aws-sdk 2.1550.0 → 2.1552.0

package/clients/glue.d.ts

@@ -2693,7 +2693,7 @@ declare namespace Glue {
      */
     OutputSchemas?: GlueSchemas;
   }
-  export type CatalogEncryptionMode = "DISABLED"|"SSE-KMS"|string;
+  export type CatalogEncryptionMode = "DISABLED"|"SSE-KMS"|"SSE-KMS-WITH-SERVICE-ROLE"|string;
   export type CatalogEntries = CatalogEntry[];
   export interface CatalogEntry {
     /**
@@ -3501,7 +3501,7 @@ declare namespace Glue {
      */
     MatchCriteria?: MatchCriteria;
     /**
-     * These key-value pairs define parameters for the connection:    HOST - The host URI: either the fully qualified domain name (FQDN) or the IPv4 address of the database host.    PORT - The port number, between 1024 and 65535, of the port on which the database host is listening for database connections.    USER_NAME - The name under which to log in to the database. The value string for USER_NAME is "USERNAME".    PASSWORD - A password, if one is used, for the user name.    ENCRYPTED_PASSWORD - When you enable connection password protection by setting ConnectionPasswordEncryption in the Data Catalog encryption settings, this field stores the encrypted password.    JDBC_DRIVER_JAR_URI - The Amazon Simple Storage Service (Amazon S3) path of the JAR file that contains the JDBC driver to use.    JDBC_DRIVER_CLASS_NAME - The class name of the JDBC driver to use.    JDBC_ENGINE - The name of the JDBC engine to use.    JDBC_ENGINE_VERSION - The version of the JDBC engine to use.    CONFIG_FILES - (Reserved for future use.)    INSTANCE_ID - The instance ID to use.    JDBC_CONNECTION_URL - The URL for connecting to a JDBC data source.    JDBC_ENFORCE_SSL - A Boolean string (true, false) specifying whether Secure Sockets Layer (SSL) with hostname matching is enforced for the JDBC connection on the client. The default is false.    CUSTOM_JDBC_CERT - An Amazon S3 location specifying the customer's root certificate. Glue uses this root certificate to validate the customer’s certificate when connecting to the customer database. Glue only handles X.509 certificates. The certificate provided must be DER-encoded and supplied in Base64 encoding PEM format.    SKIP_CUSTOM_JDBC_CERT_VALIDATION - By default, this is false. Glue validates the Signature algorithm and Subject Public Key Algorithm for the customer certificate. The only permitted algorithms for the Signature algorithm are SHA256withRSA, SHA384withRSA or SHA512withRSA. For the Subject Public Key Algorithm, the key length must be at least 2048. You can set the value of this property to true to skip Glue’s validation of the customer certificate.    CUSTOM_JDBC_CERT_STRING - A custom JDBC certificate string which is used for domain match or distinguished name match to prevent a man-in-the-middle attack. In Oracle database, this is used as the SSL_SERVER_CERT_DN; in Microsoft SQL Server, this is used as the hostNameInCertificate.    CONNECTION_URL - The URL for connecting to a general (non-JDBC) data source.    SECRET_ID - The secret ID used for the secret manager of credentials.    CONNECTOR_URL - The connector URL for a MARKETPLACE or CUSTOM connection.    CONNECTOR_TYPE - The connector type for a MARKETPLACE or CUSTOM connection.    CONNECTOR_CLASS_NAME - The connector class name for a MARKETPLACE or CUSTOM connection.    KAFKA_BOOTSTRAP_SERVERS - A comma-separated list of host and port pairs that are the addresses of the Apache Kafka brokers in a Kafka cluster to which a Kafka client will connect to and bootstrap itself.    KAFKA_SSL_ENABLED - Whether to enable or disable SSL on an Apache Kafka connection. Default value is "true".    KAFKA_CUSTOM_CERT - The Amazon S3 URL for the private CA cert file (.pem format). The default is an empty string.    KAFKA_SKIP_CUSTOM_CERT_VALIDATION - Whether to skip the validation of the CA cert file or not. Glue validates for three algorithms: SHA256withRSA, SHA384withRSA and SHA512withRSA. Default value is "false".    KAFKA_CLIENT_KEYSTORE - The Amazon S3 location of the client keystore file for Kafka client side authentication (Optional).    KAFKA_CLIENT_KEYSTORE_PASSWORD - The password to access the provided keystore (Optional).    KAFKA_CLIENT_KEY_PASSWORD - A keystore can consist of multiple keys, so this is the password to access the client key to be used with the Kafka server side key (Optional).    ENCRYPTED_KAFKA_CLIENT_KEYSTORE_PASSWORD - The encrypted version of the Kafka client keystore password (if the user has the Glue encrypt passwords setting selected).    ENCRYPTED_KAFKA_CLIENT_KEY_PASSWORD - The encrypted version of the Kafka client key password (if the user has the Glue encrypt passwords setting selected).    KAFKA_SASL_MECHANISM - "SCRAM-SHA-512", "GSSAPI", or "AWS_MSK_IAM". These are the supported SASL Mechanisms.    KAFKA_SASL_SCRAM_USERNAME - A plaintext username used to authenticate with the "SCRAM-SHA-512" mechanism.    KAFKA_SASL_SCRAM_PASSWORD - A plaintext password used to authenticate with the "SCRAM-SHA-512" mechanism.    ENCRYPTED_KAFKA_SASL_SCRAM_PASSWORD - The encrypted version of the Kafka SASL SCRAM password (if the user has the Glue encrypt passwords setting selected).    KAFKA_SASL_SCRAM_SECRETS_ARN - The Amazon Resource Name of a secret in Amazon Web Services Secrets Manager.    KAFKA_SASL_GSSAPI_KEYTAB - The S3 location of a Kerberos keytab file. A keytab stores long-term keys for one or more principals. For more information, see MIT Kerberos Documentation: Keytab.    KAFKA_SASL_GSSAPI_KRB5_CONF - The S3 location of a Kerberos krb5.conf file. A krb5.conf stores Kerberos configuration information, such as the location of the KDC server. For more information, see MIT Kerberos Documentation: krb5.conf.    KAFKA_SASL_GSSAPI_SERVICE - The Kerberos service name, as set with sasl.kerberos.service.name in your Kafka Configuration.    KAFKA_SASL_GSSAPI_PRINCIPAL - The name of the Kerberos princial used by Glue. For more information, see Kafka Documentation: Configuring Kafka Brokers.  
+     * These key-value pairs define parameters for the connection:    HOST - The host URI: either the fully qualified domain name (FQDN) or the IPv4 address of the database host.    PORT - The port number, between 1024 and 65535, of the port on which the database host is listening for database connections.    USER_NAME - The name under which to log in to the database. The value string for USER_NAME is "USERNAME".    PASSWORD - A password, if one is used, for the user name.    ENCRYPTED_PASSWORD - When you enable connection password protection by setting ConnectionPasswordEncryption in the Data Catalog encryption settings, this field stores the encrypted password.    JDBC_DRIVER_JAR_URI - The Amazon Simple Storage Service (Amazon S3) path of the JAR file that contains the JDBC driver to use.    JDBC_DRIVER_CLASS_NAME - The class name of the JDBC driver to use.    JDBC_ENGINE - The name of the JDBC engine to use.    JDBC_ENGINE_VERSION - The version of the JDBC engine to use.    CONFIG_FILES - (Reserved for future use.)    INSTANCE_ID - The instance ID to use.    JDBC_CONNECTION_URL - The URL for connecting to a JDBC data source.    JDBC_ENFORCE_SSL - A Boolean string (true, false) specifying whether Secure Sockets Layer (SSL) with hostname matching is enforced for the JDBC connection on the client. The default is false.    CUSTOM_JDBC_CERT - An Amazon S3 location specifying the customer's root certificate. Glue uses this root certificate to validate the customer’s certificate when connecting to the customer database. Glue only handles X.509 certificates. The certificate provided must be DER-encoded and supplied in Base64 encoding PEM format.    SKIP_CUSTOM_JDBC_CERT_VALIDATION - By default, this is false. Glue validates the Signature algorithm and Subject Public Key Algorithm for the customer certificate. The only permitted algorithms for the Signature algorithm are SHA256withRSA, SHA384withRSA or SHA512withRSA. For the Subject Public Key Algorithm, the key length must be at least 2048. You can set the value of this property to true to skip Glue’s validation of the customer certificate.    CUSTOM_JDBC_CERT_STRING - A custom JDBC certificate string which is used for domain match or distinguished name match to prevent a man-in-the-middle attack. In Oracle database, this is used as the SSL_SERVER_CERT_DN; in Microsoft SQL Server, this is used as the hostNameInCertificate.    CONNECTION_URL - The URL for connecting to a general (non-JDBC) data source.    SECRET_ID - The secret ID used for the secret manager of credentials.    CONNECTOR_URL - The connector URL for a MARKETPLACE or CUSTOM connection.    CONNECTOR_TYPE - The connector type for a MARKETPLACE or CUSTOM connection.    CONNECTOR_CLASS_NAME - The connector class name for a MARKETPLACE or CUSTOM connection.    KAFKA_BOOTSTRAP_SERVERS - A comma-separated list of host and port pairs that are the addresses of the Apache Kafka brokers in a Kafka cluster to which a Kafka client will connect to and bootstrap itself.    KAFKA_SSL_ENABLED - Whether to enable or disable SSL on an Apache Kafka connection. Default value is "true".    KAFKA_CUSTOM_CERT - The Amazon S3 URL for the private CA cert file (.pem format). The default is an empty string.    KAFKA_SKIP_CUSTOM_CERT_VALIDATION - Whether to skip the validation of the CA cert file or not. Glue validates for three algorithms: SHA256withRSA, SHA384withRSA and SHA512withRSA. Default value is "false".    KAFKA_CLIENT_KEYSTORE - The Amazon S3 location of the client keystore file for Kafka client side authentication (Optional).    KAFKA_CLIENT_KEYSTORE_PASSWORD - The password to access the provided keystore (Optional).    KAFKA_CLIENT_KEY_PASSWORD - A keystore can consist of multiple keys, so this is the password to access the client key to be used with the Kafka server side key (Optional).    ENCRYPTED_KAFKA_CLIENT_KEYSTORE_PASSWORD - The encrypted version of the Kafka client keystore password (if the user has the Glue encrypt passwords setting selected).    ENCRYPTED_KAFKA_CLIENT_KEY_PASSWORD - The encrypted version of the Kafka client key password (if the user has the Glue encrypt passwords setting selected).    KAFKA_SASL_MECHANISM - "SCRAM-SHA-512", "GSSAPI", "AWS_MSK_IAM", or "PLAIN". These are the supported SASL Mechanisms.    KAFKA_SASL_PLAIN_USERNAME - A plaintext username used to authenticate with the "PLAIN" mechanism.    KAFKA_SASL_PLAIN_PASSWORD - A plaintext password used to authenticate with the "PLAIN" mechanism.    ENCRYPTED_KAFKA_SASL_PLAIN_PASSWORD - The encrypted version of the Kafka SASL PLAIN password (if the user has the Glue encrypt passwords setting selected).    KAFKA_SASL_SCRAM_USERNAME - A plaintext username used to authenticate with the "SCRAM-SHA-512" mechanism.    KAFKA_SASL_SCRAM_PASSWORD - A plaintext password used to authenticate with the "SCRAM-SHA-512" mechanism.    ENCRYPTED_KAFKA_SASL_SCRAM_PASSWORD - The encrypted version of the Kafka SASL SCRAM password (if the user has the Glue encrypt passwords setting selected).    KAFKA_SASL_SCRAM_SECRETS_ARN - The Amazon Resource Name of a secret in Amazon Web Services Secrets Manager.    KAFKA_SASL_GSSAPI_KEYTAB - The S3 location of a Kerberos keytab file. A keytab stores long-term keys for one or more principals. For more information, see MIT Kerberos Documentation: Keytab.    KAFKA_SASL_GSSAPI_KRB5_CONF - The S3 location of a Kerberos krb5.conf file. A krb5.conf stores Kerberos configuration information, such as the location of the KDC server. For more information, see MIT Kerberos Documentation: krb5.conf.    KAFKA_SASL_GSSAPI_SERVICE - The Kerberos service name, as set with sasl.kerberos.service.name in your Kafka Configuration.    KAFKA_SASL_GSSAPI_PRINCIPAL - The name of the Kerberos princial used by Glue. For more information, see Kafka Documentation: Configuring Kafka Brokers.  
      */
     ConnectionProperties?: ConnectionProperties;
     /**
@@ -3560,7 +3560,7 @@ declare namespace Glue {
     AwsKmsKeyId?: NameString;
   }
   export type ConnectionProperties = {[key: string]: ValueString};
-  export type ConnectionPropertyKey = "HOST"|"PORT"|"USERNAME"|"PASSWORD"|"ENCRYPTED_PASSWORD"|"JDBC_DRIVER_JAR_URI"|"JDBC_DRIVER_CLASS_NAME"|"JDBC_ENGINE"|"JDBC_ENGINE_VERSION"|"CONFIG_FILES"|"INSTANCE_ID"|"JDBC_CONNECTION_URL"|"JDBC_ENFORCE_SSL"|"CUSTOM_JDBC_CERT"|"SKIP_CUSTOM_JDBC_CERT_VALIDATION"|"CUSTOM_JDBC_CERT_STRING"|"CONNECTION_URL"|"KAFKA_BOOTSTRAP_SERVERS"|"KAFKA_SSL_ENABLED"|"KAFKA_CUSTOM_CERT"|"KAFKA_SKIP_CUSTOM_CERT_VALIDATION"|"KAFKA_CLIENT_KEYSTORE"|"KAFKA_CLIENT_KEYSTORE_PASSWORD"|"KAFKA_CLIENT_KEY_PASSWORD"|"ENCRYPTED_KAFKA_CLIENT_KEYSTORE_PASSWORD"|"ENCRYPTED_KAFKA_CLIENT_KEY_PASSWORD"|"SECRET_ID"|"CONNECTOR_URL"|"CONNECTOR_TYPE"|"CONNECTOR_CLASS_NAME"|"KAFKA_SASL_MECHANISM"|"KAFKA_SASL_SCRAM_USERNAME"|"KAFKA_SASL_SCRAM_PASSWORD"|"KAFKA_SASL_SCRAM_SECRETS_ARN"|"ENCRYPTED_KAFKA_SASL_SCRAM_PASSWORD"|"KAFKA_SASL_GSSAPI_KEYTAB"|"KAFKA_SASL_GSSAPI_KRB5_CONF"|"KAFKA_SASL_GSSAPI_SERVICE"|"KAFKA_SASL_GSSAPI_PRINCIPAL"|string;
+  export type ConnectionPropertyKey = "HOST"|"PORT"|"USERNAME"|"PASSWORD"|"ENCRYPTED_PASSWORD"|"JDBC_DRIVER_JAR_URI"|"JDBC_DRIVER_CLASS_NAME"|"JDBC_ENGINE"|"JDBC_ENGINE_VERSION"|"CONFIG_FILES"|"INSTANCE_ID"|"JDBC_CONNECTION_URL"|"JDBC_ENFORCE_SSL"|"CUSTOM_JDBC_CERT"|"SKIP_CUSTOM_JDBC_CERT_VALIDATION"|"CUSTOM_JDBC_CERT_STRING"|"CONNECTION_URL"|"KAFKA_BOOTSTRAP_SERVERS"|"KAFKA_SSL_ENABLED"|"KAFKA_CUSTOM_CERT"|"KAFKA_SKIP_CUSTOM_CERT_VALIDATION"|"KAFKA_CLIENT_KEYSTORE"|"KAFKA_CLIENT_KEYSTORE_PASSWORD"|"KAFKA_CLIENT_KEY_PASSWORD"|"ENCRYPTED_KAFKA_CLIENT_KEYSTORE_PASSWORD"|"ENCRYPTED_KAFKA_CLIENT_KEY_PASSWORD"|"SECRET_ID"|"CONNECTOR_URL"|"CONNECTOR_TYPE"|"CONNECTOR_CLASS_NAME"|"KAFKA_SASL_MECHANISM"|"KAFKA_SASL_PLAIN_USERNAME"|"KAFKA_SASL_PLAIN_PASSWORD"|"ENCRYPTED_KAFKA_SASL_PLAIN_PASSWORD"|"KAFKA_SASL_SCRAM_USERNAME"|"KAFKA_SASL_SCRAM_PASSWORD"|"KAFKA_SASL_SCRAM_SECRETS_ARN"|"ENCRYPTED_KAFKA_SASL_SCRAM_PASSWORD"|"KAFKA_SASL_GSSAPI_KEYTAB"|"KAFKA_SASL_GSSAPI_KRB5_CONF"|"KAFKA_SASL_GSSAPI_SERVICE"|"KAFKA_SASL_GSSAPI_PRINCIPAL"|string;
   export type ConnectionType = "JDBC"|"SFTP"|"MONGODB"|"KAFKA"|"NETWORK"|"MARKETPLACE"|"CUSTOM"|string;
   export interface ConnectionsList {
     /**
@@ -6238,6 +6238,10 @@ declare namespace Glue {
      * The ID of the KMS key to use for encryption at rest.
      */
     SseAwsKmsKeyId?: NameString;
+    /**
+     * The role that Glue assumes to encrypt and decrypt the Data Catalog objects on the caller's behalf.
+     */
+    CatalogEncryptionServiceRole?: IAMRoleArn;
   }
   export interface EncryptionConfiguration {
     /**
@@ -8631,6 +8635,7 @@ declare namespace Glue {
   }
   export type HudiTargetCompressionType = "gzip"|"lzo"|"uncompressed"|"snappy"|string;
   export type HudiTargetList = HudiTarget[];
+  export type IAMRoleArn = string;
   export interface IcebergInput {
     /**
      * A required metadata operation. Can only be set to CREATE.

package/clients/opensearch.d.ts

@@ -51,6 +51,14 @@ declare class OpenSearch extends Service {
    * Provides access to an Amazon OpenSearch Service domain through the use of an interface VPC endpoint.
    */
   authorizeVpcEndpointAccess(callback?: (err: AWSError, data: OpenSearch.Types.AuthorizeVpcEndpointAccessResponse) => void): Request<OpenSearch.Types.AuthorizeVpcEndpointAccessResponse, AWSError>;
+  /**
+   * Cancels a pending configuration change on an Amazon OpenSearch Service domain.
+   */
+  cancelDomainConfigChange(params: OpenSearch.Types.CancelDomainConfigChangeRequest, callback?: (err: AWSError, data: OpenSearch.Types.CancelDomainConfigChangeResponse) => void): Request<OpenSearch.Types.CancelDomainConfigChangeResponse, AWSError>;
+  /**
+   * Cancels a pending configuration change on an Amazon OpenSearch Service domain.
+   */
+  cancelDomainConfigChange(callback?: (err: AWSError, data: OpenSearch.Types.CancelDomainConfigChangeResponse) => void): Request<OpenSearch.Types.CancelDomainConfigChangeResponse, AWSError>;
   /**
    * Cancels a scheduled service software update for an Amazon OpenSearch Service domain. You can only perform this operation before the AutomatedUpdateDate and when the domain's UpdateStatus is PENDING_UPDATE. For more information, see Service software updates in Amazon OpenSearch Service.
    */
@@ -852,6 +860,27 @@ declare namespace OpenSearch {
   export type AvailabilityZoneList = AvailabilityZone[];
   export type BackendRole = string;
   export type Boolean = boolean;
+  export interface CancelDomainConfigChangeRequest {
+    DomainName: DomainName;
+    /**
+     * When set to True, returns the list of change IDs and properties that will be cancelled without actually cancelling the change.
+     */
+    DryRun?: DryRun;
+  }
+  export interface CancelDomainConfigChangeResponse {
+    /**
+     * The unique identifiers of the changes that were cancelled.
+     */
+    CancelledChangeIds?: GUIDList;
+    /**
+     * The domain change properties that were cancelled.
+     */
+    CancelledChangeProperties?: CancelledChangePropertyList;
+    /**
+     * Whether or not the request was a dry run. If True, the changes were not actually cancelled. 
+     */
+    DryRun?: DryRun;
+  }
   export interface CancelServiceSoftwareUpdateRequest {
     /**
      * Name of the OpenSearch Service domain that you want to cancel the service software update on.
@@ -864,6 +893,21 @@ declare namespace OpenSearch {
      */
     ServiceSoftwareOptions?: ServiceSoftwareOptions;
   }
+  export interface CancelledChangeProperty {
+    /**
+     * The name of the property whose change was cancelled.
+     */
+    PropertyName?: String;
+    /**
+     * The pending value of the property that was cancelled. This would have been the eventual value of the property if the chance had not been cancelled.
+     */
+    CancelledValue?: String;
+    /**
+     * The current value of the property, after the change was cancelled.
+     */
+    ActiveValue?: String;
+  }
+  export type CancelledChangePropertyList = CancelledChangeProperty[];
   export interface ChangeProgressDetails {
     /**
      * The ID of the configuration change.
@@ -873,6 +917,22 @@ declare namespace OpenSearch {
      * A message corresponding to the status of the configuration change.
      */
     Message?: Message;
+    /**
+     * The current status of the configuration change.
+     */
+    ConfigChangeStatus?: ConfigChangeStatus;
+    /**
+     * The IAM principal who initiated the configuration change.
+     */
+    InitiatedBy?: InitiatedBy;
+    /**
+     * The time that the configuration change was initiated, in Universal Coordinated Time (UTC).
+     */
+    StartTime?: UpdateTimestamp;
+    /**
+     * The last time that the configuration change was updated.
+     */
+    LastUpdatedTime?: UpdateTimestamp;
   }
   export interface ChangeProgressStage {
     /**
@@ -924,6 +984,18 @@ declare namespace OpenSearch {
      * The specific stages that the domain is going through to perform the configuration change.
      */
     ChangeProgressStages?: ChangeProgressStageList;
+    /**
+     * The last time that the status of the configuration change was updated.
+     */
+    LastUpdatedTime?: UpdateTimestamp;
+    /**
+     * The current status of the configuration change.
+     */
+    ConfigChangeStatus?: ConfigChangeStatus;
+    /**
+     * The IAM principal who initiated the configuration change.
+     */
+    InitiatedBy?: InitiatedBy;
   }
   export type ClientToken = string;
   export type CloudWatchLogsLogGroupArn = string;
@@ -1033,6 +1105,7 @@ declare namespace OpenSearch {
      */
     TargetVersions?: VersionList;
   }
+  export type ConfigChangeStatus = "Pending"|"Initializing"|"Validating"|"ValidationFailed"|"ApplyingChanges"|"Completed"|"PendingUserInput"|"Cancelled"|string;
   export type ConnectionAlias = string;
   export type ConnectionId = string;
   export type ConnectionMode = "DIRECT"|"VPC_ENDPOINT"|string;
@@ -1774,6 +1847,10 @@ declare namespace OpenSearch {
      * Software update options for the domain.
      */
     SoftwareUpdateOptions?: SoftwareUpdateOptionsStatus;
+    /**
+     * Information about the domain properties that are currently being modified.
+     */
+    ModifyingProperties?: ModifyingPropertiesList;
   }
   export interface DomainEndpointOptions {
     /**
@@ -1939,6 +2016,7 @@ declare namespace OpenSearch {
   }
   export type DomainPackageDetailsList = DomainPackageDetails[];
   export type DomainPackageStatus = "ASSOCIATING"|"ASSOCIATION_FAILED"|"ACTIVE"|"DISSOCIATING"|"DISSOCIATION_FAILED"|string;
+  export type DomainProcessingStatusType = "Creating"|"Active"|"Modifying"|"UpgradingEngineVersion"|"UpdatingServiceSoftware"|"Isolated"|"Deleting"|string;
   export type DomainState = "Active"|"Processing"|"NotAvailable"|string;
   export interface DomainStatus {
     /**
@@ -2057,6 +2135,14 @@ declare namespace OpenSearch {
      * Service software update options for the domain.
      */
     SoftwareUpdateOptions?: SoftwareUpdateOptions;
+    /**
+     * The status of any changes that are currently in progress for the domain.
+     */
+    DomainProcessingStatus?: DomainProcessingStatusType;
+    /**
+     * Information about the domain properties that are currently being modified.
+     */
+    ModifyingProperties?: ModifyingPropertiesList;
   }
   export type DomainStatusList = DomainStatus[];
   export type Double = number;
@@ -2192,6 +2278,7 @@ declare namespace OpenSearch {
   }
   export type FilterList = Filter[];
   export type GUID = string;
+  export type GUIDList = GUID[];
   export interface GetCompatibleVersionsRequest {
     /**
      * The name of an existing domain. Provide this parameter to limit the results to a single domain.
@@ -2379,6 +2466,7 @@ declare namespace OpenSearch {
   }
   export type InboundConnectionStatusCode = "PENDING_ACCEPTANCE"|"APPROVED"|"PROVISIONING"|"ACTIVE"|"REJECTING"|"REJECTED"|"DELETING"|"DELETED"|string;
   export type InboundConnections = InboundConnection[];
+  export type InitiatedBy = "CUSTOMER"|"SERVICE"|string;
   export type InstanceCount = number;
   export interface InstanceCountLimits {
     /**
@@ -2755,6 +2843,25 @@ declare namespace OpenSearch {
   export type MaximumInstanceCount = number;
   export type Message = string;
   export type MinimumInstanceCount = number;
+  export interface ModifyingProperties {
+    /**
+     * The name of the property that is currently being modified.
+     */
+    Name?: String;
+    /**
+     * The current value of the domain property that is being modified.
+     */
+    ActiveValue?: String;
+    /**
+     * The value that the property that is currently being modified will eventually have.
+     */
+    PendingValue?: String;
+    /**
+     * The type of value that is currently being modified. Properties can have two types:    PLAIN_TEXT: Contain direct values such as "1", "True", or "c5.large.search".    STRINGIFIED_JSON: Contain content in JSON format, such as {"Enabled":"True"}".  
+     */
+    ValueType?: PropertyValueType;
+  }
+  export type ModifyingPropertiesList = ModifyingProperties[];
   export type NextToken = string;
   export type NodeId = string;
   export type NodeStatus = "Active"|"StandBy"|"NotAvailable"|string;
@@ -2985,6 +3092,7 @@ declare namespace OpenSearch {
   export type PluginVersion = string;
   export type PolicyDocument = string;
   export type PrincipalType = "AWS_ACCOUNT"|"AWS_SERVICE"|string;
+  export type PropertyValueType = "PLAIN_TEXT"|"STRINGIFIED_JSON"|string;
   export interface PurchaseReservedInstanceOfferingRequest {
     /**
      * The ID of the Reserved Instance offering to purchase.

package/clients/wafv2.d.ts

@@ -67,6 +67,14 @@ declare class WAFV2 extends Service {
    * Creates a WebACL per the specifications provided.  A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance. 
    */
   createWebACL(callback?: (err: AWSError, data: WAFV2.Types.CreateWebACLResponse) => void): Request<WAFV2.Types.CreateWebACLResponse, AWSError>;
+  /**
+   * Deletes the specified API key.  After you delete a key, it can take up to 24 hours for WAF to disallow use of the key in all regions. 
+   */
+  deleteAPIKey(params: WAFV2.Types.DeleteAPIKeyRequest, callback?: (err: AWSError, data: WAFV2.Types.DeleteAPIKeyResponse) => void): Request<WAFV2.Types.DeleteAPIKeyResponse, AWSError>;
+  /**
+   * Deletes the specified API key.  After you delete a key, it can take up to 24 hours for WAF to disallow use of the key in all regions. 
+   */
+  deleteAPIKey(callback?: (err: AWSError, data: WAFV2.Types.DeleteAPIKeyResponse) => void): Request<WAFV2.Types.DeleteAPIKeyResponse, AWSError>;
   /**
    * Deletes all rule groups that are managed by Firewall Manager for the specified web ACL.  You can only use this if ManagedByFirewallManager is false in the specified WebACL. 
    */
@@ -717,7 +725,7 @@ declare namespace WAFV2 {
      */
     Scope: Scope;
     /**
-     * The client application domains that you want to use this API key for.  Example JSON: "TokenDomains": ["abc.com", "store.abc.com"]  Public suffixes aren't allowed. For example, you can't use usa.gov or co.uk as token domains.
+     * The client application domains that you want to use this API key for.  Example JSON: "TokenDomains": ["abc.com", "store.abc.com"]  Public suffixes aren't allowed. For example, you can't use gov.au or co.uk as token domains.
      */
     TokenDomains: APIKeyTokenDomains;
   }
@@ -869,7 +877,7 @@ declare namespace WAFV2 {
      */
     ChallengeConfig?: ChallengeConfig;
     /**
-     * Specifies the domains that WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When WAF provides a token, it uses the domain of the Amazon Web Services resource that the web ACL is protecting. If you don't specify a list of token domains, WAF accepts tokens only for the domain of the protected resource. With a token domain list, WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains. Example JSON: "TokenDomains": { "mywebsite.com", "myotherwebsite.com" }  Public suffixes aren't allowed. For example, you can't use usa.gov or co.uk as token domains.
+     * Specifies the domains that WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When WAF provides a token, it uses the domain of the Amazon Web Services resource that the web ACL is protecting. If you don't specify a list of token domains, WAF accepts tokens only for the domain of the protected resource. With a token domain list, WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains. Example JSON: "TokenDomains": { "mywebsite.com", "myotherwebsite.com" }  Public suffixes aren't allowed. For example, you can't use gov.au or co.uk as token domains.
      */
     TokenDomains?: TokenDomains;
     /**
@@ -938,6 +946,18 @@ declare namespace WAFV2 {
      */
     Allow?: AllowAction;
   }
+  export interface DeleteAPIKeyRequest {
+    /**
+     * Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.  To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:    CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.    API and SDKs - For all calls, use the Region endpoint us-east-1.   
+     */
+    Scope: Scope;
+    /**
+     * The encrypted API key that you want to delete. 
+     */
+    APIKey: APIKey;
+  }
+  export interface DeleteAPIKeyResponse {
+  }
   export interface DeleteFirewallManagerRuleGroupsRequest {
     /**
      * The Amazon Resource Name (ARN) of the web ACL.
@@ -3421,7 +3441,7 @@ declare namespace WAFV2 {
      */
     ChallengeConfig?: ChallengeConfig;
     /**
-     * Specifies the domains that WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When WAF provides a token, it uses the domain of the Amazon Web Services resource that the web ACL is protecting. If you don't specify a list of token domains, WAF accepts tokens only for the domain of the protected resource. With a token domain list, WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains. Example JSON: "TokenDomains": { "mywebsite.com", "myotherwebsite.com" }  Public suffixes aren't allowed. For example, you can't use usa.gov or co.uk as token domains.
+     * Specifies the domains that WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When WAF provides a token, it uses the domain of the Amazon Web Services resource that the web ACL is protecting. If you don't specify a list of token domains, WAF accepts tokens only for the domain of the protected resource. With a token domain list, WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains. Example JSON: "TokenDomains": { "mywebsite.com", "myotherwebsite.com" }  Public suffixes aren't allowed. For example, you can't use gov.au or co.uk as token domains.
      */
     TokenDomains?: TokenDomains;
     /**

package/clients/workspaces.d.ts

@@ -2771,7 +2771,7 @@ declare namespace WorkSpaces {
      */
     IpAddress?: IpAddress;
     /**
-     * The operational state of the WorkSpace.  After a WorkSpace is terminated, the TERMINATED state is returned only briefly before the WorkSpace directory metadata is cleaned up, so this state is rarely returned. To confirm that a WorkSpace is terminated, check for the WorkSpace ID by using  DescribeWorkSpaces. If the WorkSpace ID isn't returned, then the WorkSpace has been successfully terminated. 
+     * The operational state of the WorkSpace.    PENDING – The WorkSpace is in a waiting state (for example, the WorkSpace is being created).    AVAILABLE – The WorkSpace is running and has passed the health checks.    IMPAIRED – Refer to UNHEALTHY state.    UNHEALTHY – The WorkSpace is not responding to health checks.    REBOOTING – The WorkSpace is being rebooted (restarted).    STARTING – The WorkSpace is starting up and health checks are being run.    REBUILDING – The WorkSpace is being rebuilt.    RESTORING – The WorkSpace is being restored.    MAINTENANCE – The WorkSpace is undergoing scheduled maintenance by Amazon Web Services.    ADMIN_MAINTENANCE – The WorkSpace is undergoing maintenance by the WorkSpaces administrator.    TERMINATING – The WorkSpace is being deleted.    TERMINATED – The WorkSpace has been deleted.    SUSPENDED – The WorkSpace has been suspended for image creation.    UPDATING – The WorkSpace is undergoing an update.    STOPPING – The WorkSpace is being stopped.    STOPPED – The WorkSpace has been stopped.    ERROR  – The WorkSpace is an error state (for example, an error occurred during startup).    After a WorkSpace is terminated, the TERMINATED state is returned only briefly before the WorkSpace directory metadata is cleaned up, so this state is rarely returned. To confirm that a WorkSpace is terminated, check for the WorkSpace ID by using  DescribeWorkSpaces. If the WorkSpace ID isn't returned, then the WorkSpace has been successfully terminated. 
      */
     State?: WorkspaceState;
     /**