@pulumi/aws 5.26.0 → 5.27.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (123) hide show
  1. package/alb/loadBalancer.d.ts +12 -29
  2. package/alb/loadBalancer.js.map +1 -1
  3. package/amplify/app.d.ts +10 -0
  4. package/amplify/app.js +10 -0
  5. package/amplify/app.js.map +1 -1
  6. package/applicationloadbalancing/loadBalancer.d.ts +12 -29
  7. package/applicationloadbalancing/loadBalancer.js.map +1 -1
  8. package/appstream/imageBuilder.d.ts +1 -1
  9. package/appstream/imageBuilder.js +1 -1
  10. package/appsync/index.d.ts +3 -0
  11. package/appsync/index.js +6 -1
  12. package/appsync/index.js.map +1 -1
  13. package/appsync/resolver.d.ts +52 -6
  14. package/appsync/resolver.js +26 -0
  15. package/appsync/resolver.js.map +1 -1
  16. package/appsync/type.d.ts +127 -0
  17. package/appsync/type.js +99 -0
  18. package/appsync/type.js.map +1 -0
  19. package/autoscaling/getGroup.d.ts +4 -0
  20. package/autoscaling/getGroup.js.map +1 -1
  21. package/autoscaling/group.d.ts +12 -0
  22. package/autoscaling/group.js +2 -0
  23. package/autoscaling/group.js.map +1 -1
  24. package/autoscaling/schedule.d.ts +27 -39
  25. package/autoscaling/schedule.js.map +1 -1
  26. package/batch/jobDefinition.d.ts +7 -5
  27. package/batch/jobDefinition.js +4 -2
  28. package/batch/jobDefinition.js.map +1 -1
  29. package/cloudtrail/trail.d.ts +0 -42
  30. package/cloudtrail/trail.js +0 -42
  31. package/cloudtrail/trail.js.map +1 -1
  32. package/cloudwatch/eventTarget.d.ts +28 -22
  33. package/cloudwatch/eventTarget.js +25 -19
  34. package/cloudwatch/eventTarget.js.map +1 -1
  35. package/cloudwatch/getLogDataProtectionPolicyDocument.d.ts +164 -0
  36. package/cloudwatch/getLogDataProtectionPolicyDocument.js +134 -0
  37. package/cloudwatch/getLogDataProtectionPolicyDocument.js.map +1 -0
  38. package/cloudwatch/index.d.ts +3 -0
  39. package/cloudwatch/index.js +4 -1
  40. package/cloudwatch/index.js.map +1 -1
  41. package/directconnect/macsecKeyAssociation.d.ts +1 -1
  42. package/directconnect/macsecKeyAssociation.js +1 -1
  43. package/dms/s3endpoint.d.ts +12 -3
  44. package/dms/s3endpoint.js.map +1 -1
  45. package/ec2/getVpcIamPool.d.ts +3 -3
  46. package/ec2/launchConfiguration.d.ts +45 -86
  47. package/ec2/launchConfiguration.js +24 -32
  48. package/ec2/launchConfiguration.js.map +1 -1
  49. package/ec2transitgateway/index.d.ts +3 -0
  50. package/ec2transitgateway/index.js +6 -1
  51. package/ec2transitgateway/index.js.map +1 -1
  52. package/ec2transitgateway/instanceState.d.ts +118 -0
  53. package/ec2transitgateway/instanceState.js +105 -0
  54. package/ec2transitgateway/instanceState.js.map +1 -0
  55. package/ecs/service.d.ts +27 -0
  56. package/ecs/service.js +17 -0
  57. package/ecs/service.js.map +1 -1
  58. package/eks/nodeGroup.d.ts +3 -3
  59. package/elasticloadbalancingv2/loadBalancer.d.ts +12 -29
  60. package/elasticloadbalancingv2/loadBalancer.js.map +1 -1
  61. package/fsx/ontapStorageVirtualMachine.d.ts +2 -2
  62. package/glue/getCatalogTable.d.ts +157 -0
  63. package/glue/getCatalogTable.js +53 -0
  64. package/glue/getCatalogTable.js.map +1 -0
  65. package/glue/index.d.ts +3 -0
  66. package/glue/index.js +4 -1
  67. package/glue/index.js.map +1 -1
  68. package/glue/trigger.d.ts +3 -3
  69. package/lambda/getFunctions.d.ts +31 -0
  70. package/lambda/getFunctions.js +25 -0
  71. package/lambda/getFunctions.js.map +1 -0
  72. package/lambda/index.d.ts +2 -0
  73. package/lambda/index.js +3 -1
  74. package/lambda/index.js.map +1 -1
  75. package/lb/loadBalancer.d.ts +12 -29
  76. package/lb/loadBalancer.js.map +1 -1
  77. package/lightsail/bucket.d.ts +152 -0
  78. package/lightsail/bucket.js +90 -0
  79. package/lightsail/bucket.js.map +1 -0
  80. package/lightsail/database.d.ts +1 -1
  81. package/lightsail/database.js +0 -3
  82. package/lightsail/database.js.map +1 -1
  83. package/lightsail/index.d.ts +3 -0
  84. package/lightsail/index.js +6 -1
  85. package/lightsail/index.js.map +1 -1
  86. package/lightsail/instance.d.ts +38 -3
  87. package/lightsail/instance.js +26 -3
  88. package/lightsail/instance.js.map +1 -1
  89. package/package.json +2 -2
  90. package/package.json.dev +2 -2
  91. package/rds/getInstances.d.ts +77 -0
  92. package/rds/getInstances.js +56 -0
  93. package/rds/getInstances.js.map +1 -0
  94. package/rds/index.d.ts +3 -0
  95. package/rds/index.js +4 -1
  96. package/rds/index.js.map +1 -1
  97. package/rds/instance.d.ts +3 -3
  98. package/s3/accessPoint.d.ts +12 -0
  99. package/s3/accessPoint.js +2 -0
  100. package/s3/accessPoint.js.map +1 -1
  101. package/s3/bucketV2.d.ts +1 -1
  102. package/s3/bucketV2.js +1 -1
  103. package/s3control/getMultiRegionAccessPoint.d.ts +97 -0
  104. package/s3control/getMultiRegionAccessPoint.js +48 -0
  105. package/s3control/getMultiRegionAccessPoint.js.map +1 -0
  106. package/s3control/index.d.ts +3 -0
  107. package/s3control/index.js +4 -1
  108. package/s3control/index.js.map +1 -1
  109. package/sagemaker/domain.d.ts +29 -38
  110. package/sagemaker/domain.js +20 -20
  111. package/sagemaker/domain.js.map +1 -1
  112. package/ssoadmin/index.d.ts +3 -0
  113. package/ssoadmin/index.js +6 -1
  114. package/ssoadmin/index.js.map +1 -1
  115. package/ssoadmin/instanceAccessControlAttributes.d.ts +77 -0
  116. package/ssoadmin/instanceAccessControlAttributes.js +72 -0
  117. package/ssoadmin/instanceAccessControlAttributes.js.map +1 -0
  118. package/synthetics/canary.d.ts +3 -3
  119. package/types/enums/index.d.ts +7 -2
  120. package/types/enums/index.js +7 -2
  121. package/types/enums/index.js.map +1 -1
  122. package/types/input.d.ts +463 -29
  123. package/types/output.d.ts +585 -32
package/types/output.d.ts CHANGED
@@ -854,16 +854,16 @@ export declare namespace alb {
854
854
  }
855
855
  interface LoadBalancerSubnetMapping {
856
856
  /**
857
- * The allocation ID of the Elastic IP address.
857
+ * The allocation ID of the Elastic IP address for an internet-facing load balancer.
858
858
  */
859
859
  allocationId?: string;
860
860
  /**
861
- * An ipv6 address within the subnet to assign to the internet-facing load balancer.
861
+ * The IPv6 address. You associate IPv6 CIDR blocks with your VPC and choose the subnets where you launch both internet-facing and internal Application Load Balancers or Network Load Balancers.
862
862
  */
863
863
  ipv6Address?: string;
864
864
  outpostId: string;
865
865
  /**
866
- * A private ipv4 address within the subnet to assign to the internal-facing load balancer.
866
+ * The private IPv4 address for an internal load balancer.
867
867
  */
868
868
  privateIpv4Address?: string;
869
869
  /**
@@ -1377,31 +1377,31 @@ export declare namespace apigatewayv2 {
1377
1377
  */
1378
1378
  destinationArn: string;
1379
1379
  /**
1380
- * Single line [format](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html#apigateway-cloudwatch-log-formats) of the access logs of data, as specified by [selected $context variables](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-logging.html).
1380
+ * Single line [format](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html#apigateway-cloudwatch-log-formats) of the access logs of data. Refer to log settings for [HTTP](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-logging-variables.html) or [Websocket](https://docs.aws.amazon.com/apigateway/latest/developerguide/websocket-api-logging.html).
1381
1381
  */
1382
1382
  format: string;
1383
1383
  }
1384
1384
  interface StageDefaultRouteSettings {
1385
1385
  /**
1386
- * Whether data trace logging is enabled for the default route. Affects the log entries pushed to Amazon CloudWatch Logs.
1386
+ * Whether data trace logging is enabled for the route. Affects the log entries pushed to Amazon CloudWatch Logs.
1387
1387
  * Defaults to `false`. Supported only for WebSocket APIs.
1388
1388
  */
1389
1389
  dataTraceEnabled?: boolean;
1390
1390
  /**
1391
- * Whether detailed metrics are enabled for the default route. Defaults to `false`.
1391
+ * Whether detailed metrics are enabled for the route. Defaults to `false`.
1392
1392
  */
1393
1393
  detailedMetricsEnabled?: boolean;
1394
1394
  /**
1395
- * Logging level for the default route. Affects the log entries pushed to Amazon CloudWatch Logs.
1395
+ * Logging level for the route. Affects the log entries pushed to Amazon CloudWatch Logs.
1396
1396
  * Valid values: `ERROR`, `INFO`, `OFF`. Defaults to `OFF`. Supported only for WebSocket APIs. This provider will only perform drift detection of its value when present in a configuration.
1397
1397
  */
1398
1398
  loggingLevel: string;
1399
1399
  /**
1400
- * Throttling burst limit for the default route.
1400
+ * Throttling burst limit for the route.
1401
1401
  */
1402
1402
  throttlingBurstLimit?: number;
1403
1403
  /**
1404
- * Throttling rate limit for the default route.
1404
+ * Throttling rate limit for the route.
1405
1405
  */
1406
1406
  throttlingRateLimit?: number;
1407
1407
  }
@@ -2268,6 +2268,18 @@ export declare namespace appflow {
2268
2268
  * The bucket path that refers to the Amazon S3 bucket associated with Snowflake.
2269
2269
  */
2270
2270
  bucketPrefix?: string;
2271
+ /**
2272
+ * The unique ID that's assigned to an Amazon Redshift cluster.
2273
+ */
2274
+ clusterIdentifier?: string;
2275
+ /**
2276
+ * ARN of the IAM role that permits AppFlow to access the database through Data API.
2277
+ */
2278
+ dataApiRoleArn?: string;
2279
+ /**
2280
+ * The name of an Amazon Redshift database.
2281
+ */
2282
+ databaseName?: string;
2271
2283
  /**
2272
2284
  * The JDBC URL of the Amazon Redshift cluster.
2273
2285
  */
@@ -3767,16 +3779,16 @@ export declare namespace applicationloadbalancing {
3767
3779
  }
3768
3780
  interface LoadBalancerSubnetMapping {
3769
3781
  /**
3770
- * The allocation ID of the Elastic IP address.
3782
+ * The allocation ID of the Elastic IP address for an internet-facing load balancer.
3771
3783
  */
3772
3784
  allocationId?: string;
3773
3785
  /**
3774
- * An ipv6 address within the subnet to assign to the internet-facing load balancer.
3786
+ * The IPv6 address. You associate IPv6 CIDR blocks with your VPC and choose the subnets where you launch both internet-facing and internal Application Load Balancers or Network Load Balancers.
3775
3787
  */
3776
3788
  ipv6Address?: string;
3777
3789
  outpostId: string;
3778
3790
  /**
3779
- * A private ipv4 address within the subnet to assign to the internal-facing load balancer.
3791
+ * The private IPv4 address for an internal load balancer.
3780
3792
  */
3781
3793
  privateIpv4Address?: string;
3782
3794
  /**
@@ -6342,20 +6354,30 @@ export declare namespace appsync {
6342
6354
  }
6343
6355
  interface ResolverCachingConfig {
6344
6356
  /**
6345
- * List of caching key.
6357
+ * The caching keys for a resolver that has caching activated. Valid values are entries from the $context.arguments, $context.source, and $context.identity maps.
6346
6358
  */
6347
6359
  cachingKeys?: string[];
6348
6360
  /**
6349
- * TTL in seconds.
6361
+ * The TTL in seconds for a resolver that has caching activated. Valid values are between `1` and `3600` seconds.
6350
6362
  */
6351
6363
  ttl?: number;
6352
6364
  }
6353
6365
  interface ResolverPipelineConfig {
6354
6366
  /**
6355
- * List of Function ID.
6367
+ * A list of Function objects.
6356
6368
  */
6357
6369
  functions?: string[];
6358
6370
  }
6371
+ interface ResolverRuntime {
6372
+ /**
6373
+ * The name of the runtime to use. Currently, the only allowed value is `APPSYNC_JS`.
6374
+ */
6375
+ name: string;
6376
+ /**
6377
+ * The version of the runtime to use. Currently, the only allowed version is `1.0.0`.
6378
+ */
6379
+ runtimeVersion: string;
6380
+ }
6359
6381
  interface ResolverSyncConfig {
6360
6382
  /**
6361
6383
  * Conflict Detection strategy to use. Valid values are `NONE` and `VERSION`.
@@ -6407,6 +6429,10 @@ export declare namespace athena {
6407
6429
  * Configuration block for the Athena Engine Versioning. For more information, see [Athena Engine Versioning](https://docs.aws.amazon.com/athena/latest/ug/engine-versions.html). See Engine Version below.
6408
6430
  */
6409
6431
  engineVersion?: outputs.athena.WorkgroupConfigurationEngineVersion;
6432
+ /**
6433
+ * Role used in a notebook session for accessing the user's resources.
6434
+ */
6435
+ executionRole?: string;
6410
6436
  /**
6411
6437
  * Boolean whether Amazon CloudWatch metrics are enabled for the workgroup. Defaults to `true`.
6412
6438
  */
@@ -10041,7 +10067,7 @@ export declare namespace cloudwatch {
10041
10067
  */
10042
10068
  launchType?: string;
10043
10069
  /**
10044
- * Use this if the ECS task uses the awsvpc network mode. This specifies the VPC subnets and security groups associated with the task, and whether a public IP address is to be used. Required if launchType is FARGATE because the awsvpc mode is required for Fargate tasks.
10070
+ * Use this if the ECS task uses the awsvpc network mode. This specifies the VPC subnets and security groups associated with the task, and whether a public IP address is to be used. Required if `launchType` is `FARGATE` because the awsvpc mode is required for Fargate tasks.
10045
10071
  */
10046
10072
  networkConfiguration?: outputs.cloudwatch.EventTargetEcsTargetNetworkConfiguration;
10047
10073
  /**
@@ -10049,7 +10075,7 @@ export declare namespace cloudwatch {
10049
10075
  */
10050
10076
  placementConstraints?: outputs.cloudwatch.EventTargetEcsTargetPlacementConstraint[];
10051
10077
  /**
10052
- * Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as 1.1.0. This is used only if LaunchType is FARGATE. For more information about valid platform versions, see [AWS Fargate Platform Versions](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html).
10078
+ * Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as `1.1.0`. This is used only if LaunchType is FARGATE. For more information about valid platform versions, see [AWS Fargate Platform Versions](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html).
10053
10079
  */
10054
10080
  platformVersion?: string;
10055
10081
  /**
@@ -10063,7 +10089,7 @@ export declare namespace cloudwatch {
10063
10089
  [key: string]: string;
10064
10090
  };
10065
10091
  /**
10066
- * The number of tasks to create based on the TaskDefinition. The default is 1.
10092
+ * The number of tasks to create based on the TaskDefinition. Defaults to `1`.
10067
10093
  */
10068
10094
  taskCount?: number;
10069
10095
  /**
@@ -10073,7 +10099,7 @@ export declare namespace cloudwatch {
10073
10099
  }
10074
10100
  interface EventTargetEcsTargetCapacityProviderStrategy {
10075
10101
  /**
10076
- * The base value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. If no value is specified, the default value of 0 is used.
10102
+ * The base value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. Defaults to `0`.
10077
10103
  */
10078
10104
  base?: number;
10079
10105
  /**
@@ -10087,7 +10113,7 @@ export declare namespace cloudwatch {
10087
10113
  }
10088
10114
  interface EventTargetEcsTargetNetworkConfiguration {
10089
10115
  /**
10090
- * Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false`.
10116
+ * Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Defaults to `false`.
10091
10117
  */
10092
10118
  assignPublicIp?: boolean;
10093
10119
  /**
@@ -10200,6 +10226,76 @@ export declare namespace cloudwatch {
10200
10226
  */
10201
10227
  messageGroupId?: string;
10202
10228
  }
10229
+ interface GetLogDataProtectionPolicyDocumentStatement {
10230
+ /**
10231
+ * Set of at least 1 sensitive data identifiers that you want to mask. Read more in [Types of data that you can protect](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/protect-sensitive-log-data-types.html).
10232
+ */
10233
+ dataIdentifiers: string[];
10234
+ /**
10235
+ * Configures the data protection operation applied by this statement.
10236
+ */
10237
+ operation: outputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperation;
10238
+ /**
10239
+ * Name of this statement.
10240
+ */
10241
+ sid?: string;
10242
+ }
10243
+ interface GetLogDataProtectionPolicyDocumentStatementOperation {
10244
+ /**
10245
+ * Configures the detection of sensitive data.
10246
+ */
10247
+ audit?: outputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAudit;
10248
+ /**
10249
+ * Configures the masking of sensitive data.
10250
+ */
10251
+ deidentify?: outputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationDeidentify;
10252
+ }
10253
+ interface GetLogDataProtectionPolicyDocumentStatementOperationAudit {
10254
+ /**
10255
+ * Configures destinations to send audit findings to.
10256
+ */
10257
+ findingsDestination: outputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestination;
10258
+ }
10259
+ interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestination {
10260
+ /**
10261
+ * Configures CloudWatch Logs as a findings destination.
10262
+ */
10263
+ cloudwatchLogs?: outputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationCloudwatchLogs;
10264
+ /**
10265
+ * Configures Kinesis Firehose as a findings destination.
10266
+ */
10267
+ firehose?: outputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationFirehose;
10268
+ /**
10269
+ * Configures S3 as a findings destination.
10270
+ */
10271
+ s3?: outputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationS3;
10272
+ }
10273
+ interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationCloudwatchLogs {
10274
+ /**
10275
+ * Name of the CloudWatch Log Group to send findings to.
10276
+ */
10277
+ logGroup: string;
10278
+ }
10279
+ interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationFirehose {
10280
+ /**
10281
+ * Name of the Kinesis Firehose Delivery Stream to send findings to.
10282
+ */
10283
+ deliveryStream: string;
10284
+ }
10285
+ interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationS3 {
10286
+ /**
10287
+ * Name of the S3 Bucket to send findings to.
10288
+ */
10289
+ bucket: string;
10290
+ }
10291
+ interface GetLogDataProtectionPolicyDocumentStatementOperationDeidentify {
10292
+ /**
10293
+ * An empty object that configures masking.
10294
+ */
10295
+ maskConfig: outputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyMaskConfig;
10296
+ }
10297
+ interface GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyMaskConfig {
10298
+ }
10203
10299
  interface LogMetricFilterMetricTransformation {
10204
10300
  /**
10205
10301
  * The value to emit when a filter pattern does not match a log event. Conflicts with `dimensions`.
@@ -15203,7 +15299,7 @@ export declare namespace dms {
15203
15299
  */
15204
15300
  cdcMaxBatchInterval?: number;
15205
15301
  /**
15206
- * Minimum file size, defined in megabytes, to reach for a file output. Default is `32`.
15302
+ * Minimum file size condition as defined in kilobytes to output a file to Amazon S3. Default is `32000`. **NOTE:** Previously, this setting was measured in megabytes but now represents kilobytes. Update configurations accordingly.
15207
15303
  */
15208
15304
  cdcMinFileSize?: number;
15209
15305
  /**
@@ -15273,6 +15369,10 @@ export declare namespace dms {
15273
15369
  /**
15274
15370
  * When this value is set to `1`, DMS ignores the first row header in a .csv file. Default is `0`.
15275
15371
  */
15372
+ ignoreHeaderRows?: number;
15373
+ /**
15374
+ * Deprecated. This setting has no effect. Will be removed in a future version.
15375
+ */
15276
15376
  ignoreHeadersRow?: number;
15277
15377
  /**
15278
15378
  * Whether to enable a full load to write INSERT operations to the .csv output files only to indicate how the rows were added to the source database. Default is `false`.
@@ -18083,11 +18183,23 @@ export declare namespace ec2 {
18083
18183
  state: string;
18084
18184
  }
18085
18185
  interface GetVpcIamPoolFilter {
18186
+ /**
18187
+ * The name of the filter. Filter names are case-sensitive.
18188
+ */
18086
18189
  name: string;
18190
+ /**
18191
+ * The filter values. Filter values are case-sensitive.
18192
+ */
18087
18193
  values: string[];
18088
18194
  }
18089
18195
  interface GetVpcIamPoolsFilter {
18196
+ /**
18197
+ * The name of the filter. Filter names are case-sensitive.
18198
+ */
18090
18199
  name: string;
18200
+ /**
18201
+ * The filter values. Filter values are case-sensitive.
18202
+ */
18091
18203
  values: string[];
18092
18204
  }
18093
18205
  interface GetVpcIamPoolsIpamPool {
@@ -18096,7 +18208,7 @@ export declare namespace ec2 {
18096
18208
  */
18097
18209
  addressFamily: string;
18098
18210
  /**
18099
- * A default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.
18211
+ * A default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is `10.0.0.0/8` and you enter 16 here, new allocations will default to `10.0.0.0/16`.
18100
18212
  */
18101
18213
  allocationDefaultNetmaskLength: number;
18102
18214
  /**
@@ -18122,7 +18234,7 @@ export declare namespace ec2 {
18122
18234
  */
18123
18235
  autoImport: boolean;
18124
18236
  /**
18125
- * Limits which service in AWS that the pool can be used in. "ec2", for example, allows users to use space for Elastic IP addresses and VPCs.
18237
+ * Limits which service in AWS that the pool can be used in. `ec2` for example, allows users to use space for Elastic IP addresses and VPCs.
18126
18238
  */
18127
18239
  awsService: string;
18128
18240
  /**
@@ -18145,7 +18257,7 @@ export declare namespace ec2 {
18145
18257
  locale: string;
18146
18258
  poolDepth: number;
18147
18259
  /**
18148
- * Defines whether or not IPv6 pool space is publicly advertisable over the internet.
18260
+ * Defines whether or not IPv6 pool space is publicly advertisable over the internet.
18149
18261
  */
18150
18262
  publiclyAdvertisable: boolean;
18151
18263
  /**
@@ -21233,6 +21345,17 @@ export declare namespace ecs {
21233
21345
  name: string;
21234
21346
  value: string;
21235
21347
  }
21348
+ interface ServiceAlarms {
21349
+ alarmNames: string[];
21350
+ /**
21351
+ * Determines whether to use the CloudWatch alarm option in the service deployment process.
21352
+ */
21353
+ enable: boolean;
21354
+ /**
21355
+ * Determines whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is used, when a service deployment fails, the service is rolled back to the last deployment that completed successfully.
21356
+ */
21357
+ rollback: boolean;
21358
+ }
21236
21359
  interface ServiceCapacityProviderStrategy {
21237
21360
  /**
21238
21361
  * Number of tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined.
@@ -22056,7 +22179,7 @@ export declare namespace eks {
22056
22179
  }
22057
22180
  interface NodeGroupRemoteAccess {
22058
22181
  /**
22059
- * EC2 Key Pair name that provides access for SSH communication with the worker nodes in the EKS Node Group. If you specify this configuration, but do not specify `sourceSecurityGroupIds` when you create an EKS Node Group, port 22 on the worker nodes is opened to the Internet (0.0.0.0/0).
22182
+ * EC2 Key Pair name that provides access for remote communication with the worker nodes in the EKS Node Group. If you specify this configuration, but do not specify `sourceSecurityGroupIds` when you create an EKS Node Group, either port 3389 for Windows, or port 22 for all other operating systems is opened on the worker nodes to the Internet (0.0.0.0/0). For Windows nodes, this will allow you to use RDP, for all others this allows you to SSH into the worker nodes.
22060
22183
  */
22061
22184
  ec2SshKey?: string;
22062
22185
  /**
@@ -22958,16 +23081,16 @@ export declare namespace elasticloadbalancingv2 {
22958
23081
  }
22959
23082
  interface LoadBalancerSubnetMapping {
22960
23083
  /**
22961
- * The allocation ID of the Elastic IP address.
23084
+ * The allocation ID of the Elastic IP address for an internet-facing load balancer.
22962
23085
  */
22963
23086
  allocationId?: string;
22964
23087
  /**
22965
- * An ipv6 address within the subnet to assign to the internet-facing load balancer.
23088
+ * The IPv6 address. You associate IPv6 CIDR blocks with your VPC and choose the subnets where you launch both internet-facing and internal Application Load Balancers or Network Load Balancers.
22966
23089
  */
22967
23090
  ipv6Address?: string;
22968
23091
  outpostId: string;
22969
23092
  /**
22970
- * A private ipv4 address within the subnet to assign to the internal-facing load balancer.
23093
+ * The private IPv4 address for an internal load balancer.
22971
23094
  */
22972
23095
  privateIpv4Address?: string;
22973
23096
  /**
@@ -25892,6 +26015,191 @@ export declare namespace glue {
25892
26015
  */
25893
26016
  sseAwsKmsKeyId?: string;
25894
26017
  }
26018
+ interface GetCatalogTablePartitionIndex {
26019
+ /**
26020
+ * Name of the partition index.
26021
+ */
26022
+ indexName: string;
26023
+ indexStatus: string;
26024
+ /**
26025
+ * Keys for the partition index.
26026
+ */
26027
+ keys: string[];
26028
+ }
26029
+ interface GetCatalogTablePartitionKey {
26030
+ /**
26031
+ * Free-form text comment.
26032
+ */
26033
+ comment: string;
26034
+ /**
26035
+ * Name of the table.
26036
+ */
26037
+ name: string;
26038
+ /**
26039
+ * Datatype of data in the Column.
26040
+ */
26041
+ type: string;
26042
+ }
26043
+ interface GetCatalogTableStorageDescriptor {
26044
+ /**
26045
+ * List of reducer grouping columns, clustering columns, and bucketing columns in the table.
26046
+ */
26047
+ bucketColumns: string[];
26048
+ /**
26049
+ * Configuration block for columns in the table. See `columns` below.
26050
+ */
26051
+ columns: outputs.glue.GetCatalogTableStorageDescriptorColumn[];
26052
+ /**
26053
+ * Whether the data in the table is compressed.
26054
+ */
26055
+ compressed: boolean;
26056
+ /**
26057
+ * Input format: SequenceFileInputFormat (binary), or TextInputFormat, or a custom format.
26058
+ */
26059
+ inputFormat: string;
26060
+ /**
26061
+ * Physical location of the table. By default, this takes the form of the warehouse location, followed by the database location in the warehouse, followed by the table name.
26062
+ */
26063
+ location: string;
26064
+ /**
26065
+ * Is if the table contains any dimension columns.
26066
+ */
26067
+ numberOfBuckets: number;
26068
+ /**
26069
+ * Output format: SequenceFileOutputFormat (binary), or IgnoreKeyTextOutputFormat, or a custom format.
26070
+ */
26071
+ outputFormat: string;
26072
+ /**
26073
+ * Map of initialization parameters for the SerDe, in key-value form.
26074
+ */
26075
+ parameters: {
26076
+ [key: string]: string;
26077
+ };
26078
+ /**
26079
+ * Object that references a schema stored in the AWS Glue Schema Registry. See `schemaReference` below.
26080
+ */
26081
+ schemaReferences: outputs.glue.GetCatalogTableStorageDescriptorSchemaReference[];
26082
+ /**
26083
+ * Configuration block for serialization and deserialization ("SerDe") information. See `serDeInfo` below.
26084
+ */
26085
+ serDeInfos: outputs.glue.GetCatalogTableStorageDescriptorSerDeInfo[];
26086
+ /**
26087
+ * Configuration block with information about values that appear very frequently in a column (skewed values). See `skewedInfo` below.
26088
+ */
26089
+ skewedInfos: outputs.glue.GetCatalogTableStorageDescriptorSkewedInfo[];
26090
+ /**
26091
+ * Configuration block for the sort order of each bucket in the table. See `sortColumns` below.
26092
+ */
26093
+ sortColumns: outputs.glue.GetCatalogTableStorageDescriptorSortColumn[];
26094
+ /**
26095
+ * Whether the table data is stored in subdirectories.
26096
+ */
26097
+ storedAsSubDirectories: boolean;
26098
+ }
26099
+ interface GetCatalogTableStorageDescriptorColumn {
26100
+ /**
26101
+ * Free-form text comment.
26102
+ */
26103
+ comment: string;
26104
+ /**
26105
+ * Name of the table.
26106
+ */
26107
+ name: string;
26108
+ /**
26109
+ * Map of initialization parameters for the SerDe, in key-value form.
26110
+ */
26111
+ parameters: {
26112
+ [key: string]: string;
26113
+ };
26114
+ /**
26115
+ * Datatype of data in the Column.
26116
+ */
26117
+ type: string;
26118
+ }
26119
+ interface GetCatalogTableStorageDescriptorSchemaReference {
26120
+ /**
26121
+ * Configuration block that contains schema identity fields. See `schemaId` below.
26122
+ */
26123
+ schemaIds: outputs.glue.GetCatalogTableStorageDescriptorSchemaReferenceSchemaId[];
26124
+ /**
26125
+ * Unique ID assigned to a version of the schema.
26126
+ */
26127
+ schemaVersionId: string;
26128
+ /**
26129
+ * Version number of the schema.
26130
+ */
26131
+ schemaVersionNumber: number;
26132
+ }
26133
+ interface GetCatalogTableStorageDescriptorSchemaReferenceSchemaId {
26134
+ /**
26135
+ * Name of the schema registry that contains the schema.
26136
+ */
26137
+ registryName: string;
26138
+ /**
26139
+ * ARN of the schema.
26140
+ */
26141
+ schemaArn: string;
26142
+ /**
26143
+ * Name of the schema.
26144
+ */
26145
+ schemaName: string;
26146
+ }
26147
+ interface GetCatalogTableStorageDescriptorSerDeInfo {
26148
+ /**
26149
+ * Name of the table.
26150
+ */
26151
+ name: string;
26152
+ /**
26153
+ * Map of initialization parameters for the SerDe, in key-value form.
26154
+ */
26155
+ parameters: {
26156
+ [key: string]: string;
26157
+ };
26158
+ /**
26159
+ * Usually the class that implements the SerDe. An example is `org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe`.
26160
+ */
26161
+ serializationLibrary: string;
26162
+ }
26163
+ interface GetCatalogTableStorageDescriptorSkewedInfo {
26164
+ /**
26165
+ * List of names of columns that contain skewed values.
26166
+ */
26167
+ skewedColumnNames: string[];
26168
+ /**
26169
+ * List of values that appear so frequently as to be considered skewed.
26170
+ */
26171
+ skewedColumnValueLocationMaps: {
26172
+ [key: string]: string;
26173
+ };
26174
+ /**
26175
+ * Map of skewed values to the columns that contain them.
26176
+ */
26177
+ skewedColumnValues: string[];
26178
+ }
26179
+ interface GetCatalogTableStorageDescriptorSortColumn {
26180
+ /**
26181
+ * Name of the column.
26182
+ */
26183
+ column: string;
26184
+ /**
26185
+ * Whether the column is sorted in ascending (`1`) or descending order (`0`).
26186
+ */
26187
+ sortOrder: number;
26188
+ }
26189
+ interface GetCatalogTableTargetTable {
26190
+ /**
26191
+ * ID of the Glue Catalog and database where the table metadata resides. If omitted, this defaults to the current AWS Account ID.
26192
+ */
26193
+ catalogId: string;
26194
+ /**
26195
+ * Name of the metadata database where the table metadata resides.
26196
+ */
26197
+ databaseName: string;
26198
+ /**
26199
+ * Name of the table.
26200
+ */
26201
+ name: string;
26202
+ }
25895
26203
  interface GetConnectionPhysicalConnectionRequirement {
25896
26204
  availabilityZone: string;
25897
26205
  securityGroupIdLists: string[];
@@ -27842,6 +28150,9 @@ export declare namespace iot {
27842
28150
  * The version of the payload that was sent to the target function. The only valid (and the default) payload version is `"2020-04-01"`.
27843
28151
  */
27844
28152
  payloadVersion?: string;
28153
+ /**
28154
+ * The ARN of the target function.
28155
+ */
27845
28156
  targetArn: string;
27846
28157
  }
27847
28158
  interface ThingGroupMetadata {
@@ -31306,10 +31617,18 @@ export declare namespace kms {
31306
31617
  context?: {
31307
31618
  [key: string]: string;
31308
31619
  };
31620
+ /**
31621
+ * The encryption algorithm that will be used to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. Valid Values: SYMMETRIC_DEFAULT | RSAES_OAEP_SHA_1 | RSAES_OAEP_SHA_256 | SM2PKE
31622
+ */
31623
+ encryptionAlgorithm?: string;
31309
31624
  /**
31310
31625
  * An optional list of Grant Tokens for the secret.
31311
31626
  */
31312
31627
  grantTokens?: string[];
31628
+ /**
31629
+ * Specifies the KMS key that AWS KMS uses to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.
31630
+ */
31631
+ keyId?: string;
31313
31632
  /**
31314
31633
  * Name to export this secret under in the attributes.
31315
31634
  */
@@ -32443,16 +32762,16 @@ export declare namespace lb {
32443
32762
  }
32444
32763
  interface LoadBalancerSubnetMapping {
32445
32764
  /**
32446
- * The allocation ID of the Elastic IP address.
32765
+ * The allocation ID of the Elastic IP address for an internet-facing load balancer.
32447
32766
  */
32448
32767
  allocationId?: string;
32449
32768
  /**
32450
- * An ipv6 address within the subnet to assign to the internet-facing load balancer.
32769
+ * The IPv6 address. You associate IPv6 CIDR blocks with your VPC and choose the subnets where you launch both internet-facing and internal Application Load Balancers or Network Load Balancers.
32451
32770
  */
32452
32771
  ipv6Address?: string;
32453
32772
  outpostId: string;
32454
32773
  /**
32455
- * A private ipv4 address within the subnet to assign to the internal-facing load balancer.
32774
+ * The private IPv4 address for an internal load balancer.
32456
32775
  */
32457
32776
  privateIpv4Address?: string;
32458
32777
  /**
@@ -33024,7 +33343,25 @@ export declare namespace lightsail {
33024
33343
  certificateName: string;
33025
33344
  domainNames: string[];
33026
33345
  }
33346
+ interface InstanceAddOn {
33347
+ /**
33348
+ * The daily time when an automatic snapshot will be created. Must be in HH:00 format, and in an hourly increment and specified in Coordinated Universal Time (UTC). The snapshot will be automatically created between the time specified and up to 45 minutes after.
33349
+ */
33350
+ snapshotTime: string;
33351
+ /**
33352
+ * The status of the add on. Valid Values: `Enabled`, `Disabled`.
33353
+ */
33354
+ status: string;
33355
+ /**
33356
+ * The add-on type. There is currently only one valid type `AutoSnapshot`.
33357
+ */
33358
+ type: string;
33359
+ }
33027
33360
  interface InstancePublicPortsPortInfo {
33361
+ /**
33362
+ * Set of CIDR aliases that define access for a preconfigured range of IP addresses.
33363
+ */
33364
+ cidrListAliases: string[];
33028
33365
  /**
33029
33366
  * Set of CIDR blocks.
33030
33367
  */
@@ -39234,6 +39571,16 @@ export declare namespace rds {
39234
39571
  name: string;
39235
39572
  values: string[];
39236
39573
  }
39574
+ interface GetInstancesFilter {
39575
+ /**
39576
+ * Name of the filter field. Valid values can be found in the [RDS DescribeDBClusters API Reference](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html).
39577
+ */
39578
+ name: string;
39579
+ /**
39580
+ * Set of values that are accepted for the given filter field. Results will be selected if any given value matches.
39581
+ */
39582
+ values: string[];
39583
+ }
39237
39584
  interface GetProxyAuth {
39238
39585
  authScheme: string;
39239
39586
  description: string;
@@ -41109,7 +41456,7 @@ export declare namespace s3 {
41109
41456
  */
41110
41457
  account?: string;
41111
41458
  /**
41112
- * The name of the S3 bucket where you want Amazon S3 to store replicas of the objects identified by the rule.
41459
+ * The Amazon Resource Name (ARN) of the bucket where you want Amazon S3 to store the results.
41113
41460
  */
41114
41461
  bucket: string;
41115
41462
  /**
@@ -41998,6 +42345,40 @@ export declare namespace s3control {
41998
42345
  [key: string]: string;
41999
42346
  };
42000
42347
  }
42348
+ interface GetMultiRegionAccessPointPublicAccessBlock {
42349
+ /**
42350
+ * Specifies whether Amazon S3 should block public access control lists (ACLs). When set to `true` causes the following behavior:
42351
+ * * PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
42352
+ * * PUT Object calls fail if the request includes a public ACL.
42353
+ * * PUT Bucket calls fail if the request includes a public ACL.
42354
+ */
42355
+ blockPublicAcls: boolean;
42356
+ /**
42357
+ * Specifies whether Amazon S3 should block public bucket policies for buckets in this account. When set to `true` causes Amazon S3 to:
42358
+ * * Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
42359
+ */
42360
+ blockPublicPolicy: boolean;
42361
+ /**
42362
+ * Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. When set to `true` causes Amazon S3 to:
42363
+ * * Ignore all public ACLs on buckets in this account and any objects that they contain.
42364
+ */
42365
+ ignorePublicAcls: boolean;
42366
+ /**
42367
+ * Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account. When set to `true`:
42368
+ * * Only the bucket owner and AWS Services can access buckets with public policies.
42369
+ */
42370
+ restrictPublicBuckets: boolean;
42371
+ }
42372
+ interface GetMultiRegionAccessPointRegion {
42373
+ /**
42374
+ * The name of the bucket.
42375
+ */
42376
+ bucket: string;
42377
+ /**
42378
+ * The name of the region.
42379
+ */
42380
+ region: string;
42381
+ }
42001
42382
  interface MultiRegionAccessPointDetails {
42002
42383
  name: string;
42003
42384
  publicAccessBlock?: outputs.s3control.MultiRegionAccessPointDetailsPublicAccessBlock;
@@ -42097,10 +42478,22 @@ export declare namespace s3control {
42097
42478
  * S3 Storage Lens activity metrics. See Activity Metrics below for more details.
42098
42479
  */
42099
42480
  activityMetrics?: outputs.s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelActivityMetrics;
42481
+ /**
42482
+ * Advanced cost-optimization metrics for S3 Storage Lens. See Advanced Cost-Optimization Metrics below for more details.
42483
+ */
42484
+ advancedCostOptimizationMetrics?: outputs.s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelAdvancedCostOptimizationMetrics;
42485
+ /**
42486
+ * Advanced data-protection metrics for S3 Storage Lens. See Advanced Data-Protection Metrics below for more details.
42487
+ */
42488
+ advancedDataProtectionMetrics?: outputs.s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelAdvancedDataProtectionMetrics;
42100
42489
  /**
42101
42490
  * S3 Storage Lens bucket-level configuration. See Bucket Level below for more details.
42102
42491
  */
42103
42492
  bucketLevel: outputs.s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevel;
42493
+ /**
42494
+ * Detailed status code metrics for S3 Storage Lens. See Detailed Status Code Metrics below for more details.
42495
+ */
42496
+ detailedStatusCodeMetrics?: outputs.s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelDetailedStatusCodeMetrics;
42104
42497
  }
42105
42498
  interface StorageLensConfigurationStorageLensConfigurationAccountLevelActivityMetrics {
42106
42499
  /**
@@ -42108,11 +42501,35 @@ export declare namespace s3control {
42108
42501
  */
42109
42502
  enabled?: boolean;
42110
42503
  }
42504
+ interface StorageLensConfigurationStorageLensConfigurationAccountLevelAdvancedCostOptimizationMetrics {
42505
+ /**
42506
+ * Whether advanced cost-optimization metrics are enabled.
42507
+ */
42508
+ enabled?: boolean;
42509
+ }
42510
+ interface StorageLensConfigurationStorageLensConfigurationAccountLevelAdvancedDataProtectionMetrics {
42511
+ /**
42512
+ * Whether advanced data-protection metrics are enabled.
42513
+ */
42514
+ enabled?: boolean;
42515
+ }
42111
42516
  interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevel {
42112
42517
  /**
42113
42518
  * S3 Storage Lens activity metrics. See Activity Metrics above for more details.
42114
42519
  */
42115
42520
  activityMetrics?: outputs.s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelActivityMetrics;
42521
+ /**
42522
+ * Advanced cost-optimization metrics for S3 Storage Lens. See Advanced Cost-Optimization Metrics above for more details.
42523
+ */
42524
+ advancedCostOptimizationMetrics?: outputs.s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelAdvancedCostOptimizationMetrics;
42525
+ /**
42526
+ * Advanced data-protection metrics for S3 Storage Lens. See Advanced Data-Protection Metrics above for more details.
42527
+ */
42528
+ advancedDataProtectionMetrics?: outputs.s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelAdvancedDataProtectionMetrics;
42529
+ /**
42530
+ * Detailed status code metrics for S3 Storage Lens. See Detailed Status Code Metrics above for more details.
42531
+ */
42532
+ detailedStatusCodeMetrics?: outputs.s3control.StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelDetailedStatusCodeMetrics;
42116
42533
  /**
42117
42534
  * Prefix-level metrics for S3 Storage Lens. See Prefix Level below for more details.
42118
42535
  */
@@ -42124,6 +42541,24 @@ export declare namespace s3control {
42124
42541
  */
42125
42542
  enabled?: boolean;
42126
42543
  }
42544
+ interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelAdvancedCostOptimizationMetrics {
42545
+ /**
42546
+ * Whether advanced cost-optimization metrics are enabled.
42547
+ */
42548
+ enabled?: boolean;
42549
+ }
42550
+ interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelAdvancedDataProtectionMetrics {
42551
+ /**
42552
+ * Whether advanced data-protection metrics are enabled.
42553
+ */
42554
+ enabled?: boolean;
42555
+ }
42556
+ interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelDetailedStatusCodeMetrics {
42557
+ /**
42558
+ * Whether detailed status code metrics are enabled.
42559
+ */
42560
+ enabled?: boolean;
42561
+ }
42127
42562
  interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelPrefixLevel {
42128
42563
  /**
42129
42564
  * Prefix-level storage metrics for S3 Storage Lens. See Prefix Level Storage Metrics below for more details.
@@ -42154,6 +42589,12 @@ export declare namespace s3control {
42154
42589
  */
42155
42590
  minStorageBytesPercentage?: number;
42156
42591
  }
42592
+ interface StorageLensConfigurationStorageLensConfigurationAccountLevelDetailedStatusCodeMetrics {
42593
+ /**
42594
+ * Whether detailed status code metrics are enabled.
42595
+ */
42596
+ enabled?: boolean;
42597
+ }
42157
42598
  interface StorageLensConfigurationStorageLensConfigurationAwsOrg {
42158
42599
  /**
42159
42600
  * The Amazon Resource Name (ARN) of the Amazon Web Services organization.
@@ -46350,6 +46791,22 @@ export declare namespace ssoadmin {
46350
46791
  */
46351
46792
  path?: string;
46352
46793
  }
46794
+ interface InstanceAccessControlAttributesAttribute {
46795
+ /**
46796
+ * The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in AWS SSO.
46797
+ */
46798
+ key: string;
46799
+ /**
46800
+ * The value used for mapping a specified attribute to an identity source. See AccessControlAttributeValue
46801
+ */
46802
+ values: outputs.ssoadmin.InstanceAccessControlAttributesAttributeValue[];
46803
+ }
46804
+ interface InstanceAccessControlAttributesAttributeValue {
46805
+ /**
46806
+ * The identity source to use when mapping a specified attribute to AWS SSO.
46807
+ */
46808
+ sources: string[];
46809
+ }
46353
46810
  interface PermissionsBoundaryAttachmentPermissionsBoundary {
46354
46811
  /**
46355
46812
  * Specifies the name and path of a customer managed policy. See below.
@@ -47606,6 +48063,10 @@ export declare namespace wafv2 {
47606
48063
  * Instructs AWS WAF to block the web request. See Block below for details.
47607
48064
  */
47608
48065
  block?: outputs.wafv2.RuleGroupRuleActionBlock;
48066
+ /**
48067
+ * Instructs AWS WAF to run a `CAPTCHA` check against the web request. See Captcha below for details.
48068
+ */
48069
+ captcha?: outputs.wafv2.RuleGroupRuleActionCaptcha;
47609
48070
  /**
47610
48071
  * Instructs AWS WAF to count the web request and allow it. See Count below for details.
47611
48072
  */
@@ -47663,6 +48124,28 @@ export declare namespace wafv2 {
47663
48124
  */
47664
48125
  value: string;
47665
48126
  }
48127
+ interface RuleGroupRuleActionCaptcha {
48128
+ /**
48129
+ * Defines custom handling for the web request. See Custom Request Handling below for details.
48130
+ */
48131
+ customRequestHandling?: outputs.wafv2.RuleGroupRuleActionCaptchaCustomRequestHandling;
48132
+ }
48133
+ interface RuleGroupRuleActionCaptchaCustomRequestHandling {
48134
+ /**
48135
+ * The `insertHeader` blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
48136
+ */
48137
+ insertHeaders: outputs.wafv2.RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader[];
48138
+ }
48139
+ interface RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader {
48140
+ /**
48141
+ * The label string.
48142
+ */
48143
+ name: string;
48144
+ /**
48145
+ * The value of the custom header.
48146
+ */
48147
+ value: string;
48148
+ }
47666
48149
  interface RuleGroupRuleActionCount {
47667
48150
  /**
47668
48151
  * Defines custom handling for the web request. See Custom Request Handling below for details.
@@ -67132,6 +67615,10 @@ export declare namespace wafv2 {
67132
67615
  * Instructs AWS WAF to run a Captcha check against the web request. See Captcha below for details.
67133
67616
  */
67134
67617
  captcha?: outputs.wafv2.WebAclRuleActionCaptcha;
67618
+ /**
67619
+ * Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details.
67620
+ */
67621
+ challenge?: outputs.wafv2.WebAclRuleActionChallenge;
67135
67622
  /**
67136
67623
  * Instructs AWS WAF to count the web request and allow it. See Count below for details.
67137
67624
  */
@@ -67211,6 +67698,28 @@ export declare namespace wafv2 {
67211
67698
  */
67212
67699
  value: string;
67213
67700
  }
67701
+ interface WebAclRuleActionChallenge {
67702
+ /**
67703
+ * Defines custom handling for the web request. See Custom Request Handling below for details.
67704
+ */
67705
+ customRequestHandling?: outputs.wafv2.WebAclRuleActionChallengeCustomRequestHandling;
67706
+ }
67707
+ interface WebAclRuleActionChallengeCustomRequestHandling {
67708
+ /**
67709
+ * The `insertHeader` blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.
67710
+ */
67711
+ insertHeaders: outputs.wafv2.WebAclRuleActionChallengeCustomRequestHandlingInsertHeader[];
67712
+ }
67713
+ interface WebAclRuleActionChallengeCustomRequestHandlingInsertHeader {
67714
+ /**
67715
+ * Label string.
67716
+ */
67717
+ name: string;
67718
+ /**
67719
+ * Value of the custom header.
67720
+ */
67721
+ value: string;
67722
+ }
67214
67723
  interface WebAclRuleActionCount {
67215
67724
  /**
67216
67725
  * Defines custom handling for the web request. See Custom Request Handling below for details.
@@ -82211,6 +82720,10 @@ export declare namespace wafv2 {
82211
82720
  * @deprecated Use rule_action_override instead
82212
82721
  */
82213
82722
  excludedRules?: outputs.wafv2.WebAclRuleStatementManagedRuleGroupStatementExcludedRule[];
82723
+ /**
82724
+ * Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See Managed Rule Group Configs for more details
82725
+ */
82726
+ managedRuleGroupConfigs?: outputs.wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig[];
82214
82727
  /**
82215
82728
  * Name of the managed rule group.
82216
82729
  */
@@ -82238,6 +82751,46 @@ export declare namespace wafv2 {
82238
82751
  */
82239
82752
  name: string;
82240
82753
  }
82754
+ interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig {
82755
+ /**
82756
+ * Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See AWS Managed Rules Bot Control Rule Set for more details
82757
+ */
82758
+ awsManagedRulesBotControlRuleSet?: outputs.wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet;
82759
+ /**
82760
+ * The path of the login endpoint for your application.
82761
+ */
82762
+ loginPath?: string;
82763
+ /**
82764
+ * Details about your login page password field. See Password Field for more details.
82765
+ */
82766
+ passwordField?: outputs.wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField;
82767
+ /**
82768
+ * The payload type for your login endpoint, either JSON or form encoded.
82769
+ */
82770
+ payloadType?: string;
82771
+ /**
82772
+ * Details about your login page username field. See Username Field for more details.
82773
+ */
82774
+ usernameField?: outputs.wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField;
82775
+ }
82776
+ interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet {
82777
+ /**
82778
+ * The inspection level to use for the Bot Control rule group.
82779
+ */
82780
+ inspectionLevel: string;
82781
+ }
82782
+ interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField {
82783
+ /**
82784
+ * The name of the username field.
82785
+ */
82786
+ identifier: string;
82787
+ }
82788
+ interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField {
82789
+ /**
82790
+ * The name of the username field.
82791
+ */
82792
+ identifier: string;
82793
+ }
82241
82794
  interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride {
82242
82795
  /**
82243
82796
  * Override action to use, in place of the configured action of the rule in the rule group. See Action below for details.