aws-sdk 2.1481.0 → 2.1482.0

package/apis/transfer-2018-11-05.waiters2.json

@@ -1,45 +1,37 @@
 {
-  "version": 2,
-  "waiters": {
-    "ServerOffline": {
-      "acceptors": [
-        {
-          "argument": "Server.State",
-          "expected": "OFFLINE",
-          "matcher": "path",
-          "state": "success"
-        },
-        {
-          "argument": "Server.State",
-          "expected": "STOP_FAILED",
-          "matcher": "path",
-          "state": "failure"
-        }
-      ],
-      "delay": 30,
-      "maxAttempts": 120,
-      "operation": "DescribeServer",
-      "type": "api"
+  "version" : 2,
+  "waiters" : {
+    "ServerOffline" : {
+      "delay" : 30,
+      "maxAttempts" : 120,
+      "operation" : "DescribeServer",
+      "acceptors" : [ {
+        "matcher" : "path",
+        "argument" : "Server.State",
+        "state" : "success",
+        "expected" : "OFFLINE"
+      }, {
+        "matcher" : "path",
+        "argument" : "Server.State",
+        "state" : "failure",
+        "expected" : "STOP_FAILED"
+      } ]
     },
-    "ServerOnline": {
-      "acceptors": [
-        {
-          "argument": "Server.State",
-          "expected": "ONLINE",
-          "matcher": "path",
-          "state": "success"
-        },
-        {
-          "argument": "Server.State",
-          "expected": "START_FAILED",
-          "matcher": "path",
-          "state": "failure"
-        }
-      ],
-      "delay": 30,
-      "maxAttempts": 120,
-      "operation": "DescribeServer",
-      "type": "api"
+    "ServerOnline" : {
+      "delay" : 30,
+      "maxAttempts" : 120,
+      "operation" : "DescribeServer",
+      "acceptors" : [ {
+        "matcher" : "path",
+        "argument" : "Server.State",
+        "state" : "success",
+        "expected" : "ONLINE"
+      }, {
+        "matcher" : "path",
+        "argument" : "Server.State",
+        "state" : "failure",
+        "expected" : "START_FAILED"
+      } ]
     }
   }
-}
+}

package/clients/appstream.d.ts

@@ -986,7 +986,11 @@ declare namespace AppStream {
     /**
      * The desired number of streaming instances.
      */
-    DesiredInstances: Integer;
+    DesiredInstances?: Integer;
+    /**
+     * The desired number of user sessions for a multi-session fleet. This is not allowed for single-session fleets. When you create a fleet, you must set either the DesiredSessions or DesiredInstances attribute, based on the type of fleet you create. You can’t define both attributes or leave both attributes blank.
+     */
+    DesiredSessions?: Integer;
   }
   export interface ComputeCapacityStatus {
     /**
@@ -1005,6 +1009,22 @@ declare namespace AppStream {
      * The number of currently available instances that can be used to stream sessions.
      */
     Available?: Integer;
+    /**
+     * The total number of sessions slots that are either running or pending. This represents the total number of concurrent streaming sessions your fleet can support in a steady state. DesiredUserSessionCapacity = ActualUserSessionCapacity + PendingUserSessionCapacity This only applies to multi-session fleets.
+     */
+    DesiredUserSessions?: Integer;
+    /**
+     * The number of idle session slots currently available for user sessions. AvailableUserSessionCapacity = ActualUserSessionCapacity - ActiveUserSessions This only applies to multi-session fleets.
+     */
+    AvailableUserSessions?: Integer;
+    /**
+     * The number of user sessions currently being used for streaming sessions. This only applies to multi-session fleets.
+     */
+    ActiveUserSessions?: Integer;
+    /**
+     * The total number of session slots that are available for streaming or are currently streaming. ActualUserSessionCapacity = AvailableUserSessionCapacity + ActiveUserSessions This only applies to multi-session fleets.
+     */
+    ActualUserSessions?: Integer;
   }
   export interface CopyImageRequest {
     /**
@@ -1266,7 +1286,7 @@ declare namespace AppStream {
      */
     VpcConfig?: VpcConfig;
     /**
-     * The maximum amount of time that a streaming session can remain active, in seconds. If users are still connected to a streaming instance five minutes before this limit is reached, they are prompted to save any open documents before being disconnected. After this time elapses, the instance is terminated and replaced by a new instance. Specify a value between 600 and 360000.
+     * The maximum amount of time that a streaming session can remain active, in seconds. If users are still connected to a streaming instance five minutes before this limit is reached, they are prompted to save any open documents before being disconnected. After this time elapses, the instance is terminated and replaced by a new instance. Specify a value between 600 and 432000.
      */
     MaxUserDurationInSeconds?: Integer;
     /**
@@ -1321,6 +1341,10 @@ declare namespace AppStream {
      * The S3 location of the session scripts configuration zip file. This only applies to Elastic fleets.
      */
     SessionScriptS3Location?: S3Location;
+    /**
+     * The maximum number of user sessions on an instance. This only applies to multi-session fleets.
+     */
+    MaxSessionsPerInstance?: Integer;
   }
   export interface CreateFleetResult {
     /**
@@ -1974,11 +1998,11 @@ declare namespace AppStream {
     /**
      * The name of the stack. This value is case-sensitive.
      */
-    StackName: String;
+    StackName: Name;
     /**
      * The name of the fleet. This value is case-sensitive.
      */
-    FleetName: String;
+    FleetName: Name;
     /**
      * The user identifier (ID). If you specify a user ID, you must also specify the authentication type.
      */
@@ -1995,6 +2019,10 @@ declare namespace AppStream {
      * The authentication method. Specify API for a user authenticated using a streaming URL or SAML for a SAML federated user. The default is to authenticate users using a streaming URL.
      */
     AuthenticationType?: AuthenticationType;
+    /**
+     * The identifier for the instance hosting the session.
+     */
+    InstanceId?: String;
   }
   export interface DescribeSessionsResult {
     /**
@@ -2385,8 +2413,12 @@ declare namespace AppStream {
      * The S3 location of the session scripts configuration zip file. This only applies to Elastic fleets.
      */
     SessionScriptS3Location?: S3Location;
+    /**
+     * The maximum number of user sessions on an instance. This only applies to multi-session fleets.
+     */
+    MaxSessionsPerInstance?: Integer;
   }
-  export type FleetAttribute = "VPC_CONFIGURATION"|"VPC_CONFIGURATION_SECURITY_GROUP_IDS"|"DOMAIN_JOIN_INFO"|"IAM_ROLE_ARN"|"USB_DEVICE_FILTER_STRINGS"|"SESSION_SCRIPT_S3_LOCATION"|string;
+  export type FleetAttribute = "VPC_CONFIGURATION"|"VPC_CONFIGURATION_SECURITY_GROUP_IDS"|"DOMAIN_JOIN_INFO"|"IAM_ROLE_ARN"|"USB_DEVICE_FILTER_STRINGS"|"SESSION_SCRIPT_S3_LOCATION"|"MAX_SESSIONS_PER_INSTANCE"|string;
   export type FleetAttributes = FleetAttribute[];
   export interface FleetError {
     /**
@@ -2794,6 +2826,10 @@ declare namespace AppStream {
      * The network details for the streaming session.
      */
     NetworkAccessConfiguration?: NetworkAccessConfiguration;
+    /**
+     * The identifier for the instance hosting the session.
+     */
+    InstanceId?: String;
   }
   export type SessionConnectionState = "CONNECTED"|"NOT_CONNECTED"|string;
   export type SessionList = Session[];
@@ -3151,7 +3187,7 @@ declare namespace AppStream {
     /**
      * A unique name for the fleet.
      */
-    Name?: String;
+    Name?: Name;
     /**
      * The instance type to use when launching fleet instances. The following instance types are available:   stream.standard.small   stream.standard.medium   stream.standard.large   stream.standard.xlarge   stream.standard.2xlarge   stream.compute.large   stream.compute.xlarge   stream.compute.2xlarge   stream.compute.4xlarge   stream.compute.8xlarge   stream.memory.large   stream.memory.xlarge   stream.memory.2xlarge   stream.memory.4xlarge   stream.memory.8xlarge   stream.memory.z1d.large   stream.memory.z1d.xlarge   stream.memory.z1d.2xlarge   stream.memory.z1d.3xlarge   stream.memory.z1d.6xlarge   stream.memory.z1d.12xlarge   stream.graphics-design.large   stream.graphics-design.xlarge   stream.graphics-design.2xlarge   stream.graphics-design.4xlarge   stream.graphics-desktop.2xlarge   stream.graphics.g4dn.xlarge   stream.graphics.g4dn.2xlarge   stream.graphics.g4dn.4xlarge   stream.graphics.g4dn.8xlarge   stream.graphics.g4dn.12xlarge   stream.graphics.g4dn.16xlarge   stream.graphics-pro.4xlarge   stream.graphics-pro.8xlarge   stream.graphics-pro.16xlarge   The following instance types are available for Elastic fleets:   stream.standard.small   stream.standard.medium   stream.standard.large   stream.standard.xlarge   stream.standard.2xlarge  
      */
@@ -3224,6 +3260,10 @@ declare namespace AppStream {
      * The S3 location of the session scripts configuration zip file. This only applies to Elastic fleets. 
      */
     SessionScriptS3Location?: S3Location;
+    /**
+     * The maximum number of user sessions on an instance. This only applies to multi-session fleets.
+     */
+    MaxSessionsPerInstance?: Integer;
   }
   export interface UpdateFleetResult {
     /**

package/clients/ec2.d.ts

@@ -3572,6 +3572,14 @@ declare class EC2 extends Service {
    * Returns a quote and exchange information for exchanging one or more specified Convertible Reserved Instances for a new Convertible Reserved Instance. If the exchange cannot be performed, the reason is returned in the response. Use AcceptReservedInstancesExchangeQuote to perform the exchange.
    */
   getReservedInstancesExchangeQuote(callback?: (err: AWSError, data: EC2.Types.GetReservedInstancesExchangeQuoteResult) => void): Request<EC2.Types.GetReservedInstancesExchangeQuoteResult, AWSError>;
+  /**
+   * Gets security groups that can be associated by the Amazon Web Services account making the request with network interfaces in the specified VPC.
+   */
+  getSecurityGroupsForVpc(params: EC2.Types.GetSecurityGroupsForVpcRequest, callback?: (err: AWSError, data: EC2.Types.GetSecurityGroupsForVpcResult) => void): Request<EC2.Types.GetSecurityGroupsForVpcResult, AWSError>;
+  /**
+   * Gets security groups that can be associated by the Amazon Web Services account making the request with network interfaces in the specified VPC.
+   */
+  getSecurityGroupsForVpc(callback?: (err: AWSError, data: EC2.Types.GetSecurityGroupsForVpcResult) => void): Request<EC2.Types.GetSecurityGroupsForVpcResult, AWSError>;
   /**
    * Retrieves the access status of your account to the EC2 serial console of all instances. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.
    */
@@ -21454,6 +21462,39 @@ declare namespace EC2 {
      */
     ValidationFailureReason?: String;
   }
+  export interface GetSecurityGroupsForVpcRequest {
+    /**
+     * The VPC ID where the security group can be used.
+     */
+    VpcId: VpcId;
+    /**
+     * The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.
+     */
+    NextToken?: String;
+    /**
+     * The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.
+     */
+    MaxResults?: GetSecurityGroupsForVpcRequestMaxResults;
+    /**
+     * The filters. If using multiple filters, the results include security groups which match all filters.    group-id: The security group ID.    description: The security group's description.    group-name: The security group name.    owner-id: The security group owner ID.    primary-vpc-id: The VPC ID in which the security group was created.  
+     */
+    Filters?: FilterList;
+    /**
+     * Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
+     */
+    DryRun?: Boolean;
+  }
+  export type GetSecurityGroupsForVpcRequestMaxResults = number;
+  export interface GetSecurityGroupsForVpcResult {
+    /**
+     * The token to include in another request to get the next page of items. This value is null when there are no more items to return.
+     */
+    NextToken?: String;
+    /**
+     * The security group that can be used by interfaces in the VPC.
+     */
+    SecurityGroupForVpcs?: SecurityGroupForVpcList;
+  }
   export interface GetSerialConsoleAccessStatusRequest {
     /**
      * Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
@@ -33758,6 +33799,33 @@ declare namespace EC2 {
      */
     VpcId?: String;
   }
+  export interface SecurityGroupForVpc {
+    /**
+     * The security group's description.
+     */
+    Description?: String;
+    /**
+     * The security group name.
+     */
+    GroupName?: String;
+    /**
+     * The security group owner ID.
+     */
+    OwnerId?: String;
+    /**
+     * The security group ID.
+     */
+    GroupId?: String;
+    /**
+     * The security group tags.
+     */
+    Tags?: TagList;
+    /**
+     * The VPC ID in which the security group was created.
+     */
+    PrimaryVpcId?: String;
+  }
+  export type SecurityGroupForVpcList = SecurityGroupForVpc[];
   export type SecurityGroupId = string;
   export type SecurityGroupIdList = SecurityGroupId[];
   export type SecurityGroupIdSet = SecurityGroupId[];

package/clients/networkfirewall.d.ts

@@ -52,11 +52,11 @@ declare class NetworkFirewall extends Service {
    */
   createRuleGroup(callback?: (err: AWSError, data: NetworkFirewall.Types.CreateRuleGroupResponse) => void): Request<NetworkFirewall.Types.CreateRuleGroupResponse, AWSError>;
   /**
-   * Creates an Network Firewall TLS inspection configuration. A TLS inspection configuration contains the Certificate Manager certificate references that Network Firewall uses to decrypt and re-encrypt inbound traffic. After you create a TLS inspection configuration, you associate it with a new firewall policy. To update the settings for a TLS inspection configuration, use UpdateTLSInspectionConfiguration. To manage a TLS inspection configuration's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource. To retrieve information about TLS inspection configurations, use ListTLSInspectionConfigurations and DescribeTLSInspectionConfiguration.  For more information about TLS inspection configurations, see Decrypting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide. 
+   * Creates an Network Firewall TLS inspection configuration. A TLS inspection configuration contains the Certificate Manager certificate associations that Network Firewall uses to decrypt and re-encrypt traffic traveling through your firewall. After you create a TLS inspection configuration, you can associate it with a new firewall policy. To update the settings for a TLS inspection configuration, use UpdateTLSInspectionConfiguration. To manage a TLS inspection configuration's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource. To retrieve information about TLS inspection configurations, use ListTLSInspectionConfigurations and DescribeTLSInspectionConfiguration.  For more information about TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide. 
    */
   createTLSInspectionConfiguration(params: NetworkFirewall.Types.CreateTLSInspectionConfigurationRequest, callback?: (err: AWSError, data: NetworkFirewall.Types.CreateTLSInspectionConfigurationResponse) => void): Request<NetworkFirewall.Types.CreateTLSInspectionConfigurationResponse, AWSError>;
   /**
-   * Creates an Network Firewall TLS inspection configuration. A TLS inspection configuration contains the Certificate Manager certificate references that Network Firewall uses to decrypt and re-encrypt inbound traffic. After you create a TLS inspection configuration, you associate it with a new firewall policy. To update the settings for a TLS inspection configuration, use UpdateTLSInspectionConfiguration. To manage a TLS inspection configuration's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource. To retrieve information about TLS inspection configurations, use ListTLSInspectionConfigurations and DescribeTLSInspectionConfiguration.  For more information about TLS inspection configurations, see Decrypting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide. 
+   * Creates an Network Firewall TLS inspection configuration. A TLS inspection configuration contains the Certificate Manager certificate associations that Network Firewall uses to decrypt and re-encrypt traffic traveling through your firewall. After you create a TLS inspection configuration, you can associate it with a new firewall policy. To update the settings for a TLS inspection configuration, use UpdateTLSInspectionConfiguration. To manage a TLS inspection configuration's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource. To retrieve information about TLS inspection configurations, use ListTLSInspectionConfigurations and DescribeTLSInspectionConfiguration.  For more information about TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide. 
    */
   createTLSInspectionConfiguration(callback?: (err: AWSError, data: NetworkFirewall.Types.CreateTLSInspectionConfigurationResponse) => void): Request<NetworkFirewall.Types.CreateTLSInspectionConfigurationResponse, AWSError>;
   /**
@@ -292,11 +292,11 @@ declare class NetworkFirewall extends Service {
    */
   updateSubnetChangeProtection(callback?: (err: AWSError, data: NetworkFirewall.Types.UpdateSubnetChangeProtectionResponse) => void): Request<NetworkFirewall.Types.UpdateSubnetChangeProtectionResponse, AWSError>;
   /**
-   * Updates the TLS inspection configuration settings for the specified TLS inspection configuration. You use a TLS inspection configuration by reference in one or more firewall policies. When you modify a TLS inspection configuration, you modify all firewall policies that use the TLS inspection configuration.  To update a TLS inspection configuration, first call DescribeTLSInspectionConfiguration to retrieve the current TLSInspectionConfiguration object, update the object as needed, and then provide the updated object to this call. 
+   * Updates the TLS inspection configuration settings for the specified TLS inspection configuration. You use a TLS inspection configuration by referencing it in one or more firewall policies. When you modify a TLS inspection configuration, you modify all firewall policies that use the TLS inspection configuration.  To update a TLS inspection configuration, first call DescribeTLSInspectionConfiguration to retrieve the current TLSInspectionConfiguration object, update the object as needed, and then provide the updated object to this call. 
    */
   updateTLSInspectionConfiguration(params: NetworkFirewall.Types.UpdateTLSInspectionConfigurationRequest, callback?: (err: AWSError, data: NetworkFirewall.Types.UpdateTLSInspectionConfigurationResponse) => void): Request<NetworkFirewall.Types.UpdateTLSInspectionConfigurationResponse, AWSError>;
   /**
-   * Updates the TLS inspection configuration settings for the specified TLS inspection configuration. You use a TLS inspection configuration by reference in one or more firewall policies. When you modify a TLS inspection configuration, you modify all firewall policies that use the TLS inspection configuration.  To update a TLS inspection configuration, first call DescribeTLSInspectionConfiguration to retrieve the current TLSInspectionConfiguration object, update the object as needed, and then provide the updated object to this call. 
+   * Updates the TLS inspection configuration settings for the specified TLS inspection configuration. You use a TLS inspection configuration by referencing it in one or more firewall policies. When you modify a TLS inspection configuration, you modify all firewall policies that use the TLS inspection configuration.  To update a TLS inspection configuration, first call DescribeTLSInspectionConfiguration to retrieve the current TLSInspectionConfiguration object, update the object as needed, and then provide the updated object to this call. 
    */
   updateTLSInspectionConfiguration(callback?: (err: AWSError, data: NetworkFirewall.Types.UpdateTLSInspectionConfigurationResponse) => void): Request<NetworkFirewall.Types.UpdateTLSInspectionConfigurationResponse, AWSError>;
 }
@@ -433,6 +433,16 @@ declare namespace NetworkFirewall {
     CIDRs?: CIDRSummary;
   }
   export type Certificates = TlsCertificateData[];
+  export interface CheckCertificateRevocationStatusActions {
+    /**
+     * Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has a revoked status.    PASS - Allow the connection to continue, and pass subsequent packets to the stateful engine for inspection.    DROP - Network Firewall fails closed and drops all subsequent traffic.    REJECT - Network Firewall sends a TCP reject packet back to your client so that the client can immediately establish a new session. Network Firewall then fails closed and drops all subsequent traffic. REJECT is available only for TCP traffic.  
+     */
+    RevokedStatusAction?: RevocationCheckAction;
+    /**
+     * Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has an unknown status, or a status that cannot be determined for any other reason, including when the service is unable to connect to the OCSP and CRL endpoints for the certificate.    PASS - Allow the connection to continue, and pass subsequent packets to the stateful engine for inspection.    DROP - Network Firewall fails closed and drops all subsequent traffic.    REJECT - Network Firewall sends a TCP reject packet back to your client so that the client can immediately establish a new session. Network Firewall then fails closed and drops all subsequent traffic. REJECT is available only for TCP traffic.   
+     */
+    UnknownStatusAction?: RevocationCheckAction;
+  }
   export type CollectionMember_String = string;
   export type ConfigurationSyncState = "PENDING"|"IN_SYNC"|"CAPACITY_CONSTRAINED"|string;
   export interface CreateFirewallPolicyRequest {
@@ -581,7 +591,7 @@ declare namespace NetworkFirewall {
      */
     TLSInspectionConfigurationName: ResourceName;
     /**
-     * The object that defines a TLS inspection configuration. This, along with TLSInspectionConfigurationResponse, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by calling DescribeTLSInspectionConfiguration.  Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination. To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect inbound traffic. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see Decrypting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.
+     * The object that defines a TLS inspection configuration. This, along with TLSInspectionConfigurationResponse, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by calling DescribeTLSInspectionConfiguration.  Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination. To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect the traffic traveling through your firewalls. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.
      */
     TLSInspectionConfiguration: TLSInspectionConfiguration;
     /**
@@ -851,7 +861,7 @@ declare namespace NetworkFirewall {
      */
     UpdateToken: UpdateToken;
     /**
-     * The object that defines a TLS inspection configuration. This, along with TLSInspectionConfigurationResponse, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by calling DescribeTLSInspectionConfiguration.  Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination. To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect inbound traffic. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see Decrypting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.
+     * The object that defines a TLS inspection configuration. This, along with TLSInspectionConfigurationResponse, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by calling DescribeTLSInspectionConfiguration.  Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination. To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect the traffic traveling through your firewalls. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.
      */
     TLSInspectionConfiguration?: TLSInspectionConfiguration;
     /**
@@ -1393,7 +1403,8 @@ declare namespace NetworkFirewall {
   export type ResourceManagedStatus = "MANAGED"|"ACCOUNT"|string;
   export type ResourceManagedType = "AWS_MANAGED_THREAT_SIGNATURES"|"AWS_MANAGED_DOMAIN_LISTS"|string;
   export type ResourceName = string;
-  export type ResourceStatus = "ACTIVE"|"DELETING"|string;
+  export type ResourceStatus = "ACTIVE"|"DELETING"|"ERROR"|string;
+  export type RevocationCheckAction = "PASS"|"DROP"|"REJECT"|string;
   export type RuleCapacity = number;
   export interface RuleDefinition {
     /**
@@ -1552,19 +1563,27 @@ declare namespace NetworkFirewall {
   export type RulesString = string;
   export interface ServerCertificate {
     /**
-     * The Amazon Resource Name (ARN) of the Certificate Manager SSL/TLS server certificate.
+     * The Amazon Resource Name (ARN) of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
      */
     ResourceArn?: ResourceArn;
   }
   export interface ServerCertificateConfiguration {
     /**
-     * The list of a server certificate configuration's Certificate Manager SSL/TLS certificates.
+     * The list of a server certificate configuration's Certificate Manager certificates, used for inbound SSL/TLS inspection.
      */
     ServerCertificates?: ServerCertificates;
     /**
-     * A list of a server certificate configuration's scopes.
+     * A list of scopes.
      */
     Scopes?: ServerCertificateScopes;
+    /**
+     * The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate configured in Certificate Manager (ACM) to use for outbound SSL/TLS inspection. The following limitations apply:   You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.   You can't use certificates issued by Private Certificate Authority.   For more information about the certificate requirements for outbound inspection, see Requirements for using SSL/TLS certificates with TLS inspection configurations in the Network Firewall Developer Guide.  For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide.
+     */
+    CertificateAuthorityArn?: ResourceArn;
+    /**
+     * When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To use this option, you must specify a CertificateAuthorityArn in ServerCertificateConfiguration.
+     */
+    CheckCertificateRevocationStatus?: CheckCertificateRevocationStatusActions;
   }
   export type ServerCertificateConfigurations = ServerCertificateConfiguration[];
   export interface ServerCertificateScope {
@@ -1788,6 +1807,7 @@ declare namespace NetworkFirewall {
      * A list of the certificates associated with the TLS inspection configuration.
      */
     Certificates?: Certificates;
+    CertificateAuthority?: TlsCertificateData;
   }
   export type TLSInspectionConfigurations = TLSInspectionConfigurationMetadata[];
   export interface Tag {
@@ -2150,7 +2170,7 @@ declare namespace NetworkFirewall {
      */
     TLSInspectionConfigurationName?: ResourceName;
     /**
-     * The object that defines a TLS inspection configuration. This, along with TLSInspectionConfigurationResponse, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by calling DescribeTLSInspectionConfiguration.  Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination. To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect inbound traffic. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see Decrypting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.
+     * The object that defines a TLS inspection configuration. This, along with TLSInspectionConfigurationResponse, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by calling DescribeTLSInspectionConfiguration.  Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination. To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect the traffic traveling through your firewalls. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.
      */
     TLSInspectionConfiguration: TLSInspectionConfiguration;
     /**

package/clients/opensearch.d.ts

@@ -260,11 +260,11 @@ declare class OpenSearch extends Service {
    */
   getCompatibleVersions(callback?: (err: AWSError, data: OpenSearch.Types.GetCompatibleVersionsResponse) => void): Request<OpenSearch.Types.GetCompatibleVersionsResponse, AWSError>;
   /**
-   * Get the status of the maintenance action.
+   * The status of the maintenance action.
    */
   getDomainMaintenanceStatus(params: OpenSearch.Types.GetDomainMaintenanceStatusRequest, callback?: (err: AWSError, data: OpenSearch.Types.GetDomainMaintenanceStatusResponse) => void): Request<OpenSearch.Types.GetDomainMaintenanceStatusResponse, AWSError>;
   /**
-   * Get the status of the maintenance action.
+   * The status of the maintenance action.
    */
   getDomainMaintenanceStatus(callback?: (err: AWSError, data: OpenSearch.Types.GetDomainMaintenanceStatusResponse) => void): Request<OpenSearch.Types.GetDomainMaintenanceStatusResponse, AWSError>;
   /**
@@ -292,11 +292,11 @@ declare class OpenSearch extends Service {
    */
   getUpgradeStatus(callback?: (err: AWSError, data: OpenSearch.Types.GetUpgradeStatusResponse) => void): Request<OpenSearch.Types.GetUpgradeStatusResponse, AWSError>;
   /**
-   * Get the list of the maintenance action.
+   * A list of maintenance actions for the domain.
    */
   listDomainMaintenances(params: OpenSearch.Types.ListDomainMaintenancesRequest, callback?: (err: AWSError, data: OpenSearch.Types.ListDomainMaintenancesResponse) => void): Request<OpenSearch.Types.ListDomainMaintenancesResponse, AWSError>;
   /**
-   * Get the list of the maintenance action.
+   * A list of maintenance actions for the domain.
    */
   listDomainMaintenances(callback?: (err: AWSError, data: OpenSearch.Types.ListDomainMaintenancesResponse) => void): Request<OpenSearch.Types.ListDomainMaintenancesResponse, AWSError>;
   /**
@@ -412,11 +412,11 @@ declare class OpenSearch extends Service {
    */
   revokeVpcEndpointAccess(callback?: (err: AWSError, data: OpenSearch.Types.RevokeVpcEndpointAccessResponse) => void): Request<OpenSearch.Types.RevokeVpcEndpointAccessResponse, AWSError>;
   /**
-   * Starts the node maintenance (Node restart, Node reboot, Opensearch/Elasticsearch process restart, Dashboard/kibana restart) on the data node.
+   * Starts the node maintenance process on the data node. These processes can include a node reboot, an Opensearch or Elasticsearch process restart, or a Dashboard or Kibana restart.
    */
   startDomainMaintenance(params: OpenSearch.Types.StartDomainMaintenanceRequest, callback?: (err: AWSError, data: OpenSearch.Types.StartDomainMaintenanceResponse) => void): Request<OpenSearch.Types.StartDomainMaintenanceResponse, AWSError>;
   /**
-   * Starts the node maintenance (Node restart, Node reboot, Opensearch/Elasticsearch process restart, Dashboard/kibana restart) on the data node.
+   * Starts the node maintenance process on the data node. These processes can include a node reboot, an Opensearch or Elasticsearch process restart, or a Dashboard or Kibana restart.
    */
   startDomainMaintenance(callback?: (err: AWSError, data: OpenSearch.Types.StartDomainMaintenanceResponse) => void): Request<OpenSearch.Types.StartDomainMaintenanceResponse, AWSError>;
   /**
@@ -1004,6 +1004,10 @@ declare namespace OpenSearch {
      * Identity and Access Management (IAM) policy document specifying the access policies for the new domain.
      */
     AccessPolicies?: PolicyDocument;
+    /**
+     * The type of IP addresses supported by the endpoint for the domain.
+     */
+    IPAddressType?: IPAddressType;
     /**
      * DEPRECATED. Container for the parameters required to configure automated snapshots of domain indexes.
      */
@@ -1611,6 +1615,10 @@ declare namespace OpenSearch {
      * Specifies the access policies for the domain.
      */
     AccessPolicies?: AccessPoliciesStatus;
+    /**
+     * The type of IP addresses supported by the endpoint for the domain.
+     */
+    IPAddressType?: IPAddressTypeStatus;
     /**
      * DEPRECATED. Container for parameters required to configure automated snapshots of domain indexes.
      */
@@ -1717,7 +1725,7 @@ declare namespace OpenSearch {
   }
   export interface DomainMaintenanceDetails {
     /**
-     * Id of the requested action.
+     * The ID of the requested action.
      */
     MaintenanceId?: RequestId;
     /**
@@ -1729,7 +1737,7 @@ declare namespace OpenSearch {
      */
     Action?: MaintenanceType;
     /**
-     * Id of the data node.
+     * The ID of the data node.
      */
     NodeId?: NodeId;
     /**
@@ -1737,15 +1745,15 @@ declare namespace OpenSearch {
      */
     Status?: MaintenanceStatus;
     /**
-     * The status message of the action.
+     * The status message for the action.
      */
     StatusMessage?: MaintenanceStatusMessage;
     /**
-     * Contains time at which action created.
+     * The time at which the action was created.
      */
     CreatedAt?: UpdateTimestamp;
     /**
-     * Contains time at which action updated.
+     * The time at which the action was updated.
      */
     UpdatedAt?: UpdateTimestamp;
   }
@@ -1854,6 +1862,7 @@ declare namespace OpenSearch {
      * Domain-specific endpoint used to submit index, search, and data upload requests to the domain.
      */
     Endpoint?: ServiceUrl;
+    EndpointV2?: ServiceUrl;
     /**
      * The key-value pair that exists if the OpenSearch Service domain uses VPC endpoints.. Example key, value: 'vpc','vpc-endpoint-h2dsd34efgyghrtguk5gt6j2foh4.us-east-1.es.amazonaws.com'.
      */
@@ -1882,6 +1891,10 @@ declare namespace OpenSearch {
      * Identity and Access Management (IAM) policy document specifying the access policies for the domain.
      */
     AccessPolicies?: PolicyDocument;
+    /**
+     * The type of IP addresses supported by the endpoint for the domain.
+     */
+    IPAddressType?: IPAddressType;
     /**
      * DEPRECATED. Container for parameters required to configure automated snapshots of domain indexes.
      */
@@ -2091,33 +2104,33 @@ declare namespace OpenSearch {
      */
     DomainName: DomainName;
     /**
-     * The request id of the maintenance action.
+     * The request ID of the maintenance action.
      */
     MaintenanceId: RequestId;
   }
   export interface GetDomainMaintenanceStatusResponse {
     /**
-     * Contains status of the maintenance action.
+     * The status of the maintenance action.
      */
     Status?: MaintenanceStatus;
     /**
-     * Contains status message of the maintenance action.
+     * The status message of the maintenance action.
      */
     StatusMessage?: MaintenanceStatusMessage;
     /**
-     * Contains node id of maintenance action.
+     * The node ID of the maintenance action.
      */
     NodeId?: NodeId;
     /**
-     * Contains action name.
+     * The action name.
      */
     Action?: MaintenanceType;
     /**
-     * Contains time at which action created.
+     * The time at which the action was created.
      */
     CreatedAt?: UpdateTimestamp;
     /**
-     * Contains time at which action updated.
+     * The time at which the action was updated.
      */
     UpdatedAt?: UpdateTimestamp;
   }
@@ -2193,6 +2206,14 @@ declare namespace OpenSearch {
      */
     UpgradeName?: UpgradeName;
   }
+  export type IPAddressType = "ipv4"|"dualstack"|string;
+  export interface IPAddressTypeStatus {
+    /**
+     * The IP address options for the domain.
+     */
+    Options: IPAddressType;
+    Status: OptionStatus;
+  }
   export type IdentityPoolId = string;
   export interface InboundConnection {
     /**
@@ -2325,13 +2346,13 @@ declare namespace OpenSearch {
      */
     MaxResults?: MaxResults;
     /**
-     * If your initial ListDomainMaintenances operation returns a nextToken, you can include the returned nextToken in subsequent ListDomainMaintenances operations, which returns results in the next page.
+     * If your initial ListDomainMaintenances operation returns a nextToken, include the returned nextToken in subsequent ListDomainMaintenances operations, which returns results in the next page.
      */
     NextToken?: NextToken;
   }
   export interface ListDomainMaintenancesResponse {
     /**
-     * List of the submitted maintenance actions.
+     * A list of the submitted maintenance actions.
      */
     DomainMaintenances?: DomainMaintenanceList;
     /**
@@ -3199,13 +3220,13 @@ declare namespace OpenSearch {
      */
     Action: MaintenanceType;
     /**
-     * Id of the data node.
+     * The ID of the data node.
      */
     NodeId?: NodeId;
   }
   export interface StartDomainMaintenanceResponse {
     /**
-     * Contains request id of requested action.
+     * The request ID of requested action.
      */
     MaintenanceId?: RequestId;
   }
@@ -3313,6 +3334,10 @@ declare namespace OpenSearch {
      * Identity and Access Management (IAM) access policy as a JSON-formatted string.
      */
     AccessPolicies?: PolicyDocument;
+    /**
+     * The type of IP addresses supported by the endpoint for the domain.
+     */
+    IPAddressType?: IPAddressType;
     /**
      * Options to publish OpenSearch logs to Amazon CloudWatch Logs.
      */