@pulumi/aws 6.81.0-alpha.1747208286 → 6.81.0-alpha.1747744247

package/types/output.d.ts

@@ -2939,6 +2939,7 @@ export declare namespace appflow {
         prefixType?: string;
     }
     interface FlowDestinationFlowConfigDestinationConnectorPropertiesSalesforce {
+        dataTransferApi?: string;
         errorHandlingConfig?: outputs.appflow.FlowDestinationFlowConfigDestinationConnectorPropertiesSalesforceErrorHandlingConfig;
         idFieldNames?: string[];
         object: string;
@@ -3221,9 +3222,6 @@ export declare namespace appflow {
         s3InputFileType?: string;
     }
     interface FlowSourceFlowConfigSourceConnectorPropertiesSalesforce {
-        /**
-         * Specifies which Salesforce API is used by Amazon AppFlow when your flow transfers data to Salesforce.
-         */
         dataTransferApi?: string;
         /**
          * Flag that enables dynamic fetching of new (recently added) fields in the Salesforce objects while running a flow.
@@ -8008,6 +8006,26 @@ export declare namespace autoscaling {
          */
         capacityDistributionStrategy?: string;
     }
+    interface GroupCapacityReservationSpecification {
+        /**
+         * Capacity Reservation preference helps you use Capacity Reservations efficiently by prioritizing reserved capacity in a Capacity Reservation before using On-Demand capacity. Valid values are `default`, `capacity-reservations-only`, `capacity-reservations-first` and `none`. Default is `default`.
+         */
+        capacityReservationPreference: string;
+        /**
+         * Describes a target Capacity Reservation or Capacity Reservation resource group.
+         */
+        capacityReservationTarget?: outputs.autoscaling.GroupCapacityReservationSpecificationCapacityReservationTarget;
+    }
+    interface GroupCapacityReservationSpecificationCapacityReservationTarget {
+        /**
+         * List of On-Demand Capacity Reservation Ids. Conflicts with `capacityReservationResourceGroupArns`.
+         */
+        capacityReservationIds?: string[];
+        /**
+         * List of On-Demand Capacity Reservation Resource Group Arns. Conflicts with `capacityReservationIds`.
+         */
+        capacityReservationResourceGroupArns?: string[];
+    }
     interface GroupInitialLifecycleHook {
         defaultResult: string;
         heartbeatTimeout?: number;
@@ -11629,6 +11647,244 @@ export declare namespace bedrock {
          */
         update?: string;
     }
+    interface AgentPromptVariant {
+        /**
+         * Contains model-specific inference configurations that aren’t in the inferenceConfiguration field. To see model-specific inference parameters, see [Inference request parameters and response fields for foundation models](https://docs.aws.amazon.com/bedrock/latest/userguide/model-parameters.html).
+         */
+        additionalModelRequestFields?: string;
+        /**
+         * Specifies a generative AI resource with which to use the prompt. If this is not supplied, then a `genAiResource` must be defined. See Generative AI Resource for more information.
+         */
+        genAiResource?: outputs.bedrock.AgentPromptVariantGenAiResource;
+        /**
+         * Contains inference configurations for the prompt variant. See Inference Configuration for more information.
+         */
+        inferenceConfiguration?: outputs.bedrock.AgentPromptVariantInferenceConfiguration;
+        /**
+         * A list of objects, each containing a key-value pair that defines a metadata tag and value to attach to a prompt variant. See Metadata for more information.
+         */
+        metadatas?: outputs.bedrock.AgentPromptVariantMetadata[];
+        /**
+         * Unique identifier of the model or [inference profile](https://docs.aws.amazon.com/bedrock/latest/userguide/cross-region-inference.html) with which to run inference on the prompt. If this is not supplied, then a `genAiResource` must be defined.
+         */
+        modelId?: string;
+        /**
+         * Name of the prompt variant.
+         */
+        name: string;
+        /**
+         * Contains configurations for the prompt template. See Template Configuration for more information.
+         */
+        templateConfiguration?: outputs.bedrock.AgentPromptVariantTemplateConfiguration;
+        /**
+         * Type of prompt template to use. Valid values: `CHAT`, `TEXT`.
+         */
+        templateType: string;
+    }
+    interface AgentPromptVariantGenAiResource {
+        /**
+         * Specifies an Amazon Bedrock agent with which to use the prompt. See Agent Configuration for more information.
+         */
+        agent?: outputs.bedrock.AgentPromptVariantGenAiResourceAgent;
+    }
+    interface AgentPromptVariantGenAiResourceAgent {
+        /**
+         * ARN of the agent with which to use the prompt.
+         */
+        agentIdentifier: string;
+    }
+    interface AgentPromptVariantInferenceConfiguration {
+        /**
+         * Contains inference configurations for the prompt variant. See Text Inference Configuration for more information.
+         */
+        text?: outputs.bedrock.AgentPromptVariantInferenceConfigurationText;
+    }
+    interface AgentPromptVariantInferenceConfigurationText {
+        /**
+         * Maximum number of tokens to return in the response.
+         */
+        maxTokens?: number;
+        /**
+         * List of strings that define sequences after which the model will stop generating.
+         */
+        stopSequences?: string[];
+        /**
+         * Controls the randomness of the response. Choose a lower value for more predictable outputs and a higher value for more surprising outputs.
+         */
+        temperature?: number;
+        /**
+         * Percentage of most-likely candidates that the model considers for the next token.
+         */
+        topP?: number;
+    }
+    interface AgentPromptVariantMetadata {
+        /**
+         * Key of a metadata tag for a prompt variant.
+         */
+        key: string;
+        /**
+         * Value of a metadata tag for a prompt variant.
+         */
+        value: string;
+    }
+    interface AgentPromptVariantTemplateConfiguration {
+        /**
+         * Contains configurations to use the prompt in a conversational format. See Chat Template Configuration for more information.
+         */
+        chat?: outputs.bedrock.AgentPromptVariantTemplateConfigurationChat;
+        /**
+         * Contains configurations for the text in a message for a prompt. See Text Template Configuration
+         */
+        text?: outputs.bedrock.AgentPromptVariantTemplateConfigurationText;
+    }
+    interface AgentPromptVariantTemplateConfigurationChat {
+        inputVariables?: outputs.bedrock.AgentPromptVariantTemplateConfigurationChatInputVariable[];
+        /**
+         * A list of messages in the chat for the prompt. See Message for more information.
+         */
+        messages?: outputs.bedrock.AgentPromptVariantTemplateConfigurationChatMessage[];
+        /**
+         * A list of system prompts to provide context to the model or to describe how it should behave. See System for more information.
+         */
+        systems?: outputs.bedrock.AgentPromptVariantTemplateConfigurationChatSystem[];
+        /**
+         * Configuration information for the tools that the model can use when generating a response. See Tool Configuration for more information.
+         */
+        toolConfiguration?: outputs.bedrock.AgentPromptVariantTemplateConfigurationChatToolConfiguration;
+    }
+    interface AgentPromptVariantTemplateConfigurationChatInputVariable {
+        /**
+         * The name of the variable.
+         */
+        name: string;
+    }
+    interface AgentPromptVariantTemplateConfigurationChatMessage {
+        /**
+         * Contains the content for the message you pass to, or receive from a model. See [Message Content] for more information.
+         */
+        content?: outputs.bedrock.AgentPromptVariantTemplateConfigurationChatMessageContent;
+        /**
+         * The role that the message belongs to.
+         */
+        role: string;
+    }
+    interface AgentPromptVariantTemplateConfigurationChatMessageContent {
+        cachePoint?: outputs.bedrock.AgentPromptVariantTemplateConfigurationChatMessageContentCachePoint;
+        text?: string;
+    }
+    interface AgentPromptVariantTemplateConfigurationChatMessageContentCachePoint {
+        /**
+         * Indicates that the CachePointBlock is of the default type. Valid values: `default`.
+         */
+        type: string;
+    }
+    interface AgentPromptVariantTemplateConfigurationChatSystem {
+        /**
+         * Creates a cache checkpoint within a tool designation. See Cache Point for more information.
+         */
+        cachePoint?: outputs.bedrock.AgentPromptVariantTemplateConfigurationChatSystemCachePoint;
+        /**
+         * The text in the system prompt.
+         */
+        text?: string;
+    }
+    interface AgentPromptVariantTemplateConfigurationChatSystemCachePoint {
+        /**
+         * Indicates that the CachePointBlock is of the default type. Valid values: `default`.
+         */
+        type: string;
+    }
+    interface AgentPromptVariantTemplateConfigurationChatToolConfiguration {
+        /**
+         * Defines which tools the model should request when invoked. See Tool Choice for more information.
+         */
+        toolChoice?: outputs.bedrock.AgentPromptVariantTemplateConfigurationChatToolConfigurationToolChoice;
+        /**
+         * A list of tools to pass to a model. See Tool for more information.
+         */
+        tools?: outputs.bedrock.AgentPromptVariantTemplateConfigurationChatToolConfigurationTool[];
+    }
+    interface AgentPromptVariantTemplateConfigurationChatToolConfigurationTool {
+        /**
+         * Creates a cache checkpoint within a tool designation. See Cache Point for more information.
+         */
+        cachePoint?: outputs.bedrock.AgentPromptVariantTemplateConfigurationChatToolConfigurationToolCachePoint;
+        /**
+         * The specification for the tool. See Tool Specification for more information.
+         */
+        toolSpec?: outputs.bedrock.AgentPromptVariantTemplateConfigurationChatToolConfigurationToolToolSpec;
+    }
+    interface AgentPromptVariantTemplateConfigurationChatToolConfigurationToolCachePoint {
+        /**
+         * Indicates that the CachePointBlock is of the default type. Valid values: `default`.
+         */
+        type: string;
+    }
+    interface AgentPromptVariantTemplateConfigurationChatToolConfigurationToolChoice {
+        /**
+         * Defines tools, at least one of which must be requested by the model. No text is generated but the results of tool use are sent back to the model to help generate a response. This object has no fields.
+         */
+        any?: outputs.bedrock.AgentPromptVariantTemplateConfigurationChatToolConfigurationToolChoiceAny;
+        /**
+         * Defines tools. The model automatically decides whether to call a tool or to generate text instead. This object has no fields.
+         */
+        auto?: outputs.bedrock.AgentPromptVariantTemplateConfigurationChatToolConfigurationToolChoiceAuto;
+        /**
+         * Defines a specific tool that the model must request. No text is generated but the results of tool use are sent back to the model to help generate a response. See Named Tool for more information.
+         */
+        tool?: outputs.bedrock.AgentPromptVariantTemplateConfigurationChatToolConfigurationToolChoiceTool;
+    }
+    interface AgentPromptVariantTemplateConfigurationChatToolConfigurationToolChoiceAny {
+    }
+    interface AgentPromptVariantTemplateConfigurationChatToolConfigurationToolChoiceAuto {
+    }
+    interface AgentPromptVariantTemplateConfigurationChatToolConfigurationToolChoiceTool {
+        /**
+         * Name of the prompt.
+         *
+         * The following arguments are optional:
+         */
+        name: string;
+    }
+    interface AgentPromptVariantTemplateConfigurationChatToolConfigurationToolToolSpec {
+        /**
+         * Description of the prompt.
+         */
+        description?: string;
+        /**
+         * The input schema of the tool. See Tool Input Schema for more information.
+         */
+        inputSchema?: outputs.bedrock.AgentPromptVariantTemplateConfigurationChatToolConfigurationToolToolSpecInputSchema;
+        /**
+         * Name of the prompt.
+         *
+         * The following arguments are optional:
+         */
+        name: string;
+    }
+    interface AgentPromptVariantTemplateConfigurationChatToolConfigurationToolToolSpecInputSchema {
+        /**
+         * A JSON object defining the input schema for the tool.
+         */
+        json?: string;
+    }
+    interface AgentPromptVariantTemplateConfigurationText {
+        cachePoint?: outputs.bedrock.AgentPromptVariantTemplateConfigurationTextCachePoint;
+        inputVariables?: outputs.bedrock.AgentPromptVariantTemplateConfigurationTextInputVariable[];
+        text: string;
+    }
+    interface AgentPromptVariantTemplateConfigurationTextCachePoint {
+        /**
+         * Indicates that the CachePointBlock is of the default type. Valid values: `default`.
+         */
+        type: string;
+    }
+    interface AgentPromptVariantTemplateConfigurationTextInputVariable {
+        /**
+         * The name of the variable.
+         */
+        name: string;
+    }
     interface CustomModelOutputDataConfig {
         /**
          * The S3 URI where the output data is stored.
@@ -13589,7 +13845,7 @@ export declare namespace cloudfront {
     }
     interface DistributionDefaultCacheBehaviorGrpcConfig {
         /**
-         * `true` if any of the AWS accounts listed as trusted signers have active CloudFront key pairs
+         * Whether the distribution is enabled to accept end user requests for content.
          */
         enabled: boolean;
     }
@@ -13747,7 +14003,7 @@ export declare namespace cloudfront {
     }
     interface DistributionOrderedCacheBehaviorGrpcConfig {
         /**
-         * `true` if any of the AWS accounts listed as trusted signers have active CloudFront key pairs
+         * Whether the distribution is enabled to accept end user requests for content.
          */
         enabled: boolean;
     }
@@ -13854,7 +14110,7 @@ export declare namespace cloudfront {
     }
     interface DistributionOriginOriginShield {
         /**
-         * `true` if any of the AWS accounts listed as trusted signers have active CloudFront key pairs
+         * Whether the distribution is enabled to accept end user requests for content.
          */
         enabled: boolean;
         /**
@@ -13891,7 +14147,7 @@ export declare namespace cloudfront {
     }
     interface DistributionTrustedKeyGroup {
         /**
-         * `true` if any of the AWS accounts listed as trusted signers have active CloudFront key pairs
+         * Whether the distribution is enabled to accept end user requests for content.
          */
         enabled: boolean;
         /**
@@ -13911,7 +14167,7 @@ export declare namespace cloudfront {
     }
     interface DistributionTrustedSigner {
         /**
-         * `true` if any of the AWS accounts listed as trusted signers have active CloudFront key pairs
+         * Whether the distribution is enabled to accept end user requests for content.
          */
         enabled: boolean;
         /**
@@ -14306,6 +14562,16 @@ export declare namespace cloudfront {
          */
         create?: string;
     }
+    interface KeyvaluestoreKeysExclusiveResourceKeyValuePair {
+        /**
+         * Key to put.
+         */
+        key: string;
+        /**
+         * Value to put.
+         */
+        value: string;
+    }
     interface MonitoringSubscriptionMonitoringSubscription {
         /**
          * A subscription configuration for additional CloudWatch metrics. See below.
@@ -14818,6 +15084,12 @@ export declare namespace cloudwatch {
          */
         waitPeriod: number;
     }
+    interface EventBusDeadLetterConfig {
+        /**
+         * The ARN of the SQS queue specified as the target for the dead-letter queue.
+         */
+        arn?: string;
+    }
     interface EventConnectionAuthParameters {
         /**
          * Parameters used for API_KEY authorization. An API key to include in the header for each authentication request. A maximum of 1 are allowed. Conflicts with `basic` and `oauth`. Documented below.
@@ -15309,10 +15581,6 @@ export declare namespace cloudwatch {
     interface GetContributorManagedInsightRulesManagedRule {
         /**
          * ARN of an Amazon Web Services resource that has managed Contributor Insights rules.
-         *
-         * The following arguments are optional:
-         *
-         * There are no optional arguments.
          */
         resourceArn: string;
         /**
@@ -15334,6 +15602,12 @@ export declare namespace cloudwatch {
          */
         state: string;
     }
+    interface GetEventBusDeadLetterConfig {
+        /**
+         * The ARN of the SQS queue specified as the target for the dead-letter queue.
+         */
+        arn: string;
+    }
     interface GetEventBusesEventBus {
         /**
          * The ARN of the event bus.
@@ -15534,7 +15808,7 @@ export declare namespace cloudwatch {
         /**
          * Granularity in seconds of returned data points.
          * For metrics with regular resolution, valid values are any multiple of `60`.
-         * For high-resolution metrics, valid values are `1`, `5`, `10`, `30`, or any multiple of `60`.
+         * For high-resolution metrics, valid values are `1`, `5`, `10`, `20`, `30`, or any multiple of `60`.
          */
         period?: number;
         /**
@@ -15564,7 +15838,7 @@ export declare namespace cloudwatch {
         /**
          * Granularity in seconds of returned data points.
          * For metrics with regular resolution, valid values are any multiple of `60`.
-         * For high-resolution metrics, valid values are `1`, `5`, `10`, `30`, or any multiple of `60`.
+         * For high-resolution metrics, valid values are `1`, `5`, `10`, `20`, `30`, or any multiple of `60`.
          */
         period: number;
         /**
@@ -15885,11 +16159,9 @@ export declare namespace codebuild {
         certificate?: string;
         /**
          * Information about the compute resources the build project will use. Valid values:
-         * `BUILD_GENERAL1_SMALL`, `BUILD_GENERAL1_MEDIUM`, `BUILD_GENERAL1_LARGE`, `BUILD_GENERAL1_2XLARGE`, `BUILD_LAMBDA_1GB`,
-         * `BUILD_LAMBDA_2GB`, `BUILD_LAMBDA_4GB`, `BUILD_LAMBDA_8GB`, `BUILD_LAMBDA_10GB`. `BUILD_GENERAL1_SMALL` is only valid
-         * if `type` is set to `LINUX_CONTAINER`. When `type` is set to `LINUX_GPU_CONTAINER`, `computeType` must be
-         * `BUILD_GENERAL1_LARGE`. When `type` is set to `LINUX_LAMBDA_CONTAINER` or `ARM_LAMBDA_CONTAINER`, `computeType` must
-         * be `BUILD_LAMBDA_XGB`.`
+         * `BUILD_GENERAL1_SMALL`, `BUILD_GENERAL1_MEDIUM`, `BUILD_GENERAL1_LARGE`, `BUILD_GENERAL1_XLARGE`, `BUILD_GENERAL1_2XLARGE`, `BUILD_LAMBDA_1GB`,
+         * `BUILD_LAMBDA_2GB`, `BUILD_LAMBDA_4GB`, `BUILD_LAMBDA_8GB`, `BUILD_LAMBDA_10GB`. For additional information, see
+         * the [CodeBuild User Guide](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html).
          */
         computeType: string;
         /**
@@ -15924,9 +16196,9 @@ export declare namespace codebuild {
          */
         registryCredential?: outputs.codebuild.ProjectEnvironmentRegistryCredential;
         /**
-         * Type of build environment to use for related builds. Valid values: `LINUX_CONTAINER`,
-         * `LINUX_GPU_CONTAINER`, `WINDOWS_CONTAINER` (deprecated), `WINDOWS_SERVER_2019_CONTAINER`, `ARM_CONTAINER`,
-         * `LINUX_LAMBDA_CONTAINER`, `ARM_LAMBDA_CONTAINER`. For additional information, see
+         * Type of build environment to use for related builds. Valid values: `WINDOWS_CONTAINER` (deprecated), `LINUX_CONTAINER`,
+         * `LINUX_GPU_CONTAINER`, `ARM_CONTAINER`, `WINDOWS_SERVER_2019_CONTAINER`, `WINDOWS_SERVER_2022_CONTAINER`,
+         * `LINUX_LAMBDA_CONTAINER`, `ARM_LAMBDA_CONTAINER`, `LINUX_EC2`, `ARM_EC2`, `WINDOWS_EC2`, `MAC_ARM`. For additional information, see
          * the [CodeBuild User Guide](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html).
          */
         type: string;
@@ -17606,6 +17878,16 @@ export declare namespace cognito {
          */
         userDataShared: boolean;
     }
+    interface GetUserPoolClientRefreshTokenRotation {
+        /**
+         * (Required) The state of refresh token rotation for the current app client. Valid values are `ENABLED` or `DISABLED`.
+         */
+        feature: string;
+        /**
+         * (Optional) A period of time in seconds that the user has to use the old refresh token before it is invalidated. Valid values are between `0` and `60`.
+         */
+        retryGracePeriodSeconds: number;
+    }
     interface GetUserPoolClientTokenValidityUnit {
         /**
          * (Optional) Time unit in for the value in `accessTokenValidity`, defaults to `hours`.
@@ -17744,6 +18026,22 @@ export declare namespace cognito {
          */
         minLength: string;
     }
+    interface GetUserPoolUserPoolAddOn {
+        /**
+         * A block of the threat protection configuration options for additional authentication types in your user pool, including custom authentication. Detailed below.
+         */
+        advancedSecurityAdditionalFlows: outputs.cognito.GetUserPoolUserPoolAddOnAdvancedSecurityAdditionalFlow[];
+        /**
+         * Mode for advanced security.
+         */
+        advancedSecurityMode: string;
+    }
+    interface GetUserPoolUserPoolAddOnAdvancedSecurityAdditionalFlow {
+        /**
+         * Mode of threat protection operation in custom authentication.
+         */
+        customAuthMode: string;
+    }
     interface IdentityPoolCognitoIdentityProvider {
         /**
          * The client ID for the Amazon Cognito Identity User Pool.
@@ -17816,6 +18114,16 @@ export declare namespace cognito {
          */
         userDataShared: boolean;
     }
+    interface ManagedUserPoolClientRefreshTokenRotation {
+        /**
+         * The state of refresh token rotation for the current app client. Valid values are `ENABLED` or `DISABLED`.
+         */
+        feature: string;
+        /**
+         * A period of time in seconds that the user has to use the old refresh token before it is invalidated. Valid values are between `0` and `60`.
+         */
+        retryGracePeriodSeconds?: number;
+    }
     interface ManagedUserPoolClientTokenValidityUnits {
         /**
          * Time unit for the value in `accessTokenValidity` and defaults to `hours`.
@@ -18045,6 +18353,16 @@ export declare namespace cognito {
          */
         userDataShared: boolean;
     }
+    interface UserPoolClientRefreshTokenRotation {
+        /**
+         * The state of refresh token rotation for the current app client. Valid values are `ENABLED` or `DISABLED`.
+         */
+        feature: string;
+        /**
+         * A period of time in seconds that the user has to use the old refresh token before it is invalidated. Valid values are between `0` and `60`.
+         */
+        retryGracePeriodSeconds?: number;
+    }
     interface UserPoolClientTokenValidityUnits {
         /**
          * Time unit in for the value in `accessTokenValidity`, defaults to `hours`.
@@ -18298,11 +18616,21 @@ export declare namespace cognito {
         attributesRequireVerificationBeforeUpdates: string[];
     }
     interface UserPoolUserPoolAddOns {
+        /**
+         * A block to specify the threat protection configuration options for additional authentication types in your user pool, including custom authentication. Detailed below.
+         */
+        advancedSecurityAdditionalFlows?: outputs.cognito.UserPoolUserPoolAddOnsAdvancedSecurityAdditionalFlows;
         /**
          * Mode for advanced security, must be one of `OFF`, `AUDIT` or `ENFORCED`.
          */
         advancedSecurityMode: string;
     }
+    interface UserPoolUserPoolAddOnsAdvancedSecurityAdditionalFlows {
+        /**
+         * Mode of threat protection operation in custom authentication. Valid values are `AUDIT` or `ENFORCED`. The default value is `AUDIT`.
+         */
+        customAuthMode: string;
+    }
     interface UserPoolUsernameConfiguration {
         /**
          * Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.
@@ -19467,6 +19795,14 @@ export declare namespace config {
          * Use this to override the default service endpoint URL
          */
         networkmonitor?: string;
+        /**
+         * Use this to override the default service endpoint URL
+         */
+        notifications?: string;
+        /**
+         * Use this to override the default service endpoint URL
+         */
+        notificationscontacts?: string;
         /**
          * Use this to override the default service endpoint URL
          */
@@ -23300,6 +23636,94 @@ export declare namespace dataexchange {
          */
         dataSetId: string;
     }
+    interface RevisionAssetsAsset {
+        /**
+         * The ARN of the Data Exchange Revision Assets.
+         */
+        arn: string;
+        /**
+         * A block to create S3 data access from an S3 bucket. See Create S3 Data Access from S3 Bucket for more details.
+         */
+        createS3DataAccessFromS3Bucket?: outputs.dataexchange.RevisionAssetsAssetCreateS3DataAccessFromS3Bucket;
+        /**
+         * The timestamp when the revision was created, in RFC3339 format.
+         */
+        createdAt: string;
+        /**
+         * The unique identifier for the revision.
+         */
+        id: string;
+        /**
+         * A block to import assets from S3. See Import Assets from S3 for more details.
+         */
+        importAssetsFromS3?: outputs.dataexchange.RevisionAssetsAssetImportAssetsFromS3;
+        /**
+         * A block to import assets from a signed URL. See Import Assets from Signed URL for more details.
+         */
+        importAssetsFromSignedUrl?: outputs.dataexchange.RevisionAssetsAssetImportAssetsFromSignedUrl;
+        name: string;
+        /**
+         * The timestamp when the revision was last updated, in RFC3339 format.
+         */
+        updatedAt: string;
+    }
+    interface RevisionAssetsAssetCreateS3DataAccessFromS3Bucket {
+        accessPointAlias: string;
+        accessPointArn: string;
+        /**
+         * A block specifying the source bucket for the asset. This block supports the following:
+         */
+        assetSource?: outputs.dataexchange.RevisionAssetsAssetCreateS3DataAccessFromS3BucketAssetSource;
+    }
+    interface RevisionAssetsAssetCreateS3DataAccessFromS3BucketAssetSource {
+        /**
+         * The name of the S3 bucket.
+         */
+        bucket: string;
+        /**
+         * List of key prefixes in the S3 bucket.
+         */
+        keyPrefixes?: string[];
+        /**
+         * List of object keys in the S3 bucket.
+         */
+        keys?: string[];
+        kmsKeysToGrants?: outputs.dataexchange.RevisionAssetsAssetCreateS3DataAccessFromS3BucketAssetSourceKmsKeysToGrant[];
+    }
+    interface RevisionAssetsAssetCreateS3DataAccessFromS3BucketAssetSourceKmsKeysToGrant {
+        /**
+         * The ARN of the KMS key.
+         */
+        kmsKeyArn: string;
+    }
+    interface RevisionAssetsAssetImportAssetsFromS3 {
+        /**
+         * A block specifying the source bucket and key for the asset. This block supports the following:
+         */
+        assetSource?: outputs.dataexchange.RevisionAssetsAssetImportAssetsFromS3AssetSource;
+    }
+    interface RevisionAssetsAssetImportAssetsFromS3AssetSource {
+        /**
+         * The name of the S3 bucket.
+         */
+        bucket: string;
+        /**
+         * The key of the object in the S3 bucket.
+         */
+        key: string;
+    }
+    interface RevisionAssetsAssetImportAssetsFromSignedUrl {
+        /**
+         * The name of the file to import.
+         */
+        filename: string;
+    }
+    interface RevisionAssetsTimeouts {
+        /**
+         * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+         */
+        create?: string;
+    }
 }
 export declare namespace datapipeline {
     interface GetPipelineDefinitionParameterObject {
@@ -24960,6 +25384,14 @@ export declare namespace dms {
     }
 }
 export declare namespace docdb {
+    interface ClusterMasterUserSecret {
+        /**
+         * The ARN for the KMS encryption key. When specifying `kmsKeyId`, `storageEncrypted` needs to be set to true.
+         */
+        kmsKeyId: string;
+        secretArn: string;
+        secretStatus: string;
+    }
     interface ClusterParameterGroupParameter {
         /**
          * Valid values are `immediate` and `pending-reboot`. Defaults to `pending-reboot`.
@@ -25095,6 +25527,7 @@ export declare namespace dynamodb {
     }
     interface GetTablePointInTimeRecovery {
         enabled: boolean;
+        recoveryPeriodInDays: number;
     }
     interface GetTableReplica {
         kmsKeyArn: string;
@@ -25259,6 +25692,10 @@ export declare namespace dynamodb {
          * Whether to enable point-in-time recovery. It can take 10 minutes to enable for new tables. If the `pointInTimeRecovery` block is not provided, this defaults to `false`.
          */
         enabled: boolean;
+        /**
+         * Number of preceding days for which continuous backups are taken and maintained. Default is 35.
+         */
+        recoveryPeriodInDays: number;
     }
     interface TableReplica {
         /**
@@ -28053,18 +28490,6 @@ export declare namespace ec2 {
          * Name of the field to filter by, as defined by
          * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSubnets.html).
          * For example, if matching against tag `Name`, use:
-         *
-         * ```typescript
-         * import * as pulumi from "@pulumi/pulumi";
-         * import * as aws from "@pulumi/aws";
-         *
-         * const selected = aws.ec2.getSubnets({
-         *     filters: [{
-         *         name: "tag:Name",
-         *         values: [""],
-         *     }],
-         * });
-         * ```
          */
         name: string;
         /**
@@ -28107,6 +28532,8 @@ export declare namespace ec2 {
         name: string;
         /**
          * Set of values for filtering.
+         *
+         * For more information about filtering, see the [EC2 API documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeDhcpOptions.html).
          */
         values: string[];
     }
@@ -28165,7 +28592,14 @@ export declare namespace ec2 {
         values: string[];
     }
     interface GetVpcIamPoolCidrsFilter {
+        /**
+         * Name of the field to filter by, as defined by
+         * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetIpamPoolCidrs.html).
+         */
         name: string;
+        /**
+         * Set of values that are accepted for the given field.
+         */
         values: string[];
     }
     interface GetVpcIamPoolCidrsIpamPoolCidr {
@@ -28271,7 +28705,14 @@ export declare namespace ec2 {
         regionName: string;
     }
     interface GetVpcIpamPoolCidrsFilter {
+        /**
+         * Name of the field to filter by, as defined by
+         * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetIpamPoolCidrs.html).
+         */
         name: string;
+        /**
+         * Set of values that are accepted for the given field.
+         */
         values: string[];
     }
     interface GetVpcIpamPoolCidrsIpamPoolCidr {
@@ -31481,6 +31922,12 @@ export declare namespace ec2clientvpn {
          */
         enabled: boolean;
     }
+    interface EndpointClientRouteEnforcementOptions {
+        /**
+         * Enable or disable Client Route Enforcement. The default is `false` (not enabled).
+         */
+        enforced: boolean;
+    }
     interface EndpointConnectionLogOptions {
         /**
          * The name of the CloudWatch Logs log group.
@@ -31510,6 +31957,9 @@ export declare namespace ec2clientvpn {
         bannerText: string;
         enabled: boolean;
     }
+    interface GetEndpointClientRouteEnforcementOption {
+        enforced: boolean;
+    }
     interface GetEndpointConnectionLogOption {
         cloudwatchLogGroup: string;
         cloudwatchLogStream: string;
@@ -40021,6 +40471,10 @@ export declare namespace imagebuilder {
          * Configuration block with S3 export settings. Detailed below.
          */
         s3ExportConfiguration?: outputs.imagebuilder.DistributionConfigurationDistributionS3ExportConfiguration;
+        /**
+         * Configuration block with SSM parameter configuration to use as AMI id output. Detailed below.
+         */
+        ssmParameterConfigurations?: outputs.imagebuilder.DistributionConfigurationDistributionSsmParameterConfiguration[];
     }
     interface DistributionConfigurationDistributionAmiDistributionConfiguration {
         /**
@@ -40166,6 +40620,20 @@ export declare namespace imagebuilder {
          */
         s3Prefix?: string;
     }
+    interface DistributionConfigurationDistributionSsmParameterConfiguration {
+        /**
+         * AWS account ID that will own the parameter in the given region. This account must be specified as a target account in the distribution settings.
+         */
+        amiAccountId?: string;
+        /**
+         * Data type of the SSM parameter. Valid values are `text` and `aws:ec2:image`. AWS recommends using `aws:ec2:image`.
+         */
+        dataType?: string;
+        /**
+         * Name of the SSM parameter that will store the AMI ID after distribution.
+         */
+        parameterName: string;
+    }
     interface GetComponentsFilter {
         /**
          * Name of the filter field. Valid values can be found in the [Image Builder ListComponents API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListComponents.html).
@@ -40307,6 +40775,10 @@ export declare namespace imagebuilder {
          * Nested list of S3 export configuration.
          */
         s3ExportConfigurations: outputs.imagebuilder.GetDistributionConfigurationDistributionS3ExportConfiguration[];
+        /**
+         * Nested list of SSM parameter configuration.
+         */
+        ssmParameterConfigurations: outputs.imagebuilder.GetDistributionConfigurationDistributionSsmParameterConfiguration[];
     }
     interface GetDistributionConfigurationDistributionAmiDistributionConfiguration {
         /**
@@ -40452,6 +40924,20 @@ export declare namespace imagebuilder {
          */
         s3Prefix: string;
     }
+    interface GetDistributionConfigurationDistributionSsmParameterConfiguration {
+        /**
+         * The AWS account ID that own the parameter in the given region.
+         */
+        amiAccountId: string;
+        /**
+         * The data type of the SSM parameter.
+         */
+        dataType: string;
+        /**
+         * Name of the SSM parameter used to store the AMI ID after distribution.
+         */
+        parameterName: string;
+    }
     interface GetDistributionConfigurationsFilter {
         /**
          * Name of the filter field. Valid values can be found in the [Image Builder ListDistributionConfigurations API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListDistributionConfigurations.html).
@@ -41163,6 +41649,704 @@ export declare namespace inspector {
     }
 }
 export declare namespace inspector2 {
+    interface FilterFilterCriteria {
+        /**
+         * (Optional) The AWS account ID in which the finding was generated. Documented below.
+         */
+        awsAccountIds?: outputs.inspector2.FilterFilterCriteriaAwsAccountId[];
+        /**
+         * (Optional) The ID of the component. Documented below.
+         */
+        codeVulnerabilityDetectorNames?: outputs.inspector2.FilterFilterCriteriaCodeVulnerabilityDetectorName[];
+        /**
+         * (Optional) The ID of the component. Documented below.
+         */
+        codeVulnerabilityDetectorTags?: outputs.inspector2.FilterFilterCriteriaCodeVulnerabilityDetectorTag[];
+        /**
+         * (Optional) The ID of the component. Documented below.
+         */
+        codeVulnerabilityFilePaths?: outputs.inspector2.FilterFilterCriteriaCodeVulnerabilityFilePath[];
+        /**
+         * (Optional) The ID of the component. Documented below.
+         */
+        componentIds?: outputs.inspector2.FilterFilterCriteriaComponentId[];
+        /**
+         * (Optional) The type of the component. Documented below.
+         */
+        componentTypes?: outputs.inspector2.FilterFilterCriteriaComponentType[];
+        /**
+         * (Optional) The ID of the Amazon Machine Image (AMI). Documented below.
+         */
+        ec2InstanceImageIds?: outputs.inspector2.FilterFilterCriteriaEc2InstanceImageId[];
+        /**
+         * (Optional) The ID of the subnet. Documented below.
+         */
+        ec2InstanceSubnetIds?: outputs.inspector2.FilterFilterCriteriaEc2InstanceSubnetId[];
+        /**
+         * (Optional) The ID of the VPC. Documented below.
+         */
+        ec2InstanceVpcIds?: outputs.inspector2.FilterFilterCriteriaEc2InstanceVpcId[];
+        /**
+         * (Optional) The architecture of the ECR image. Documented below.
+         */
+        ecrImageArchitectures?: outputs.inspector2.FilterFilterCriteriaEcrImageArchitecture[];
+        /**
+         * (Optional) The SHA256 hash of the ECR image. Documented below.
+         */
+        ecrImageHashes?: outputs.inspector2.FilterFilterCriteriaEcrImageHash[];
+        /**
+         * (Optional) The date range when the image was pushed. Documented below.
+         */
+        ecrImagePushedAts?: outputs.inspector2.FilterFilterCriteriaEcrImagePushedAt[];
+        /**
+         * (Optional) The registry of the ECR image. Documented below.
+         */
+        ecrImageRegistries?: outputs.inspector2.FilterFilterCriteriaEcrImageRegistry[];
+        /**
+         * (Optional) The name of the ECR repository. Documented below.
+         */
+        ecrImageRepositoryNames?: outputs.inspector2.FilterFilterCriteriaEcrImageRepositoryName[];
+        /**
+         * (Optional) The tags associated with the ECR image. Documented below.
+         */
+        ecrImageTags?: outputs.inspector2.FilterFilterCriteriaEcrImageTag[];
+        /**
+         * (Optional) EPSS (Exploit Prediction Scoring System) Score of the finding. Documented below.
+         */
+        epssScores?: outputs.inspector2.FilterFilterCriteriaEpssScore[];
+        /**
+         * (Optional) Availability of exploits. Documented below.
+         */
+        exploitAvailables?: outputs.inspector2.FilterFilterCriteriaExploitAvailable[];
+        /**
+         * (Optional) The ARN of the finding. Documented below.
+         */
+        findingArns?: outputs.inspector2.FilterFilterCriteriaFindingArn[];
+        /**
+         * (Optional) The status of the finding. Documented below.
+         */
+        findingStatuses?: outputs.inspector2.FilterFilterCriteriaFindingStatus[];
+        /**
+         * (Optional) The type of the finding. Documented below.
+         */
+        findingTypes?: outputs.inspector2.FilterFilterCriteriaFindingType[];
+        /**
+         * (Optional) When the finding was first observed. Documented below.
+         */
+        firstObservedAts?: outputs.inspector2.FilterFilterCriteriaFirstObservedAt[];
+        /**
+         * (Optional) Availability of the fix. Documented below.
+         */
+        fixAvailables?: outputs.inspector2.FilterFilterCriteriaFixAvailable[];
+        /**
+         * (Optional) The Inspector score given to the finding. Documented below.
+         */
+        inspectorScores?: outputs.inspector2.FilterFilterCriteriaInspectorScore[];
+        /**
+         * (Optional) Lambda execution role ARN. Documented below.
+         */
+        lambdaFunctionExecutionRoleArns?: outputs.inspector2.FilterFilterCriteriaLambdaFunctionExecutionRoleArn[];
+        /**
+         * (Optional) Last modified timestamp of the lambda function. Documented below.
+         */
+        lambdaFunctionLastModifiedAts?: outputs.inspector2.FilterFilterCriteriaLambdaFunctionLastModifiedAt[];
+        /**
+         * (Optional) Lambda function layers. Documented below.
+         */
+        lambdaFunctionLayers?: outputs.inspector2.FilterFilterCriteriaLambdaFunctionLayer[];
+        /**
+         * (Optional) Lambda function name. Documented below.
+         */
+        lambdaFunctionNames?: outputs.inspector2.FilterFilterCriteriaLambdaFunctionName[];
+        /**
+         * (Optional) Lambda function runtime. Documented below.
+         */
+        lambdaFunctionRuntimes?: outputs.inspector2.FilterFilterCriteriaLambdaFunctionRuntime[];
+        /**
+         * (Optional) When the finding was last observed. Documented below.
+         */
+        lastObservedAts?: outputs.inspector2.FilterFilterCriteriaLastObservedAt[];
+        /**
+         * (Optional) The network protocol of the finding. Documented below.
+         */
+        networkProtocols?: outputs.inspector2.FilterFilterCriteriaNetworkProtocol[];
+        /**
+         * (Optional) The port range of the finding. Documented below.
+         */
+        portRanges?: outputs.inspector2.FilterFilterCriteriaPortRange[];
+        /**
+         * (Optional) Related vulnerabilities. Documented below.
+         */
+        relatedVulnerabilities?: outputs.inspector2.FilterFilterCriteriaRelatedVulnerability[];
+        /**
+         * (Optional) The ID of the resource. Documented below.
+         */
+        resourceIds?: outputs.inspector2.FilterFilterCriteriaResourceId[];
+        /**
+         * (Optional) The tags of the resource. Documented below.
+         */
+        resourceTags?: outputs.inspector2.FilterFilterCriteriaResourceTag[];
+        /**
+         * (Optional) The type of the resource. Documented below.
+         */
+        resourceTypes?: outputs.inspector2.FilterFilterCriteriaResourceType[];
+        /**
+         * (Optional) The severity of the finding. Documented below.
+         */
+        severities?: outputs.inspector2.FilterFilterCriteriaSeverity[];
+        /**
+         * (Optional) The title of the finding. Documented below.
+         */
+        titles?: outputs.inspector2.FilterFilterCriteriaTitle[];
+        /**
+         * (Optional) When the finding was last updated. Documented below.
+         */
+        updatedAts?: outputs.inspector2.FilterFilterCriteriaUpdatedAt[];
+        /**
+         * (Optional) The severity as reported by the vendor. Documented below.
+         */
+        vendorSeverities?: outputs.inspector2.FilterFilterCriteriaVendorSeverity[];
+        /**
+         * (Optional) The ID of the vulnerability. Documented below.
+         */
+        vulnerabilityIds?: outputs.inspector2.FilterFilterCriteriaVulnerabilityId[];
+        /**
+         * (Optional) The source of the vulnerability. Documented below.
+         */
+        vulnerabilitySources?: outputs.inspector2.FilterFilterCriteriaVulnerabilitySource[];
+        /**
+         * (Optional) Details about vulnerable packages. Documented below.
+         */
+        vulnerablePackages?: outputs.inspector2.FilterFilterCriteriaVulnerablePackage[];
+    }
+    interface FilterFilterCriteriaAwsAccountId {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaCodeVulnerabilityDetectorName {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaCodeVulnerabilityDetectorTag {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaCodeVulnerabilityFilePath {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaComponentId {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaComponentType {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaEc2InstanceImageId {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaEc2InstanceSubnetId {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaEc2InstanceVpcId {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaEcrImageArchitecture {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaEcrImageHash {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaEcrImagePushedAt {
+        /**
+         * (Required) The end of the port range, inclusive.
+         */
+        endInclusive?: string;
+        /**
+         * (Optional) Start of the date range in RFC 3339 format, inclusive. Set the timezone to UTC.
+         */
+        startInclusive?: string;
+    }
+    interface FilterFilterCriteriaEcrImageRegistry {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaEcrImageRepositoryName {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaEcrImageTag {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaEpssScore {
+        /**
+         * (Optional) Lower bound of the range, inclusive.
+         */
+        lowerInclusive: number;
+        /**
+         * (Optional) Upper bound of the range, inclusive.
+         */
+        upperInclusive: number;
+    }
+    interface FilterFilterCriteriaExploitAvailable {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaFindingArn {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaFindingStatus {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaFindingType {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaFirstObservedAt {
+        /**
+         * (Required) The end of the port range, inclusive.
+         */
+        endInclusive?: string;
+        /**
+         * (Optional) Start of the date range in RFC 3339 format, inclusive. Set the timezone to UTC.
+         */
+        startInclusive?: string;
+    }
+    interface FilterFilterCriteriaFixAvailable {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaInspectorScore {
+        /**
+         * (Optional) Lower bound of the range, inclusive.
+         */
+        lowerInclusive: number;
+        /**
+         * (Optional) Upper bound of the range, inclusive.
+         */
+        upperInclusive: number;
+    }
+    interface FilterFilterCriteriaLambdaFunctionExecutionRoleArn {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaLambdaFunctionLastModifiedAt {
+        /**
+         * (Required) The end of the port range, inclusive.
+         */
+        endInclusive?: string;
+        /**
+         * (Optional) Start of the date range in RFC 3339 format, inclusive. Set the timezone to UTC.
+         */
+        startInclusive?: string;
+    }
+    interface FilterFilterCriteriaLambdaFunctionLayer {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaLambdaFunctionName {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaLambdaFunctionRuntime {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaLastObservedAt {
+        /**
+         * (Required) The end of the port range, inclusive.
+         */
+        endInclusive?: string;
+        /**
+         * (Optional) Start of the date range in RFC 3339 format, inclusive. Set the timezone to UTC.
+         */
+        startInclusive?: string;
+    }
+    interface FilterFilterCriteriaNetworkProtocol {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaPortRange {
+        /**
+         * (Required) The beginning of the port range, inclusive.
+         */
+        beginInclusive: number;
+        /**
+         * (Required) The end of the port range, inclusive.
+         */
+        endInclusive: number;
+    }
+    interface FilterFilterCriteriaRelatedVulnerability {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaResourceId {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaResourceTag {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The key to filter on.
+         */
+        key: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaResourceType {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaSeverity {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaTitle {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaUpdatedAt {
+        /**
+         * (Required) The end of the port range, inclusive.
+         */
+        endInclusive?: string;
+        /**
+         * (Optional) Start of the date range in RFC 3339 format, inclusive. Set the timezone to UTC.
+         */
+        startInclusive?: string;
+    }
+    interface FilterFilterCriteriaVendorSeverity {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaVulnerabilityId {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaVulnerabilitySource {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaVulnerablePackage {
+        /**
+         * (Optional) The architecture of the package. Documented below.
+         */
+        architecture?: outputs.inspector2.FilterFilterCriteriaVulnerablePackageArchitecture;
+        /**
+         * (Optional) The epoch of the package. Documented below.
+         */
+        epoches?: outputs.inspector2.FilterFilterCriteriaVulnerablePackageEpoch[];
+        /**
+         * (Optional) The name of the package. Documented below.
+         */
+        filePath?: outputs.inspector2.FilterFilterCriteriaVulnerablePackageFilePath;
+        /**
+         * Name of the filter.
+         */
+        name?: outputs.inspector2.FilterFilterCriteriaVulnerablePackageName;
+        /**
+         * (Optional) The release of the package. Documented below.
+         */
+        release?: outputs.inspector2.FilterFilterCriteriaVulnerablePackageRelease;
+        /**
+         * (Optional) The ARN of the package's source lambda layer. Documented below.
+         */
+        sourceLambdaLayerArn?: outputs.inspector2.FilterFilterCriteriaVulnerablePackageSourceLambdaLayerArn;
+        /**
+         * (Optional) The source layer hash of the package. Documented below.
+         */
+        sourceLayerHash?: outputs.inspector2.FilterFilterCriteriaVulnerablePackageSourceLayerHash;
+        /**
+         * (Optional) The version of the package. Documented below.
+         */
+        version?: outputs.inspector2.FilterFilterCriteriaVulnerablePackageVersion;
+    }
+    interface FilterFilterCriteriaVulnerablePackageArchitecture {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaVulnerablePackageEpoch {
+        /**
+         * (Optional) Lower bound of the range, inclusive.
+         */
+        lowerInclusive: number;
+        /**
+         * (Optional) Upper bound of the range, inclusive.
+         */
+        upperInclusive: number;
+    }
+    interface FilterFilterCriteriaVulnerablePackageFilePath {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaVulnerablePackageName {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaVulnerablePackageRelease {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaVulnerablePackageSourceLambdaLayerArn {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaVulnerablePackageSourceLayerHash {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
+    interface FilterFilterCriteriaVulnerablePackageVersion {
+        /**
+         * (Required) The comparison operator. Valid values: `EQUALS`.
+         */
+        comparison: string;
+        /**
+         * (Required) The value to filter on.
+         */
+        value: string;
+    }
     interface OrganizationConfigurationAutoEnable {
         /**
          * Whether Amazon EC2 scans are automatically enabled for new members of your Amazon Inspector organization.
@@ -64495,6 +65679,7 @@ export declare namespace networkfirewall {
         subnetId: string;
     }
     interface GetFirewallPolicyFirewallPolicy {
+        policyVariables: outputs.networkfirewall.GetFirewallPolicyFirewallPolicyPolicyVariable[];
         statefulDefaultActions: string[];
         statefulEngineOptions: outputs.networkfirewall.GetFirewallPolicyFirewallPolicyStatefulEngineOption[];
         statefulRuleGroupReferences: outputs.networkfirewall.GetFirewallPolicyFirewallPolicyStatefulRuleGroupReference[];
@@ -64504,6 +65689,16 @@ export declare namespace networkfirewall {
         statelessRuleGroupReferences: outputs.networkfirewall.GetFirewallPolicyFirewallPolicyStatelessRuleGroupReference[];
         tlsInspectionConfigurationArn: string;
     }
+    interface GetFirewallPolicyFirewallPolicyPolicyVariable {
+        ruleVariables: outputs.networkfirewall.GetFirewallPolicyFirewallPolicyPolicyVariableRuleVariable[];
+    }
+    interface GetFirewallPolicyFirewallPolicyPolicyVariableRuleVariable {
+        ipSets: outputs.networkfirewall.GetFirewallPolicyFirewallPolicyPolicyVariableRuleVariableIpSet[];
+        key: string;
+    }
+    interface GetFirewallPolicyFirewallPolicyPolicyVariableRuleVariableIpSet {
+        definitions: string[];
+    }
     interface GetFirewallPolicyFirewallPolicyStatefulEngineOption {
         ruleOrder: string;
         streamExceptionPolicy: string;
@@ -72921,11 +74116,11 @@ export declare namespace route53recoveryreadiness {
 export declare namespace rum {
     interface AppMonitorAppMonitorConfiguration {
         /**
-         * If you set this to `true`, RUM web client sets two cookies, a session cookie  and a user cookie. The cookies allow the RUM web client to collect data relating to the number of users an application has and the behavior of the application across a sequence of events. Cookies are stored in the top-level domain of the current page.
+         * If you set this to `true`, RUM web client sets two cookies, a session cookie and a user cookie. The cookies allow the RUM web client to collect data relating to the number of users an application has and the behavior of the application across a sequence of events. Cookies are stored in the top-level domain of the current page.
          */
         allowCookies?: boolean;
         /**
-         * If you set this to `true`, RUM enables X-Ray tracing for the user sessions  that RUM samples. RUM adds an X-Ray trace header to allowed HTTP requests. It also records an X-Ray segment for allowed HTTP requests.
+         * If you set this to `true`, RUM enables X-Ray tracing for the user sessions that RUM samples. RUM adds an X-Ray trace header to allowed HTTP requests. It also records an X-Ray segment for allowed HTTP requests.
          */
         enableXray?: boolean;
         /**
@@ -75008,6 +76203,16 @@ export declare namespace s3outposts {
     }
 }
 export declare namespace s3tables {
+    interface TableBucketEncryptionConfiguration {
+        /**
+         * The ARN of a KMS Key to be used with `aws:kms` `sseAlgorithm`
+         */
+        kmsKeyArn: string;
+        /**
+         * One of `aws:kms` or `AES256`
+         */
+        sseAlgorithm: string;
+    }
     interface TableBucketMaintenanceConfiguration {
         /**
          * A single Iceberg unreferenced file removal settings object.
@@ -75039,6 +76244,16 @@ export declare namespace s3tables {
          */
         unreferencedDays: number;
     }
+    interface TableEncryptionConfiguration {
+        /**
+         * The ARN of a KMS Key to be used with `aws:kms` `sseAlgorithm`
+         */
+        kmsKeyArn: string;
+        /**
+         * One of `aws:kms` or `AES256`
+         */
+        sseAlgorithm: string;
+    }
     interface TableMaintenanceConfiguration {
         /**
          * A single Iceberg compaction settings object.
@@ -84457,6 +85672,7 @@ export declare namespace vpc {
         name: string;
         /**
          * Set of values that are accepted for the given field.
+         *
          * Security group rule IDs will be selected if any one of the given values match.
          */
         values: string[];
@@ -85802,6 +87018,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See Single Query Argument below for details.
          */
         singleQueryArgument?: outputs.wafv2.RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details.
+         */
+        uriFragment?: outputs.wafv2.RuleGroupRuleStatementByteMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -85927,6 +87147,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface RuleGroupRuleStatementByteMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface RuleGroupRuleStatementByteMatchStatementFieldToMatchUriPath {
     }
     interface RuleGroupRuleStatementByteMatchStatementTextTransformation {
@@ -86330,6 +87556,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See Single Query Argument below for details.
          */
         singleQueryArgument?: outputs.wafv2.RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details.
+         */
+        uriFragment?: outputs.wafv2.RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -86455,6 +87685,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath {
     }
     interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation {
@@ -86598,6 +87834,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See Single Query Argument below for details.
          */
         singleQueryArgument?: outputs.wafv2.RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details.
+         */
+        uriFragment?: outputs.wafv2.RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -86723,6 +87963,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath {
     }
     interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformation {
@@ -86800,6 +88046,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See Single Query Argument below for details.
          */
         singleQueryArgument?: outputs.wafv2.RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details.
+         */
+        uriFragment?: outputs.wafv2.RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -86925,6 +88175,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath {
     }
     interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation {
@@ -87006,6 +88262,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See Single Query Argument below for details.
          */
         singleQueryArgument?: outputs.wafv2.RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details.
+         */
+        uriFragment?: outputs.wafv2.RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -87131,6 +88391,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath {
     }
     interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation {
@@ -87208,6 +88474,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See Single Query Argument below for details.
          */
         singleQueryArgument?: outputs.wafv2.RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details.
+         */
+        uriFragment?: outputs.wafv2.RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -87333,6 +88603,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath {
     }
     interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation {
@@ -87406,6 +88682,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See Single Query Argument below for details.
          */
         singleQueryArgument?: outputs.wafv2.RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details.
+         */
+        uriFragment?: outputs.wafv2.RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -87531,6 +88811,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath {
     }
     interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation {
@@ -87608,6 +88894,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See Single Query Argument below for details.
          */
         singleQueryArgument?: outputs.wafv2.RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details.
+         */
+        uriFragment?: outputs.wafv2.RuleGroupRuleStatementRegexMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -87733,6 +89023,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchUriPath {
     }
     interface RuleGroupRuleStatementRegexMatchStatementTextTransformation {
@@ -87810,6 +89106,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See Single Query Argument below for details.
          */
         singleQueryArgument?: outputs.wafv2.RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details.
+         */
+        uriFragment?: outputs.wafv2.RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -87935,6 +89235,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath {
     }
     interface RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation {
@@ -88016,6 +89322,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See Single Query Argument below for details.
          */
         singleQueryArgument?: outputs.wafv2.RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details.
+         */
+        uriFragment?: outputs.wafv2.RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -88141,6 +89451,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriPath {
     }
     interface RuleGroupRuleStatementSizeConstraintStatementTextTransformation {
@@ -88218,6 +89534,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See Single Query Argument below for details.
          */
         singleQueryArgument?: outputs.wafv2.RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details.
+         */
+        uriFragment?: outputs.wafv2.RuleGroupRuleStatementSqliMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -88343,6 +89663,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchUriPath {
     }
     interface RuleGroupRuleStatementSqliMatchStatementTextTransformation {
@@ -88416,6 +89742,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See Single Query Argument below for details.
          */
         singleQueryArgument?: outputs.wafv2.RuleGroupRuleStatementXssMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details.
+         */
+        uriFragment?: outputs.wafv2.RuleGroupRuleStatementXssMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -88541,6 +89871,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface RuleGroupRuleStatementXssMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface RuleGroupRuleStatementXssMatchStatementFieldToMatchUriPath {
     }
     interface RuleGroupRuleStatementXssMatchStatementTextTransformation {
@@ -88677,6 +90013,40 @@ export declare namespace wafv2 {
          */
         key: string;
     }
+    interface WebAclDataProtectionConfig {
+        /**
+         * A block for data protection configurations for specific web request field types. See `dataProtection` block for details.
+         */
+        dataProtections?: outputs.wafv2.WebAclDataProtectionConfigDataProtection[];
+    }
+    interface WebAclDataProtectionConfigDataProtection {
+        /**
+         * Specifies how to protect the field. Valid values are `SUBSTITUTION` or `HASH`.
+         */
+        action: string;
+        /**
+         * Boolean to specify whether to also exclude any rate-based rule details from the data protection you have enabled for a given field.
+         */
+        excludeRateBasedDetails?: boolean;
+        /**
+         * Boolean to specify whether to also exclude any rule match details from the data protection you have enabled for a given field. AWS WAF logs these details for non-terminating matching rules and for the terminating matching rule.
+         */
+        excludeRuleMatchDetails?: boolean;
+        /**
+         * Specifies the field type and optional keys to apply the protection behavior to. See `field` block below for details.
+         */
+        field: outputs.wafv2.WebAclDataProtectionConfigDataProtectionField;
+    }
+    interface WebAclDataProtectionConfigDataProtectionField {
+        /**
+         * Array of strings to specify the keys to protect for the specified field type. If you don't specify any key, then all keys for the field type are protected.
+         */
+        fieldKeys?: string[];
+        /**
+         * Specifies the web request component type to protect. Valid Values are `SINGLE_HEADER`, `SINGLE_COOKIE`, `SINGLE_QUERY_ARGUMENT`, `QUERY_STRING`, `BODY`.
+         */
+        fieldType: string;
+    }
     interface WebAclDefaultAction {
         /**
          * Specifies that AWS WAF should allow requests by default. See `allow` below for details.
@@ -89172,6 +90542,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See `singleQueryArgument` below for details.
          */
         singleQueryArgument?: outputs.wafv2.WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details.
+         */
+        uriFragment?: outputs.wafv2.WebAclRuleStatementByteMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -89300,6 +90674,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface WebAclRuleStatementByteMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface WebAclRuleStatementByteMatchStatementFieldToMatchUriPath {
     }
     interface WebAclRuleStatementByteMatchStatementTextTransformation {
@@ -89962,6 +91342,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See `singleQueryArgument` below for details.
          */
         singleQueryArgument?: outputs.wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details.
+         */
+        uriFragment?: outputs.wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -90090,6 +91474,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath {
     }
     interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation {
@@ -90231,6 +91621,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See `singleQueryArgument` below for details.
          */
         singleQueryArgument?: outputs.wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details.
+         */
+        uriFragment?: outputs.wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -90359,6 +91753,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath {
     }
     interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation {
@@ -90434,6 +91834,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See `singleQueryArgument` below for details.
          */
         singleQueryArgument?: outputs.wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details.
+         */
+        uriFragment?: outputs.wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -90562,6 +91966,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath {
     }
     interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation {
@@ -90641,6 +92051,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See `singleQueryArgument` below for details.
          */
         singleQueryArgument?: outputs.wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details.
+         */
+        uriFragment?: outputs.wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -90769,6 +92183,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath {
     }
     interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation {
@@ -90844,6 +92264,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See `singleQueryArgument` below for details.
          */
         singleQueryArgument?: outputs.wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details.
+         */
+        uriFragment?: outputs.wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -90972,6 +92396,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath {
     }
     interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation {
@@ -91043,6 +92473,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See `singleQueryArgument` below for details.
          */
         singleQueryArgument?: outputs.wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details.
+         */
+        uriFragment?: outputs.wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -91171,6 +92605,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath {
     }
     interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation {
@@ -91518,6 +92958,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See `singleQueryArgument` below for details.
          */
         singleQueryArgument?: outputs.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details.
+         */
+        uriFragment?: outputs.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -91646,6 +93090,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath {
     }
     interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation {
@@ -91787,6 +93237,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See `singleQueryArgument` below for details.
          */
         singleQueryArgument?: outputs.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details.
+         */
+        uriFragment?: outputs.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -91915,6 +93369,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath {
     }
     interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformation {
@@ -91990,6 +93450,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See `singleQueryArgument` below for details.
          */
         singleQueryArgument?: outputs.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details.
+         */
+        uriFragment?: outputs.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -92118,6 +93582,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath {
     }
     interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation {
@@ -92197,6 +93667,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See `singleQueryArgument` below for details.
          */
         singleQueryArgument?: outputs.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details.
+         */
+        uriFragment?: outputs.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -92325,6 +93799,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath {
     }
     interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation {
@@ -92400,6 +93880,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See `singleQueryArgument` below for details.
          */
         singleQueryArgument?: outputs.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details.
+         */
+        uriFragment?: outputs.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -92528,6 +94012,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath {
     }
     interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation {
@@ -92599,6 +94089,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See `singleQueryArgument` below for details.
          */
         singleQueryArgument?: outputs.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details.
+         */
+        uriFragment?: outputs.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -92727,6 +94221,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath {
     }
     interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation {
@@ -92802,6 +94302,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See `singleQueryArgument` below for details.
          */
         singleQueryArgument?: outputs.wafv2.WebAclRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details.
+         */
+        uriFragment?: outputs.wafv2.WebAclRuleStatementRegexMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -92930,6 +94434,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface WebAclRuleStatementRegexMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface WebAclRuleStatementRegexMatchStatementFieldToMatchUriPath {
     }
     interface WebAclRuleStatementRegexMatchStatementTextTransformation {
@@ -93005,6 +94515,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See `singleQueryArgument` below for details.
          */
         singleQueryArgument?: outputs.wafv2.WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details.
+         */
+        uriFragment?: outputs.wafv2.WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -93133,6 +94647,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath {
     }
     interface WebAclRuleStatementRegexPatternSetReferenceStatementTextTransformation {
@@ -93363,6 +94883,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See `singleQueryArgument` below for details.
          */
         singleQueryArgument?: outputs.wafv2.WebAclRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details.
+         */
+        uriFragment?: outputs.wafv2.WebAclRuleStatementSizeConstraintStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -93491,6 +95015,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface WebAclRuleStatementSizeConstraintStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface WebAclRuleStatementSizeConstraintStatementFieldToMatchUriPath {
     }
     interface WebAclRuleStatementSizeConstraintStatementTextTransformation {
@@ -93566,6 +95096,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See `singleQueryArgument` below for details.
          */
         singleQueryArgument?: outputs.wafv2.WebAclRuleStatementSqliMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details.
+         */
+        uriFragment?: outputs.wafv2.WebAclRuleStatementSqliMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -93694,6 +95228,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface WebAclRuleStatementSqliMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface WebAclRuleStatementSqliMatchStatementFieldToMatchUriPath {
     }
     interface WebAclRuleStatementSqliMatchStatementTextTransformation {
@@ -93765,6 +95305,10 @@ export declare namespace wafv2 {
          * Inspect a single query argument. See `singleQueryArgument` below for details.
          */
         singleQueryArgument?: outputs.wafv2.WebAclRuleStatementXssMatchStatementFieldToMatchSingleQueryArgument;
+        /**
+         * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details.
+         */
+        uriFragment?: outputs.wafv2.WebAclRuleStatementXssMatchStatementFieldToMatchUriFragment;
         /**
          * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.
          */
@@ -93893,6 +95437,12 @@ export declare namespace wafv2 {
          */
         name: string;
     }
+    interface WebAclRuleStatementXssMatchStatementFieldToMatchUriFragment {
+        /**
+         * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`.
+         */
+        fallbackBehavior: string;
+    }
     interface WebAclRuleStatementXssMatchStatementFieldToMatchUriPath {
     }
     interface WebAclRuleStatementXssMatchStatementTextTransformation {
@@ -93975,6 +95525,16 @@ export declare namespace workspaces {
          */
         delete?: string;
     }
+    interface DirectoryActiveDirectoryConfig {
+        /**
+         * Fully qualified domain name of the AWS Directory Service directory.
+         */
+        domainName: string;
+        /**
+         * ARN of the Secrets Manager secret that contains the credentials for the service account. For more information, see [Service Account Details](https://docs.aws.amazon.com/workspaces/latest/adminguide/pools-service-account-details.html).
+         */
+        serviceAccountSecretArn: string;
+    }
     interface DirectoryCertificateBasedAuthProperties {
         /**
          * The Amazon Resource Name (ARN) of the certificate manager private certificate authority (ACM-PCA) that is used for certificate-based authentication.
@@ -94069,11 +95629,11 @@ export declare namespace workspaces {
          */
         enableInternetAccess?: boolean;
         /**
-         * Indicates whether maintenance mode is enabled for your WorkSpaces. For more information, see [WorkSpace Maintenance](https://docs.aws.amazon.com/workspaces/latest/adminguide/workspace-maintenance.html)..
+         * Indicates whether maintenance mode is enabled for your WorkSpaces. Valid only if `workspaceType` is set to `PERSONAL`.
          */
         enableMaintenanceMode?: boolean;
         /**
-         * Indicates whether users are local administrators of their WorkSpaces.
+         * Indicates whether users are local administrators of their WorkSpaces. Valid only if `workspaceType` is set to `PERSONAL`.
          */
         userEnabledAsLocalAdministrator?: boolean;
     }
@@ -94095,6 +95655,16 @@ export declare namespace workspaces {
          */
         capacity: string;
     }
+    interface GetDirectoryActiveDirectoryConfig {
+        /**
+         * Fully qualified domain name of the AWS Directory Service directory.
+         */
+        domainName: string;
+        /**
+         * ARN of the Secrets Manager secret that contains the credentials for the service account.
+         */
+        serviceAccountSecretArn: string;
+    }
     interface GetDirectoryCertificateBasedAuthProperty {
         certificateAuthorityArn: string;
         status: string;