graphics accelerator.
+         * The type of Elastic Graphics accelerator. Amazon Elastic Graphics is no longer available.
          */
         type: string;
     }
     interface InstanceElasticInferenceAccelerator {
         /**
-         * The number of elastic inference accelerators to attach to the instance.
+         * The number of elastic inference accelerators to attach to the instance. Amazon Elastic Inference is no longer available.
          */
         count?: number;
         /**
-         * The type of elastic inference accelerator.
+         * The type of elastic inference accelerator. Amazon Elastic Inference is no longer available.
          */
         type: string;
     }
@@ -26216,17 +26477,6 @@ export declare namespace ec2 {
          * Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS-optimized instance.
          */
         ebsOptimized?: boolean;
-        /**
-         * Deprecated.
-         *   Amazon Elastic Graphics reached end of life on January 8, 2024.
-         */
-        elasticGpuSpecifications?: outputs.ec2.LaunchTemplateElasticGpuSpecification[];
-        /**
-         * Amazon Elastic Inference is no longer available.
-         *   An elastic inference accelerator to associate with the instance. Elastic inference accelerators are a resource you can attach to your Amazon EC2 instances to accelerate your Deep Learning (DL) inference workloads.
-         *  You cannot specify accelerators from different generations in the same request.
-         */
-        elasticInferenceAccelerators?: outputs.ec2.LaunchTemplateElasticInferenceAccelerator[];
         /**
          * Indicates whether the instance is enabled for AWS Nitro Enclaves. For more information, see [What is Nitro Enclaves?](https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) in the *Nitro Enclaves User Guide*.
          *  You can't enable AWS Nitro Enclaves and hibernation on the same instance.
@@ -26408,33 +26658,6 @@ export declare namespace ec2 {
          */
         volumeType?: string;
     }
-    /**
-     * Amazon Elastic Graphics reached end of life on January 8, 2024.
-     *   Specifies a specification for an Elastic GPU for an Amazon EC2 launch template.
-     *  ``ElasticGpuSpecification`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html).
-     */
-    interface LaunchTemplateElasticGpuSpecification {
-        /**
-         * The type of Elastic Graphics accelerator.
-         */
-        type?: string;
-    }
-    /**
-     * Amazon Elastic Inference is no longer available.
-     *   Specifies an elastic inference accelerator.
-     *  ``LaunchTemplateElasticInferenceAccelerator`` is a property of [AWS::EC2::LaunchTemplate LaunchTemplateData](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html).
-     */
-    interface LaunchTemplateElasticInferenceAccelerator {
-        /**
-         * The number of elastic inference accelerators to attach to the instance.
-         *  Default: 1
-         */
-        count?: number;
-        /**
-         * The type of elastic inference accelerator. The possible values are eia1.medium, eia1.large, and eia1.xlarge.
-         */
-        type?: string;
-    }
     /**
      * ENA Express uses AWS Scalable Reliable Datagram (SRD) technology to increase the maximum bandwidth used per stream and minimize tail latency of network traffic between EC2 instances. With ENA Express, you can communicate between two EC2 instances in the same subnet within the same account, or in different accounts. Both sending and receiving instances must have ENA Express enabled.
      *  To improve the reliability of network packet delivery, ENA Express reorders network packets on the receiving end by default. However, some UDP-based applications are designed to handle network packets that are out of order to reduce the overhead for packet delivery at the network layer. When ENA Express is enabled, you can specify whether UDP network traffic uses it.
@@ -26873,6 +27096,7 @@ export declare namespace ec2 {
          *  If you create a launch template that includes secondary network interfaces but no primary network interface, and you specify it using the ``LaunchTemplate`` property of ``AWS::EC2::Instance``, then you must include a primary network interface using the ``NetworkInterfaces`` property of ``AWS::EC2::Instance``.
          */
         deviceIndex?: number;
+        enaQueueCount?: number;
         /**
          * The ENA Express configuration for the network interface.
          */
@@ -29580,6 +29804,13 @@ export declare namespace ecr {
          */
         kmsKey?: string;
     }
+    /**
+     * Overrides the default image tag mutability setting of the repository for image tags that match the specified filters.
+     */
+    interface RepositoryCreationTemplateImageTagMutabilityExclusionFilter {
+        imageTagMutabilityExclusionFilterType: enums.ecr.RepositoryCreationTemplateImageTagMutabilityExclusionFilterImageTagMutabilityExclusionFilterType;
+        imageTagMutabilityExclusionFilterValue: string;
+    }
     /**
      * The metadata to apply to a resource to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
      */
@@ -29625,6 +29856,10 @@ export declare namespace ecr {
          */
         scanOnPush?: boolean;
     }
+    interface RepositoryImageTagMutabilityExclusionFilter {
+        imageTagMutabilityExclusionFilterType: enums.ecr.RepositoryImageTagMutabilityExclusionFilterType;
+        imageTagMutabilityExclusionFilterValue: string;
+    }
     /**
      * The ``LifecyclePolicy`` property type specifies a lifecycle policy. For information about lifecycle policy syntax, see [Lifecycle policy template](https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html) in the *Amazon ECR User Guide*.
      */
@@ -29827,6 +30062,9 @@ export declare namespace ecs {
          */
         value?: string;
     }
+    /**
+     * The advanced settings for a load balancer used in blue/green deployments. Specify the alternate target group, listener rules, and IAM role required for traffic shifting during blue/green deployments. For more information, see [Required resources for Amazon ECS blue/green deployments](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/blue-green-deployment-implementation.html) in the *Amazon Elastic Container Service Developer Guide*.
+     */
     interface ServiceAdvancedConfiguration {
         /**
          * The Amazon Resource Name (ARN) of the alternate target group for Amazon ECS blue/green deployments.
@@ -29978,6 +30216,10 @@ export declare namespace ecs {
          */
         tls?: outputs.ecs.ServiceConnectTlsConfiguration;
     }
+    /**
+     * The test traffic routing configuration for Amazon ECS blue/green deployments. This configuration allows you to define rules for routing specific traffic to the new service revision during the deployment process, allowing for safe testing before full production traffic shift.
+     *  For more information, see [Service Connect for Amazon ECS blue/green deployments](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect-blue-green.html) in the *Amazon Elastic Container Service Developer Guide*.
+     */
     interface ServiceConnectTestTrafficRules {
         /**
          * The HTTP header-based routing rules that determine which requests should be routed to the new service version during blue/green deployment testing. These rules provide fine-grained control over test traffic routing based on request headers.
@@ -30020,7 +30262,7 @@ export declare namespace ecs {
     /**
      * One of the methods which provide a way for you to quickly identify when a deployment has failed, and then to optionally roll back the failure to the last working deployment.
      *  When the alarms are generated, Amazon ECS sets the service deployment to failed. Set the rollback parameter to have Amazon ECS to roll back your service to the last completed deployment after a failure.
-     *  You can only use the ``DeploymentAlarms`` method to detect failures when the ``DeploymentController`` is set to ``ECS`` (rolling update).
+     *  You can only use the ``DeploymentAlarms`` method to detect failures when the ``DeploymentController`` is set to ``ECS``.
      *  For more information, see [Rolling update](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) in the *Amazon Elastic Container Service Developer Guide*.
      */
     interface ServiceDeploymentAlarms {
@@ -30062,12 +30304,10 @@ export declare namespace ecs {
         alarms?: outputs.ecs.ServiceDeploymentAlarms;
         /**
          * The duration when both blue and green service revisions are running simultaneously after the production traffic has shifted.
-         *
-         * The following rules apply when you don't specify a value:
-         *
-         * - For rolling deployments, the value is set to 3 hours (180 minutes).
-         * - When you use an external deployment controller ( `EXTERNAL` ), or the CodeDeploy blue/green deployment controller ( `CODE_DEPLOY` ), the value is set to 3 hours (180 minutes).
-         * - For all other cases, the value is set to 36 hours (2160 minutes).
+         *  The following rules apply when you don't specify a value:
+         *   +  For rolling deployments, the value is set to 3 hours (180 minutes).
+         *   +  When you use an external deployment controller (``EXTERNAL``), or the ACD blue/green deployment controller (``CODE_DEPLOY``), the value is set to 3 hours (180 minutes).
+         *   +  For all other cases, the value is set to 36 hours (2160 minutes).
          */
         bakeTimeInMinutes?: number;
         /**
@@ -30108,9 +30348,8 @@ export declare namespace ecs {
         minimumHealthyPercent?: number;
         /**
          * The deployment strategy for the service. Choose from these valid values:
-         *
-         * - `ROLLING` - When you create a service which uses the rolling update ( `ROLLING` ) deployment strategy, the Amazon ECS service scheduler replaces the currently running tasks with new tasks. The number of tasks that Amazon ECS adds or removes from the service during a rolling update is controlled by the service deployment configuration.
-         * - `BLUE_GREEN` - A blue/green deployment strategy ( `BLUE_GREEN` ) is a release methodology that reduces downtime and risk by running two identical production environments called blue and green. With Amazon ECS blue/green deployments, you can validate new service revisions before directing production traffic to them. This approach provides a safer way to deploy changes with the ability to quickly roll back if needed.
+         *   +  ``ROLLING`` - When you create a service which uses the rolling update (``ROLLING``) deployment strategy, the Amazon ECS service scheduler replaces the currently running tasks with new tasks. The number of tasks that Amazon ECS adds or removes from the service during a rolling update is controlled by the service deployment configuration.
+         *   +  ``BLUE_GREEN`` - A blue/green deployment strategy (``BLUE_GREEN``) is a release methodology that reduces downtime and risk by running two identical production environments called blue and green. With Amazon ECS blue/green deployments, you can validate new service revisions before directing production traffic to them. This approach provides a safer way to deploy changes with the ability to quickly roll back if needed.
          */
         strategy?: enums.ecs.ServiceDeploymentConfigurationStrategy;
     }
@@ -30119,64 +30358,83 @@ export declare namespace ecs {
      */
     interface ServiceDeploymentController {
         /**
-         * The deployment controller type to use. There are three deployment controller types available:
-         *   + ECS The rolling update (ECS) deployment type involves replacing the current running version of the container with the latest version. The number of containers Amazon ECS adds or removes from the service during a rolling update is controlled by adjusting the minimum and maximum number of healthy tasks allowed during a service deployment, as specified in the DeploymentConfiguration. + CODE_DEPLOY The blue/green (CODE_DEPLOY) deployment type uses the blue/green deployment model powered by , which allows you to verify a new deployment of a service before sending production traffic to it. + EXTERNAL The external (EXTERNAL) deployment type enables you to use any third-party deployment controller for full control over the deployment process for an Amazon ECS service.
+         * The deployment controller type to use.
+         *  The deployment controller is the mechanism that determines how tasks are deployed for your service. The valid options are:
+         *   +  ECS
+         *  When you create a service which uses the ``ECS`` deployment controller, you can choose between the following deployment strategies:
+         *   +  ``ROLLING``: When you create a service which uses the *rolling update* (``ROLLING``) deployment strategy, the ECS service scheduler replaces the currently running tasks with new tasks. The number of tasks that ECS adds or removes from the service during a rolling update is controlled by the service deployment configuration.
+         *  Rolling update deployments are best suited for the following scenarios:
+         *   +  Gradual service updates: You need to update your service incrementally without taking the entire service offline at once.
+         *   +  Limited resource requirements: You want to avoid the additional resource costs of running two complete environments simultaneously (as required by blue/green deployments).
+         *   +  Acceptable deployment time: Your application can tolerate a longer deployment process, as rolling updates replace tasks one by one.
+         *   +  No need for instant roll back: Your service can tolerate a rollback process that takes minutes rather than seconds.
+         *   +  Simple deployment process: You prefer a straightforward deployment approach without the complexity of managing multiple environments, target groups, and listeners.
+         *   +  No load balancer requirement: Your service doesn't use or require a load balancer, ALB, NLB, or Service Connect (which are required for blue/green deployments).
+         *   +  Stateful applications: Your application maintains state that makes it difficult to run two parallel environments.
+         *   +  Cost sensitivity: You want to minimize deployment costs by not running duplicate environments during deployment.
+         *
+         *  Rolling updates are the default deployment strategy for services and provide a balance between deployment safety and resource efficiency for many common application scenarios.
+         *   +  ``BLUE_GREEN``: A *blue/green* deployment strategy (``BLUE_GREEN``) is a release methodology that reduces downtime and risk by running two identical production environments called blue and green. With ECS blue/green deployments, you can validate new service revisions before directing production traffic to them. This approach provides a safer way to deploy changes with the ability to quickly roll back if needed.
+         *  ECS blue/green deployments are best suited for the following scenarios:
+         *   +  Service validation: When you need to validate new service revisions before directing production traffic to them
+         *   +  Zero downtime: When your service requires zero-downtime deployments
+         *   +  Instant roll back: When you need the ability to quickly roll back if issues are detected
+         *   +  Load balancer requirement: When your service uses ALB, NLB, or Service Connect
+         *
+         *
+         *   +  External
+         *  Use a third-party deployment controller.
+         *   +  Blue/green deployment (powered by ACD)
+         *  ACD installs an updated version of the application as a new replacement task set and reroutes production traffic from the original application task set to the replacement task set. The original task set is terminated after a successful deployment. Use this deployment controller to verify a new deployment of a service before sending production traffic to it.
+         *
+         *  When updating the deployment controller for a service, consider the following depending on the type of migration you're performing.
+         *   +  If you have a template that contains the ``EXTERNAL`` deployment controller information as well as ``TaskSet`` and ``PrimaryTaskSet`` resources, and you remove the task set resources from the template when updating from ``EXTERNAL`` to ``ECS``, the ``DescribeTaskSet`` and ``DeleteTaskSet`` API calls will return a 400 error after the deployment controller is updated to ``ECS``. This results in a delete failure on the task set resources, even though the stack transitions to ``UPDATE_COMPLETE`` status. For more information, see [Resource removed from stack but not deleted](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#troubleshooting-errors-resource-removed-not-deleted) in the CFNlong User Guide. To fix this issue, delete the task sets directly using the ECS``DeleteTaskSet`` API. For more information about how to delete a task set, see [DeleteTaskSet](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DeleteTaskSet.html) in the ECSlong API Reference.
+         *   +  If you're migrating from ``CODE_DEPLOY`` to ``ECS`` with a new task definition and CFN performs a rollback operation, the ECS``UpdateService`` request fails with the following error:
+         *  Resource handler returned message: "Invalid request provided: Unable to update task definition on services with a CODE_DEPLOY deployment controller.
+         *   +  After a successful migration from ``ECS`` to ``EXTERNAL`` deployment controller, you need to manually remove the ``ACTIVE`` task set, because ECS no longer manages the deployment. For information about how to delete a task set, see [DeleteTaskSet](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DeleteTaskSet.html) in the ECSlong API Reference.
          */
         type?: enums.ecs.ServiceDeploymentControllerType;
     }
+    /**
+     * A deployment lifecycle hook runs custom logic at specific stages of the deployment process. Currently, you can use Lambda functions as hook targets.
+     *  For more information, see [Lifecycle hooks for Amazon ECS service deployments](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-lifecycle-hooks.html) in the *Amazon Elastic Container Service Developer Guide*.
+     */
     interface ServiceDeploymentLifecycleHook {
         /**
          * The Amazon Resource Name (ARN) of the hook target. Currently, only Lambda function ARNs are supported.
-         *
-         * You must provide this parameter when configuring a deployment lifecycle hook.
+         *  You must provide this parameter when configuring a deployment lifecycle hook.
          */
         hookTargetArn: string;
         /**
          * The lifecycle stages at which to run the hook. Choose from these valid values:
-         *
-         * - RECONCILE_SERVICE
-         *
-         * The reconciliation stage that only happens when you start a new service deployment with more than 1 service revision in an ACTIVE state.
-         *
-         * You can use a lifecycle hook for this stage.
-         * - PRE_SCALE_UP
-         *
-         * The green service revision has not started. The blue service revision is handling 100% of the production traffic. There is no test traffic.
-         *
-         * You can use a lifecycle hook for this stage.
-         * - POST_SCALE_UP
-         *
-         * The green service revision has started. The blue service revision is handling 100% of the production traffic. There is no test traffic.
-         *
-         * You can use a lifecycle hook for this stage.
-         * - TEST_TRAFFIC_SHIFT
-         *
-         * The blue and green service revisions are running. The blue service revision handles 100% of the production traffic. The green service revision is migrating from 0% to 100% of test traffic.
-         *
-         * You can use a lifecycle hook for this stage.
-         * - POST_TEST_TRAFFIC_SHIFT
-         *
-         * The test traffic shift is complete. The green service revision handles 100% of the test traffic.
-         *
-         * You can use a lifecycle hook for this stage.
-         * - PRODUCTION_TRAFFIC_SHIFT
-         *
-         * Production traffic is shifting to the green service revision. The green service revision is migrating from 0% to 100% of production traffic.
-         *
-         * You can use a lifecycle hook for this stage.
-         * - POST_PRODUCTION_TRAFFIC_SHIFT
-         *
-         * The production traffic shift is complete.
-         *
-         * You can use a lifecycle hook for this stage.
-         *
-         * You must provide this parameter when configuring a deployment lifecycle hook.
+         *   +  RECONCILE_SERVICE
+         *  The reconciliation stage that only happens when you start a new service deployment with more than 1 service revision in an ACTIVE state.
+         *  You can use a lifecycle hook for this stage.
+         *   +  PRE_SCALE_UP
+         *  The green service revision has not started. The blue service revision is handling 100% of the production traffic. There is no test traffic.
+         *  You can use a lifecycle hook for this stage.
+         *   +  POST_SCALE_UP
+         *  The green service revision has started. The blue service revision is handling 100% of the production traffic. There is no test traffic.
+         *  You can use a lifecycle hook for this stage.
+         *   +  TEST_TRAFFIC_SHIFT
+         *  The blue and green service revisions are running. The blue service revision handles 100% of the production traffic. The green service revision is migrating from 0% to 100% of test traffic.
+         *  You can use a lifecycle hook for this stage.
+         *   +  POST_TEST_TRAFFIC_SHIFT
+         *  The test traffic shift is complete. The green service revision handles 100% of the test traffic.
+         *  You can use a lifecycle hook for this stage.
+         *   +  PRODUCTION_TRAFFIC_SHIFT
+         *  Production traffic is shifting to the green service revision. The green service revision is migrating from 0% to 100% of production traffic.
+         *  You can use a lifecycle hook for this stage.
+         *   +  POST_PRODUCTION_TRAFFIC_SHIFT
+         *  The production traffic shift is complete.
+         *  You can use a lifecycle hook for this stage.
+         *
+         *  You must provide this parameter when configuring a deployment lifecycle hook.
          */
         lifecycleStages: enums.ecs.ServiceDeploymentLifecycleHookLifecycleStagesItem[];
         /**
          * The Amazon Resource Name (ARN) of the IAM role that grants Amazon ECS permission to call Lambda functions on your behalf.
-         *
-         * For more information, see [Permissions required for Lambda functions in Amazon ECS blue/green deployments](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/blue-green-permissions.html) in the *Amazon Elastic Container Service Developer Guide* .
+         *  For more information, see [Permissions required for Lambda functions in Amazon ECS blue/green deployments](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/blue-green-permissions.html) in the *Amazon Elastic Container Service Developer Guide*.
          */
         roleArn: string;
     }
@@ -32793,7 +33051,7 @@ export declare namespace elasticloadbalancingv2 {
      */
     interface ListenerRuleHostHeaderConfig {
         /**
-         * The host names. The maximum size of each name is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character).
+         * The host names. The maximum size of each name is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). You must include at least one "." character. You can include only alphabetical characters after the final "." character.
          *  If you specify multiple strings, the condition is satisfied if one of the strings matches the host name.
          */
         values?: string[];
@@ -32968,7 +33226,7 @@ export declare namespace elasticloadbalancingv2 {
      */
     interface ListenerRuleTargetGroupStickinessConfig {
         /**
-         * The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
+         * The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness.
          */
         durationSeconds?: number;
         /**
@@ -32994,7 +33252,7 @@ export declare namespace elasticloadbalancingv2 {
      */
     interface ListenerTargetGroupStickinessConfig {
         /**
-         * The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
+         * The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness.
          */
         durationSeconds?: number;
         /**
@@ -33447,9 +33705,9 @@ export declare namespace entityresolution {
         /**
          * The comparison type. You can either choose `ONE_TO_ONE` or `MANY_TO_MANY` as the `attributeMatchingModel` .
          *
-         * If you choose `MANY_TO_MANY` , the system can match attributes across the sub-types of an attribute type. For example, if the value of the `Email` field of Profile A matches the value of the `BusinessEmail` field of Profile B, the two profiles are matched on the `Email` attribute type.
-         *
          * If you choose `ONE_TO_ONE` , the system can only match attributes if the sub-types are an exact match. For example, for the `Email` attribute type, the system will only consider it a match if the value of the `Email` field of Profile A matches the value of the `Email` field of Profile B.
+         *
+         * If you choose `MANY_TO_MANY` , the system can match attributes across the sub-types of an attribute type. For example, if the value of the `Email` field of Profile A matches the value of the `BusinessEmail` field of Profile B, the two profiles are matched on the `Email` attribute type.
          */
         attributeMatchingModel: enums.entityresolution.IdMappingWorkflowIdMappingRuleBasedPropertiesAttributeMatchingModel;
         /**
@@ -33583,9 +33841,9 @@ export declare namespace entityresolution {
         /**
          * The comparison type. You can either choose `ONE_TO_ONE` or `MANY_TO_MANY` as the `attributeMatchingModel` .
          *
-         * If you choose `MANY_TO_MANY` , the system can match attributes across the sub-types of an attribute type. For example, if the value of the `Email` field of Profile A matches the value of `BusinessEmail` field of Profile B, the two profiles are matched on the `Email` attribute type.
-         *
          * If you choose `ONE_TO_ONE` , the system can only match attributes if the sub-types are an exact match. For example, for the `Email` attribute type, the system will only consider it a match if the value of the `Email` field of Profile A matches the value of the `Email` field of Profile B.
+         *
+         * If you choose `MANY_TO_MANY` , the system can match attributes across the sub-types of an attribute type. For example, if the value of the `Email` field of Profile A matches the value of `BusinessEmail` field of Profile B, the two profiles are matched on the `Email` attribute type.
          */
         attributeMatchingModel?: enums.entityresolution.IdNamespaceNamespaceRuleBasedPropertiesAttributeMatchingModel;
         /**
@@ -33619,7 +33877,7 @@ export declare namespace entityresolution {
         /**
          * The type of incremental run. The only valid value is `IMMEDIATE` . This appears as "Automatic" in the console.
          *
-         * > For workflows where `resolutionType` is `ML_MATCHING` , incremental processing is not supported.
+         * > For workflows where `resolutionType` is `ML_MATCHING` or `PROVIDER` , incremental processing is not supported.
          */
         incrementalRunType: enums.entityresolution.MatchingWorkflowIncrementalRunConfigIncrementalRunType;
     }
@@ -33693,13 +33951,21 @@ export declare namespace entityresolution {
          */
         providerProperties?: outputs.entityresolution.MatchingWorkflowProviderProperties;
         /**
-         * The type of matching. There are three types of matching: `RULE_MATCHING` , `ML_MATCHING` , and `PROVIDER` .
+         * The type of matching workflow to create. Specify one of the following types:
+         *
+         * - `RULE_MATCHING` : Match records using configurable rule-based criteria
+         * - `ML_MATCHING` : Match records using machine learning models
+         * - `PROVIDER` : Match records using a third-party matching provider
          */
         resolutionType?: enums.entityresolution.MatchingWorkflowResolutionType;
         /**
-         * An object which defines the list of matching rules to run and has a field `Rules` , which is a list of rule objects.
+         * An object which defines the list of matching rules to run and has a field `rules` , which is a list of rule objects.
          */
         ruleBasedProperties?: outputs.entityresolution.MatchingWorkflowRuleBasedProperties;
+        /**
+         * An object containing the `rules` for a matching workflow.
+         */
+        ruleConditionProperties?: outputs.entityresolution.MatchingWorkflowRuleConditionProperties;
     }
     interface MatchingWorkflowRule {
         /**
@@ -33713,11 +33979,11 @@ export declare namespace entityresolution {
     }
     interface MatchingWorkflowRuleBasedProperties {
         /**
-         * The comparison type. You can either choose `ONE_TO_ONE` or `MANY_TO_MANY` as the `attributeMatchingModel` .
-         *
-         * If you choose `MANY_TO_MANY` , the system can match attributes across the sub-types of an attribute type. For example, if the value of the `Email` field of Profile A and the value of `BusinessEmail` field of Profile B matches, the two profiles are matched on the `Email` attribute type.
+         * The comparison type. You can choose `ONE_TO_ONE` or `MANY_TO_MANY` as the `attributeMatchingModel` .
          *
          * If you choose `ONE_TO_ONE` , the system can only match attributes if the sub-types are an exact match. For example, for the `Email` attribute type, the system will only consider it a match if the value of the `Email` field of Profile A matches the value of the `Email` field of Profile B.
+         *
+         * If you choose `MANY_TO_MANY` , the system can match attributes across the sub-types of an attribute type. For example, if the value of the `Email` field of Profile A and the value of `BusinessEmail` field of Profile B matches, the two profiles are matched on the `Email` attribute type.
          */
         attributeMatchingModel: enums.entityresolution.MatchingWorkflowRuleBasedPropertiesAttributeMatchingModel;
         /**
@@ -33733,6 +33999,32 @@ export declare namespace entityresolution {
          */
         rules: outputs.entityresolution.MatchingWorkflowRule[];
     }
+    interface MatchingWorkflowRuleCondition {
+        /**
+         * A statement that specifies the conditions for a matching rule.
+         *
+         * If your data is accurate, use an Exact matching function: `Exact` or `ExactManyToMany` .
+         *
+         * If your data has variations in spelling or pronunciation, use a Fuzzy matching function: `Cosine` , `Levenshtein` , or `Soundex` .
+         *
+         * Use operators if you want to combine ( `AND` ), separate ( `OR` ), or group matching functions `(...)` .
+         *
+         * For example: `(Cosine(a, 10) AND Exact(b, true)) OR ExactManyToMany(c, d)`
+         */
+        condition?: string;
+        /**
+         * A name for the matching rule.
+         *
+         * For example: `Rule1`
+         */
+        ruleName?: string;
+    }
+    interface MatchingWorkflowRuleConditionProperties {
+        /**
+         * A list of rule objects, each of which have fields `ruleName` and `condition` .
+         */
+        rules: outputs.entityresolution.MatchingWorkflowRuleCondition[];
+    }
     interface SchemaMappingSchemaInputAttribute {
         fieldName: string;
         groupName?: string;
@@ -39547,6 +39839,11 @@ export declare namespace iot {
         content?: string;
         contentType?: string;
     }
+    interface ConfigurationDetailsProperties {
+        configurationStatus?: enums.iot.EncryptionConfigurationConfigurationDetailsPropertiesConfigurationStatus;
+        errorCode?: string;
+        errorMessage?: string;
+    }
     interface DomainConfigurationAuthorizerConfig {
         /**
          * A Boolean that specifies whether the domain configuration's authorization service can be overridden.
@@ -42664,6 +42961,36 @@ export declare namespace iotsitewise {
          */
         type: string;
     }
+    /**
+     * Contains information about enforced interface property and asset model property
+     */
+    interface AssetModelEnforcedAssetModelInterfacePropertyMapping {
+        /**
+         * The external ID of the enforced asset model property
+         */
+        assetModelPropertyExternalId?: string;
+        /**
+         * The logical ID of the enforced asset model property
+         */
+        assetModelPropertyLogicalId?: string;
+        /**
+         * The external ID of the enforced interface property
+         */
+        interfaceAssetModelPropertyExternalId: string;
+    }
+    /**
+     * Contains information about enforced interface hierarchy and asset model hierarchy
+     */
+    interface AssetModelEnforcedAssetModelInterfaceRelationship {
+        /**
+         * The ID of the interface that is enforced to the asset model
+         */
+        interfaceAssetModelId?: string;
+        /**
+         * Contains information about enforced interface property and asset model property
+         */
+        propertyMappings?: outputs.iotsitewise.AssetModelEnforcedAssetModelInterfacePropertyMapping[];
+    }
     interface AssetModelExpressionVariable {
         /**
          * The friendly name of the variable to be used in the expression.
@@ -52407,6 +52734,10 @@ export declare namespace mediapackagev2 {
          * <p>When true, AWS Elemental MediaPackage performs input switching based on the MQCS. Default is true. This setting is valid only when <code>InputType</code> is <code>CMAF</code>.</p>
          */
         mqcsInputSwitching?: boolean;
+        /**
+         * For CMAF inputs, indicates which input MediaPackage should prefer when both inputs have equal MQCS scores. Select `1` to prefer the first ingest endpoint, or `2` to prefer the second ingest endpoint. If you don't specify a preferred input, MediaPackage uses its default switching behavior when MQCS scores are equal.
+         */
+        preferredInput?: number;
     }
     /**
      * <p>The settings for what common media server data (CMSD) headers AWS Elemental MediaPackage includes in responses to the CDN.</p>
@@ -52620,6 +52951,10 @@ export declare namespace mediapackagev2 {
      * <p>The parameters for encrypting content.</p>
      */
     interface OriginEndpointEncryption {
+        /**
+         * <p>Excludes SEIG and SGPD boxes from segment metadata in CMAF containers.</p> <p>When set to <code>true</code>, MediaPackage omits these DRM metadata boxes from CMAF segments, which can improve compatibility with certain devices and players that don't support these boxes.</p> <p>Important considerations:</p> <ul> <li> <p>This setting only affects CMAF container formats</p> </li> <li> <p>Key rotation can still be handled through media playlist signaling</p> </li> <li> <p>PSSH and TENC boxes remain unaffected</p> </li> <li> <p>Default behavior is preserved when this setting is disabled</p> </li> </ul> <p>Valid values: <code>true</code> | <code>false</code> </p> <p>Default: <code>false</code> </p>
+         */
+        cmafExcludeSegmentDrmMetadata?: boolean;
         /**
          * <p>A 128-bit, 16-byte hex value represented by a 32-character string, used in conjunction with the key for encrypting content. If you don't specify a value, then MediaPackage creates the constant initialization vector (IV).</p>
          */
@@ -52803,7 +53138,13 @@ export declare namespace mediapackagev2 {
         urlEncodeChildManifest?: boolean;
     }
     interface OriginEndpointPolicyCdnAuthConfiguration {
+        /**
+         * The ARN for the secret in Secrets Manager that your CDN uses for authorization to access the endpoint.
+         */
         cdnIdentifierSecretArns: string[];
+        /**
+         * The ARN for the IAM role that gives MediaPackage read access to Secrets Manager and AWS KMS for CDN authorization.
+         */
         secretsRoleArn: string;
     }
     /**
@@ -53843,6 +54184,12 @@ export declare namespace neptunegraph {
     }
 }
 export declare namespace networkfirewall {
+    interface FirewallAvailabilityZoneMapping {
+        /**
+         * A AvailabilityZone
+         */
+        availabilityZone: string;
+    }
     interface FirewallPolicy {
         /**
          * Contains variables that you can use to override default Suricata settings in your firewall policy.
@@ -53970,12 +54317,18 @@ export declare namespace networkfirewall {
         action?: enums.networkfirewall.FirewallPolicyOverrideAction;
     }
     interface FirewallPolicyStatefulRuleGroupReference {
+        /**
+         * AWS Network Firewall plans to augment the active threat defense managed rule group with an additional deep threat inspection capability. When this capability is released, AWS will analyze service logs of network traffic processed by these rule groups to identify threat indicators across customers. AWS will use these threat indicators to improve the active threat defense managed rule groups and protect the security of AWS customers and services.
+         *
+         * > Customers can opt-out of deep threat inspection at any time through the AWS Network Firewall console or API. When customers opt out, AWS Network Firewall will not use the network traffic processed by those customers' active threat defense rule groups for rule group improvement.
+         */
+        deepThreatInspection?: boolean;
         /**
          * The action that allows the policy owner to override the behavior of the rule group within a policy.
          */
         override?: outputs.networkfirewall.FirewallPolicyStatefulRuleGroupOverride;
         /**
-         * An integer setting that indicates the order in which to run the stateful rule groups in a single `FirewallPolicy` . This setting only applies to firewall policies that specify the `STRICT_ORDER` rule order in the stateful engine options settings.
+         * An integer setting that indicates the order in which to run the stateful rule groups in a single firewall policy. This setting only applies to firewall policies that specify the `STRICT_ORDER` rule order in the stateful engine options settings.
          *
          * Network Firewall evalutes each stateful rule group against a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy.
          *
@@ -53989,7 +54342,7 @@ export declare namespace networkfirewall {
     }
     interface FirewallPolicyStatelessRuleGroupReference {
         /**
-         * An integer setting that indicates the order in which to run the stateless rule groups in a single `FirewallPolicy` . Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy.
+         * An integer setting that indicates the order in which to run the stateless rule groups in a single firewall policy. Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy.
          */
         priority: number;
         /**
@@ -54204,7 +54557,7 @@ export declare namespace networkfirewall {
         /**
          * The actions to take on a packet that matches one of the stateless rule definition's match attributes. You must specify a standard action and you can add custom actions.
          *
-         * > Network Firewall only forwards a packet for stateful rule inspection if you specify `aws:forward_to_sfe` for a rule that the packet matches, or if the packet doesn't match any stateless rule and you specify `aws:forward_to_sfe` for the `StatelessDefaultActions` setting for the `FirewallPolicy` .
+         * > Network Firewall only forwards a packet for stateful rule inspection if you specify `aws:forward_to_sfe` for a rule that the packet matches, or if the packet doesn't match any stateless rule and you specify `aws:forward_to_sfe` for the `StatelessDefaultActions` setting for the firewall policy.
          *
          * For every rule, you must specify exactly one of the following standard actions.
          *
@@ -54256,7 +54609,7 @@ export declare namespace networkfirewall {
          *
          * These rules contain the inspection criteria and the action to take for traffic that matches the criteria, so this type of rule group doesn't have a separate action setting.
          *
-         * > You can't use the `priority` keyword if the `RuleOrder` option in `StatefulRuleOptions` is set to `STRICT_ORDER` .
+         * > You can't use the `priority` keyword if the `RuleOrder` option in StatefulRuleOptions is set to `STRICT_ORDER` .
          */
         rulesString?: string;
         /**
@@ -54292,12 +54645,12 @@ export declare namespace networkfirewall {
          * The actions for a stateful rule are defined as follows:
          *
          * - *PASS* - Permits the packets to go to the intended destination.
-         * - *DROP* - Blocks the packets from going to the intended destination and sends an alert log message, if alert logging is configured in the `Firewall` `LoggingConfiguration` .
+         * - *DROP* - Blocks the packets from going to the intended destination and sends an alert log message, if alert logging is configured in the firewall logging configuration.
          * - *REJECT* - Drops traffic that matches the conditions of the stateful rule and sends a TCP reset packet back to sender of the packet. A TCP reset packet is a packet with no payload and a `RST` bit contained in the TCP header flags. `REJECT` is available only for TCP traffic.
-         * - *ALERT* - Permits the packets to go to the intended destination and sends an alert log message, if alert logging is configured in the `Firewall` `LoggingConfiguration` .
+         * - *ALERT* - Permits the packets to go to the intended destination and sends an alert log message, if alert logging is configured in the firewall logging configuration.
          *
          * You can use this action to test a rule that you intend to use to drop traffic. You can enable the rule with `ALERT` action, verify in the logs that the rule is filtering as you want, then change the action to `DROP` .
-         * - *REJECT* - Drops TCP traffic that matches the conditions of the stateful rule, and sends a TCP reset packet back to sender of the packet. A TCP reset packet is a packet with no payload and a `RST` bit contained in the TCP header flags. Also sends an alert log mesage if alert logging is configured in the `Firewall` `LoggingConfiguration` .
+         * - *REJECT* - Drops TCP traffic that matches the conditions of the stateful rule, and sends a TCP reset packet back to sender of the packet. A TCP reset packet is a packet with no payload and a `RST` bit contained in the TCP header flags. Also sends an alert log mesage if alert logging is configured in the firewall logging configuration.
          *
          * `REJECT` isn't currently available for use with IMAP and FTP protocols.
          */
@@ -54333,7 +54686,7 @@ export declare namespace networkfirewall {
     }
     interface RuleGroupStatelessRulesAndCustomActions {
         /**
-         * Defines an array of individual custom action definitions that are available for use by the stateless rules in this `StatelessRulesAndCustomActions` specification. You name each custom action that you define, and then you can use it by name in your stateless rule `RuleGroup.RuleDefinition` `Actions` specification.
+         * Defines an array of individual custom action definitions that are available for use by the stateless rules in this `StatelessRulesAndCustomActions` specification. You name each custom action that you define, and then you can use it by name in your stateless rule definition `Actions` specification.
          */
         customActions?: outputs.networkfirewall.RuleGroupCustomAction[];
         /**
@@ -54356,6 +54709,18 @@ export declare namespace networkfirewall {
          */
         masks?: enums.networkfirewall.RuleGroupTcpFlag[];
     }
+    /**
+     * A complex type containing the currently selected rule option fields that will be displayed for rule summarization returned by `DescribeRuleGroupSummary` .
+     *
+     * - The `RuleOptions` specified in `SummaryConfiguration`
+     * - Rule metadata organization preferences
+     */
+    interface SummaryConfigurationProperties {
+        /**
+         * Specifies the selected rule options returned by `DescribeRuleGroupSummary` .
+         */
+        ruleOptions?: enums.networkfirewall.RuleGroupSummaryRuleOption[];
+    }
     interface TlsInspectionConfigurationAddress {
         /**
          * Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.
@@ -56233,6 +56598,10 @@ export declare namespace pcs {
      * An endpoint available for interaction with the scheduler.
      */
     interface ClusterEndpoint {
+        /**
+         * The endpoint's IPv6 address.
+         */
+        ipv6Address?: string;
         /**
          * The endpoint's connection port number.
          */
@@ -56315,6 +56684,10 @@ export declare namespace pcs {
      * The networking configuration for the cluster's control plane.
      */
     interface NetworkingProperties {
+        /**
+         * The IP of the cluster (IPV4 or IPV6)
+         */
+        networkType?: enums.pcs.ClusterNetworkingPropertiesNetworkType;
         /**
          * The list of security group IDs associated with the Elastic Network Interface (ENI) created in subnets.
          */
@@ -86990,6 +87363,24 @@ export declare namespace rds {
          */
         roleArn: string;
     }
+    interface DbInstanceDbInstanceStatusInfo {
+        /**
+         * Details of the error if there is an error for the instance. If the instance isn't in an error state, this value is blank.
+         */
+        message?: string;
+        /**
+         * Indicates whether the instance is operating normally (TRUE) or is in an error state (FALSE).
+         */
+        normal?: boolean;
+        /**
+         * The status of the DB instance. For a StatusType of read replica, the values can be replicating, replication stop point set, replication stop point reached, error, stopped, or terminated.
+         */
+        status?: string;
+        /**
+         * The status type of the DB instance.
+         */
+        statusType?: string;
+    }
     /**
      * This data type represents the information you need to connect to an Amazon RDS DB instance. This data type is used as a response element in the following actions:
      *   +   ``CreateDBInstance``
@@ -88951,7 +89342,7 @@ export declare namespace s3 {
         tierings: outputs.s3.BucketTiering[];
     }
     /**
-     * Specifies the inventory configuration for an Amazon S3 bucket. For more information, see [GET Bucket inventory](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the *Amazon S3 API Reference*.
+     * Specifies the S3 Inventory configuration for an Amazon S3 bucket. For more information, see [GET Bucket inventory](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the *Amazon S3 API Reference*.
      */
     interface BucketInventoryConfiguration {
         /**
@@ -88983,9 +89374,12 @@ export declare namespace s3 {
          */
         scheduleFrequency: enums.s3.BucketInventoryConfigurationScheduleFrequency;
     }
+    /**
+     * The inventory table configuration for an S3 Metadata configuration.
+     */
     interface BucketInventoryTableConfiguration {
         /**
-         * Specifies whether inventory table configuration is enabled or disabled.
+         * The configuration state of the inventory table, indicating whether the inventory table is enabled or disabled.
          */
         configurationState: enums.s3.BucketInventoryTableConfigurationConfigurationState;
         /**
@@ -88993,7 +89387,7 @@ export declare namespace s3 {
          */
         encryptionConfiguration?: outputs.s3.BucketMetadataTableEncryptionConfiguration;
         /**
-         * The ARN of the inventory table.
+         * The Amazon Resource Name (ARN) for the inventory table.
          */
         tableArn?: string;
         /**
@@ -89001,6 +89395,9 @@ export declare namespace s3 {
          */
         tableName?: string;
     }
+    /**
+     * The journal table configuration for an S3 Metadata configuration.
+     */
     interface BucketJournalTableConfiguration {
         /**
          * The encryption configuration for the journal table.
@@ -89011,7 +89408,7 @@ export declare namespace s3 {
          */
         recordExpiration: outputs.s3.BucketRecordExpiration;
         /**
-         * The ARN of the journal table.
+         * The Amazon Resource Name (ARN) for the journal table.
          */
         tableArn?: string;
         /**
@@ -89072,36 +89469,44 @@ export declare namespace s3 {
          */
         targetObjectKeyFormat?: outputs.s3.BucketTargetObjectKeyFormat;
     }
+    /**
+     * Creates a V2 S3 Metadata configuration of a general purpose bucket. For more information, see [Accelerating data discovery with S3 Metadata](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-overview.html) in the *Amazon S3 User Guide*.
+     */
     interface BucketMetadataConfiguration {
         /**
-         * The destination information for the metadata configuration.
+         * The destination information for the S3 Metadata configuration.
          */
         destination?: outputs.s3.BucketMetadataDestination;
         /**
-         * The configuration for the inventory table.
+         * The inventory table configuration for a metadata configuration.
          */
         inventoryTableConfiguration?: outputs.s3.BucketInventoryTableConfiguration;
         /**
-         * The configuration for the journal table.
+         * The journal table configuration for a metadata configuration.
          */
         journalTableConfiguration: outputs.s3.BucketJournalTableConfiguration;
     }
+    /**
+     * The destination information for the S3 Metadata configuration.
+     */
     interface BucketMetadataDestination {
         /**
-         * The ARN of the table bucket.
+         * The Amazon Resource Name (ARN) of the table bucket where the metadata configuration is stored.
          */
         tableBucketArn?: string;
         /**
-         * The type of the table bucket.
+         * The type of the table bucket where the metadata configuration is stored. The ``aws`` value indicates an AWS managed table bucket, and the ``customer`` value indicates a customer-managed table bucket. V2 metadata configurations are stored in AWS managed table buckets, and V1 metadata configurations are stored in customer-managed table buckets.
          */
         tableBucketType: enums.s3.BucketMetadataDestinationTableBucketType;
         /**
-         * The namespace of the table.
+         * The namespace in the table bucket where the metadata tables for a metadata configuration are stored.
          */
         tableNamespace?: string;
     }
     /**
-     * The metadata table configuration of an S3 general purpose bucket. For more information, see [Accelerating data discovery with S3 Metadata](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-overview.html) and [Setting up permissions for configuring metadata tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-permissions.html).
+     * We recommend that you create your S3 Metadata configurations by using the V2 [MetadataConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-s3-bucket-metadataconfiguration.html) resource type. We no longer recommend using the V1 ``MetadataTableConfiguration`` resource type.
+     *  If you created your S3 Metadata configuration before July 15, 2025, we recommend that you delete and re-create your configuration by using the [MetadataConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-s3-bucket-metadataconfiguration.html) resource type so that you can expire journal table records and create a live inventory table.
+     *   Creates a V1 S3 Metadata configuration for a general purpose bucket. For more information, see [Accelerating data discovery with S3 Metadata](https://docs.aws.amazon.com/AmazonS3/latest/userguide/metadata-tables-overview.html) in the *Amazon S3 User Guide*.
      */
     interface BucketMetadataTableConfiguration {
         /**
@@ -89109,13 +89514,16 @@ export declare namespace s3 {
          */
         s3TablesDestination: outputs.s3.BucketS3TablesDestination;
     }
+    /**
+     * The encryption settings for an S3 Metadata journal table or inventory table configuration.
+     */
     interface BucketMetadataTableEncryptionConfiguration {
         /**
-         * The ARN of the KMS key. Required if SseAlgorithm is aws:kms.
+         * If server-side encryption with KMSlong (KMS) keys (SSE-KMS) is specified, you must also specify the KMS key Amazon Resource Name (ARN). You must specify a customer-managed KMS key that's located in the same Region as the general purpose bucket that corresponds to the metadata table configuration.
          */
         kmsKeyArn?: string;
         /**
-         * Specifies the server-side encryption algorithm to use for encrypting tables.
+         * The encryption type specified for a metadata table. To specify server-side encryption with KMSlong (KMS) keys (SSE-KMS), use the ``aws:kms`` value. To specify server-side encryption with Amazon S3 managed keys (SSE-S3), use the ``AES256`` value.
          */
         sseAlgorithm: enums.s3.BucketMetadataTableEncryptionConfigurationSseAlgorithm;
     }
@@ -89305,13 +89713,16 @@ export declare namespace s3 {
          */
         queue: string;
     }
+    /**
+     * The journal table record expiration settings for a journal table in an S3 Metadata configuration.
+     */
     interface BucketRecordExpiration {
         /**
-         * The number of days after which records expire. Required if Expiration is ENABLED.
+         * If you enable journal table record expiration, you can set the number of days to retain your journal table records. Journal table records must be retained for a minimum of 7 days. To set this value, specify any whole number from ``7`` to ``2147483647``. For example, to retain your journal table records for one year, set this value to ``365``.
          */
         days?: number;
         /**
-         * Specifies whether record expiration is enabled or disabled.
+         * Specifies whether journal table record expiration is enabled or disabled.
          */
         expiration: enums.s3.BucketRecordExpirationExpiration;
     }
@@ -89410,6 +89821,7 @@ export declare namespace s3 {
         /**
          * The storage class to use when replicating objects, such as S3 Standard or reduced redundancy. By default, Amazon S3 uses the storage class of the source object to create the object replica.
          *  For valid values, see the ``StorageClass`` element of the [PUT Bucket replication](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html) action in the *Amazon S3 API Reference*.
+         *  ``FSX_OPENZFS`` is not an accepted value when replicating objects.
          */
         storageClass?: enums.s3.BucketReplicationDestinationStorageClass;
     }
@@ -89625,7 +90037,7 @@ export declare namespace s3 {
         rules: outputs.s3.BucketFilterRule[];
     }
     /**
-     * The destination information for the metadata table configuration. The destination table bucket must be in the same Region and AWS-account as the general purpose bucket. The specified metadata table name must be unique within the ``aws_s3_metadata`` namespace in the destination table bucket.
+     * The destination information for a V1 S3 Metadata configuration. The destination table bucket must be in the same Region and AWS-account as the general purpose bucket. The specified metadata table name must be unique within the ``aws_s3_metadata`` namespace in the destination table bucket.
      */
     interface BucketS3TablesDestination {
         /**
@@ -90767,6 +91179,25 @@ export declare namespace sagemaker {
          */
         sageMakerImageVersionArn?: string;
     }
+    /**
+     * The configuration for the restricted instance groups (RIG) environment.
+     */
+    interface ClusterEnvironmentConfig {
+        fSxLustreConfig?: outputs.sagemaker.ClusterFSxLustreConfig;
+    }
+    /**
+     * Configuration settings for an Amazon FSx for Lustre file system to be used with the cluster.
+     */
+    interface ClusterFSxLustreConfig {
+        /**
+         * The throughput capacity of the FSx for Lustre file system, measured in MB/s per TiB of storage.
+         */
+        perUnitStorageThroughput: number;
+        /**
+         * The storage capacity of the FSx for Lustre file system, specified in gibibytes (GiB).
+         */
+        sizeInGiB: number;
+    }
     /**
      * Details of an instance group in a SageMaker HyperPod cluster.
      */
@@ -90831,6 +91262,34 @@ export declare namespace sagemaker {
          */
         clusterArn: string;
     }
+    /**
+     * Details of a restricted instance group in a SageMaker HyperPod cluster.
+     */
+    interface ClusterRestrictedInstanceGroup {
+        /**
+         * The number of instances that are currently in the restricted instance group of a SageMaker HyperPod cluster.
+         */
+        currentCount?: number;
+        environmentConfig: outputs.sagemaker.ClusterEnvironmentConfig;
+        executionRole: string;
+        /**
+         * The number of instances you specified to add to the restricted instance group of a SageMaker HyperPod cluster.
+         */
+        instanceCount: number;
+        instanceGroupName: string;
+        instanceStorageConfigs?: outputs.sagemaker.ClusterInstanceStorageConfig[];
+        instanceType: string;
+        onStartDeepHealthChecks?: enums.sagemaker.ClusterDeepHealthCheckType[];
+        overrideVpcConfig?: outputs.sagemaker.ClusterVpcConfig;
+        /**
+         * The number you specified to TreadsPerCore in CreateCluster for enabling or disabling multithreading. For instance types that support multithreading, you can specify 1 for disabling multithreading and 2 for enabling multithreading.
+         */
+        threadsPerCore?: number;
+        /**
+         * The Amazon Resource Name (ARN) of the training plan to use for this cluster restricted instance group. For more information about how to reserve GPU capacity for your SageMaker HyperPod clusters using Amazon SageMaker Training Plan, see CreateTrainingPlan.
+         */
+        trainingPlanArn?: string;
+    }
     /**
      * Specifies an Amazon Virtual Private Cloud (VPC) that your SageMaker jobs, hosted models, and compute resources have access to. You can control access to and from your resources by configuring a VPC.
      */
@@ -94431,6 +94890,331 @@ export declare namespace sagemaker {
          */
         version?: string;
     }
+    /**
+     * Configures the processing job to run a specified Docker container image.
+     */
+    interface ProcessingJobAppSpecification {
+        /**
+         * The arguments for a container used to run a processing job.
+         */
+        containerArguments?: string[];
+        /**
+         * The entrypoint for a container used to run a processing job.
+         */
+        containerEntrypoint?: string[];
+        /**
+         * The container image to be run by the processing job.
+         */
+        imageUri: string;
+    }
+    /**
+     * Configuration for Athena Dataset Definition input.
+     */
+    interface ProcessingJobAthenaDatasetDefinition {
+        /**
+         * The name of the data catalog used in Athena query execution.
+         */
+        catalog: string;
+        /**
+         * The name of the database used in the Athena query execution.
+         */
+        database: string;
+        /**
+         * The AWS Key Management Service (AWS KMS) key that Amazon SageMaker uses to encrypt data generated from an Athena query execution.
+         */
+        kmsKeyId?: string;
+        /**
+         * The compression used for Athena query results.
+         */
+        outputCompression?: enums.sagemaker.ProcessingJobAthenaDatasetDefinitionOutputCompression;
+        /**
+         * The data storage format for Athena query results.
+         */
+        outputFormat: enums.sagemaker.ProcessingJobAthenaDatasetDefinitionOutputFormat;
+        /**
+         * The location in Amazon S3 where Athena query results are stored.
+         */
+        outputS3Uri: string;
+        /**
+         * The SQL query statements, to be executed.
+         */
+        queryString: string;
+        /**
+         * The name of the workgroup in which the Athena query is being started.
+         */
+        workGroup?: string;
+    }
+    /**
+     * Configuration for the cluster used to run a processing job.
+     */
+    interface ProcessingJobClusterConfig {
+        /**
+         * The number of ML compute instances to use in the processing job. For distributed processing jobs, specify a value greater than 1. The default value is 1.
+         */
+        instanceCount: number;
+        /**
+         * The ML compute instance type for the processing job.
+         */
+        instanceType: enums.sagemaker.ProcessingJobClusterConfigInstanceType;
+        /**
+         * The AWS Key Management Service (AWS KMS) key that Amazon SageMaker uses to encrypt data on the storage volume attached to the ML compute instance(s) that run the processing job.
+         */
+        volumeKmsKeyId?: string;
+        /**
+         * The size of the ML storage volume in gigabytes that you want to provision. You must specify sufficient ML storage for your scenario.
+         */
+        volumeSizeInGb: number;
+    }
+    /**
+     * Configuration for Dataset Definition inputs. The Dataset Definition input must specify exactly one of either `AthenaDatasetDefinition` or `RedshiftDatasetDefinition` types.
+     */
+    interface ProcessingJobDatasetDefinition {
+        /**
+         * Configuration for Athena Dataset Definition input.
+         */
+        athenaDatasetDefinition?: outputs.sagemaker.ProcessingJobAthenaDatasetDefinition;
+        /**
+         * Whether the generated dataset is FullyReplicated or ShardedByS3Key (default).
+         */
+        dataDistributionType?: enums.sagemaker.ProcessingJobDatasetDefinitionDataDistributionType;
+        /**
+         * Whether to use File or Pipe input mode. In File (default) mode, Amazon SageMaker copies the data from the input source onto the local Amazon Elastic Block Store (Amazon EBS) volumes before starting your training algorithm. This is the most commonly used input mode. In Pipe mode, Amazon SageMaker streams input data from the source directly to your algorithm without using the EBS volume.
+         */
+        inputMode?: enums.sagemaker.ProcessingJobDatasetDefinitionInputMode;
+        /**
+         * The local path where you want Amazon SageMaker to download the Dataset Definition inputs to run a processing job. LocalPath is an absolute path to the input data. This is a required parameter when AppManaged is False (default).
+         */
+        localPath?: string;
+        /**
+         * Configuration for Redshift Dataset Definition input.
+         */
+        redshiftDatasetDefinition?: outputs.sagemaker.ProcessingJobRedshiftDatasetDefinition;
+    }
+    /**
+     * Sets the environment variables in the Docker container
+     */
+    interface ProcessingJobEnvironment {
+    }
+    /**
+     * Associates a SageMaker job as a trial component with an experiment and trial.
+     */
+    interface ProcessingJobExperimentConfig {
+        /**
+         * The name of an existing experiment to associate with the trial component.
+         */
+        experimentName?: string;
+        /**
+         * The name of the experiment run to associate with the trial component.
+         */
+        runName?: string;
+        /**
+         * The display name for the trial component. If this key isn't specified, the display name is the trial component name.
+         */
+        trialComponentDisplayName?: string;
+        /**
+         * The name of an existing trial to associate the trial component with. If not specified, a new trial is created.
+         */
+        trialName?: string;
+    }
+    /**
+     * Configuration for processing job outputs in Amazon SageMaker Feature Store.
+     */
+    interface ProcessingJobFeatureStoreOutput {
+        /**
+         * The name of the Amazon SageMaker FeatureGroup to use as the destination for processing job output. Note that your processing script is responsible for putting records into your Feature Store.
+         */
+        featureGroupName: string;
+    }
+    /**
+     * Networking options for a job, such as network traffic encryption between containers, whether to allow inbound and outbound network calls to and from containers, and the VPC subnets and security groups to use for VPC-enabled jobs.
+     */
+    interface ProcessingJobNetworkConfig {
+        /**
+         * Whether to encrypt all communications between distributed processing jobs. Choose True to encrypt communications. Encryption provides greater security for distributed processing jobs, but the processing might take longer.
+         */
+        enableInterContainerTrafficEncryption?: boolean;
+        /**
+         * Whether to allow inbound and outbound network calls to and from the containers used for the processing job.
+         */
+        enableNetworkIsolation?: boolean;
+        /**
+         * Specifies an Amazon Virtual Private Cloud (VPC) that your SageMaker jobs, hosted models, and compute resources have access to. You can control access to and from your resources by configuring a VPC. For more information, see [Give SageMaker Access to Resources in your Amazon VPC](https://docs.aws.amazon.com/sagemaker/latest/dg/infrastructure-give-access.html) .
+         */
+        vpcConfig?: outputs.sagemaker.ProcessingJobVpcConfig;
+    }
+    /**
+     * The inputs for a processing job. The processing input must specify exactly one of either S3Input or DatasetDefinition types.
+     */
+    interface ProcessingJobProcessingInputsObject {
+        /**
+         * When True, input operations such as data download are managed natively by the processing job application. When False (default), input operations are managed by Amazon SageMaker.
+         */
+        appManaged?: boolean;
+        /**
+         * Configuration for Dataset Definition inputs. The Dataset Definition input must specify exactly one of either `AthenaDatasetDefinition` or `RedshiftDatasetDefinition` types.
+         */
+        datasetDefinition?: outputs.sagemaker.ProcessingJobDatasetDefinition;
+        /**
+         * The name for the processing job input.
+         */
+        inputName: string;
+        /**
+         * Configuration for downloading input data from Amazon S3 into the processing container.
+         */
+        s3Input?: outputs.sagemaker.ProcessingJobS3Input;
+    }
+    /**
+     * Configuration for uploading output from the processing container.
+     */
+    interface ProcessingJobProcessingOutputConfig {
+        /**
+         * The AWS Key Management Service (AWS KMS) key that Amazon SageMaker uses to encrypt the processing job output. KmsKeyId can be an ID of a KMS key, ARN of a KMS key, or alias of a KMS key. The KmsKeyId is applied to all outputs.
+         */
+        kmsKeyId?: string;
+        /**
+         * An array of outputs configuring the data to upload from the processing container.
+         */
+        outputs: outputs.sagemaker.ProcessingJobProcessingOutputsObject[];
+    }
+    /**
+     * Describes the results of a processing job. The processing output must specify exactly one of either S3Output or FeatureStoreOutput types.
+     */
+    interface ProcessingJobProcessingOutputsObject {
+        /**
+         * When True, output operations such as data upload are managed natively by the processing job application. When False (default), output operations are managed by Amazon SageMaker.
+         */
+        appManaged?: boolean;
+        /**
+         * Configuration for processing job outputs in Amazon SageMaker Feature Store.
+         */
+        featureStoreOutput?: outputs.sagemaker.ProcessingJobFeatureStoreOutput;
+        /**
+         * The name for the processing job output.
+         */
+        outputName: string;
+        /**
+         * Configuration for uploading output data to Amazon S3 from the processing container.
+         */
+        s3Output?: outputs.sagemaker.ProcessingJobS3Output;
+    }
+    /**
+     * Identifies the resources, ML compute instances, and ML storage volumes to deploy for a processing job. In distributed training, you specify more than one instance.
+     */
+    interface ProcessingJobProcessingResources {
+        /**
+         * The configuration for the resources in a cluster used to run the processing job.
+         */
+        clusterConfig: outputs.sagemaker.ProcessingJobClusterConfig;
+    }
+    /**
+     * Configuration for Redshift Dataset Definition input.
+     */
+    interface ProcessingJobRedshiftDatasetDefinition {
+        /**
+         * The Redshift cluster Identifier.
+         */
+        clusterId: string;
+        /**
+         * The IAM role attached to your Redshift cluster that Amazon SageMaker uses to generate datasets.
+         */
+        clusterRoleArn: string;
+        /**
+         * The name of the Redshift database used in Redshift query execution.
+         */
+        database: string;
+        /**
+         * The database user name used in Redshift query execution.
+         */
+        dbUser: string;
+        /**
+         * The AWS Key Management Service (AWS KMS) key that Amazon SageMaker uses to encrypt data from a Redshift execution.
+         */
+        kmsKeyId?: string;
+        /**
+         * The compression used for Redshift query results.
+         */
+        outputCompression?: enums.sagemaker.ProcessingJobRedshiftDatasetDefinitionOutputCompression;
+        /**
+         * The data storage format for Redshift query results.
+         */
+        outputFormat: enums.sagemaker.ProcessingJobRedshiftDatasetDefinitionOutputFormat;
+        /**
+         * The location in Amazon S3 where the Redshift query results are stored.
+         */
+        outputS3Uri: string;
+        /**
+         * The SQL query statements to be executed.
+         */
+        queryString: string;
+    }
+    /**
+     * Configuration for downloading input data from Amazon S3 into the processing container.
+     */
+    interface ProcessingJobS3Input {
+        /**
+         * The local path in your container where you want Amazon SageMaker to write input data to. `LocalPath` is an absolute path to the input data and must begin with `/opt/ml/processing/`. LocalPath is a required parameter when `AppManaged` is `False` (default).
+         */
+        localPath?: string;
+        /**
+         * Whether to GZIP-decompress the data in Amazon S3 as it is streamed into the processing container. `Gzip` can only be used when `Pipe` mode is specified as the `S3InputMode`. In `Pipe` mode, Amazon SageMaker streams input data from the source directly to your container without using the EBS volume.
+         */
+        s3CompressionType?: enums.sagemaker.ProcessingJobS3InputS3CompressionType;
+        /**
+         * Whether to distribute the data from Amazon S3 to all processing instances with `FullyReplicated`, or whether the data from Amazon S3 is shared by Amazon S3 key, downloading one shard of data to each processing instance.
+         */
+        s3DataDistributionType?: enums.sagemaker.ProcessingJobS3InputS3DataDistributionType;
+        /**
+         * Whether you use an S3Prefix or a ManifestFile for the data type. If you choose S3Prefix, S3Uri identifies a key name prefix. Amazon SageMaker uses all objects with the specified key name prefix for the processing job. If you choose ManifestFile, S3Uri identifies an object that is a manifest file containing a list of object keys that you want Amazon SageMaker to use for the processing job.
+         */
+        s3DataType: enums.sagemaker.ProcessingJobS3InputS3DataType;
+        /**
+         * Whether to use File or Pipe input mode. In File mode, Amazon SageMaker copies the data from the input source onto the local ML storage volume before starting your processing container. This is the most commonly used input mode. In Pipe mode, Amazon SageMaker streams input data from the source directly to your processing container into named pipes without using the ML storage volume.
+         */
+        s3InputMode?: enums.sagemaker.ProcessingJobS3InputS3InputMode;
+        /**
+         * The URI of the Amazon S3 prefix Amazon SageMaker downloads data required to run a processing job.
+         */
+        s3Uri: string;
+    }
+    /**
+     * Configuration for uploading output data to Amazon S3 from the processing container.
+     */
+    interface ProcessingJobS3Output {
+        /**
+         * The local path of a directory where you want Amazon SageMaker to upload its contents to Amazon S3. LocalPath is an absolute path to a directory containing output files. This directory will be created by the platform and exist when your container's entrypoint is invoked.
+         */
+        localPath?: string;
+        /**
+         * Whether to upload the results of the processing job continuously or after the job completes.
+         */
+        s3UploadMode: enums.sagemaker.ProcessingJobS3OutputS3UploadMode;
+        /**
+         * A URI that identifies the Amazon S3 bucket where you want Amazon SageMaker to save the results of a processing job.
+         */
+        s3Uri: string;
+    }
+    /**
+     * Configures conditions under which the processing job should be stopped, such as how long the processing job has been running. After the condition is met, the processing job is stopped.
+     */
+    interface ProcessingJobStoppingCondition {
+        /**
+         * Specifies the maximum runtime in seconds.
+         */
+        maxRuntimeInSeconds: number;
+    }
+    /**
+     * Specifies an Amazon Virtual Private Cloud (VPC) that your SageMaker jobs, hosted models, and compute resources have access to. You can control access to and from your resources by configuring a VPC. For more information, see https://docs.aws.amazon.com/sagemaker/latest/dg/infrastructure-give-access.html
+     */
+    interface ProcessingJobVpcConfig {
+        /**
+         * The VPC security group IDs, in the form 'sg-xxxxxxxx'. Specify the security groups for the VPC that is specified in the 'Subnets' field.
+         */
+        securityGroupIds: string[];
+        /**
+         * The ID of the subnets in the VPC to which you want to connect your training job or model. For information about the availability of specific instance types, see https://docs.aws.amazon.com/sagemaker/latest/dg/regions-quotas.html
+         */
+        subnets: string[];
+    }
     interface ProjectCfnStackParameter {
         /**
          * The key of the parameter.
@@ -99915,11 +100699,11 @@ export declare namespace verifiedpermissions {
          */
         mode: enums.verifiedpermissions.PolicyStoreDeletionMode;
     }
-    interface PolicyStoreSchemaDefinition {
-        /**
-         * A JSON string representation of the schema supported by applications that use this policy store. For more information, see [Policy store schema](https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/schema.html) in the AVP User Guide.
-         */
-        cedarJson?: string;
+    interface PolicyStoreSchemaDefinition0Properties {
+        cedarJson: string;
+    }
+    interface PolicyStoreSchemaDefinition1Properties {
+        cedarFormat: string;
     }
     interface PolicyStoreValidationSettings {
         /**
@@ -104492,6 +105276,24 @@ export declare namespace workspacesweb {
          */
         ipRange: string;
     }
+    interface SessionLoggerEventFilter0Properties {
+        all: outputs.workspacesweb.SessionLoggerUnit;
+    }
+    interface SessionLoggerEventFilter1Properties {
+        include: enums.workspacesweb.SessionLoggerEvent[];
+    }
+    interface SessionLoggerLogConfiguration {
+        s3?: outputs.workspacesweb.SessionLoggerS3LogConfiguration;
+    }
+    interface SessionLoggerS3LogConfiguration {
+        bucket: string;
+        bucketOwner?: string;
+        folderStructure: enums.workspacesweb.SessionLoggerFolderStructure;
+        keyPrefix?: string;
+        logFileFormat: enums.workspacesweb.SessionLoggerLogFileFormat;
+    }
+    interface SessionLoggerUnit {
+    }
     interface UserSettingsCookieSpecification {
         /**
          * The domain of the cookie.