@pulumi/aws 6.73.0-alpha.1742228199 → 6.73.0

package/types/input.d.ts

@@ -550,6 +550,10 @@ export interface ProviderEndpoint {
      * Use this to override the default service endpoint URL
      */
     ds?: pulumi.Input<string>;
+    /**
+     * Use this to override the default service endpoint URL
+     */
+    dsql?: pulumi.Input<string>;
     /**
      * Use this to override the default service endpoint URL
      */
@@ -14050,19 +14054,26 @@ export declare namespace codebuild {
     }
     interface ProjectArtifacts {
         /**
-         * Artifact identifier. Must be the same specified inside the AWS CodeBuild build specification.
+         * Artifact identifier. Must be the same specified inside the AWS CodeBuild build
+         * specification.
          */
         artifactIdentifier?: pulumi.Input<string>;
         /**
-         * Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects. Valid values are `NONE`, `READ_ONLY`, and `FULL`. your CodeBuild service role must have the `s3:PutBucketAcl` permission. This permission allows CodeBuild to modify the access control list for the bucket.
+         * Specifies the bucket owner's access for objects that another account uploads to
+         * their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these
+         * objects. This property allows you to give the bucket owner access to these objects. Valid values are `NONE`,
+         * `READ_ONLY`, and `FULL`. your CodeBuild service role must have the `s3:PutBucketAcl` permission. This permission
+         * allows CodeBuild to modify the access control list for the bucket.
          */
         bucketOwnerAccess?: pulumi.Input<string>;
         /**
-         * Whether to disable encrypting output artifacts. If `type` is set to `NO_ARTIFACTS`, this value is ignored. Defaults to `false`.
+         * Whether to disable encrypting output artifacts. If `type` is set to `NO_ARTIFACTS`,
+         * this value is ignored. Defaults to `false`.
          */
         encryptionDisabled?: pulumi.Input<boolean>;
         /**
-         * Information about the build output artifact location. If `type` is set to `CODEPIPELINE` or `NO_ARTIFACTS`, this value is ignored. If `type` is set to `S3`, this is the name of the output bucket.
+         * Information about the build output artifact location. If `type` is set to `CODEPIPELINE` or
+         * `NO_ARTIFACTS`, this value is ignored. If `type` is set to `S3`, this is the name of the output bucket.
          */
         location?: pulumi.Input<string>;
         /**
@@ -14070,7 +14081,8 @@ export declare namespace codebuild {
          */
         name?: pulumi.Input<string>;
         /**
-         * Namespace to use in storing build artifacts. If `type` is set to `S3`, then valid values are `BUILD_ID`, `NONE`.
+         * Namespace to use in storing build artifacts. If `type` is set to `S3`, then valid values
+         * are `BUILD_ID`, `NONE`.
          */
         namespaceType?: pulumi.Input<string>;
         /**
@@ -14078,7 +14090,8 @@ export declare namespace codebuild {
          */
         overrideArtifactName?: pulumi.Input<boolean>;
         /**
-         * Type of build output artifact to create. If `type` is set to `S3`, valid values are `NONE`, `ZIP`
+         * Type of build output artifact to create. If `type` is set to `S3`, valid values are `NONE`,
+         * `ZIP`
          */
         packaging?: pulumi.Input<string>;
         /**
@@ -14092,7 +14105,8 @@ export declare namespace codebuild {
     }
     interface ProjectBuildBatchConfig {
         /**
-         * Specifies if the build artifacts for the batch build should be combined into a single artifact location.
+         * Specifies if the build artifacts for the batch build should be combined into a single
+         * artifact location.
          */
         combineArtifacts?: pulumi.Input<boolean>;
         /**
@@ -14104,13 +14118,17 @@ export declare namespace codebuild {
          */
         serviceRole: pulumi.Input<string>;
         /**
-         * Specifies the maximum amount of time, in minutes, that the batch build must be completed in.
+         * Specifies the maximum amount of time, in minutes, that the batch build must be
+         * completed in.
          */
         timeoutInMins?: pulumi.Input<number>;
     }
     interface ProjectBuildBatchConfigRestrictions {
         /**
-         * An array of strings that specify the compute types that are allowed for the batch build. See [Build environment compute types](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html) in the AWS CodeBuild User Guide for these values.
+         * An array of strings that specify the compute types that are allowed for the batch
+         * build.
+         * See [Build environment compute types](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html)
+         * in the AWS CodeBuild User Guide for these values.
          */
         computeTypesAlloweds?: pulumi.Input<pulumi.Input<string>[]>;
         /**
@@ -14120,15 +14138,18 @@ export declare namespace codebuild {
     }
     interface ProjectCache {
         /**
-         * Location where the AWS CodeBuild project stores cached resources. For type `S3`, the value must be a valid S3 bucket name/prefix.
+         * Location where the AWS CodeBuild project stores cached resources. For
+         * type `S3`, the value must be a valid S3 bucket name/prefix.
          */
         location?: pulumi.Input<string>;
         /**
-         * Specifies settings that AWS CodeBuild uses to store and reuse build dependencies. Valid values:  `LOCAL_SOURCE_CACHE`, `LOCAL_DOCKER_LAYER_CACHE`, `LOCAL_CUSTOM_CACHE`.
+         * Specifies settings that AWS CodeBuild uses to store and reuse build
+         * dependencies. Valid values:  `LOCAL_SOURCE_CACHE`, `LOCAL_DOCKER_LAYER_CACHE`, `LOCAL_CUSTOM_CACHE`.
          */
         modes?: pulumi.Input<pulumi.Input<string>[]>;
         /**
-         * Type of storage that will be used for the AWS CodeBuild project cache. Valid values: `NO_CACHE`, `LOCAL`, `S3`. Defaults to `NO_CACHE`.
+         * Type of storage that will be used for the AWS CodeBuild project cache. Valid values: `NO_CACHE`,
+         * `LOCAL`, `S3`. Defaults to `NO_CACHE`.
          */
         type?: pulumi.Input<string>;
     }
@@ -14138,7 +14159,12 @@ export declare namespace codebuild {
          */
         certificate?: pulumi.Input<string>;
         /**
-         * Information about the compute resources the build project will use. Valid values: `BUILD_GENERAL1_SMALL`, `BUILD_GENERAL1_MEDIUM`, `BUILD_GENERAL1_LARGE`, `BUILD_GENERAL1_2XLARGE`, `BUILD_LAMBDA_1GB`, `BUILD_LAMBDA_2GB`, `BUILD_LAMBDA_4GB`, `BUILD_LAMBDA_8GB`, `BUILD_LAMBDA_10GB`. `BUILD_GENERAL1_SMALL` is only valid if `type` is set to `LINUX_CONTAINER`. When `type` is set to `LINUX_GPU_CONTAINER`, `computeType` must be `BUILD_GENERAL1_LARGE`. When `type` is set to `LINUX_LAMBDA_CONTAINER` or `ARM_LAMBDA_CONTAINER`, `computeType` must be `BUILD_LAMBDA_XGB`.`
+         * Information about the compute resources the build project will use. Valid values:
+         * `BUILD_GENERAL1_SMALL`, `BUILD_GENERAL1_MEDIUM`, `BUILD_GENERAL1_LARGE`, `BUILD_GENERAL1_2XLARGE`, `BUILD_LAMBDA_1GB`,
+         * `BUILD_LAMBDA_2GB`, `BUILD_LAMBDA_4GB`, `BUILD_LAMBDA_8GB`, `BUILD_LAMBDA_10GB`. `BUILD_GENERAL1_SMALL` is only valid
+         * if `type` is set to `LINUX_CONTAINER`. When `type` is set to `LINUX_GPU_CONTAINER`, `computeType` must be
+         * `BUILD_GENERAL1_LARGE`. When `type` is set to `LINUX_LAMBDA_CONTAINER` or `ARM_LAMBDA_CONTAINER`, `computeType` must
+         * be `BUILD_LAMBDA_XGB`.`
          */
         computeType: pulumi.Input<string>;
         /**
@@ -14150,15 +14176,22 @@ export declare namespace codebuild {
          */
         fleet?: pulumi.Input<inputs.codebuild.ProjectEnvironmentFleet>;
         /**
-         * Docker image to use for this build project. Valid values include [Docker images provided by CodeBuild](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html) (e.g `aws/codebuild/amazonlinux2-x86_64-standard:4.0`), [Docker Hub images](https://hub.docker.com/) (e.g., `pulumi/pulumi:latest`), and full Docker repository URIs such as those for ECR (e.g., `137112412989.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:latest`).
+         * Docker image to use for this build project. Valid values
+         * include [Docker images provided by CodeBuild](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html) (
+         * e.g `aws/codebuild/amazonlinux2-x86_64-standard:4.0`), [Docker Hub images](https://hub.docker.com/) (e.g.,
+         * `pulumi/pulumi:latest`), and full Docker repository URIs such as those for ECR (e.g.,
+         * `137112412989.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:latest`).
          */
         image: pulumi.Input<string>;
         /**
-         * Type of credentials AWS CodeBuild uses to pull images in your build. Valid values: `CODEBUILD`, `SERVICE_ROLE`. When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an AWS CodeBuild curated image, you must use CodeBuild credentials. Defaults to `CODEBUILD`.
+         * Type of credentials AWS CodeBuild uses to pull images in your build. Valid
+         * values: `CODEBUILD`, `SERVICE_ROLE`. When you use a cross-account or private registry image, you must use SERVICE_ROLE
+         * credentials. When you use an AWS CodeBuild curated image, you must use CodeBuild credentials. Defaults to `CODEBUILD`.
          */
         imagePullCredentialsType?: pulumi.Input<string>;
         /**
-         * Whether to enable running the Docker daemon inside a Docker container. Defaults to `false`.
+         * Whether to enable running the Docker daemon inside a Docker container. Defaults to
+         * `false`.
          */
         privilegedMode?: pulumi.Input<boolean>;
         /**
@@ -14166,7 +14199,10 @@ export declare namespace codebuild {
          */
         registryCredential?: pulumi.Input<inputs.codebuild.ProjectEnvironmentRegistryCredential>;
         /**
-         * Type of build environment to use for related builds. Valid values: `LINUX_CONTAINER`, `LINUX_GPU_CONTAINER`, `WINDOWS_CONTAINER` (deprecated), `WINDOWS_SERVER_2019_CONTAINER`, `ARM_CONTAINER`, `LINUX_LAMBDA_CONTAINER`, `ARM_LAMBDA_CONTAINER`. For additional information, see the [CodeBuild User Guide](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html).
+         * Type of build environment to use for related builds. Valid values: `LINUX_CONTAINER`,
+         * `LINUX_GPU_CONTAINER`, `WINDOWS_CONTAINER` (deprecated), `WINDOWS_SERVER_2019_CONTAINER`, `ARM_CONTAINER`,
+         * `LINUX_LAMBDA_CONTAINER`, `ARM_LAMBDA_CONTAINER`. For additional information, see
+         * the [CodeBuild User Guide](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html).
          */
         type: pulumi.Input<string>;
     }
@@ -14196,17 +14232,21 @@ export declare namespace codebuild {
          */
         credential: pulumi.Input<string>;
         /**
-         * Service that created the credentials to access a private Docker registry. Valid value: `SECRETS_MANAGER` (AWS Secrets Manager).
+         * Service that created the credentials to access a private Docker registry. Valid
+         * value: `SECRETS_MANAGER` (AWS Secrets Manager).
          */
         credentialProvider: pulumi.Input<string>;
     }
     interface ProjectFileSystemLocation {
         /**
-         * The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD\_. For example, if you specify my-efs for identifier, a new environment variable is create named CODEBUILD_MY-EFS.
+         * The name used to access a file system created by Amazon EFS. CodeBuild creates an
+         * environment variable by appending the identifier in all capital letters to CODEBUILD\_. For example, if you specify
+         * my-efs for identifier, a new environment variable is create named CODEBUILD_MY-EFS.
          */
         identifier?: pulumi.Input<string>;
         /**
-         * A string that specifies the location of the file system created by Amazon EFS. Its format is `efs-dns-name:/directory-path`.
+         * A string that specifies the location of the file system created by Amazon EFS. Its format is
+         * `efs-dns-name:/directory-path`.
          */
         location?: pulumi.Input<string>;
         /**
@@ -14238,7 +14278,8 @@ export declare namespace codebuild {
          */
         groupName?: pulumi.Input<string>;
         /**
-         * Current status of logs in CloudWatch Logs for a build project. Valid values: `ENABLED`, `DISABLED`. Defaults to `ENABLED`.
+         * Current status of logs in CloudWatch Logs for a build project. Valid values: `ENABLED`,
+         * `DISABLED`. Defaults to `ENABLED`.
          */
         status?: pulumi.Input<string>;
         /**
@@ -14248,7 +14289,11 @@ export declare namespace codebuild {
     }
     interface ProjectLogsConfigS3Logs {
         /**
-         * Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects. Valid values are `NONE`, `READ_ONLY`, and `FULL`. your CodeBuild service role must have the `s3:PutBucketAcl` permission. This permission allows CodeBuild to modify the access control list for the bucket.
+         * Specifies the bucket owner's access for objects that another account uploads to
+         * their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these
+         * objects. This property allows you to give the bucket owner access to these objects. Valid values are `NONE`,
+         * `READ_ONLY`, and `FULL`. your CodeBuild service role must have the `s3:PutBucketAcl` permission. This permission
+         * allows CodeBuild to modify the access control list for the bucket.
          */
         bucketOwnerAccess?: pulumi.Input<string>;
         /**
@@ -14256,37 +14301,49 @@ export declare namespace codebuild {
          */
         encryptionDisabled?: pulumi.Input<boolean>;
         /**
-         * Name of the S3 bucket and the path prefix for S3 logs. Must be set if status is `ENABLED`, otherwise it must be empty.
+         * Name of the S3 bucket and the path prefix for S3 logs. Must be set if status is `ENABLED`,
+         * otherwise it must be empty.
          */
         location?: pulumi.Input<string>;
         /**
-         * Current status of logs in S3 for a build project. Valid values: `ENABLED`, `DISABLED`. Defaults to `DISABLED`.
+         * Current status of logs in S3 for a build project. Valid values: `ENABLED`, `DISABLED`. Defaults
+         * to `DISABLED`.
          */
         status?: pulumi.Input<string>;
     }
     interface ProjectSecondaryArtifact {
         /**
-         * Artifact identifier. Must be the same specified inside the AWS CodeBuild build specification.
+         * Artifact identifier. Must be the same specified inside the AWS CodeBuild build
+         * specification.
          */
         artifactIdentifier: pulumi.Input<string>;
         /**
-         * Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects. Valid values are `NONE`, `READ_ONLY`, and `FULL`. The CodeBuild service role must have the `s3:PutBucketAcl` permission. This permission allows CodeBuild to modify the access control list for the bucket.
+         * Specifies the bucket owner's access for objects that another account uploads to
+         * their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these
+         * objects. This property allows you to give the bucket owner access to these objects. Valid values are `NONE`,
+         * `READ_ONLY`, and `FULL`. The CodeBuild service role must have the `s3:PutBucketAcl` permission. This permission allows
+         * CodeBuild to modify the access control list for the bucket.
          */
         bucketOwnerAccess?: pulumi.Input<string>;
         /**
-         * Whether to disable encrypting output artifacts. If `type` is set to `NO_ARTIFACTS`, this value is ignored. Defaults to `false`.
+         * Whether to disable encrypting output artifacts. If `type` is set to `NO_ARTIFACTS`,
+         * this value is ignored. Defaults to `false`.
          */
         encryptionDisabled?: pulumi.Input<boolean>;
         /**
-         * Information about the build output artifact location. If `type` is set to `CODEPIPELINE` or `NO_ARTIFACTS`, this value is ignored if specified. If `type` is set to `S3`, this is the name of the output bucket. If `path` is not specified, `location` can specify the path of the output artifact in the output bucket.
+         * Information about the build output artifact location. If `type` is set to `CODEPIPELINE` or
+         * `NO_ARTIFACTS`, this value is ignored if specified. If `type` is set to `S3`, this is the name of the output bucket.
+         * If `path` is not specified, `location` can specify the path of the output artifact in the output bucket.
          */
         location?: pulumi.Input<string>;
         /**
-         * Name of the project. If `type` is set to `CODEPIPELINE` or `NO_ARTIFACTS`, this value is ignored if specified. If `type` is set to `S3`, this is the name of the output artifact object.
+         * Name of the project. If `type` is set to `CODEPIPELINE` or `NO_ARTIFACTS`, this value is ignored
+         * if specified. If `type` is set to `S3`, this is the name of the output artifact object.
          */
         name?: pulumi.Input<string>;
         /**
-         * Namespace to use in storing build artifacts. If `type` is set to `CODEPIPELINE` or `NO_ARTIFACTS`, this value is ignored if specified. If `type` is set to `S3`, valid values are `BUILD_ID` or `NONE`.
+         * Namespace to use in storing build artifacts. If `type` is set to `CODEPIPELINE` or
+         * `NO_ARTIFACTS`, this value is ignored if specified. If `type` is set to `S3`, valid values are `BUILD_ID` or `NONE`.
          */
         namespaceType?: pulumi.Input<string>;
         /**
@@ -14294,11 +14351,14 @@ export declare namespace codebuild {
          */
         overrideArtifactName?: pulumi.Input<boolean>;
         /**
-         * Type of build output artifact to create. If `type` is set to `CODEPIPELINE` or `NO_ARTIFACTS`, this value is ignored if specified. If `type` is set to `S3`, valid values are `NONE` or `ZIP`.
+         * Type of build output artifact to create. If `type` is set to `CODEPIPELINE` or
+         * `NO_ARTIFACTS`, this value is ignored if specified. If `type` is set to `S3`, valid values are `NONE` or `ZIP`.
          */
         packaging?: pulumi.Input<string>;
         /**
-         * Along with `namespaceType` and `name`, the pattern that AWS CodeBuild uses to name and store the output artifact. If `type` is set to `CODEPIPELINE` or `NO_ARTIFACTS`, this value is ignored if specified. If `type` is set to `S3`, this is the path to the output artifact.
+         * Along with `namespaceType` and `name`, the pattern that AWS CodeBuild uses to name and store the
+         * output artifact. If `type` is set to `CODEPIPELINE` or `NO_ARTIFACTS`, this value is ignored if specified. If `type`
+         * is set to `S3`, this is the path to the output artifact.
          */
         path?: pulumi.Input<string>;
         /**
@@ -14308,15 +14368,27 @@ export declare namespace codebuild {
     }
     interface ProjectSecondarySource {
         /**
-         * Configuration block that contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GitHub, GitHub Enterprise, GitLab, GitLab Self Managed, or Bitbucket. `buildStatusConfig` blocks are documented below.
+         * Information about the strategy CodeBuild should use when authenticating with the source code host.
+         * Detailed below.
+         */
+        auth?: pulumi.Input<inputs.codebuild.ProjectSecondarySourceAuth>;
+        /**
+         * Configuration block that contains information that defines how the build project
+         * reports the build status to the source provider. This option is only used when the source provider is GitHub, GitHub
+         * Enterprise, GitLab, GitLab Self Managed, or Bitbucket. `buildStatusConfig` blocks are documented below.
          */
         buildStatusConfig?: pulumi.Input<inputs.codebuild.ProjectSecondarySourceBuildStatusConfig>;
         /**
-         * The build spec declaration to use for this build project's related builds. This must be set when `type` is `NO_SOURCE`. It can either be a path to a file residing in the repository to be built or a local file path leveraging the `file()` built-in.
+         * The build spec declaration to use for this build project's related builds. This must be set
+         * when `type` is `NO_SOURCE`. It can either be a path to a file residing in the repository to be built or a local file
+         * path leveraging the `file()` built-in.
          */
         buildspec?: pulumi.Input<string>;
         /**
-         * Truncate git history to this many commits. Use `0` for a `Full` checkout which you need to run commands like `git branch --show-current`. See [AWS CodePipeline User Guide: Tutorial: Use full clone with a GitHub pipeline source](https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-github-gitclone.html) for details.
+         * Truncate git history to this many commits. Use `0` for a `Full` checkout which you need
+         * to run commands like `git branch --show-current`.
+         * See [AWS CodePipeline User Guide: Tutorial: Use full clone with a GitHub pipeline source](https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-github-gitclone.html)
+         * for details.
          */
         gitCloneDepth?: pulumi.Input<number>;
         /**
@@ -14332,25 +14404,43 @@ export declare namespace codebuild {
          */
         location?: pulumi.Input<string>;
         /**
-         * Whether to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, GitLab, GitLab Self Managed, or Bitbucket.
+         * Whether to report the status of a build's start and finish to your source provider.
+         * This option is valid only when your source provider is GitHub, GitHub Enterprise, GitLab, GitLab Self Managed, or
+         * Bitbucket.
          */
         reportBuildStatus?: pulumi.Input<boolean>;
         /**
-         * An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
+         * An identifier for this project source. The identifier can only contain alphanumeric
+         * characters and underscores, and must be less than 128 characters in length.
          */
         sourceIdentifier: pulumi.Input<string>;
         /**
-         * Type of repository that contains the source code to be built. Valid values: `BITBUCKET`, `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `GITLAB`, `GITLAB_SELF_MANAGED`, `NO_SOURCE`, `S3`.
+         * Type of repository that contains the source code to be built. Valid values: `BITBUCKET`,
+         * `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `GITLAB`, `GITLAB_SELF_MANAGED`, `NO_SOURCE`, `S3`.
+         */
+        type: pulumi.Input<string>;
+    }
+    interface ProjectSecondarySourceAuth {
+        /**
+         * The ARN of the resource to use for authentication. For type `CODECONNECTIONS` this should be
+         * an AWS CodeStar Connection. For type `SECRETS_MANAGER` this should be an AWS Secrets Manager secret.
+         */
+        resource: pulumi.Input<string>;
+        /**
+         * The type of authentication AWS CodeBuild should perform. Valid values are `CODECONNECTIONS` and
+         * `SECRETS_MANAGER`.
          */
         type: pulumi.Input<string>;
     }
     interface ProjectSecondarySourceBuildStatusConfig {
         /**
-         * Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
+         * Specifies the context of the build status CodeBuild sends to the source provider. The usage of
+         * this parameter depends on the source provider.
          */
         context?: pulumi.Input<string>;
         /**
-         * Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
+         * Specifies the target url of the build status CodeBuild sends to the source provider. The
+         * usage of this parameter depends on the source provider.
          */
         targetUrl?: pulumi.Input<string>;
     }
@@ -14366,21 +14456,35 @@ export declare namespace codebuild {
          */
         sourceIdentifier: pulumi.Input<string>;
         /**
-         * The source version for the corresponding source identifier. See [AWS docs](https://docs.aws.amazon.com/codebuild/latest/APIReference/API_ProjectSourceVersion.html#CodeBuild-Type-ProjectSourceVersion-sourceVersion) for more details.
+         * The source version for the corresponding source identifier.
+         * See [AWS docs](https://docs.aws.amazon.com/codebuild/latest/APIReference/API_ProjectSourceVersion.html#CodeBuild-Type-ProjectSourceVersion-sourceVersion)
+         * for more details.
          */
         sourceVersion: pulumi.Input<string>;
     }
     interface ProjectSource {
         /**
-         * Configuration block that contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GitHub, GitHub Enterprise, GitLab, GitLab Self Managed, or Bitbucket. `buildStatusConfig` blocks are documented below.
+         * Information about the strategy CodeBuild should use when authenticating with the source code host.
+         * Detailed below.
+         */
+        auth?: pulumi.Input<inputs.codebuild.ProjectSourceAuth>;
+        /**
+         * Configuration block that contains information that defines how the build project
+         * reports the build status to the source provider. This option is only used when the source provider is GitHub, GitHub
+         * Enterprise, GitLab, GitLab Self Managed, or Bitbucket. `buildStatusConfig` blocks are documented below.
          */
         buildStatusConfig?: pulumi.Input<inputs.codebuild.ProjectSourceBuildStatusConfig>;
         /**
-         * Build specification to use for this build project's related builds. This must be set when `type` is `NO_SOURCE`. Also, if a non-default buildspec file name or file path aside from the root is used, it must be specified.
+         * Build specification to use for this build project's related builds. This must be set when
+         * `type` is `NO_SOURCE`. Also, if a non-default buildspec file name or file path aside from the root is used, it must be
+         * specified.
          */
         buildspec?: pulumi.Input<string>;
         /**
-         * Truncate git history to this many commits. Use `0` for a `Full` checkout which you need to run commands like `git branch --show-current`. See [AWS CodePipeline User Guide: Tutorial: Use full clone with a GitHub pipeline source](https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-github-gitclone.html) for details.
+         * Truncate git history to this many commits. Use `0` for a `Full` checkout which you need
+         * to run commands like `git branch --show-current`.
+         * See [AWS CodePipeline User Guide: Tutorial: Use full clone with a GitHub pipeline source](https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-github-gitclone.html)
+         * for details.
          */
         gitCloneDepth?: pulumi.Input<number>;
         /**
@@ -14396,21 +14500,38 @@ export declare namespace codebuild {
          */
         location?: pulumi.Input<string>;
         /**
-         * Whether to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, GitLab, GitLab Self Managed, or Bitbucket.
+         * Whether to report the status of a build's start and finish to your source provider.
+         * This option is valid only when your source provider is GitHub, GitHub Enterprise, GitLab, GitLab Self Managed, or
+         * Bitbucket.
          */
         reportBuildStatus?: pulumi.Input<boolean>;
         /**
-         * Type of repository that contains the source code to be built. Valid values: `BITBUCKET`, `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `GITLAB`, `GITLAB_SELF_MANAGED`, `NO_SOURCE`, `S3`.
+         * Type of repository that contains the source code to be built. Valid values: `BITBUCKET`,
+         * `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `GITLAB`, `GITLAB_SELF_MANAGED`, `NO_SOURCE`, `S3`.
+         */
+        type: pulumi.Input<string>;
+    }
+    interface ProjectSourceAuth {
+        /**
+         * The ARN of the resource to use for authentication. For type `CODECONNECTIONS` this should be
+         * an AWS CodeStar Connection. For type `SECRETS_MANAGER` this should be an AWS Secrets Manager secret.
+         */
+        resource: pulumi.Input<string>;
+        /**
+         * The type of authentication AWS CodeBuild should perform. Valid values are `CODECONNECTIONS` and
+         * `SECRETS_MANAGER`.
          */
         type: pulumi.Input<string>;
     }
     interface ProjectSourceBuildStatusConfig {
         /**
-         * Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
+         * Specifies the context of the build status CodeBuild sends to the source provider. The usage of
+         * this parameter depends on the source provider.
          */
         context?: pulumi.Input<string>;
         /**
-         * Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
+         * Specifies the target url of the build status CodeBuild sends to the source provider. The
+         * usage of this parameter depends on the source provider.
          */
         targetUrl?: pulumi.Input<string>;
     }
@@ -24447,6 +24568,16 @@ export declare namespace ec2 {
          */
         instance: pulumi.Input<string>;
     }
+    interface NetworkInterfacePermissionTimeouts {
+        /**
+         * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+         */
+        create?: pulumi.Input<string>;
+        /**
+         * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+         */
+        delete?: pulumi.Input<string>;
+    }
     interface PeeringConnectionOptionsAccepter {
         /**
          * Allow a local VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the peer VPC.
@@ -36546,6 +36677,10 @@ export declare namespace kinesis {
          * The ARN of the Amazon MSK cluster.
          */
         mskClusterArn: pulumi.Input<string>;
+        /**
+         * The start date and time in UTC for the offset position within your MSK topic from where Firehose begins to read. By default, this is set to timestamp when Firehose becomes Active. If you want to create a Firehose stream with Earliest start position set the `readFromTimestamp` parameter to Epoch (1970-01-01T00:00:00Z).
+         */
+        readFromTimestamp?: pulumi.Input<string>;
         /**
          * The topic name within the Amazon MSK cluster.
          */
@@ -63274,6 +63409,152 @@ export declare namespace route53 {
          */
         weight: pulumi.Input<number>;
     }
+    interface RecordsExclusiveResourceRecordSet {
+        /**
+         * Alias target block.
+         * See `aliasTarget` below.
+         */
+        aliasTarget?: pulumi.Input<inputs.route53.RecordsExclusiveResourceRecordSetAliasTarget>;
+        cidrRoutingConfig?: pulumi.Input<inputs.route53.RecordsExclusiveResourceRecordSetCidrRoutingConfig>;
+        /**
+         * Type of failover resource record.
+         * Valid values are `PRIMARY` and `SECONDARY`.
+         * See the [AWS documentation on DNS failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) for additional details.
+         */
+        failover?: pulumi.Input<string>;
+        /**
+         * Geolocation block to control how Amazon Route 53 responds to DNS queries based on the geographic origin of the query.
+         * See `geolocation` below.
+         */
+        geolocation?: pulumi.Input<inputs.route53.RecordsExclusiveResourceRecordSetGeolocation>;
+        /**
+         * Geoproximity location block.
+         * See `geoproximityLocation` below.
+         */
+        geoproximityLocation?: pulumi.Input<inputs.route53.RecordsExclusiveResourceRecordSetGeoproximityLocation>;
+        /**
+         * Health check the record should be associated with.
+         */
+        healthCheckId?: pulumi.Input<string>;
+        multiValueAnswer?: pulumi.Input<boolean>;
+        /**
+         * Name of the record.
+         */
+        name: pulumi.Input<string>;
+        /**
+         * AWS region of the resource this record set refers to.
+         * Must be a valid AWS region name.
+         * See the [AWS documentation](http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-latency) on latency based routing for additional details.
+         */
+        region?: pulumi.Input<string>;
+        /**
+         * Information about the resource records to act upon.
+         * See `resourceRecords` below.
+         */
+        resourceRecords?: pulumi.Input<pulumi.Input<inputs.route53.RecordsExclusiveResourceRecordSetResourceRecord>[]>;
+        /**
+         * An identifier that differentiates among multiple resource record sets that have the same combination of name and type.
+         * Required if using `cidrRoutingConfig`, `failover`, `geolocation`,`geoproximityLocation`, `multivalueAnswer`, `region`, or `weight`.
+         */
+        setIdentifier?: pulumi.Input<string>;
+        trafficPolicyInstanceId?: pulumi.Input<string>;
+        /**
+         * Resource record cache time to live (TTL), in seconds.
+         */
+        ttl?: pulumi.Input<number>;
+        /**
+         * Record type.
+         * Valid values are `A`, `AAAA`, `CAA`, `CNAME`, `DS`, `MX`, `NAPTR`, `NS`, `PTR`, `SOA`, `SPF`, `SRV`, `TXT`, `TLSA`, `SSHFP`, `SVCB`, and `HTTPS`.
+         *
+         * The following arguments are optional:
+         *
+         * > Exactly one of `resourceRecords` or `aliasTarget` must be specified.
+         */
+        type?: pulumi.Input<string>;
+        /**
+         * Among resource record sets that have the same combination of DNS name and type, a value that determines the proportion of DNS queries that Amazon Route 53 responds to using the current resource record set.
+         */
+        weight?: pulumi.Input<number>;
+    }
+    interface RecordsExclusiveResourceRecordSetAliasTarget {
+        /**
+         * DNS domain name for another resource record set in this hosted zone.
+         */
+        dnsName: pulumi.Input<string>;
+        /**
+         * Set to `true` if you want Route 53 to determine whether to respond to DNS queries using this resource record set by checking the health of the resource record set. Some resources have special requirements, see [the AWS documentation](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-values.html#rrsets-values-alias-evaluate-target-health) for additional details.
+         */
+        evaluateTargetHealth: pulumi.Input<boolean>;
+        /**
+         * Hosted zone ID for a CloudFront distribution, S3 bucket, ELB, AWS Global Accelerator, or Route 53 hosted zone. See `resource_elb.zone_id` for an example.
+         */
+        hostedZoneId: pulumi.Input<string>;
+    }
+    interface RecordsExclusiveResourceRecordSetCidrRoutingConfig {
+        /**
+         * CIDR collection ID.
+         * See the `aws.route53.CidrCollection` resource for more details.
+         */
+        collectionId: pulumi.Input<string>;
+        /**
+         * CIDR collection location name.
+         * See the `aws.route53.CidrLocation` resource for more details.
+         * A `locationName` with an asterisk `"*"` can be used to create a default CIDR record.
+         * `collectionId` is still required for a default record.
+         */
+        locationName: pulumi.Input<string>;
+    }
+    interface RecordsExclusiveResourceRecordSetGeolocation {
+        continentCode?: pulumi.Input<string>;
+        countryCode?: pulumi.Input<string>;
+        subdivisionCode?: pulumi.Input<string>;
+    }
+    interface RecordsExclusiveResourceRecordSetGeoproximityLocation {
+        /**
+         * AWS region of the resource where DNS traffic is directed to.
+         */
+        awsRegion?: pulumi.Input<string>;
+        /**
+         * Increases or decreases the size of the geographic region from which Route 53 routes traffic to a resource.
+         * To expand the size of the geographic region from which Route 53 routes traffic to a resource, specify a positive integer from `1` to `99`.
+         * To shrink the size of the geographic region from which Route 53 routes traffic to a resource, specify a negative bias of `-1` to `-99`.
+         * See the [AWS documentation](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy-geoproximity.html) for additional details.
+         */
+        bias?: pulumi.Input<number>;
+        /**
+         * Coordinates for a geoproximity resource record.
+         * See `coordinates` below.
+         */
+        coordinates?: pulumi.Input<inputs.route53.RecordsExclusiveResourceRecordSetGeoproximityLocationCoordinates>;
+        /**
+         * AWS local zone group.
+         * Identify the Local Zones Group for a specific Local Zone by using the [`describe-availability-zones` CLI command](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-availability-zones.html).
+         */
+        localZoneGroup?: pulumi.Input<string>;
+    }
+    interface RecordsExclusiveResourceRecordSetGeoproximityLocationCoordinates {
+        /**
+         * A coordinate of the east–west position of a geographic point on the surface of the Earth (`-180` - `180`).
+         */
+        latitude: pulumi.Input<string>;
+        longitude: pulumi.Input<string>;
+    }
+    interface RecordsExclusiveResourceRecordSetResourceRecord {
+        /**
+         * DNS record value.
+         */
+        value: pulumi.Input<string>;
+    }
+    interface RecordsExclusiveTimeouts {
+        /**
+         * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+         */
+        create?: pulumi.Input<string>;
+        /**
+         * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+         */
+        update?: pulumi.Input<string>;
+    }
     interface ResolverEndpointIpAddress {
         /**
          * IPv4 address in the subnet that you want to use for DNS queries.
@@ -73514,7 +73795,7 @@ export declare namespace timestreaminfluxdb {
         /**
          * Indicates whether log delivery to the S3 bucket is enabled.
          *
-         * **Note**: Only three arguments do updates in-place: `dbParameterGroupIdentifier`, `logDeliveryConfiguration`, and `tags`. Changes to any other argument after a DB instance has been deployed will cause destruction and re-creation of the DB instance. Additionally, when `dbParameterGroupIdentifier` is added to a DB instance or modified, the DB instance will be updated in-place but if `dbParameterGroupIdentifier` is removed from a DB instance, the DB instance will be destroyed and re-created.
+         * **Note**: The following arguments do updates in-place: `dbParameterGroupIdentifier`, `logDeliveryConfiguration`, `port`, `deploymentType`, `dbInstanceType`, and `tags`. Changes to any other argument after a DB instance has been deployed will cause destruction and re-creation of the DB instance. Additionally, when `dbParameterGroupIdentifier` is added to a DB instance or modified, the DB instance will be updated in-place but if `dbParameterGroupIdentifier` is removed from a DB instance, the DB instance will be destroyed and re-created.
          */
         enabled: pulumi.Input<boolean>;
     }
@@ -79156,6 +79437,10 @@ export declare namespace wafv2 {
          * Specifies how AWS WAF should handle CAPTCHA evaluations. See `captchaConfig` below for details.
          */
         captchaConfig?: pulumi.Input<inputs.wafv2.WebAclRuleCaptchaConfig>;
+        /**
+         * Specifies how AWS WAF should handle Challenge evaluations on the rule level. See `challengeConfig` below for details.
+         */
+        challengeConfig?: pulumi.Input<inputs.wafv2.WebAclRuleChallengeConfig>;
         /**
          * Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, `^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*`, are AWS-added for [automatic application layer DDoS mitigation activities](https://docs.aws.amazon.com/waf/latest/developerguide/ddos-automatic-app-layer-response-rg.html). Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.
          */
@@ -79333,6 +79618,18 @@ export declare namespace wafv2 {
          */
         immunityTime?: pulumi.Input<number>;
     }
+    interface WebAclRuleChallengeConfig {
+        /**
+         * Defines custom immunity time. See `immunityTimeProperty` below for details.
+         */
+        immunityTimeProperty?: pulumi.Input<inputs.wafv2.WebAclRuleChallengeConfigImmunityTimeProperty>;
+    }
+    interface WebAclRuleChallengeConfigImmunityTimeProperty {
+        /**
+         * The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
+         */
+        immunityTime?: pulumi.Input<number>;
+    }
     interface WebAclRuleOverrideAction {
         /**
          * Override the rule action setting to count (i.e., only count matches). Configured as an empty block `{}`.