@pulumi/aws-native 1.33.0-alpha.1756187826 → 1.33.0-alpha.1756214923

package/types/output.d.ts

@@ -408,7 +408,7 @@ export declare namespace acmpca {
     }
     /**
      * Specifies the X.509 extension information for a certificate.
-     *  Extensions present in ``CustomExtensions`` follow the ``ApiPassthrough`` [template rules](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations).
+     *  Extensions present in ``CustomExtensions`` follow the ``ApiPassthrough``[template rules](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations).
      */
     interface CertificateCustomExtension {
         /**
@@ -8150,6 +8150,7 @@ export declare namespace b2bi {
         templateLanguage: enums.b2bi.TransformerMappingTemplateLanguage;
     }
     interface TransformerOutputConversion {
+        advancedOptions?: outputs.b2bi.TransformerAdvancedOptions;
         formatOptions?: outputs.b2bi.TransformerFormatOptionsProperties;
         toFormat: enums.b2bi.TransformerToFormat;
     }
@@ -8163,14 +8164,41 @@ export declare namespace b2bi {
     }
     interface TransformerX12AdvancedOptions {
         splitOptions?: outputs.b2bi.TransformerX12SplitOptions;
+        validationOptions?: outputs.b2bi.TransformerX12ValidationOptions;
+    }
+    interface TransformerX12CodeListValidationRule {
+        codesToAdd?: string[];
+        codesToRemove?: string[];
+        elementId: string;
     }
     interface TransformerX12Details {
         transactionSet?: enums.b2bi.TransformerX12TransactionSet;
         version?: enums.b2bi.TransformerX12Version;
     }
+    interface TransformerX12ElementLengthValidationRule {
+        elementId: string;
+        maxLength: number;
+        minLength: number;
+    }
+    interface TransformerX12ElementRequirementValidationRule {
+        elementPosition: string;
+        requirement: enums.b2bi.TransformerElementRequirement;
+    }
     interface TransformerX12SplitOptions {
         splitBy?: enums.b2bi.TransformerX12SplitBy;
     }
+    interface TransformerX12ValidationOptions {
+        validationRules?: (outputs.b2bi.TransformerX12ValidationRule0Properties | outputs.b2bi.TransformerX12ValidationRule1Properties | outputs.b2bi.TransformerX12ValidationRule2Properties)[];
+    }
+    interface TransformerX12ValidationRule0Properties {
+        codeListValidationRule: outputs.b2bi.TransformerX12CodeListValidationRule;
+    }
+    interface TransformerX12ValidationRule1Properties {
+        elementLengthValidationRule: outputs.b2bi.TransformerX12ElementLengthValidationRule;
+    }
+    interface TransformerX12ValidationRule2Properties {
+        elementRequirementValidationRule: outputs.b2bi.TransformerX12ElementRequirementValidationRule;
+    }
 }
 export declare namespace backup {
     interface BackupPlanAdvancedBackupSettingResourceType {
@@ -8636,11 +8664,19 @@ export declare namespace batch {
          */
         instanceRole?: string;
         /**
-         * The instances types that can be launched. You can specify instance families to launch any instance type within those families (for example, `c5` or `p3` ), or you can specify specific sizes within a family (such as `c5.8xlarge` ). You can also choose `optimal` to select instance types (from the C4, M4, and R4 instance families) that match the demand of your job queues.
+         * The instances types that can be launched. You can specify instance families to launch any instance type within those families (for example, `c5` or `p3` ), or you can specify specific sizes within a family (such as `c5.8xlarge` ).
          *
-         * When updating a compute environment, changing this setting requires an infrastructure update of the compute environment. For more information, see [Updating compute environments](https://docs.aws.amazon.com/batch/latest/userguide/updating-compute-environments.html) in the *AWS Batch User Guide* .
+         * AWS Batch can select the instance type for you if you choose one of the following:
+         *
+         * - `optimal` to select instance types (from the `c4` , `m4` , `r4` , `c5` , `m5` , and `r5` instance families) that match the demand of your job queues.
+         * - `default_x86_64` to choose x86 based instance types (from the `m6i` , `c6i` , `r6i` , and `c7i` instance families) that matches the resource demands of the job queue.
+         * - `default_arm64` to choose x86 based instance types (from the `m6g` , `c6g` , `r6g` , and `c7g` instance families) that matches the resource demands of the job queue.
          *
-         * > This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it. > When you create a compute environment, the instance types that you select for the compute environment must share the same architecture. For example, you can't mix x86 and ARM instances in the same compute environment. > Currently, `optimal` uses instance types from the C4, M4, and R4 instance families. In Regions that don't have instance types from those instance families, instance types from the C5, M5, and R5 instance families are used.
+         * > Starting on 11/01/2025 the behavior of `optimal` is going to be changed to match `default_x86_64` . During the change your instance families could be updated to a newer generation. You do not need to perform any actions for the upgrade to happen. For more information about change, see [Optimal instance type configuration to receive automatic instance family updates](https://docs.aws.amazon.com/batch/latest/userguide/optimal-default-instance-troubleshooting.html) . > Instance family availability varies by AWS Region . For example, some AWS Region s may not have any fourth generation instance families but have fifth and sixth generation instance families.
+         * >
+         * > When using `default_x86_64` or `default_arm64` instance bundles, AWS Batch selects instance families based on a balance of cost-effectiveness and performance. While newer generation instances often provide better price-performance, AWS Batch may choose an earlier generation instance family if it provides the optimal combination of availability, cost, and performance for your workload. For example, in an AWS Region where both c6i and c7i instances are available, AWS Batch might select c6i instances if they offer better cost-effectiveness for your specific job requirements. For more information on AWS Batch instance types and AWS Region availability, see [Instance type compute table](https://docs.aws.amazon.com/batch/latest/userguide/instance-type-compute-table.html) in the *AWS Batch User Guide* .
+         * >
+         * > AWS Batch periodically updates your instances in default bundles to newer, more cost-effective options. Updates happen automatically without requiring any action from you. Your workloads continue running during updates with no interruption > This parameter isn't applicable to jobs that are running on Fargate resources. Don't specify it. > When you create a compute environment, the instance types that you select for the compute environment must share the same architecture. For example, you can't mix x86 and ARM instances in the same compute environment.
          */
         instanceTypes?: string[];
         /**
@@ -8742,6 +8778,10 @@ export declare namespace batch {
          * - **ECS_AL1** - [Amazon Linux](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#alami) . Amazon Linux has reached the end-of-life of standard support. For more information, see [Amazon Linux AMI](https://docs.aws.amazon.com/amazon-linux-ami/) .
          * - **EKS** - If the `imageIdOverride` parameter isn't specified, then a recent [Amazon EKS-optimized Amazon Linux AMI](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) ( `EKS_AL2` ) is used. If a new image type is specified in an update, but neither an `imageId` nor a `imageIdOverride` parameter is specified, then the latest Amazon EKS optimized AMI for that image type that AWS Batch supports is used.
          *
+         * > Starting end of October 2025 Amazon EKS optimized Amazon Linux 2023 AMIs will be the default on AWS Batch for EKS versions prior to 1.33. Starting from Kubernetes version 1.33, EKS optimized Amazon Linux 2023 AMIs will be the default when it becomes supported on AWS Batch .
+         * >
+         * > AWS will end support for Amazon EKS AL2-optimized and AL2-accelerated AMIs, starting 11/26/25. You can continue using AWS Batch -provided Amazon EKS optimized Amazon Linux 2 AMIs on your Amazon EKS compute environments beyond the 11/26/25 end-of-support date, these compute environments will no longer receive any new software updates, security patches, or bug fixes from AWS . For more information on upgrading from AL2 to AL2023, see [How to upgrade from EKS AL2 to EKS AL2023](https://docs.aws.amazon.com/) in the *AWS Batch User Guide* .
+         *
          * - **EKS_AL2** - [Amazon Linux 2](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : Default for all non-GPU instance families.
          * - **EKS_AL2_NVIDIA** - [Amazon Linux 2 (accelerated)](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : Default for all GPU instance families (for example, `P4` and `G4` ) and can be used for all non AWS Graviton-based instance types.
          * - **EKS_AL2023** - [Amazon Linux 2023](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : AWS Batch supports Amazon Linux 2023.
@@ -8816,7 +8856,7 @@ export declare namespace batch {
          * Information included in this parameter must meet the following requirements:
          *
          * - Must be a valid Amazon EC2 instance type or family.
-         * - `optimal` isn't allowed.
+         * - The following AWS Batch `InstanceTypes` are not allowed: `optimal` , `default_x86_64` , and `default_arm64` .
          * - `targetInstanceTypes` can target only instance types and families that are included within the [`ComputeResource.instanceTypes`](https://docs.aws.amazon.com/batch/latest/APIReference/API_ComputeResource.html#Batch-Type-ComputeResource-instanceTypes) set. `targetInstanceTypes` doesn't need to include all of the instances from the `instanceType` set, but at least a subset. For example, if `ComputeResource.instanceTypes` includes `[m5, g5]` , `targetInstanceTypes` can include `[m5.2xlarge]` and `[m5.large]` but not `[c5.large]` .
          * - `targetInstanceTypes` included within the same launch template override or across launch template overrides can't overlap for the same compute environment. For example, you can't define one launch template override to target an instance family and another define an instance type within this same family.
          */
@@ -10086,7 +10126,7 @@ export declare namespace batch {
     }
     interface SchedulingPolicyShareAttributes {
         /**
-         * A share identifier or share identifier prefix. If the string ends with an asterisk (*), this entry specifies the weight factor to use for share identifiers that start with that prefix. The list of share identifiers in a fair-share policy can't overlap. For example, you can't have one that specifies a `shareIdentifier` of `UserA*` and another that specifies a `shareIdentifier` of `UserA-1` .
+         * A share identifier or share identifier prefix. If the string ends with an asterisk (*), this entry specifies the weight factor to use for share identifiers that start with that prefix. The list of share identifiers in a fair-share policy can't overlap. For example, you can't have one that specifies a `shareIdentifier` of `UserA*` and another that specifies a `shareIdentifier` of `UserA1` .
          *
          * There can be no more than 500 share identifiers active in a job queue.
          *
@@ -15594,7 +15634,8 @@ export declare namespace cloudfront {
          */
         compress?: boolean;
         /**
-         * This field is deprecated. We recommend that you use the ``DefaultTTL`` field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*.
+         * This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide*.
+         *   This field is deprecated. We recommend that you use the ``DefaultTTL`` field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*.
          *  The default amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin does not add HTTP headers such as ``Cache-Control max-age``, ``Cache-Control s-maxage``, and ``Expires`` to objects. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*.
          */
         defaultTtl?: number;
@@ -15623,12 +15664,14 @@ export declare namespace cloudfront {
          */
         lambdaFunctionAssociations?: outputs.cloudfront.DistributionLambdaFunctionAssociation[];
         /**
-         * This field is deprecated. We recommend that you use the ``MaxTTL`` field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*.
+         * This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide*.
+         *   This field is deprecated. We recommend that you use the ``MaxTTL`` field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*.
          *  The maximum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin adds HTTP headers such as ``Cache-Control max-age``, ``Cache-Control s-maxage``, and ``Expires`` to objects. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*.
          */
         maxTtl?: number;
         /**
-         * This field is deprecated. We recommend that you use the ``MinTTL`` field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*.
+         * This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide*.
+         *   This field is deprecated. We recommend that you use the ``MinTTL`` field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*.
          *  The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*.
          *  You must specify ``0`` for ``MinTTL`` if you configure CloudFront to forward all headers to your origin (under ``Headers``, if you specify ``1`` for ``Quantity`` and ``*`` for ``Name``).
          */
@@ -15653,7 +15696,8 @@ export declare namespace cloudfront {
          */
         responseHeadersPolicyId?: string;
         /**
-         * Indicates whether you want to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify ``true``; if not, specify ``false``. If you specify ``true`` for ``SmoothStreaming``, you can still distribute other content using this cache behavior if the content matches the value of ``PathPattern``.
+         * This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide*.
+         *   Indicates whether you want to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify ``true``; if not, specify ``false``. If you specify ``true`` for ``SmoothStreaming``, you can still distribute other content using this cache behavior if the content matches the value of ``PathPattern``.
          */
         smoothStreaming?: boolean;
         /**
@@ -15667,6 +15711,7 @@ export declare namespace cloudfront {
         trustedKeyGroups?: string[];
         /**
          * We recommend using ``TrustedKeyGroups`` instead of ``TrustedSigners``.
+         *    This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide*.
          *   A list of AWS-account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.
          *  When a cache behavior contains trusted signers, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with the private key of a CloudFront key pair in the trusted signer's AWS-account. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see [Serving private content](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) in the *Amazon CloudFront Developer Guide*.
          */
@@ -15687,11 +15732,13 @@ export declare namespace cloudfront {
      */
     interface DistributionConfig {
         /**
-         * A complex type that contains information about CNAMEs (alternate domain names), if any, for this distribution.
+         * This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide*.
+         *   A complex type that contains information about CNAMEs (alternate domain names), if any, for this distribution.
          */
         aliases?: string[];
         /**
-         * ID of the Anycast static IP list that is associated with the distribution.
+         * To use this field for a multi-tenant distribution, use a connection group instead. For more information, see [ConnectionGroup](https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ConnectionGroup.html).
+         *   ID of the Anycast static IP list that is associated with the distribution.
          */
         anycastIpListId?: string;
         /**
@@ -15708,11 +15755,12 @@ export declare namespace cloudfront {
          */
         comment?: string;
         /**
-         * The connection mode to filter distributions by.
+         * This field specifies whether the connection mode is through a standard distribution (direct) or a multi-tenant distribution with distribution tenants(tenant-only).
          */
         connectionMode?: enums.cloudfront.DistributionConnectionMode;
         /**
-         * The identifier of a continuous deployment policy. For more information, see ``CreateContinuousDeploymentPolicy``.
+         * This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide*.
+         *   The identifier of a continuous deployment policy. For more information, see ``CreateContinuousDeploymentPolicy``.
          */
         continuousDeploymentPolicyId?: string;
         /**
@@ -15752,7 +15800,8 @@ export declare namespace cloudfront {
          */
         httpVersion?: string;
         /**
-         * If you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify ``true``. If you specify ``false``, CloudFront responds to IPv6 DNS requests with the DNS response code ``NOERROR`` and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution.
+         * To use this field for a multi-tenant distribution, use a connection group instead. For more information, see [ConnectionGroup](https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ConnectionGroup.html).
+         *   If you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify ``true``. If you specify ``false``, CloudFront responds to IPv6 DNS requests with the DNS response code ``NOERROR`` and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution.
          *  In general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you're using signed URLs or signed cookies to restrict access to your content, and if you're using a custom policy that includes the ``IpAddress`` parameter to restrict the IP addresses that can access your content, don't enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see [Creating a Signed URL Using a Custom Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html) in the *Amazon CloudFront Developer Guide*.
          *  If you're using an R53AWSIntlong alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true:
          *   +  You enable IPv6 for the distribution
@@ -15778,7 +15827,8 @@ export declare namespace cloudfront {
          */
         origins?: outputs.cloudfront.DistributionOrigin[];
         /**
-         * The price class that corresponds with the maximum price that you want to pay for CloudFront service. If you specify ``PriceClass_All``, CloudFront responds to requests for your objects from all CloudFront edge locations.
+         * This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide*.
+         *   The price class that corresponds with the maximum price that you want to pay for CloudFront service. If you specify ``PriceClass_All``, CloudFront responds to requests for your objects from all CloudFront edge locations.
          *  If you specify a price class other than ``PriceClass_All``, CloudFront serves your objects from the CloudFront edge location that has the lowest latency among the edge locations in your price class. Viewers who are in or near regions that are excluded from your specified price class may encounter slower performance.
          *  For more information about price classes, see [Choosing the Price Class for a CloudFront Distribution](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PriceClass.html) in the *Amazon CloudFront Developer Guide*. For information about CloudFront pricing, including how price classes (such as Price Class 100) map to CloudFront regions, see [Amazon CloudFront Pricing](https://docs.aws.amazon.com/cloudfront/pricing/).
          */
@@ -15793,11 +15843,13 @@ export declare namespace cloudfront {
          */
         s3Origin?: outputs.cloudfront.DistributionLegacyS3Origin;
         /**
-         * A Boolean that indicates whether this is a staging distribution. When this value is ``true``, this is a staging distribution. When this value is ``false``, this is not a staging distribution.
+         * This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide*.
+         *   A Boolean that indicates whether this is a staging distribution. When this value is ``true``, this is a staging distribution. When this value is ``false``, this is not a staging distribution.
          */
         staging?: boolean;
         /**
-         * A distribution tenant configuration.
+         * This field only supports multi-tenant distributions. You can't specify this field for standard distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide*.
+         *   A distribution tenant configuration.
          */
         tenantConfig?: outputs.cloudfront.DistributionConfigTenantConfigProperties;
         /**
@@ -15805,13 +15857,15 @@ export declare namespace cloudfront {
          */
         viewerCertificate?: outputs.cloudfront.DistributionViewerCertificate;
         /**
-         * A unique identifier that specifies the WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of WAF, use the ACL ARN, for example ``arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111``. To specify a web ACL created using WAF Classic, use the ACL ID, for example ``a1b2c3d4-5678-90ab-cdef-EXAMPLE11111``.
+         * Multi-tenant distributions only support WAF V2 web ACLs.
+         *   A unique identifier that specifies the WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of WAF, use the ACL ARN, for example ``arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111``. To specify a web ACL created using WAF Classic, use the ACL ID, for example ``a1b2c3d4-5678-90ab-cdef-EXAMPLE11111``.
          *  WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about WAF, see the [Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html).
          */
         webAclId?: string;
     }
     /**
-     * A distribution tenant configuration.
+     * This field only supports multi-tenant distributions. You can't specify this field for standard distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide*.
+     *   A distribution tenant configuration.
      */
     interface DistributionConfigTenantConfigProperties {
         parameterDefinitions?: outputs.cloudfront.DistributionParameterDefinition[];
@@ -15889,9 +15943,10 @@ export declare namespace cloudfront {
          * The HTTPS port that CloudFront uses to connect to the origin. Specify the HTTPS port that the origin listens on.
          */
         httpsPort?: number;
+        ipAddressType?: enums.cloudfront.DistributionCustomOriginConfigIpAddressType;
         /**
-         * Specifies how long, in seconds, CloudFront persists its connection to the origin. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 5 seconds.
-         *  For more information, see [Keep-alive timeout (custom origins only)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginKeepaliveTimeout) in the *Amazon CloudFront Developer Guide*.
+         * Specifies how long, in seconds, CloudFront persists its connection to the origin. The minimum timeout is 1 second, the maximum is 120 seconds, and the default (if you don't specify otherwise) is 5 seconds.
+         *  For more information, see [Keep-alive timeout (custom origins only)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesOrigin.html#DownloadDistValuesOriginKeepaliveTimeout) in the *Amazon CloudFront Developer Guide*.
          */
         originKeepaliveTimeout?: number;
         /**
@@ -15902,13 +15957,13 @@ export declare namespace cloudfront {
          */
         originProtocolPolicy: string;
         /**
-         * Specifies how long, in seconds, CloudFront waits for a response from the origin. This is also known as the *origin response timeout*. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 30 seconds.
-         *  For more information, see [Response timeout (custom origins only)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginResponseTimeout) in the *Amazon CloudFront Developer Guide*.
+         * Specifies how long, in seconds, CloudFront waits for a response from the origin. This is also known as the *origin response timeout*. The minimum timeout is 1 second, the maximum is 120 seconds, and the default (if you don't specify otherwise) is 30 seconds.
+         *  For more information, see [Response timeout (custom origins only)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesOrigin.html#DownloadDistValuesOriginResponseTimeout) in the *Amazon CloudFront Developer Guide*.
          */
         originReadTimeout?: number;
         /**
          * Specifies the minimum SSL/TLS protocol that CloudFront uses when connecting to your origin over HTTPS. Valid values include ``SSLv3``, ``TLSv1``, ``TLSv1.1``, and ``TLSv1.2``.
-         *  For more information, see [Minimum Origin SSL Protocol](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginSSLProtocols) in the *Amazon CloudFront Developer Guide*.
+         *  For more information, see [Minimum Origin SSL Protocol](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesOrigin.html#DownloadDistValuesOriginSSLProtocols) in the *Amazon CloudFront Developer Guide*.
          */
         originSslProtocols?: string[];
     }
@@ -15943,7 +15998,8 @@ export declare namespace cloudfront {
          */
         compress?: boolean;
         /**
-         * This field is deprecated. We recommend that you use the ``DefaultTTL`` field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*.
+         * This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide*.
+         *   This field is deprecated. We recommend that you use the ``DefaultTTL`` field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*.
          *  The default amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin does not add HTTP headers such as ``Cache-Control max-age``, ``Cache-Control s-maxage``, and ``Expires`` to objects. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*.
          */
         defaultTtl?: number;
@@ -15972,12 +16028,14 @@ export declare namespace cloudfront {
          */
         lambdaFunctionAssociations?: outputs.cloudfront.DistributionLambdaFunctionAssociation[];
         /**
-         * This field is deprecated. We recommend that you use the ``MaxTTL`` field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*.
+         * This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide*.
+         *   This field is deprecated. We recommend that you use the ``MaxTTL`` field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*.
          *  The maximum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin adds HTTP headers such as ``Cache-Control max-age``, ``Cache-Control s-maxage``, and ``Expires`` to objects. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*.
          */
         maxTtl?: number;
         /**
-         * This field is deprecated. We recommend that you use the ``MinTTL`` field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*.
+         * This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide*.
+         *   This field is deprecated. We recommend that you use the ``MinTTL`` field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide*.
          *  The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*.
          *  You must specify ``0`` for ``MinTTL`` if you configure CloudFront to forward all headers to your origin (under ``Headers``, if you specify ``1`` for ``Quantity`` and ``*`` for ``Name``).
          */
@@ -15995,7 +16053,8 @@ export declare namespace cloudfront {
          */
         responseHeadersPolicyId?: string;
         /**
-         * Indicates whether you want to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify ``true``; if not, specify ``false``. If you specify ``true`` for ``SmoothStreaming``, you can still distribute other content using this cache behavior if the content matches the value of ``PathPattern``.
+         * This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide*.
+         *   Indicates whether you want to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify ``true``; if not, specify ``false``. If you specify ``true`` for ``SmoothStreaming``, you can still distribute other content using this cache behavior if the content matches the value of ``PathPattern``.
          */
         smoothStreaming?: boolean;
         /**
@@ -16009,6 +16068,7 @@ export declare namespace cloudfront {
         trustedKeyGroups?: string[];
         /**
          * We recommend using ``TrustedKeyGroups`` instead of ``TrustedSigners``.
+         *    This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide*.
          *   A list of AWS-account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.
          *  When a cache behavior contains trusted signers, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with the private key of a CloudFront key pair in a trusted signer's AWS-account. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see [Serving private content](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) in the *Amazon CloudFront Developer Guide*.
          */
@@ -16025,7 +16085,8 @@ export declare namespace cloudfront {
         viewerProtocolPolicy: string;
     }
     /**
-     * This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.
+     * This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide*.
+     *   This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.
      *  If you want to include values in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide*.
      *  If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide*.
      *  A complex type that specifies how CloudFront handles query strings, cookies, and HTTP headers.
@@ -16564,7 +16625,8 @@ export declare namespace cloudfront {
          */
         cloudFrontDefaultCertificate?: boolean;
         /**
-         * In CloudFormation, this field name is ``IamCertificateId``. Note the different capitalization.
+         * This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide*.
+         *    In CloudFormation, this field name is ``IamCertificateId``. Note the different capitalization.
          *   If the distribution uses ``Aliases`` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in [(IAM)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html), provide the ID of the IAM certificate.
          *  If you specify an IAM certificate ID, you must also specify values for ``MinimumProtocolVersion`` and ``SSLSupportMethod``. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.)
          */
@@ -16596,13 +16658,13 @@ export declare namespace cloudfront {
      */
     interface DistributionVpcOriginConfig {
         /**
-         * Specifies how long, in seconds, CloudFront persists its connection to the origin. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 5 seconds.
-         *  For more information, see [Keep-alive timeout (custom origins only)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginKeepaliveTimeout) in the *Amazon CloudFront Developer Guide*.
+         * Specifies how long, in seconds, CloudFront persists its connection to the origin. The minimum timeout is 1 second, the maximum is 120 seconds, and the default (if you don't specify otherwise) is 5 seconds.
+         *  For more information, see [Keep-alive timeout (custom origins only)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesOrigin.html#DownloadDistValuesOriginKeepaliveTimeout) in the *Amazon CloudFront Developer Guide*.
          */
         originKeepaliveTimeout?: number;
         /**
-         * Specifies how long, in seconds, CloudFront waits for a response from the origin. This is also known as the *origin response timeout*. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 30 seconds.
-         *  For more information, see [Response timeout (custom origins only)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginResponseTimeout) in the *Amazon CloudFront Developer Guide*.
+         * Specifies how long, in seconds, CloudFront waits for a response from the origin. This is also known as the *origin response timeout*. The minimum timeout is 1 second, the maximum is 120 seconds, and the default (if you don't specify otherwise) is 30 seconds.
+         *  For more information, see [Response timeout (custom origins only)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesOrigin.html#DownloadDistValuesOriginResponseTimeout) in the *Amazon CloudFront Developer Guide*.
          */
         originReadTimeout?: number;
         /**
@@ -17203,7 +17265,7 @@ export declare namespace cloudfront {
         originProtocolPolicy?: string;
         /**
          * Specifies the minimum SSL/TLS protocol that CloudFront uses when connecting to your origin over HTTPS. Valid values include ``SSLv3``, ``TLSv1``, ``TLSv1.1``, and ``TLSv1.2``.
-         *  For more information, see [Minimum Origin SSL Protocol](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginSSLProtocols) in the *Amazon CloudFront Developer Guide*.
+         *  For more information, see [Minimum Origin SSL Protocol](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesOrigin.html#DownloadDistValuesOriginSSLProtocols) in the *Amazon CloudFront Developer Guide*.
          */
         originSslProtocols?: string[];
     }
@@ -18314,6 +18376,32 @@ export declare namespace codepipeline {
          */
         name: string;
     }
+    /**
+     * Properties that configure the authentication applied to incoming webhook trigger requests
+     */
+    interface WebhookAuthConfiguration {
+        /**
+         * The property used to configure acceptance of webhooks in an IP address range. For IP, only the AllowedIPRange property must be set. This property must be set to a valid CIDR range.
+         */
+        allowedIpRange?: string;
+        /**
+         * The property used to configure GitHub authentication. For GITHUB_HMAC, only the SecretToken property must be set.
+         */
+        secretToken?: string;
+    }
+    /**
+     * A list of rules applied to the body/payload sent in the POST request to a webhook URL. All defined rules must pass for the request to be accepted and the pipeline started.
+     */
+    interface WebhookFilterRule {
+        /**
+         * A JsonPath expression that is applied to the body/payload of the webhook. The value selected by the JsonPath expression must match the value specified in the MatchEquals field. Otherwise, the request is ignored.
+         */
+        jsonPath: string;
+        /**
+         * The value selected by the JsonPath expression must match what is supplied in the MatchEquals field. Otherwise, the request is ignored.
+         */
+        matchEquals?: string;
+    }
 }
 export declare namespace codestarconnections {
 }
@@ -19461,6 +19549,19 @@ export declare namespace configuration {
     }
 }
 export declare namespace connect {
+    /**
+     * Custom metadata associated to a Predefined attribute that controls how the attribute behaves when used by upstream services.
+     */
+    interface AttributeConfigurationProperties {
+        /**
+         * Enables customers to enforce strict validation on the specific values that this predefined attribute can hold.
+         */
+        enableValueValidationOnAssociation?: boolean;
+        /**
+         * Allows the predefined attribute to show up and be managed in the Amazon Connect UI.
+         */
+        isReadOnly?: boolean;
+    }
     /**
      * The constraints for the task template
      */
@@ -23556,6 +23657,123 @@ export declare namespace datazone {
      */
     interface OwnerProperties {
     }
+    interface PolicyGrantAddToProjectMemberPoolPolicyGrantDetail {
+        includeChildDomainUnits?: boolean;
+    }
+    interface PolicyGrantAllDomainUnitsGrantFilter {
+    }
+    interface PolicyGrantAllUsersGrantFilter {
+    }
+    interface PolicyGrantCreateAssetTypePolicyGrantDetail {
+        includeChildDomainUnits?: boolean;
+    }
+    interface PolicyGrantCreateDomainUnitPolicyGrantDetail {
+        includeChildDomainUnits?: boolean;
+    }
+    interface PolicyGrantCreateEnvironmentProfilePolicyGrantDetail {
+        domainUnitId?: string;
+    }
+    interface PolicyGrantCreateFormTypePolicyGrantDetail {
+        includeChildDomainUnits?: boolean;
+    }
+    interface PolicyGrantCreateGlossaryPolicyGrantDetail {
+        includeChildDomainUnits?: boolean;
+    }
+    interface PolicyGrantCreateProjectFromProjectProfilePolicyGrantDetail {
+        includeChildDomainUnits?: boolean;
+        projectProfiles?: string[];
+    }
+    interface PolicyGrantCreateProjectPolicyGrantDetail {
+        includeChildDomainUnits?: boolean;
+    }
+    interface PolicyGrantDetail0Properties {
+        createDomainUnit: outputs.datazone.PolicyGrantCreateDomainUnitPolicyGrantDetail;
+    }
+    interface PolicyGrantDetail10Properties {
+        createEnvironment: outputs.datazone.PolicyGrantUnit;
+    }
+    interface PolicyGrantDetail11Properties {
+        createEnvironmentFromBlueprint: outputs.datazone.PolicyGrantUnit;
+    }
+    interface PolicyGrantDetail12Properties {
+        createProjectFromProjectProfile: outputs.datazone.PolicyGrantCreateProjectFromProjectProfilePolicyGrantDetail;
+    }
+    interface PolicyGrantDetail1Properties {
+        overrideDomainUnitOwners: outputs.datazone.PolicyGrantOverrideDomainUnitOwnersPolicyGrantDetail;
+    }
+    interface PolicyGrantDetail2Properties {
+        addToProjectMemberPool: outputs.datazone.PolicyGrantAddToProjectMemberPoolPolicyGrantDetail;
+    }
+    interface PolicyGrantDetail3Properties {
+        overrideProjectOwners: outputs.datazone.PolicyGrantOverrideProjectOwnersPolicyGrantDetail;
+    }
+    interface PolicyGrantDetail4Properties {
+        createGlossary: outputs.datazone.PolicyGrantCreateGlossaryPolicyGrantDetail;
+    }
+    interface PolicyGrantDetail5Properties {
+        createFormType: outputs.datazone.PolicyGrantCreateFormTypePolicyGrantDetail;
+    }
+    interface PolicyGrantDetail6Properties {
+        createAssetType: outputs.datazone.PolicyGrantCreateAssetTypePolicyGrantDetail;
+    }
+    interface PolicyGrantDetail7Properties {
+        createProject: outputs.datazone.PolicyGrantCreateProjectPolicyGrantDetail;
+    }
+    interface PolicyGrantDetail8Properties {
+        createEnvironmentProfile: outputs.datazone.PolicyGrantCreateEnvironmentProfilePolicyGrantDetail;
+    }
+    interface PolicyGrantDetail9Properties {
+        delegateCreateEnvironmentProfile: outputs.datazone.PolicyGrantUnit;
+    }
+    interface PolicyGrantDomainUnitFilterForProject {
+        domainUnit: string;
+        includeChildDomainUnits?: boolean;
+    }
+    interface PolicyGrantDomainUnitGrantFilterProperties {
+        allDomainUnitsGrantFilter: outputs.datazone.PolicyGrantAllDomainUnitsGrantFilter;
+    }
+    interface PolicyGrantDomainUnitPolicyGrantPrincipal {
+        domainUnitDesignation?: enums.datazone.PolicyGrantDomainUnitDesignation;
+        domainUnitGrantFilter?: outputs.datazone.PolicyGrantDomainUnitGrantFilterProperties;
+        domainUnitIdentifier?: string;
+    }
+    interface PolicyGrantGroupPolicyGrantPrincipalProperties {
+        groupIdentifier: string;
+    }
+    interface PolicyGrantOverrideDomainUnitOwnersPolicyGrantDetail {
+        includeChildDomainUnits?: boolean;
+    }
+    interface PolicyGrantOverrideProjectOwnersPolicyGrantDetail {
+        includeChildDomainUnits?: boolean;
+    }
+    interface PolicyGrantPrincipal0Properties {
+        user: outputs.datazone.PolicyGrantUserPolicyGrantPrincipal0Properties | outputs.datazone.PolicyGrantUserPolicyGrantPrincipal1Properties;
+    }
+    interface PolicyGrantPrincipal1Properties {
+        group: outputs.datazone.PolicyGrantGroupPolicyGrantPrincipalProperties;
+    }
+    interface PolicyGrantPrincipal2Properties {
+        project: outputs.datazone.PolicyGrantProjectPolicyGrantPrincipal;
+    }
+    interface PolicyGrantPrincipal3Properties {
+        domainUnit: outputs.datazone.PolicyGrantDomainUnitPolicyGrantPrincipal;
+    }
+    interface PolicyGrantProjectGrantFilterProperties {
+        domainUnitFilter: outputs.datazone.PolicyGrantDomainUnitFilterForProject;
+    }
+    interface PolicyGrantProjectPolicyGrantPrincipal {
+        projectDesignation?: enums.datazone.PolicyGrantProjectDesignation;
+        projectGrantFilter?: outputs.datazone.PolicyGrantProjectGrantFilterProperties;
+        projectIdentifier?: string;
+    }
+    interface PolicyGrantUnit {
+    }
+    interface PolicyGrantUserPolicyGrantPrincipal0Properties {
+        userIdentifier: string;
+    }
+    interface PolicyGrantUserPolicyGrantPrincipal1Properties {
+        allUsersGrantFilter: outputs.datazone.PolicyGrantAllUsersGrantFilter;
+    }
     interface ProjectEnvironmentConfigurationUserParameter {
         /**
          * The environment configuration name.
@@ -24057,7 +24275,7 @@ export declare namespace directoryservice {
 export declare namespace dms {
     interface DataMigrationSettings {
         /**
-         * The property specifies whether to enable the Cloudwatch log.
+         * The property specifies whether to enable the CloudWatch log.
          */
         cloudwatchLogsEnabled?: boolean;
         /**
@@ -24391,6 +24609,10 @@ export declare namespace dynamodb {
          * Indicates whether CloudWatch Contributor Insights are to be enabled (true) or disabled (false).
          */
         enabled: boolean;
+        /**
+         * Specifies the CloudWatch Contributor Insights mode for a global table. Valid values are `ACCESSED_AND_THROTTLED_KEYS` (tracks all access and throttled events) or `THROTTLED_KEYS` (tracks only throttled events). This setting determines what type of contributor insights data is collected for the global table.
+         */
+        mode?: enums.dynamodb.GlobalTableContributorInsightsSpecificationMode;
     }
     interface GlobalTableGlobalSecondaryIndex {
         /**
@@ -24730,6 +24952,10 @@ export declare namespace dynamodb {
          * Indicates whether CloudWatch Contributor Insights are to be enabled (true) or disabled (false).
          */
         enabled: boolean;
+        /**
+         * Specifies the CloudWatch Contributor Insights mode for a table. Valid values are `ACCESSED_AND_THROTTLED_KEYS` (tracks all access and throttled events) or `THROTTLED_KEYS` (tracks only throttled events). This setting determines what type of contributor insights data is collected for the table.
+         */
+        mode?: enums.dynamodb.TableContributorInsightsSpecificationMode;
     }
     /**
      * The options for imported source files in CSV format. The values are Delimiter and HeaderList.
@@ -31738,7 +31964,14 @@ export declare namespace ecs {
     }
     interface TaskSetCapacityProviderStrategyItem {
         /**
-         * The *base* value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a *base* defined. If no value is specified, the default value of `0` is used.
+         * The *base* value designates how many tasks, at a minimum, to run on the specified capacity provider for each service. Only one capacity provider in a capacity provider strategy can have a *base* defined. If no value is specified, the default value of `0` is used.
+         *
+         * Base value characteristics:
+         *
+         * - Only one capacity provider in a strategy can have a base defined
+         * - Default value is `0` if not specified
+         * - Valid range: 0 to 100,000
+         * - Base requirements are satisfied first before weight distribution
          */
         base?: number;
         /**
@@ -31750,7 +31983,24 @@ export declare namespace ecs {
          *
          * If no `weight` value is specified, the default value of `0` is used. When multiple capacity providers are specified within a capacity provider strategy, at least one of the capacity providers must have a weight value greater than zero and any capacity providers with a weight of `0` can't be used to place tasks. If you specify multiple capacity providers in a strategy that all have a weight of `0` , any `RunTask` or `CreateService` actions using the capacity provider strategy will fail.
          *
-         * An example scenario for using weights is defining a strategy that contains two capacity providers and both have a weight of `1` , then when the `base` is satisfied, the tasks will be split evenly across the two capacity providers. Using that same logic, if you specify a weight of `1` for *capacityProviderA* and a weight of `4` for *capacityProviderB* , then for every one task that's run using *capacityProviderA* , four tasks would use *capacityProviderB* .
+         * Weight value characteristics:
+         *
+         * - Weight is considered after the base value is satisfied
+         * - Default value is `0` if not specified
+         * - Valid range: 0 to 1,000
+         * - At least one capacity provider must have a weight greater than zero
+         * - Capacity providers with weight of `0` cannot place tasks
+         *
+         * Task distribution logic:
+         *
+         * - Base satisfaction: The minimum number of tasks specified by the base value are placed on that capacity provider
+         * - Weight distribution: After base requirements are met, additional tasks are distributed according to weight ratios
+         *
+         * Examples:
+         *
+         * Equal Distribution: Two capacity providers both with weight `1` will split tasks evenly after base requirements are met.
+         *
+         * Weighted Distribution: If capacityProviderA has weight `1` and capacityProviderB has weight `4` , then for every 1 task on A, 4 tasks will run on B.
          */
         weight?: number;
     }
@@ -32287,6 +32537,15 @@ export declare namespace eks {
          */
         clusterLogging?: outputs.eks.ClusterLoggingEnabledTypes;
     }
+    /**
+     * The custom namespace configuration to use with the add-on
+     */
+    interface NamespaceConfigProperties {
+        /**
+         * The custom namespace for creating the add-on
+         */
+        namespace: string;
+    }
     /**
      * An object representing a launch template specification for AWS EKS Nodegroup.
      */
@@ -33722,6 +33981,9 @@ export declare namespace emrserverless {
     }
 }
 export declare namespace entityresolution {
+    interface IdMappingWorkflowIdMappingIncrementalRunConfig {
+        incrementalRunType: enums.entityresolution.IdMappingWorkflowIdMappingIncrementalRunConfigIncrementalRunType;
+    }
     interface IdMappingWorkflowIdMappingRuleBasedProperties {
         /**
          * The comparison type. You can either choose `ONE_TO_ONE` or `MANY_TO_MANY` as the `attributeMatchingModel` .
@@ -36951,6 +37213,16 @@ export declare namespace glue {
          * The name of the DynamoDB table to crawl.
          */
         path?: string;
+        /**
+         * Indicates whether to scan all the records, or to sample rows from the table. Scanning all the records can take a long time when the table is not a high throughput table. A value of true means to scan all records, while a value of false means to sample the records. If no value is specified, the value defaults to true.
+         */
+        scanAll?: boolean;
+        /**
+         * The percentage of the configured read capacity units to use by the AWS Glue crawler. Read capacity units is a term defined by DynamoDB, and is a numeric value that acts as rate limiter for the number of reads that can be performed on that table per second.
+         *
+         * The valid values are null or a value between 0.1 to 1.5. A null value is used when user does not provide a value, and defaults to 0.5 of the configured Read Capacity Unit (for provisioned tables), or 0.25 of the max configured Read Capacity Unit (for tables using on-demand mode).
+         */
+        scanRate?: number;
     }
     /**
      * Specifies Apache Hudi data store targets.
@@ -39426,6 +39698,86 @@ export declare namespace inspectorv2 {
         days: enums.inspectorv2.CisScanConfigurationDay[];
         startTime: outputs.inspectorv2.CisScanConfigurationTime;
     }
+    interface CodeSecurityIntegrationCreateDetails {
+        /**
+         * Details specific to creating an integration with a self-managed GitLab instance.
+         */
+        gitlabSelfManaged: outputs.inspectorv2.CodeSecurityIntegrationCreateGitLabSelfManagedIntegrationDetail;
+    }
+    interface CodeSecurityIntegrationCreateGitLabSelfManagedIntegrationDetail {
+        /**
+         * The personal access token used to authenticate with the self-managed GitLab instance.
+         */
+        accessToken: string;
+        /**
+         * The URL of the self-managed GitLab instance.
+         */
+        instanceUrl: string;
+    }
+    interface CodeSecurityIntegrationUpdateDetails {
+        /**
+         * Details specific to updating an integration with GitHub.
+         */
+        github?: outputs.inspectorv2.CodeSecurityIntegrationUpdateGitHubIntegrationDetail;
+        /**
+         * Details specific to updating an integration with a self-managed GitLab instance.
+         */
+        gitlabSelfManaged?: outputs.inspectorv2.CodeSecurityIntegrationUpdateGitLabSelfManagedIntegrationDetail;
+    }
+    interface CodeSecurityIntegrationUpdateGitHubIntegrationDetail {
+        /**
+         * The authorization code received from GitHub to update the integration.
+         */
+        code: string;
+        /**
+         * The installation ID of the GitHub App associated with the integration.
+         */
+        installationId: string;
+    }
+    interface CodeSecurityIntegrationUpdateGitLabSelfManagedIntegrationDetail {
+        /**
+         * The authorization code received from the self-managed GitLab instance to update the integration.
+         */
+        authCode: string;
+    }
+    interface CodeSecurityScanConfiguration {
+        /**
+         * Configuration settings for continuous integration scans that run automatically when code changes are made.
+         */
+        continuousIntegrationScanConfiguration?: outputs.inspectorv2.CodeSecurityScanConfigurationContinuousIntegrationScanConfiguration;
+        /**
+         * Configuration settings for periodic scans that run on a scheduled basis.
+         */
+        periodicScanConfiguration?: outputs.inspectorv2.CodeSecurityScanConfigurationPeriodicScanConfiguration;
+        /**
+         * The categories of security rules to be applied during the scan.
+         */
+        ruleSetCategories: enums.inspectorv2.CodeSecurityScanConfigurationRuleSetCategory[];
+    }
+    interface CodeSecurityScanConfigurationContinuousIntegrationScanConfiguration {
+        /**
+         * The repository events that trigger continuous integration scans, such as pull requests or commits.
+         */
+        supportedEvents: enums.inspectorv2.CodeSecurityScanConfigurationContinuousIntegrationScanEvent[];
+    }
+    interface CodeSecurityScanConfigurationPeriodicScanConfiguration {
+        /**
+         * The frequency at which periodic scans are performed (such as weekly or monthly).
+         *
+         * If you don't provide the `frequencyExpression` Amazon Inspector chooses day for the scan to run. If you provide the `frequencyExpression` , the schedule must match the specified `frequency` .
+         */
+        frequency?: enums.inspectorv2.CodeSecurityScanConfigurationPeriodicScanFrequency;
+        /**
+         * The schedule expression for periodic scans, in cron format.
+         */
+        frequencyExpression?: string;
+    }
+    interface CodeSecurityScanConfigurationScopeSettings {
+        /**
+         * The scope of projects to be selected for scanning within the integrated repositories.
+         */
+        projectSelectionScope?: enums.inspectorv2.CodeSecurityScanConfigurationProjectSelectionScope;
+    }
     interface FilterCriteria {
         /**
          * Details of the AWS account IDs used to filter findings.
@@ -39861,8 +40213,17 @@ export declare namespace iot {
         contentType?: string;
     }
     interface ConfigurationDetailsProperties {
+        /**
+         * The health status of KMS key and AWS KMS access role. If either KMS key or AWS KMS access role is `UNHEALTHY` , the return value will be `UNHEALTHY` . To use a customer managed KMS key, the value of `configurationStatus` must be `HEALTHY` .
+         */
         configurationStatus?: enums.iot.EncryptionConfigurationConfigurationDetailsPropertiesConfigurationStatus;
+        /**
+         * The error code that indicates either the KMS key or the AWS KMS access role is `UNHEALTHY` . Valid values: `KMS_KEY_VALIDATION_ERROR` and `ROLE_VALIDATION_ERROR` .
+         */
         errorCode?: string;
+        /**
+         * The detailed error message that corresponds to the `errorCode` .
+         */
         errorMessage?: string;
     }
     interface DomainConfigurationAuthorizerConfig {
@@ -45817,6 +46178,10 @@ export declare namespace kinesisanalyticsv2 {
          * The code location and type parameters for a Flink-based Kinesis Data Analytics application.
          */
         applicationCodeConfiguration?: outputs.kinesisanalyticsv2.ApplicationCodeConfiguration;
+        /**
+         * Describes whether customer managed key is enabled and key details for customer data encryption
+         */
+        applicationEncryptionConfiguration?: outputs.kinesisanalyticsv2.ApplicationEncryptionConfiguration;
         /**
          * Describes whether snapshots are enabled for a Flink-based Kinesis Data Analytics application.
          */
@@ -45887,6 +46252,19 @@ export declare namespace kinesisanalyticsv2 {
          */
         s3ContentLocation: outputs.kinesisanalyticsv2.ApplicationS3ContentBaseLocation;
     }
+    /**
+     * Describes whether customer managed key is enabled and key details for customer data encryption
+     */
+    interface ApplicationEncryptionConfiguration {
+        /**
+         * KMS KeyId. Can be either key uuid or full key arn or key alias arn or short key alias
+         */
+        keyId?: string;
+        /**
+         * Specifies whether application data is encrypted using service key: AWS_OWNED_KEY or customer key: CUSTOMER_MANAGED_KEY
+         */
+        keyType: enums.kinesisanalyticsv2.ApplicationEncryptionConfigurationKeyType;
+    }
     /**
      * Describes execution properties for a Flink-based Kinesis Data Analytics application.
      */
@@ -54844,7 +55222,7 @@ export declare namespace networkfirewall {
          */
         certificateAuthorityArn?: string;
         /**
-         * When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a `CertificateAuthorityArn` in [ServerCertificateConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-servercertificateconfiguration.html) .
+         * When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a `CertificateAuthorityArn` in [ServerCertificateConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-networkfirewall-servercertificateconfiguration.html) .
          */
         checkCertificateRevocationStatus?: outputs.networkfirewall.TlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusProperties;
         /**
@@ -54857,7 +55235,7 @@ export declare namespace networkfirewall {
         serverCertificates?: outputs.networkfirewall.TlsInspectionConfigurationServerCertificate[];
     }
     /**
-     * When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a `CertificateAuthorityArn` in [ServerCertificateConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-servercertificateconfiguration.html) .
+     * When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a `CertificateAuthorityArn` in [ServerCertificateConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-networkfirewall-servercertificateconfiguration.html) .
      */
     interface TlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusProperties {
         revokedStatusAction?: enums.networkfirewall.TlsInspectionConfigurationRevokedStatusAction;
@@ -88743,19 +89121,6 @@ export declare namespace route53 {
          */
         type: enums.route53.HealthCheckConfigPropertiesType;
     }
-    /**
-     * A key-value pair to associate with a resource.
-     */
-    interface HealthCheckTag {
-        /**
-         * The key name of the tag.
-         */
-        key: string;
-        /**
-         * The value for the tag.
-         */
-        value: string;
-    }
     /**
      * A complex type that contains an optional comment about your hosted zone. If you don't want to specify a comment, omit both the ``HostedZoneConfig`` and ``Comment`` elements.
      */
@@ -91338,6 +91703,39 @@ export declare namespace sagemaker {
          */
         sageMakerImageVersionArn?: string;
     }
+    /**
+     * The details of the alarm to monitor during the AMI update.
+     */
+    interface ClusterAlarmDetails {
+        /**
+         * The name of the alarm.
+         */
+        alarmName: string;
+    }
+    /**
+     * The configuration of the size measurements of the AMI update. Using this configuration, you can specify whether SageMaker should update your instance group by an amount or percentage of instances.
+     */
+    interface ClusterCapacitySizeConfig {
+        /**
+         * Specifies whether SageMaker should process the update by amount or percentage of instances.
+         */
+        type: string;
+        /**
+         * Specifies the amount or percentage of instances SageMaker updates at a time.
+         */
+        value: number;
+    }
+    /**
+     * The configuration to use when updating the AMI versions.
+     */
+    interface ClusterDeploymentConfig {
+        autoRollbackConfiguration?: outputs.sagemaker.ClusterAlarmDetails[];
+        rollingUpdatePolicy?: outputs.sagemaker.ClusterRollingUpdatePolicy;
+        /**
+         * The duration in seconds that SageMaker waits before updating more instances in the cluster.
+         */
+        waitIntervalInSeconds?: number;
+    }
     /**
      * The configuration for the restricted instance groups (RIG) environment.
      */
@@ -91377,6 +91775,7 @@ export declare namespace sagemaker {
         lifeCycleConfig: outputs.sagemaker.ClusterLifeCycleConfig;
         onStartDeepHealthChecks?: enums.sagemaker.ClusterDeepHealthCheckType[];
         overrideVpcConfig?: outputs.sagemaker.ClusterVpcConfig;
+        scheduledUpdateConfig?: outputs.sagemaker.ClusterScheduledUpdateConfig;
         /**
          * The number you specified to TreadsPerCore in CreateCluster for enabling or disabling multithreading. For instance types that support multithreading, you can specify 1 for disabling multithreading and 2 for enabling multithreading.
          */
@@ -91450,6 +91849,23 @@ export declare namespace sagemaker {
          */
         trainingPlanArn?: string;
     }
+    /**
+     * The policy that SageMaker uses when updating the AMI versions of the cluster.
+     */
+    interface ClusterRollingUpdatePolicy {
+        maximumBatchSize: outputs.sagemaker.ClusterCapacitySizeConfig;
+        rollbackMaximumBatchSize?: outputs.sagemaker.ClusterCapacitySizeConfig;
+    }
+    /**
+     * The configuration object of the schedule that SageMaker follows when updating the AMI.
+     */
+    interface ClusterScheduledUpdateConfig {
+        deploymentConfig?: outputs.sagemaker.ClusterDeploymentConfig;
+        /**
+         * A cron expression that specifies the schedule that SageMaker follows when updating the AMI.
+         */
+        scheduleExpression: string;
+    }
     /**
      * Specifies an Amazon Virtual Private Cloud (VPC) that your SageMaker jobs, hosted models, and compute resources have access to. You can control access to and from your resources by configuring a VPC.
      */
@@ -99477,7 +99893,7 @@ export declare namespace ssmquicksetup {
          * - Description: (Required) A comma separated list of organizational units (OUs) you want to deploy the configuration to.
          * - `TargetRegions`
          *
-         * - Description: (Required) The AWS Regions to deploy the configuration to. For this type, the parameter only accepts a value of `AllRegions` .
+         * - Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.
          * - **DevOps Guru (Type: AWS QuickSetupType-DevOpsGuru)** - - `AnalyseAllResources`
          *
          * - Description: (Optional) A boolean value that determines whether DevOps Guru analyzes all AWS CloudFormation stacks in the account. The default value is " `false` ".
@@ -105453,13 +105869,31 @@ export declare namespace workspacesweb {
         include: enums.workspacesweb.SessionLoggerEvent[];
     }
     interface SessionLoggerLogConfiguration {
+        /**
+         * The configuration for delivering the logs to S3.
+         */
         s3?: outputs.workspacesweb.SessionLoggerS3LogConfiguration;
     }
     interface SessionLoggerS3LogConfiguration {
+        /**
+         * The S3 bucket name where logs are delivered.
+         */
         bucket: string;
+        /**
+         * The expected bucket owner of the target S3 bucket. The caller must have permissions to write to the target bucket.
+         */
         bucketOwner?: string;
+        /**
+         * The folder structure that defines the organizational structure for log files in S3.
+         */
         folderStructure: enums.workspacesweb.SessionLoggerFolderStructure;
+        /**
+         * The S3 path prefix that determines where log files are stored.
+         */
         keyPrefix?: string;
+        /**
+         * The format of the LogFile that is written to S3.
+         */
         logFileFormat: enums.workspacesweb.SessionLoggerLogFileFormat;
     }
     interface SessionLoggerUnit {