aws-sdk 2.1387.0 → 2.1388.0

package/apis/workspaces-web-2020-07-08.paginators.json

@@ -10,6 +10,11 @@
       "output_token": "nextToken",
       "limit_key": "maxResults"
     },
+    "ListIpAccessSettings": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults"
+    },
     "ListNetworkSettings": {
       "input_token": "nextToken",
       "output_token": "nextToken",

package/clients/configservice.d.ts

@@ -228,19 +228,19 @@ declare class ConfigService extends Service {
    */
   describeConfigurationAggregators(callback?: (err: AWSError, data: ConfigService.Types.DescribeConfigurationAggregatorsResponse) => void): Request<ConfigService.Types.DescribeConfigurationAggregatorsResponse, AWSError>;
   /**
-   * Returns the current status of the specified configuration recorder as well as the status of the last recording event for the recorder. If a configuration recorder is not specified, this action returns the status of all configuration recorders associated with the account.  Currently, you can specify only one configuration recorder per region in your account. For a detailed status of recording events over time, add your Config events to Amazon CloudWatch metrics and use CloudWatch metrics. 
+   * Returns the current status of the specified configuration recorder as well as the status of the last recording event for the recorder. If a configuration recorder is not specified, this action returns the status of all configuration recorders associated with the account.  &gt;You can specify only one configuration recorder for each Amazon Web Services Region for each account. For a detailed status of recording events over time, add your Config events to Amazon CloudWatch metrics and use CloudWatch metrics. 
    */
   describeConfigurationRecorderStatus(params: ConfigService.Types.DescribeConfigurationRecorderStatusRequest, callback?: (err: AWSError, data: ConfigService.Types.DescribeConfigurationRecorderStatusResponse) => void): Request<ConfigService.Types.DescribeConfigurationRecorderStatusResponse, AWSError>;
   /**
-   * Returns the current status of the specified configuration recorder as well as the status of the last recording event for the recorder. If a configuration recorder is not specified, this action returns the status of all configuration recorders associated with the account.  Currently, you can specify only one configuration recorder per region in your account. For a detailed status of recording events over time, add your Config events to Amazon CloudWatch metrics and use CloudWatch metrics. 
+   * Returns the current status of the specified configuration recorder as well as the status of the last recording event for the recorder. If a configuration recorder is not specified, this action returns the status of all configuration recorders associated with the account.  &gt;You can specify only one configuration recorder for each Amazon Web Services Region for each account. For a detailed status of recording events over time, add your Config events to Amazon CloudWatch metrics and use CloudWatch metrics. 
    */
   describeConfigurationRecorderStatus(callback?: (err: AWSError, data: ConfigService.Types.DescribeConfigurationRecorderStatusResponse) => void): Request<ConfigService.Types.DescribeConfigurationRecorderStatusResponse, AWSError>;
   /**
-   * Returns the details for the specified configuration recorders. If the configuration recorder is not specified, this action returns the details for all configuration recorders associated with the account.  Currently, you can specify only one configuration recorder per region in your account. 
+   * Returns the details for the specified configuration recorders. If the configuration recorder is not specified, this action returns the details for all configuration recorders associated with the account.  You can specify only one configuration recorder for each Amazon Web Services Region for each account. 
    */
   describeConfigurationRecorders(params: ConfigService.Types.DescribeConfigurationRecordersRequest, callback?: (err: AWSError, data: ConfigService.Types.DescribeConfigurationRecordersResponse) => void): Request<ConfigService.Types.DescribeConfigurationRecordersResponse, AWSError>;
   /**
-   * Returns the details for the specified configuration recorders. If the configuration recorder is not specified, this action returns the details for all configuration recorders associated with the account.  Currently, you can specify only one configuration recorder per region in your account. 
+   * Returns the details for the specified configuration recorders. If the configuration recorder is not specified, this action returns the details for all configuration recorders associated with the account.  You can specify only one configuration recorder for each Amazon Web Services Region for each account. 
    */
   describeConfigurationRecorders(callback?: (err: AWSError, data: ConfigService.Types.DescribeConfigurationRecordersResponse) => void): Request<ConfigService.Types.DescribeConfigurationRecordersResponse, AWSError>;
   /**
@@ -576,11 +576,11 @@ declare class ConfigService extends Service {
    */
   putConfigurationAggregator(callback?: (err: AWSError, data: ConfigService.Types.PutConfigurationAggregatorResponse) => void): Request<ConfigService.Types.PutConfigurationAggregatorResponse, AWSError>;
   /**
-   * Creates a new configuration recorder to record the selected resource configurations. You can use this action to change the role roleARN or the recordingGroup of an existing recorder. To change the role, call the action on the existing configuration recorder and specify a role.  Currently, you can specify only one configuration recorder per region in your account. If ConfigurationRecorder does not have the recordingGroup parameter specified, the default is to record all supported resource types. 
+   * Creates a new configuration recorder to record configuration changes for specified resource types. You can also use this action to change the roleARN or the recordingGroup of an existing recorder. For more information, see  Managing the Configuration Recorder  in the Config Developer Guide.  You can specify only one configuration recorder for each Amazon Web Services Region for each account. If the configuration recorder does not have the recordingGroup field specified, the default is to record all supported resource types. 
    */
   putConfigurationRecorder(params: ConfigService.Types.PutConfigurationRecorderRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
-   * Creates a new configuration recorder to record the selected resource configurations. You can use this action to change the role roleARN or the recordingGroup of an existing recorder. To change the role, call the action on the existing configuration recorder and specify a role.  Currently, you can specify only one configuration recorder per region in your account. If ConfigurationRecorder does not have the recordingGroup parameter specified, the default is to record all supported resource types. 
+   * Creates a new configuration recorder to record configuration changes for specified resource types. You can also use this action to change the roleARN or the recordingGroup of an existing recorder. For more information, see  Managing the Configuration Recorder  in the Config Developer Guide.  You can specify only one configuration recorder for each Amazon Web Services Region for each account. If the configuration recorder does not have the recordingGroup field specified, the default is to record all supported resource types. 
    */
   putConfigurationRecorder(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
@@ -1476,15 +1476,15 @@ declare namespace ConfigService {
   export type ConfigurationItemStatus = "OK"|"ResourceDiscovered"|"ResourceNotRecorded"|"ResourceDeleted"|"ResourceDeletedNotRecorded"|string;
   export interface ConfigurationRecorder {
     /**
-     * The name of the recorder. By default, Config automatically assigns the name "default" when creating the configuration recorder. You cannot change the assigned name.
+     * The name of the configuration recorder. Config automatically assigns the name of "default" when creating the configuration recorder. You cannot change the name of the configuration recorder after it has been created. To change the configuration recorder name, you must delete it and create a new configuration recorder with a new name. 
      */
     name?: RecorderName;
     /**
-     * Amazon Resource Name (ARN) of the IAM role used to describe the Amazon Web Services resources associated with the account.  While the API model does not require this field, the server will reject a request without a defined roleARN for the configuration recorder. 
+     * Amazon Resource Name (ARN) of the IAM role assumed by Config and used by the configuration recorder.  While the API model does not require this field, the server will reject a request without a defined roleARN for the configuration recorder.    Pre-existing Config role  If you have used an Amazon Web Services service that uses Config, such as Security Hub or Control Tower, and an Config role has already been created, make sure that the IAM role that you use when setting up Config keeps the same minimum permissions as the already created Config role. You must do this so that the other Amazon Web Services service continues to run as expected.  For example, if Control Tower has an IAM role that allows Config to read Amazon Simple Storage Service (Amazon S3) objects, make sure that the same permissions are granted within the IAM role you use when setting up Config. Otherwise, it may interfere with how Control Tower operates. For more information about IAM roles for Config, see  Identity and Access Management for Config  in the Config Developer Guide.  
      */
     roleARN?: String;
     /**
-     * Specifies the types of Amazon Web Services resources for which Config records configuration changes.
+     * Specifies which resource types Config records for configuration changes.    High Number of Config Evaluations  You may notice increased activity in your account during your initial month recording with Config when compared to subsequent months. During the initial bootstrapping process, Config runs evaluations on all the resources in your account that you have selected for Config to record. If you are running ephemeral workloads, you may see increased activity from Config as it records configuration changes associated with creating and deleting these temporary resources. An ephemeral workload is a temporary use of computing resources that are loaded and run when needed. Examples include Amazon Elastic Compute Cloud (Amazon EC2) Spot Instances, Amazon EMR jobs, and Auto Scaling. If you want to avoid the increased activity from running ephemeral workloads, you can run these types of workloads in a separate account with Config turned off to avoid increased configuration recording and rule evaluations. 
      */
     recordingGroup?: RecordingGroup;
   }
@@ -2604,6 +2604,12 @@ declare namespace ConfigService {
   export type Evaluations = Evaluation[];
   export type EventSource = "aws.config"|string;
   export type ExcludedAccounts = AccountId[];
+  export interface ExclusionByResourceTypes {
+    /**
+     * A comma-separated list of resource types to exclude from recording by the configuration recorder.
+     */
+    resourceTypes?: ResourceTypeList;
+  }
   export interface ExecutionControls {
     /**
      * A SsmControls object.
@@ -3797,7 +3803,7 @@ declare namespace ConfigService {
   }
   export interface PutConfigurationRecorderRequest {
     /**
-     * The configuration recorder object that records each configuration change made to the resources.
+     * An object for the configuration recorder to record configuration changes for specified resource types.
      */
     ConfigurationRecorder: ConfigurationRecorder;
   }
@@ -4044,18 +4050,33 @@ declare namespace ConfigService {
   export type RecorderStatus = "Pending"|"Success"|"Failure"|string;
   export interface RecordingGroup {
     /**
-     * Specifies whether Config records configuration changes for every supported type of regional resource. If you set this option to true, when Config adds support for a new type of regional resource, it starts recording resources of that type automatically. If you set this option to true, you cannot enumerate a list of resourceTypes.
+     * Specifies whether Config records configuration changes for all supported regional resource types. If you set this field to true, when Config adds support for a new type of regional resource, Config starts recording resources of that type automatically. If you set this field to true, you cannot enumerate specific resource types to record in the resourceTypes field of RecordingGroup, or to exclude in the resourceTypes field of ExclusionByResourceTypes.
      */
     allSupported?: AllSupported;
     /**
-     * Specifies whether Config includes all supported types of global resources (for example, IAM resources) with the resources that it records. Before you can set this option to true, you must set the allSupported option to true. If you set this option to true, when Config adds support for a new type of global resource, it starts recording resources of that type automatically. The configuration details for any global resource are the same in all regions. To prevent duplicate configuration items, you should consider customizing Config in only one region to record global resources.
+     * Specifies whether Config records configuration changes for all supported global resources. Before you set this field to true, set the allSupported field of RecordingGroup to true. Optionally, you can set the useOnly field of RecordingStrategy to ALL_SUPPORTED_RESOURCE_TYPES. If you set this field to true, when Config adds support for a new type of global resource in the Region where you set up the configuration recorder, Config starts recording resources of that type automatically.  If you set this field to false but list global resource types in the resourceTypes field of RecordingGroup, Config will still record configuration changes for those specified resource types regardless of if you set the includeGlobalResourceTypes field to false. If you do not want to record configuration changes to global resource types, make sure to not list them in the resourceTypes field in addition to setting the includeGlobalResourceTypes field to false. 
      */
     includeGlobalResourceTypes?: IncludeGlobalResourceTypes;
     /**
-     * A comma-separated list that specifies the types of Amazon Web Services resources for which Config records configuration changes (for example, AWS::EC2::Instance or AWS::CloudTrail::Trail). To record all configuration changes, you must set the allSupported option to true. If you set the AllSupported option to false and populate the ResourceTypes option with values, when Config adds support for a new type of resource, it will not record resources of that type unless you manually add that type to your recording group. For a list of valid resourceTypes values, see the resourceType Value column in Supported Amazon Web Services resource Types.
+     * A comma-separated list that specifies which resource types Config records. Optionally, you can set the useOnly field of RecordingStrategy to INCLUSION_BY_RESOURCE_TYPES. To record all configuration changes, set the allSupported field of RecordingGroup to true, and either omit this field or don't specify any resource types in this field. If you set the allSupported field to false and specify values for resourceTypes, when Config adds support for a new type of resource, it will not record resources of that type unless you manually add that type to your recording group. For a list of valid resourceTypes values, see the Resource Type Value column in Supported Amazon Web Services resource Types in the Config developer guide.   Region Availability  Before specifying a resource type for Config to track, check Resource Coverage by Region Availability to see if the resource type is supported in the Amazon Web Services Region where you set up Config. If a resource type is supported by Config in at least one Region, you can enable the recording of that resource type in all Regions supported by Config, even if the specified resource type is not supported in the Amazon Web Services Region where you set up Config. 
      */
     resourceTypes?: ResourceTypeList;
+    /**
+     * An object that specifies how Config excludes resource types from being recorded by the configuration recorder. To use this option, you must set the useOnly field of RecordingStrategy to EXCLUSION_BY_RESOURCE_TYPES.
+     */
+    exclusionByResourceTypes?: ExclusionByResourceTypes;
+    /**
+     * An object that specifies the recording strategy for the configuration recorder.   If you set the useOnly field of RecordingStrategy to ALL_SUPPORTED_RESOURCE_TYPES, Config records configuration changes for all supported regional resource types. You also must set the allSupported field of RecordingGroup to true. When Config adds support for a new type of regional resource, Config automatically starts recording resources of that type.   If you set the useOnly field of RecordingStrategy to INCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for only the resource types you specify in the resourceTypes field of RecordingGroup.   If you set the useOnly field of RecordingStrategy to EXCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for all supported resource types except the resource types that you specify as exemptions to exclude from being recorded in the resourceTypes field of ExclusionByResourceTypes.    The recordingStrategy field is optional when you set the allSupported field of RecordingGroup to true. The recordingStrategy field is optional when you list resource types in the resourceTypes field of RecordingGroup. The recordingStrategy field is required if you list resource types to exclude from recording in the resourceTypes field of ExclusionByResourceTypes.   If you choose EXCLUSION_BY_RESOURCE_TYPES for the recording strategy, the exclusionByResourceTypes field will override other properties in the request. For example, even if you set includeGlobalResourceTypes to false, global resource types will still be automatically recorded in this option unless those resource types are specifically listed as exemptions in the resourceTypes field of exclusionByResourceTypes. By default, if you choose the EXCLUSION_BY_RESOURCE_TYPES recording strategy, when Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, Config starts recording resources of that type automatically. 
+     */
+    recordingStrategy?: RecordingStrategy;
+  }
+  export interface RecordingStrategy {
+    /**
+     * The recording strategy for the configuration recorder.   If you set this option to ALL_SUPPORTED_RESOURCE_TYPES, Config records configuration changes for all supported regional resource types. You also must set the allSupported field of RecordingGroup to true. When Config adds support for a new type of regional resource, Config automatically starts recording resources of that type. For a list of supported resource types, see Supported Resource Types in the Config developer guide.   If you set this option to INCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for only the resource types that you specify in the resourceTypes field of RecordingGroup.   If you set this option to EXCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for all supported resource types, except the resource types that you specify as exemptions to exclude from being recorded in the resourceTypes field of ExclusionByResourceTypes.    The recordingStrategy field is optional when you set the allSupported field of RecordingGroup to true. The recordingStrategy field is optional when you list resource types in the resourceTypes field of RecordingGroup. The recordingStrategy field is required if you list resource types to exclude from recording in the resourceTypes field of ExclusionByResourceTypes.   If you choose EXCLUSION_BY_RESOURCE_TYPES for the recording strategy, the exclusionByResourceTypes field will override other properties in the request. For example, even if you set includeGlobalResourceTypes to false, global resource types will still be automatically recorded in this option unless those resource types are specifically listed as exemptions in the resourceTypes field of exclusionByResourceTypes. By default, if you choose the EXCLUSION_BY_RESOURCE_TYPES recording strategy, when Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, Config starts recording resources of that type automatically. 
+     */
+    useOnly?: RecordingStrategyType;
   }
+  export type RecordingStrategyType = "ALL_SUPPORTED_RESOURCE_TYPES"|"INCLUSION_BY_RESOURCE_TYPES"|"EXCLUSION_BY_RESOURCE_TYPES"|string;
   export type ReevaluateConfigRuleNames = ConfigRuleName[];
   export type RelatedEvent = string;
   export type RelatedEventList = RelatedEvent[];

package/clients/frauddetector.d.ts

@@ -1572,6 +1572,12 @@ declare namespace FraudDetector {
   }
   export type EventAttributeMap = {[key: string]: attributeValue};
   export type EventIngestion = "ENABLED"|"DISABLED"|string;
+  export interface EventOrchestration {
+    /**
+     * Specifies if event orchestration is enabled through Amazon EventBridge.
+     */
+    eventBridgeEnabled: Boolean;
+  }
   export interface EventPredictionSummary {
     /**
      *  The event ID. 
@@ -1640,6 +1646,10 @@ declare namespace FraudDetector {
      * The entity type ARN.
      */
     arn?: fraudDetectorArn;
+    /**
+     * The event orchestration status. 
+     */
+    eventOrchestration?: EventOrchestration;
   }
   export type EventVariableMap = {[key: string]: variableValue};
   export interface EventVariableSummary {
@@ -2447,7 +2457,7 @@ declare namespace FraudDetector {
      */
     labelMapper?: labelMapper;
     /**
-     * The action to take for unlabeled events.   Use IGNORE if you want the unlabeled events to be ignored. This is recommended when the majority of the events in the dataset are labeled.   Use FRAUD if you want to categorize all unlabeled events as “Fraud”. This is recommended when most of the events in your dataset are fraudulent.   Use LEGIT f you want to categorize all unlabeled events as “Legit”. This is recommended when most of the events in your dataset are legitimate.   Use AUTO if you want Amazon Fraud Detector to decide how to use the unlabeled data. This is recommended when there is significant unlabeled events in the dataset.   By default, Amazon Fraud Detector ignores the unlabeled data.
+     * The action to take for unlabeled events.   Use IGNORE if you want the unlabeled events to be ignored. This is recommended when the majority of the events in the dataset are labeled.   Use FRAUD if you want to categorize all unlabeled events as “Fraud”. This is recommended when most of the events in your dataset are fraudulent.   Use LEGIT if you want to categorize all unlabeled events as “Legit”. This is recommended when most of the events in your dataset are legitimate.   Use AUTO if you want Amazon Fraud Detector to decide how to use the unlabeled data. This is recommended when there is significant unlabeled events in the dataset.   By default, Amazon Fraud Detector ignores the unlabeled data.
      */
     unlabeledEventsTreatment?: UnlabeledEventsTreatment;
   }
@@ -2888,13 +2898,17 @@ declare namespace FraudDetector {
      */
     entityTypes: NonEmptyListOfStrings;
     /**
-     * Specifies if ingenstion is enabled or disabled.
+     * Specifies if ingestion is enabled or disabled.
      */
     eventIngestion?: EventIngestion;
     /**
      * A collection of key and value pairs.
      */
     tags?: tagList;
+    /**
+     * Enables or disables event orchestration. If enabled, you can send event predictions to select AWS services for downstream processing of the events.
+     */
+    eventOrchestration?: EventOrchestration;
   }
   export interface PutEventTypeResult {
   }
@@ -2948,7 +2962,7 @@ declare namespace FraudDetector {
      */
     description?: description;
     /**
-     * 
+     * A collection of key and value pairs.
      */
     tags?: tagList;
   }
@@ -3198,7 +3212,7 @@ declare namespace FraudDetector {
      */
     lowerBoundValue: float;
     /**
-     *  The lower bound value of the area under curve (auc). 
+     *  The upper bound value of the area under curve (auc). 
      */
     upperBoundValue: float;
   }

package/clients/healthlake.d.ts

@@ -100,11 +100,11 @@ declare class HealthLake extends Service {
    */
   startFHIRImportJob(callback?: (err: AWSError, data: HealthLake.Types.StartFHIRImportJobResponse) => void): Request<HealthLake.Types.StartFHIRImportJobResponse, AWSError>;
   /**
-   *  Adds a user specifed key and value tag to a Data Store. 
+   *  Adds a user specified key and value tag to a Data Store. 
    */
   tagResource(params: HealthLake.Types.TagResourceRequest, callback?: (err: AWSError, data: HealthLake.Types.TagResourceResponse) => void): Request<HealthLake.Types.TagResourceResponse, AWSError>;
   /**
-   *  Adds a user specifed key and value tag to a Data Store. 
+   *  Adds a user specified key and value tag to a Data Store. 
    */
   tagResource(callback?: (err: AWSError, data: HealthLake.Types.TagResourceResponse) => void): Request<HealthLake.Types.TagResourceResponse, AWSError>;
   /**
@@ -118,9 +118,12 @@ declare class HealthLake extends Service {
 }
 declare namespace HealthLake {
   export type AmazonResourceName = string;
+  export type AuthorizationStrategy = "SMART_ON_FHIR_V1"|"AWS_AUTH"|string;
+  export type Boolean = boolean;
   export type BoundedLengthString = string;
   export type ClientTokenString = string;
   export type CmkType = "CUSTOMER_MANAGED_KMS_KEY"|"AWS_OWNED_KMS_KEY"|string;
+  export type ConfigurationMetadata = string;
   export interface CreateFHIRDatastoreRequest {
     /**
      * The user generated name for the Data Store.
@@ -146,6 +149,10 @@ declare namespace HealthLake {
      *  Resource tags that are applied to a Data Store when it is created. 
      */
     Tags?: TagList;
+    /**
+     * The configuration of the identity provider that you want to use for your Data Store.
+     */
+    IdentityProviderConfiguration?: IdentityProviderConfiguration;
   }
   export interface CreateFHIRDatastoreResponse {
     /**
@@ -153,7 +160,7 @@ declare namespace HealthLake {
      */
     DatastoreId: DatastoreId;
     /**
-     * The datastore ARN is generated during the creation of the Data Store and can be found in the output from the initial Data Store creation call.
+     * The Data Store ARN is generated during the creation of the Data Store and can be found in the output from the initial Data Store creation call.
      */
     DatastoreArn: DatastoreArn;
     /**
@@ -161,7 +168,7 @@ declare namespace HealthLake {
      */
     DatastoreStatus: DatastoreStatus;
     /**
-     * The AWS endpoint for the created Data Store. For preview, only US-east-1 endpoints are supported.
+     * The AWS endpoint for the created Data Store. 
      */
     DatastoreEndpoint: BoundedLengthString;
   }
@@ -223,6 +230,10 @@ declare namespace HealthLake {
      * The preloaded data configuration for the Data Store. Only data preloaded from Synthea is supported.
      */
     PreloadDataConfig?: PreloadDataConfig;
+    /**
+     * The identity provider that you selected when you created the Data Store.
+     */
+    IdentityProviderConfiguration?: IdentityProviderConfiguration;
   }
   export type DatastorePropertiesList = DatastoreProperties[];
   export type DatastoreStatus = "CREATING"|"ACTIVE"|"DELETING"|"DELETED"|string;
@@ -230,7 +241,7 @@ declare namespace HealthLake {
     /**
      *  The AWS-generated ID for the Data Store to be deleted.
      */
-    DatastoreId?: DatastoreId;
+    DatastoreId: DatastoreId;
   }
   export interface DeleteFHIRDatastoreResponse {
     /**
@@ -252,9 +263,9 @@ declare namespace HealthLake {
   }
   export interface DescribeFHIRDatastoreRequest {
     /**
-     * The AWS-generated Data Store id. This is part of the ‘CreateFHIRDatastore’ output.
+     * The AWS-generated Data Store ID.
      */
-    DatastoreId?: DatastoreId;
+    DatastoreId: DatastoreId;
   }
   export interface DescribeFHIRDatastoreResponse {
     /**
@@ -336,6 +347,24 @@ declare namespace HealthLake {
   export type ExportJobPropertiesList = ExportJobProperties[];
   export type FHIRVersion = "R4"|string;
   export type IamRoleArn = string;
+  export interface IdentityProviderConfiguration {
+    /**
+     * The authorization strategy that you selected when you created the Data Store.
+     */
+    AuthorizationStrategy: AuthorizationStrategy;
+    /**
+     * If you enabled fine-grained authorization when you created the Data Store.
+     */
+    FineGrainedAuthorizationEnabled?: Boolean;
+    /**
+     * The JSON metadata elements that you want to use in your identity provider configuration. Required elements are listed based on the launch specification of the SMART application. For more information on all possible elements, see Metadata in SMART's App Launch specification.  authorization_endpoint: The URL to the OAuth2 authorization endpoint.  grant_types_supported: An array of grant types that are supported at the token endpoint. You must provide at least one grant type option. Valid options are authorization_code and client_credentials.  token_endpoint: The URL to the OAuth2 token endpoint.  capabilities: An array of strings of the SMART capabilities that the authorization server supports.  code_challenge_methods_supported: An array of strings of supported PKCE code challenge methods. You must include the S256 method in the array of PKCE code challenge methods.
+     */
+    Metadata?: ConfigurationMetadata;
+    /**
+     * The Amazon Resource Name (ARN) of the Lambda function that you want to use to decode the access token created by the authorization server.
+     */
+    IdpLambdaArn?: LambdaArn;
+  }
   export interface ImportJobProperties {
     /**
      * The AWS-generated id number for the Import job.
@@ -346,7 +375,7 @@ declare namespace HealthLake {
      */
     JobName?: JobName;
     /**
-     * The job status for an Import job. Possible statuses are SUBMITTED, IN_PROGRESS, COMPLETED, FAILED.
+     * The job status for an Import job. Possible statuses are SUBMITTED, IN_PROGRESS, COMPLETED_WITH_ERRORS, COMPLETED, FAILED.
      */
     JobStatus: JobStatus;
     /**
@@ -384,7 +413,7 @@ declare namespace HealthLake {
   }
   export type JobId = string;
   export type JobName = string;
-  export type JobStatus = "SUBMITTED"|"IN_PROGRESS"|"COMPLETED_WITH_ERRORS"|"COMPLETED"|"FAILED"|string;
+  export type JobStatus = "SUBMITTED"|"IN_PROGRESS"|"COMPLETED_WITH_ERRORS"|"COMPLETED"|"FAILED"|"CANCEL_SUBMITTED"|"CANCEL_IN_PROGRESS"|"CANCEL_COMPLETED"|"CANCEL_FAILED"|string;
   export interface KmsEncryptionConfig {
     /**
      *  The type of customer-managed-key(CMK) used for encyrption. The two types of supported CMKs are customer owned CMKs and AWS owned CMKs. 
@@ -395,6 +424,7 @@ declare namespace HealthLake {
      */
     KmsKeyId?: EncryptionKeyID;
   }
+  export type LambdaArn = string;
   export interface ListFHIRDatastoresRequest {
     /**
      * Lists all filters associated with a FHIR Data Store request.
@@ -624,7 +654,7 @@ declare namespace HealthLake {
      */
     Key: TagKey;
     /**
-     *  The value portion of tag. Tag values are case sensitive. 
+     *  The value portion of a tag. Tag values are case sensitive. 
      */
     Value: TagValue;
   }

package/clients/m2.d.ts

@@ -331,6 +331,10 @@ declare namespace M2 {
      * The name of the application.
      */
     name: EntityName;
+    /**
+     * The Amazon Resource Name (ARN) of the role associated with the application.
+     */
+    roleArn?: Arn;
     /**
      * The status of the application.
      */
@@ -380,6 +384,9 @@ declare namespace M2 {
      * The unique identifier of the application that hosts this batch job.
      */
     applicationId: Identifier;
+    /**
+     * The unique identifier of this batch job.
+     */
     batchJobIdentifier?: BatchJobIdentifier;
     /**
      * The timestamp when this batch job execution ended.
@@ -402,7 +409,7 @@ declare namespace M2 {
      */
     jobType?: BatchJobType;
     /**
-     * 
+     * The batch job return code from either the Blu Age or Micro Focus runtime engines. For more information, see Batch return codes in the IBM WebSphere Application Server documentation.
      */
     returnCode?: String;
     /**
@@ -468,6 +475,10 @@ declare namespace M2 {
      * The unique identifier of the application.
      */
     name: EntityName;
+    /**
+     * The Amazon Resource Name (ARN) of the role associated with the application.
+     */
+    roleArn?: Arn;
     /**
      * A list of tags to apply to the application.
      */
@@ -708,6 +719,14 @@ declare namespace M2 {
      * The generation data group of the data set.
      */
     gdg?: GdgDetailAttributes;
+    /**
+     * The details of a PO type data set.
+     */
+    po?: PoDetailAttributes;
+    /**
+     * The details of a PS type data set.
+     */
+    ps?: PsDetailAttributes;
     /**
      * The details of a VSAM data set.
      */
@@ -718,6 +737,14 @@ declare namespace M2 {
      * The generation data group of the data set.
      */
     gdg?: GdgAttributes;
+    /**
+     * The details of a PO type data set.
+     */
+    po?: PoAttributes;
+    /**
+     * The details of a PS type data set.
+     */
+    ps?: PsAttributes;
     /**
      * The details of a VSAM data set.
      */
@@ -992,6 +1019,10 @@ declare namespace M2 {
      * The unique identifier of the application.
      */
     name: EntityName;
+    /**
+     * The Amazon Resource Name (ARN) of the role associated with the application.
+     */
+    roleArn?: Arn;
     /**
      * The status of the application.
      */
@@ -1064,6 +1095,9 @@ declare namespace M2 {
      * The identifier of the application.
      */
     applicationId: Identifier;
+    /**
+     * The unique identifier of this batch job.
+     */
     batchJobIdentifier?: BatchJobIdentifier;
     /**
      * The timestamp when the batch job execution ended.
@@ -1090,7 +1124,7 @@ declare namespace M2 {
      */
     jobUser?: String100;
     /**
-     * 
+     * The batch job return code from either the Blu Age or Micro Focus runtime engines. For more information, see Batch return codes in the IBM WebSphere Application Server documentation.
      */
     returnCode?: String;
     /**
@@ -1617,6 +1651,30 @@ declare namespace M2 {
      */
     schedule?: MaintenanceSchedule;
   }
+  export interface PoAttributes {
+    /**
+     * The character set encoding of the data set.
+     */
+    encoding?: String;
+    /**
+     * The format of the data set records.
+     */
+    format: String;
+    /**
+     * An array containing one or more filename extensions, allowing you to specify which files to be included as PDS member.
+     */
+    memberFileExtensions: String20List;
+  }
+  export interface PoDetailAttributes {
+    /**
+     * The character set encoding of the data set.
+     */
+    encoding: String;
+    /**
+     * The format of the data set records.
+     */
+    format: String;
+  }
   export type PortList = Integer[];
   export interface PrimaryKey {
     /**
@@ -1632,6 +1690,26 @@ declare namespace M2 {
      */
     offset: Integer;
   }
+  export interface PsAttributes {
+    /**
+     * The character set encoding of the data set.
+     */
+    encoding?: String;
+    /**
+     * The format of the data set records.
+     */
+    format: String;
+  }
+  export interface PsDetailAttributes {
+    /**
+     * The character set encoding of the data set.
+     */
+    encoding: String;
+    /**
+     * The format of the data set records.
+     */
+    format: String;
+  }
   export interface RecordLength {
     /**
      * The maximum record length. In case of fixed, both minimum and maximum are the same.
@@ -1710,6 +1788,7 @@ declare namespace M2 {
   export type String20 = string;
   export type String200 = string;
   export type String2000 = string;
+  export type String20List = String20[];
   export type String50 = string;
   export type String50List = String50[];
   export type StringFree65000 = string;

package/clients/rds.d.ts

@@ -1959,7 +1959,7 @@ declare namespace RDS {
      */
     AllocatedStorage?: IntegerOptional;
     /**
-     * Specifies the storage type to be associated with the DB cluster. This setting is required to create a Multi-AZ DB cluster. When specified for a Multi-AZ DB cluster, a value for the Iops parameter is required. Valid values: aurora, aurora-iopt1 (Aurora DB clusters); io1 (Multi-AZ DB clusters) Default: aurora (Aurora DB clusters); io1 (Multi-AZ DB clusters) Valid for: Aurora DB clusters and Multi-AZ DB clusters
+     * Specifies the storage type to be associated with the DB cluster. This setting is required to create a Multi-AZ DB cluster. When specified for a Multi-AZ DB cluster, a value for the Iops parameter is required. Valid values: aurora, aurora-iopt1 (Aurora DB clusters); io1 (Multi-AZ DB clusters) Default: aurora (Aurora DB clusters); io1 (Multi-AZ DB clusters) Valid for: Aurora DB clusters and Multi-AZ DB clusters For more information on storage types for Aurora DB clusters, see Storage configurations for Amazon Aurora DB clusters. For more information on storage types for Multi-AZ DB clusters, see Settings for creating Multi-AZ DB clusters.
      */
     StorageType?: String;
     /**
@@ -6582,6 +6582,10 @@ declare namespace RDS {
      * The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager. This setting is valid only if both of the following conditions are met:   The DB instance doesn't manage the master user password in Amazon Web Services Secrets Manager. If the DB instance already manages the master user password in Amazon Web Services Secrets Manager, you can't change the KMS key used to encrypt the secret.   You are turning on ManageMasterUserPassword to manage the master user password in Amazon Web Services Secrets Manager. If you are turning on ManageMasterUserPassword and don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a customer managed KMS key.   The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
      */
     MasterUserSecretKmsKeyId?: String;
+    /**
+     * The target Oracle DB engine when you convert a non-CDB to a CDB. This intermediate step is necessary to upgrade an Oracle Database 19c non-CDB to an Oracle Database 21c CDB. Note the following requirements:   Make sure that you specify oracle-ee-cdb or oracle-se2-cdb.   Make sure that your DB engine runs Oracle Database 19c with an April 2021 or later RU.   Note the following limitations:   You can't convert a CDB to a non-CDB.   You can't convert a replica database.   You can't convert a non-CDB to a CDB and upgrade the engine version in the same command.   You can't convert the existing custom parameter or option group when it has options or parameters that are permanent or persistent. In this situation, the DB instance reverts to the default option and parameter group. To avoid reverting to the default, specify a new parameter group with --db-parameter-group-name and a new option group with --option-group-name.  
+     */
+    Engine?: String;
   }
   export interface ModifyDBInstanceResult {
     DBInstance?: DBInstance;
@@ -6707,7 +6711,7 @@ declare namespace RDS {
      */
     DBSnapshotIdentifier: String;
     /**
-     * The engine version to upgrade the DB snapshot to. The following are the database engines and engine versions that are available when you upgrade a DB snapshot.  MySQL     5.5.46 (supported for 5.1 DB snapshots)    Oracle     19.0.0.0.ru-2022-01.rur-2022-01.r1 (supported for 12.2.0.1 DB snapshots)    19.0.0.0.ru-2022-07.rur-2022-07.r1 (supported for 12.1.0.2 DB snapshots)    12.1.0.2.v8 (supported for 12.1.0.1 DB snapshots)    11.2.0.4.v12 (supported for 11.2.0.2 DB snapshots)    11.2.0.4.v11 (supported for 11.2.0.3 DB snapshots)    PostgreSQL  For the list of engine versions that are available for upgrading a DB snapshot, see  Upgrading the PostgreSQL DB Engine for Amazon RDS.
+     * The engine version to upgrade the DB snapshot to. The following are the database engines and engine versions that are available when you upgrade a DB snapshot.  MySQL     5.5.46 (supported for 5.1 DB snapshots)    Oracle     12.1.0.2.v8 (supported for 12.1.0.1 DB snapshots)    11.2.0.4.v12 (supported for 11.2.0.2 DB snapshots)    11.2.0.4.v11 (supported for 11.2.0.3 DB snapshots)    PostgreSQL  For the list of engine versions that are available for upgrading a DB snapshot, see  Upgrading the PostgreSQL DB Engine for Amazon RDS.
      */
     EngineVersion?: String;
     /**
@@ -7435,6 +7439,10 @@ declare namespace RDS {
      * The storage throughput of the DB instance.
      */
     StorageThroughput?: IntegerOptional;
+    /**
+     * The database engine of the DB instance.
+     */
+    Engine?: String;
   }
   export interface ProcessorFeature {
     /**

package/clients/servicecatalog.d.ts

@@ -356,11 +356,11 @@ declare class ServiceCatalog extends Service {
    */
   disassociateBudgetFromResource(callback?: (err: AWSError, data: ServiceCatalog.Types.DisassociateBudgetFromResourceOutput) => void): Request<ServiceCatalog.Types.DisassociateBudgetFromResourceOutput, AWSError>;
   /**
-   * Disassociates a previously associated principal ARN from a specified portfolio. The PrincipalType and PrincipalARN must match the AssociatePrincipalWithPortfolio call request details. For example, to disassociate an association created with a PrincipalARN of PrincipalType IAM you must use the PrincipalType IAM when calling DisassociatePrincipalFromPortfolio.  For portfolios that have been shared with principal name sharing enabled: after disassociating a principal, share recipient accounts will no longer be able to provision products in this portfolio using a role matching the name of the associated principal. 
+   * Disassociates a previously associated principal ARN from a specified portfolio. The PrincipalType and PrincipalARN must match the AssociatePrincipalWithPortfolio call request details. For example, to disassociate an association created with a PrincipalARN of PrincipalType IAM you must use the PrincipalType IAM when calling DisassociatePrincipalFromPortfolio.  For portfolios that have been shared with principal name sharing enabled: after disassociating a principal, share recipient accounts will no longer be able to provision products in this portfolio using a role matching the name of the associated principal.  For more information, review associate-principal-with-portfolio in the Amazon Web Services CLI Command Reference.   If you disassociate a principal from a portfolio, with PrincipalType as IAM, the same principal will still have access to the portfolio if it matches one of the associated principals of type IAM_PATTERN. To fully remove access for a principal, verify all the associated Principals of type IAM_PATTERN, and then ensure you disassociate any IAM_PATTERN principals that match the principal whose access you are removing. 
    */
   disassociatePrincipalFromPortfolio(params: ServiceCatalog.Types.DisassociatePrincipalFromPortfolioInput, callback?: (err: AWSError, data: ServiceCatalog.Types.DisassociatePrincipalFromPortfolioOutput) => void): Request<ServiceCatalog.Types.DisassociatePrincipalFromPortfolioOutput, AWSError>;
   /**
-   * Disassociates a previously associated principal ARN from a specified portfolio. The PrincipalType and PrincipalARN must match the AssociatePrincipalWithPortfolio call request details. For example, to disassociate an association created with a PrincipalARN of PrincipalType IAM you must use the PrincipalType IAM when calling DisassociatePrincipalFromPortfolio.  For portfolios that have been shared with principal name sharing enabled: after disassociating a principal, share recipient accounts will no longer be able to provision products in this portfolio using a role matching the name of the associated principal. 
+   * Disassociates a previously associated principal ARN from a specified portfolio. The PrincipalType and PrincipalARN must match the AssociatePrincipalWithPortfolio call request details. For example, to disassociate an association created with a PrincipalARN of PrincipalType IAM you must use the PrincipalType IAM when calling DisassociatePrincipalFromPortfolio.  For portfolios that have been shared with principal name sharing enabled: after disassociating a principal, share recipient accounts will no longer be able to provision products in this portfolio using a role matching the name of the associated principal.  For more information, review associate-principal-with-portfolio in the Amazon Web Services CLI Command Reference.   If you disassociate a principal from a portfolio, with PrincipalType as IAM, the same principal will still have access to the portfolio if it matches one of the associated principals of type IAM_PATTERN. To fully remove access for a principal, verify all the associated Principals of type IAM_PATTERN, and then ensure you disassociate any IAM_PATTERN principals that match the principal whose access you are removing. 
    */
   disassociatePrincipalFromPortfolio(callback?: (err: AWSError, data: ServiceCatalog.Types.DisassociatePrincipalFromPortfolioOutput) => void): Request<ServiceCatalog.Types.DisassociatePrincipalFromPortfolioOutput, AWSError>;
   /**
@@ -790,11 +790,11 @@ declare namespace ServiceCatalog {
      */
     PortfolioId: Id;
     /**
-     * The ARN of the principal (user, role, or group). This field allows an ARN with no accountID if PrincipalType is IAM_PATTERN.  You can associate multiple IAM patterns even if the account has no principal with that name. This is useful in Principal Name Sharing if you want to share a principal without creating it in the account that owns the portfolio. 
+     * The ARN of the principal (user, role, or group). The supported value is a fully defined  IAM ARN if the PrincipalType is IAM. If the PrincipalType is IAM_PATTERN, the supported value is an IAM ARN without an AccountID in the following format:  arn:partition:iam:::resource-type/resource-id  The resource-id can be either of the following:   Fully formed, for example arn:aws:iam:::role/resource-name or arn:aws:iam:::role/resource-path/resource-name    A wildcard ARN. The wildcard ARN accepts IAM_PATTERN values with a "*" or "?" in the resource-id segment of the ARN, for example arn:partition:service:::resource-type/resource-path/resource-name. The new symbols are exclusive to the resource-path and resource-name and cannot be used to replace the resource-type or other ARN values.    Examples of an acceptable wildcard ARN:   arn:aws:iam:::role/ResourceName_*   arn:aws:iam:::role/*ResourceName_?   Examples of an unacceptable wildcard ARN:   arn:aws:iam:::*ResourceName   You can associate multiple IAM_PATTERNs even if the account has no principal with that name.     The ARN path and principal name allow unlimited wildcard characters.    The "?" wildcard character matches zero or one of any character. This is similar to ".?" in regular regex context.   The "*" wildcard character matches any number of any characters. This is similar ".*" in regular regex context.   In the IAM Principal ARNs format (arn:partition:iam:::resource-type/resource-path/resource-name), valid resource-type values include user/, group/, or role/. The "?" and "*" are allowed only after the resource-type, in the resource-id segment. You can use special characters anywhere within the resource-id.   The "*" also matches the "/" character, allowing paths to be formed within the resource-id. For example, arn:aws:iam:::role/*ResourceName_? matches both arn:aws:iam:::role/pathA/pathB/ResourceName_1 and arn:aws:iam:::role/pathA/ResourceName_1.   
      */
     PrincipalARN: PrincipalARN;
     /**
-     * The principal type. The supported value is IAM if you use a fully defined ARN, or IAM_PATTERN if you use an ARN with no accountID. 
+     * The principal type. The supported value is IAM if you use a fully defined ARN, or IAM_PATTERN if you use an ARN with no accountID, with or without wildcard characters. 
      */
     PrincipalType: PrincipalType;
   }
@@ -1935,11 +1935,11 @@ declare namespace ServiceCatalog {
      */
     PortfolioId: Id;
     /**
-     * The ARN of the principal (user, role, or group). This field allows an ARN with no accountID if PrincipalType is IAM_PATTERN.
+     * The ARN of the principal (user, role, or group). This field allows an ARN with no accountID with or without wildcard characters if PrincipalType is IAM_PATTERN.
      */
     PrincipalARN: PrincipalARN;
     /**
-     * The supported value is IAM if you use a fully defined ARN, or IAM_PATTERN if you use no accountID. 
+     * The supported value is IAM if you use a fully defined ARN, or IAM_PATTERN if you specify an IAM ARN with no AccountId, with or without wildcard characters. 
      */
     PrincipalType?: PrincipalType;
   }
@@ -2973,11 +2973,11 @@ declare namespace ServiceCatalog {
   export type PortfolioShareType = "IMPORTED"|"AWS_SERVICECATALOG"|"AWS_ORGANIZATIONS"|string;
   export interface Principal {
     /**
-     * The ARN of the principal (user, role, or group). This field allows for an ARN with no accountID if the PrincipalType is an IAM_PATTERN. 
+     * The ARN of the principal (user, role, or group). This field allows for an ARN with no accountID, with or without wildcard characters if the PrincipalType is an IAM_PATTERN.  For more information, review associate-principal-with-portfolio in the Amazon Web Services CLI Command Reference. 
      */
     PrincipalARN?: PrincipalARN;
     /**
-     * The principal type. The supported value is IAM if you use a fully defined ARN, or IAM_PATTERN if you use an ARN with no accountID. 
+     * The principal type. The supported value is IAM if you use a fully defined ARN, or IAM_PATTERN if you use an ARN with no accountID, with or without wildcard characters. 
      */
     PrincipalType?: PrincipalType;
   }