aws-sdk 2.1578.0 → 2.1580.0

package/clients/cloudformation.d.ts

@@ -460,6 +460,14 @@ declare class CloudFormation extends Service {
    * Returns descriptions of all resources of the specified stack. For deleted stacks, ListStackResources returns resource information for up to 90 days after the stack has been deleted.
    */
   listStackResources(callback?: (err: AWSError, data: CloudFormation.Types.ListStackResourcesOutput) => void): Request<CloudFormation.Types.ListStackResourcesOutput, AWSError>;
+  /**
+   * Returns summary information about deployment targets for a stack set.
+   */
+  listStackSetAutoDeploymentTargets(params: CloudFormation.Types.ListStackSetAutoDeploymentTargetsInput, callback?: (err: AWSError, data: CloudFormation.Types.ListStackSetAutoDeploymentTargetsOutput) => void): Request<CloudFormation.Types.ListStackSetAutoDeploymentTargetsOutput, AWSError>;
+  /**
+   * Returns summary information about deployment targets for a stack set.
+   */
+  listStackSetAutoDeploymentTargets(callback?: (err: AWSError, data: CloudFormation.Types.ListStackSetAutoDeploymentTargetsOutput) => void): Request<CloudFormation.Types.ListStackSetAutoDeploymentTargetsOutput, AWSError>;
   /**
    * Returns summary information about the results of a stack set operation.
    */
@@ -1176,7 +1184,7 @@ declare namespace CloudFormation {
      */
     NotificationARNs?: NotificationARNs;
     /**
-     * In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to create the stack.    CAPABILITY_IAM and CAPABILITY_NAMED_IAM  Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new Identity and Access Management (IAM) users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities. The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.   If you have IAM resources, you can specify either capability.   If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.   If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error.   If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.     AWS::IAM::AccessKey AWS::IAM::AccessKey      AWS::IAM::Group       AWS::IAM::InstanceProfile       AWS::IAM::Policy       AWS::IAM::Role       AWS::IAM::User       AWS::IAM::UserToGroupAddition     For more information, see Acknowledging IAM Resources in CloudFormation Templates.    CAPABILITY_AUTO_EXPAND  Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the  AWS::Include  and  AWS::Serverless  transforms, which are macros hosted by CloudFormation. If you want to create a stack from a stack template that contains macros and nested stacks, you must create the stack directly from the template using this capability.  You should only create stacks directly from a stack template that contains macros if you know what processing the macro performs. Each macro relies on an underlying Lambda service function for processing stack templates. Be aware that the Lambda function owner can update the function operation without CloudFormation being notified.  For more information, see Using CloudFormation macros to perform custom processing on templates.    Only one of the Capabilities and ResourceType parameters can be specified. 
+     * In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to create the stack.    CAPABILITY_IAM and CAPABILITY_NAMED_IAM  Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new Identity and Access Management (IAM) users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities. The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.   If you have IAM resources, you can specify either capability.   If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.   If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error.   If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.     AWS::IAM::AccessKey       AWS::IAM::Group       AWS::IAM::InstanceProfile       AWS::IAM::Policy       AWS::IAM::Role       AWS::IAM::User       AWS::IAM::UserToGroupAddition     For more information, see Acknowledging IAM Resources in CloudFormation Templates.    CAPABILITY_AUTO_EXPAND  Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the  AWS::Include  and  AWS::Serverless  transforms, which are macros hosted by CloudFormation. If you want to create a stack from a stack template that contains macros and nested stacks, you must create the stack directly from the template using this capability.  You should only create stacks directly from a stack template that contains macros if you know what processing the macro performs. Each macro relies on an underlying Lambda service function for processing stack templates. Be aware that the Lambda function owner can update the function operation without CloudFormation being notified.  For more information, see Using CloudFormation macros to perform custom processing on templates.    Only one of the Capabilities and ResourceType parameters can be specified. 
      */
     Capabilities?: Capabilities;
     /**
@@ -2730,6 +2738,34 @@ declare namespace CloudFormation {
      */
     NextToken?: NextToken;
   }
+  export interface ListStackSetAutoDeploymentTargetsInput {
+    /**
+     * The name or unique ID of the stack set that you want to get automatic deployment targets for.
+     */
+    StackSetName: StackSetNameOrId;
+    /**
+     * A string that identifies the next page of stack set deployment targets that you want to retrieve.
+     */
+    NextToken?: NextToken;
+    /**
+     * The maximum number of results to be returned with a single call. If the number of available results exceeds this maximum, the response includes a NextToken value that you can assign to the NextToken request parameter to get the next set of results.
+     */
+    MaxResults?: MaxResults;
+    /**
+     * Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account. By default, SELF is specified. Use SELF for StackSets with self-managed permissions.   If you are signed in to the management account, specify SELF.   If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN. Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.  
+     */
+    CallAs?: CallAs;
+  }
+  export interface ListStackSetAutoDeploymentTargetsOutput {
+    /**
+     * An array of summaries of the deployment targets for the stack set.
+     */
+    Summaries?: StackSetAutoDeploymentTargetSummaries;
+    /**
+     * If the request doesn't return all the remaining results, NextToken is set to a token. To retrieve the next set of results, call  ListStackSetAutoDeploymentTargets  again and use that value for the NextToken parameter. If the request returns all results, NextToken is set to an empty string.
+     */
+    NextToken?: NextToken;
+  }
   export interface ListStackSetOperationResultsInput {
     /**
      * The name or unique ID of the stack set that you want to get operation results for.
@@ -3885,7 +3921,7 @@ declare namespace CloudFormation {
   }
   export interface StackInstanceComprehensiveStatus {
     /**
-     *    CANCELLED: The operation in the specified account and Region has been canceled. This is either because a user has stopped the stack set operation, or because the failure tolerance of the stack set operation has been exceeded.    FAILED: The operation in the specified account and Region failed. If the stack set operation fails in enough accounts within a Region, the failure tolerance for the stack set operation as a whole might be exceeded.    INOPERABLE: A DeleteStackInstances operation has failed and left the stack in an unstable state. Stacks in this state are excluded from further UpdateStackSet operations. You might need to perform a DeleteStackInstances operation, with RetainStacks set to true, to delete the stack instance, and then delete the stack manually.    PENDING: The operation in the specified account and Region has yet to start.    RUNNING: The operation in the specified account and Region is currently in progress.    SKIPPED_SUSPENDED_ACCOUNT: The operation in the specified account and Region has been skipped because the account was suspended at the time of the operation.    SUCCEEDED: The operation in the specified account and Region completed successfully.  
+     *    CANCELLED: The operation in the specified account and Region has been canceled. This is either because a user has stopped the stack set operation, or because the failure tolerance of the stack set operation has been exceeded.    FAILED: The operation in the specified account and Region failed. If the stack set operation fails in enough accounts within a Region, the failure tolerance for the stack set operation as a whole might be exceeded.    FAILED_IMPORT: The import of the stack instance in the specified account and Region failed and left the stack in an unstable state. Once the issues causing the failure are fixed, the import operation can be retried. If enough stack set operations fail in enough accounts within a Region, the failure tolerance for the stack set operation as a whole might be exceeded.    INOPERABLE: A DeleteStackInstances operation has failed and left the stack in an unstable state. Stacks in this state are excluded from further UpdateStackSet operations. You might need to perform a DeleteStackInstances operation, with RetainStacks set to true, to delete the stack instance, and then delete the stack manually.    PENDING: The operation in the specified account and Region has yet to start.    RUNNING: The operation in the specified account and Region is currently in progress.    SKIPPED_SUSPENDED_ACCOUNT: The operation in the specified account and Region has been skipped because the account was suspended at the time of the operation.    SUCCEEDED: The operation in the specified account and Region completed successfully.  
      */
     DetailedStatus?: StackInstanceDetailedStatus;
   }
@@ -4264,6 +4300,17 @@ declare namespace CloudFormation {
     Regions?: RegionList;
   }
   export type StackSetARN = string;
+  export type StackSetAutoDeploymentTargetSummaries = StackSetAutoDeploymentTargetSummary[];
+  export interface StackSetAutoDeploymentTargetSummary {
+    /**
+     * The organization root ID or organizational unit (OU) IDs where the stack set is targeted.
+     */
+    OrganizationalUnitId?: OrganizationalUnitId;
+    /**
+     * The list of Regions targeted for this organization or OU.
+     */
+    Regions?: RegionList;
+  }
   export interface StackSetDriftDetectionDetails {
     /**
      * Status of the stack set's actual configuration compared to its expected template and parameter configuration. A stack set is considered to have drifted if one or more of its stack instances have drifted from their expected template and parameter configuration.    DRIFTED: One or more of the stack instances belonging to the stack set stack differs from the expected template and parameter configuration. A stack instance is considered to have drifted if one or more of the resources in the associated stack have drifted.    NOT_CHECKED: CloudFormation hasn't checked the stack set for drift.    IN_SYNC: All of the stack instances belonging to the stack set stack match from the expected template and parameter configuration.  

package/clients/codebuild.d.ts

@@ -1046,6 +1046,10 @@ declare namespace CodeBuild {
      * The scaling configuration of the compute fleet.
      */
     scalingConfiguration?: ScalingConfigurationInput;
+    /**
+     * The compute fleet overflow behavior.   For overflow behavior QUEUE, your overflow builds need to wait on the existing fleet instance to become available.   For overflow behavior ON_DEMAND, your overflow builds run on CodeBuild on-demand.  
+     */
+    overflowBehavior?: FleetOverflowBehavior;
     /**
      * A list of tag key and value pairs associated with this compute fleet. These tags are available for use by Amazon Web Services services that support CodeBuild build project tags.
      */
@@ -1469,6 +1473,10 @@ declare namespace CodeBuild {
      * The scaling configuration of the compute fleet.
      */
     scalingConfiguration?: ScalingConfigurationOutput;
+    /**
+     * The compute fleet overflow behavior.   For overflow behavior QUEUE, your overflow builds need to wait on the existing fleet instance to become available.   For overflow behavior ON_DEMAND, your overflow builds run on CodeBuild on-demand.  
+     */
+    overflowBehavior?: FleetOverflowBehavior;
     /**
      * A list of tag key and value pairs associated with this compute fleet. These tags are available for use by Amazon Web Services services that support CodeBuild build project tags.
      */
@@ -1479,6 +1487,7 @@ declare namespace CodeBuild {
   export type FleetContextCode = "CREATE_FAILED"|"UPDATE_FAILED"|string;
   export type FleetName = string;
   export type FleetNames = NonEmptyString[];
+  export type FleetOverflowBehavior = "QUEUE"|"ON_DEMAND"|string;
   export type FleetScalingMetricType = "FLEET_UTILIZATION_RATE"|string;
   export type FleetScalingType = "TARGET_TRACKING_SCALING"|string;
   export type FleetSortByType = "NAME"|"CREATED_TIME"|"LAST_MODIFIED_TIME"|string;
@@ -3008,6 +3017,10 @@ declare namespace CodeBuild {
      * The scaling configuration of the compute fleet.
      */
     scalingConfiguration?: ScalingConfigurationInput;
+    /**
+     * The compute fleet overflow behavior.   For overflow behavior QUEUE, your overflow builds need to wait on the existing fleet instance to become available.   For overflow behavior ON_DEMAND, your overflow builds run on CodeBuild on-demand.  
+     */
+    overflowBehavior?: FleetOverflowBehavior;
     /**
      * A list of tag key and value pairs associated with this compute fleet. These tags are available for use by Amazon Web Services services that support CodeBuild build project tags.
      */

package/clients/connect.d.ts

@@ -2477,7 +2477,15 @@ declare namespace Connect {
      */
     Value?: InstanceAttributeValue;
   }
+  export interface AttributeAndCondition {
+    /**
+     * A leaf node condition which can be used to specify a tag condition.
+     */
+    TagConditions?: TagAndConditionList;
+    HierarchyGroupCondition?: HierarchyGroupCondition;
+  }
   export type AttributeName = string;
+  export type AttributeOrConditionList = AttributeAndCondition[];
   export type AttributeValue = string;
   export type Attributes = {[key: string]: AttributeValue};
   export type AttributesList = Attribute[];
@@ -3097,6 +3105,18 @@ declare namespace Connect {
      */
     TagCondition?: TagCondition;
   }
+  export interface ControlPlaneUserAttributeFilter {
+    /**
+     * A list of conditions which would be applied together with an OR condition.
+     */
+    OrConditions?: AttributeOrConditionList;
+    /**
+     * A list of conditions which would be applied together with an AND condition.
+     */
+    AndCondition?: AttributeAndCondition;
+    TagCondition?: TagCondition;
+    HierarchyGroupCondition?: HierarchyGroupCondition;
+  }
   export interface CreateAgentStatusRequest {
     /**
      * The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
@@ -3663,6 +3683,14 @@ declare namespace Connect {
      * This API is in preview release for Amazon Connect and is subject to change. A list of third-party applications that the security profile will give access to.
      */
     Applications?: Applications;
+    /**
+     * The list of resources that a security profile applies hierarchy restrictions to in Amazon Connect. Following are acceptable ResourceNames: User.
+     */
+    HierarchyRestrictedResources?: HierarchyRestrictedResourceList;
+    /**
+     * The identifier of the hierarchy group that a security profile uses to restrict access to resources in Amazon Connect.
+     */
+    AllowedAccessControlHierarchyGroupId?: HierarchyGroupId;
   }
   export interface CreateSecurityProfileResponse {
     /**
@@ -6139,6 +6167,8 @@ declare namespace Connect {
      */
     LevelFive?: HierarchyGroupSummaryReference;
   }
+  export type HierarchyRestrictedResourceList = HierarchyRestrictedResourceName[];
+  export type HierarchyRestrictedResourceName = string;
   export interface HierarchyStructure {
     /**
      * Information about level one.
@@ -9888,6 +9918,14 @@ declare namespace Connect {
      * The Amazon Web Services Region where this resource was last modified.
      */
     LastModifiedRegion?: RegionName;
+    /**
+     * The list of resources that a security profile applies hierarchy restrictions to in Amazon Connect. Following are acceptable ResourceNames: User.
+     */
+    HierarchyRestrictedResources?: HierarchyRestrictedResourceList;
+    /**
+     * The identifier of the hierarchy group that a security profile uses to restrict access to resources in Amazon Connect.
+     */
+    AllowedAccessControlHierarchyGroupId?: HierarchyGroupId;
   }
   export type SecurityProfileDescription = string;
   export type SecurityProfileId = string;
@@ -11604,6 +11642,14 @@ declare namespace Connect {
      * This API is in preview release for Amazon Connect and is subject to change. A list of the third-party application's metadata.
      */
     Applications?: Applications;
+    /**
+     * The list of resources that a security profile applies hierarchy restrictions to in Amazon Connect. Following are acceptable ResourceNames: User.
+     */
+    HierarchyRestrictedResources?: HierarchyRestrictedResourceList;
+    /**
+     * The identifier of the hierarchy group that a security profile uses to restrict access to resources in Amazon Connect.
+     */
+    AllowedAccessControlHierarchyGroupId?: HierarchyGroupId;
   }
   export interface UpdateTaskTemplateRequest {
     /**
@@ -12124,6 +12170,10 @@ declare namespace Connect {
   }
   export interface UserSearchFilter {
     TagFilter?: ControlPlaneTagFilter;
+    /**
+     * An object that can be used to specify Tag conditions or Hierarchy Group conditions inside the SearchFilter. This accepts an OR of AND (List of List) input where:   The top level list specifies conditions that need to be applied with OR operator.   The inner list specifies conditions that need to be applied with AND operator.    Only one field can be populated. This object can’t be used along with TagFilter. Request can either contain TagFilter or UserAttributeFilter if SearchFilter is specified, combination of both is not supported and such request will throw AccessDeniedException. 
+     */
+    UserAttributeFilter?: ControlPlaneUserAttributeFilter;
   }
   export interface UserSearchSummary {
     /**

package/clients/ec2.d.ts

@@ -25247,6 +25247,14 @@ declare namespace EC2 {
      * Describes the supported NitroTPM versions for the instance type.
      */
     NitroTpmInfo?: NitroTpmInfo;
+    /**
+     * Describes the media accelerator settings for the instance type.
+     */
+    MediaAcceleratorInfo?: MediaAcceleratorInfo;
+    /**
+     * Describes the Neuron accelerator settings for the instance type.
+     */
+    NeuronInfo?: NeuronInfo;
   }
   export interface InstanceTypeInfoFromInstanceRequirements {
     /**
@@ -27778,6 +27786,45 @@ declare namespace EC2 {
   export type MaximumIops = number;
   export type MaximumNetworkCards = number;
   export type MaximumThroughputInMBps = number;
+  export interface MediaAcceleratorInfo {
+    /**
+     * Describes the media accelerators for the instance type.
+     */
+    Accelerators?: MediaDeviceInfoList;
+    /**
+     * The total size of the memory for the media accelerators for the instance type, in MiB.
+     */
+    TotalMediaMemoryInMiB?: TotalMediaMemory;
+  }
+  export type MediaDeviceCount = number;
+  export interface MediaDeviceInfo {
+    /**
+     * The number of media accelerators for the instance type.
+     */
+    Count?: MediaDeviceCount;
+    /**
+     * The name of the media accelerator.
+     */
+    Name?: MediaDeviceName;
+    /**
+     * The manufacturer of the media accelerator.
+     */
+    Manufacturer?: MediaDeviceManufacturerName;
+    /**
+     * Describes the memory available to the media accelerator.
+     */
+    MemoryInfo?: MediaDeviceMemoryInfo;
+  }
+  export type MediaDeviceInfoList = MediaDeviceInfo[];
+  export type MediaDeviceManufacturerName = string;
+  export interface MediaDeviceMemoryInfo {
+    /**
+     * The size of the memory available to each media accelerator, in MiB.
+     */
+    SizeInMiB?: MediaDeviceMemorySize;
+  }
+  export type MediaDeviceMemorySize = number;
+  export type MediaDeviceName = string;
   export type MembershipType = "static"|"igmp"|string;
   export interface MemoryGiBPerVCpu {
     /**
@@ -30924,6 +30971,56 @@ declare namespace EC2 {
   export type NetworkInterfaceType = "interface"|"natGateway"|"efa"|"trunk"|"load_balancer"|"network_load_balancer"|"vpc_endpoint"|"branch"|"transit_gateway"|"lambda"|"quicksight"|"global_accelerator_managed"|"api_gateway_managed"|"gateway_load_balancer"|"gateway_load_balancer_endpoint"|"iot_rules_managed"|"aws_codestar_connections_managed"|string;
   export type NetworkNodesList = String[];
   export type NetworkPerformance = string;
+  export type NeuronDeviceCoreCount = number;
+  export interface NeuronDeviceCoreInfo {
+    /**
+     * The number of cores available to the neuron accelerator.
+     */
+    Count?: NeuronDeviceCoreCount;
+    /**
+     * The version of the neuron accelerator.
+     */
+    Version?: NeuronDeviceCoreVersion;
+  }
+  export type NeuronDeviceCoreVersion = number;
+  export type NeuronDeviceCount = number;
+  export interface NeuronDeviceInfo {
+    /**
+     * The number of neuron accelerators for the instance type.
+     */
+    Count?: NeuronDeviceCount;
+    /**
+     * The name of the neuron accelerator.
+     */
+    Name?: NeuronDeviceName;
+    /**
+     * Describes the cores available to each neuron accelerator.
+     */
+    CoreInfo?: NeuronDeviceCoreInfo;
+    /**
+     * Describes the memory available to each neuron accelerator.
+     */
+    MemoryInfo?: NeuronDeviceMemoryInfo;
+  }
+  export type NeuronDeviceInfoList = NeuronDeviceInfo[];
+  export interface NeuronDeviceMemoryInfo {
+    /**
+     * The size of the memory available to the neuron accelerator, in MiB.
+     */
+    SizeInMiB?: NeuronDeviceMemorySize;
+  }
+  export type NeuronDeviceMemorySize = number;
+  export type NeuronDeviceName = string;
+  export interface NeuronInfo {
+    /**
+     * Describes the neuron accelerators for the instance type.
+     */
+    NeuronDevices?: NeuronDeviceInfoList;
+    /**
+     * The total size of the memory for the neuron accelerators for the instance type, in MiB.
+     */
+    TotalNeuronDeviceMemoryInMiB?: TotalNeuronMemory;
+  }
   export interface NewDhcpConfiguration {
     Key?: String;
     Values?: ValueStringList;
@@ -35768,7 +35865,7 @@ declare namespace EC2 {
      */
     IamFleetRole: String;
     /**
-     * The launch specifications for the Spot Fleet request. If you specify LaunchSpecifications, you can't specify LaunchTemplateConfigs. If you include On-Demand capacity in your request, you must use LaunchTemplateConfigs.
+     * The launch specifications for the Spot Fleet request. If you specify LaunchSpecifications, you can't specify LaunchTemplateConfigs. If you include On-Demand capacity in your request, you must use LaunchTemplateConfigs.  If an AMI specified in a launch specification is deregistered or disabled, no new instances can be launched from the AMI. For fleets of type maintain, the target capacity will not be maintained. 
      */
     LaunchSpecifications?: LaunchSpecsList;
     /**
@@ -36829,6 +36926,8 @@ declare namespace EC2 {
      */
     Max?: Double;
   }
+  export type TotalMediaMemory = number;
+  export type TotalNeuronMemory = number;
   export type TpmSupportValues = "v2.0"|string;
   export type TrafficDirection = "ingress"|"egress"|string;
   export interface TrafficMirrorFilter {

package/clients/kinesisanalyticsv2.d.ts

@@ -2097,7 +2097,7 @@ declare namespace KinesisAnalyticsV2 {
      */
     ApplicationRestoreConfiguration?: ApplicationRestoreConfiguration;
   }
-  export type RuntimeEnvironment = "SQL-1_0"|"FLINK-1_6"|"FLINK-1_8"|"ZEPPELIN-FLINK-1_0"|"FLINK-1_11"|"FLINK-1_13"|"ZEPPELIN-FLINK-2_0"|"FLINK-1_15"|"ZEPPELIN-FLINK-3_0"|string;
+  export type RuntimeEnvironment = "SQL-1_0"|"FLINK-1_6"|"FLINK-1_8"|"ZEPPELIN-FLINK-1_0"|"FLINK-1_11"|"FLINK-1_13"|"ZEPPELIN-FLINK-2_0"|"FLINK-1_15"|"ZEPPELIN-FLINK-3_0"|"FLINK-1_18"|string;
   export interface S3ApplicationCodeLocationDescription {
     /**
      * The Amazon Resource Name (ARN) for the S3 bucket containing the application code.

package/clients/kms.d.ts

@@ -236,11 +236,11 @@ declare class KMS extends Service {
    */
   getPublicKey(callback?: (err: AWSError, data: KMS.Types.GetPublicKeyResponse) => void): Request<KMS.Types.GetPublicKeyResponse, AWSError>;
   /**
-   * Imports or reimports key material into an existing KMS key that was created without key material. ImportKeyMaterial also sets the expiration model and expiration date of the imported key material. By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide. After you successfully import key material into a KMS key, you can reimport the same key material into that KMS key, but you cannot import different key material. You might reimport key material to replace key material that expired or key material that you deleted. You might also reimport key material to change the expiration model or expiration date of the key material. Before reimporting key material, if necessary, call DeleteImportedKeyMaterial to delete the current imported key material.  Each time you import key material into KMS, you can determine whether (ExpirationModel) and when (ValidTo) the key material expires. To change the expiration of your key material, you must import it again, either by calling ImportKeyMaterial or using the import features of the KMS console. Before calling ImportKeyMaterial:   Create or identify a KMS key with no key material. The KMS key must have an Origin value of EXTERNAL, which indicates that the KMS key is designed for imported key material.  To create an new KMS key for imported key material, call the CreateKey operation with an Origin value of EXTERNAL. You can create a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store.   Use the DescribeKey operation to verify that the KeyState of the KMS key is PendingImport, which indicates that the KMS key has no key material.  If you are reimporting the same key material into an existing KMS key, you might need to call the DeleteImportedKeyMaterial to delete its existing key material.   Call the GetParametersForImport operation to get a public key and import token set for importing key material.    Use the public key in the GetParametersForImport response to encrypt your key material.    Then, in an ImportKeyMaterial request, you submit your encrypted key material and import token. When calling this operation, you must specify the following values:   The key ID or key ARN of the KMS key to associate with the imported key material. Its Origin must be EXTERNAL and its KeyState must be PendingImport. You cannot perform this operation on a KMS key in a custom key store, or on a KMS key in a different Amazon Web Services account. To get the Origin and KeyState of a KMS key, call DescribeKey.   The encrypted key material.    The import token that GetParametersForImport returned. You must use a public key and token from the same GetParametersForImport response.   Whether the key material expires (ExpirationModel) and, if so, when (ValidTo). For help with this choice, see Setting an expiration time in the Key Management Service Developer Guide. If you set an expiration date, KMS deletes the key material from the KMS key on the specified date, making the KMS key unusable. To use the KMS key in cryptographic operations again, you must reimport the same key material. However, you can delete and reimport the key material at any time, including before the key material expires. Each time you reimport, you can eliminate or reset the expiration time.   When this operation is successful, the key state of the KMS key changes from PendingImport to Enabled, and you can use the KMS key in cryptographic operations. If this operation fails, use the exception to help determine the problem. If the error is related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key and repeat the import procedure. For help, see How To Import Key Material in the Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.  Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.  Required permissions: kms:ImportKeyMaterial (key policy)  Related operations:     DeleteImportedKeyMaterial     GetParametersForImport     Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
+   * Imports or reimports key material into an existing KMS key that was created without key material. ImportKeyMaterial also sets the expiration model and expiration date of the imported key material. By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide. After you successfully import key material into a KMS key, you can reimport the same key material into that KMS key, but you cannot import different key material. You might reimport key material to replace key material that expired or key material that you deleted. You might also reimport key material to change the expiration model or expiration date of the key material.  Each time you import key material into KMS, you can determine whether (ExpirationModel) and when (ValidTo) the key material expires. To change the expiration of your key material, you must import it again, either by calling ImportKeyMaterial or using the import features of the KMS console. Before calling ImportKeyMaterial:   Create or identify a KMS key with no key material. The KMS key must have an Origin value of EXTERNAL, which indicates that the KMS key is designed for imported key material.  To create an new KMS key for imported key material, call the CreateKey operation with an Origin value of EXTERNAL. You can create a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store.   Use the DescribeKey operation to verify that the KeyState of the KMS key is PendingImport, which indicates that the KMS key has no key material.  If you are reimporting the same key material into an existing KMS key, you might need to call the DeleteImportedKeyMaterial to delete its existing key material.   Call the GetParametersForImport operation to get a public key and import token set for importing key material.    Use the public key in the GetParametersForImport response to encrypt your key material.    Then, in an ImportKeyMaterial request, you submit your encrypted key material and import token. When calling this operation, you must specify the following values:   The key ID or key ARN of the KMS key to associate with the imported key material. Its Origin must be EXTERNAL and its KeyState must be PendingImport. You cannot perform this operation on a KMS key in a custom key store, or on a KMS key in a different Amazon Web Services account. To get the Origin and KeyState of a KMS key, call DescribeKey.   The encrypted key material.    The import token that GetParametersForImport returned. You must use a public key and token from the same GetParametersForImport response.   Whether the key material expires (ExpirationModel) and, if so, when (ValidTo). For help with this choice, see Setting an expiration time in the Key Management Service Developer Guide. If you set an expiration date, KMS deletes the key material from the KMS key on the specified date, making the KMS key unusable. To use the KMS key in cryptographic operations again, you must reimport the same key material. However, you can delete and reimport the key material at any time, including before the key material expires. Each time you reimport, you can eliminate or reset the expiration time.   When this operation is successful, the key state of the KMS key changes from PendingImport to Enabled, and you can use the KMS key in cryptographic operations. If this operation fails, use the exception to help determine the problem. If the error is related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key and repeat the import procedure. For help, see How To Import Key Material in the Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.  Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.  Required permissions: kms:ImportKeyMaterial (key policy)  Related operations:     DeleteImportedKeyMaterial     GetParametersForImport     Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
    */
   importKeyMaterial(params: KMS.Types.ImportKeyMaterialRequest, callback?: (err: AWSError, data: KMS.Types.ImportKeyMaterialResponse) => void): Request<KMS.Types.ImportKeyMaterialResponse, AWSError>;
   /**
-   * Imports or reimports key material into an existing KMS key that was created without key material. ImportKeyMaterial also sets the expiration model and expiration date of the imported key material. By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide. After you successfully import key material into a KMS key, you can reimport the same key material into that KMS key, but you cannot import different key material. You might reimport key material to replace key material that expired or key material that you deleted. You might also reimport key material to change the expiration model or expiration date of the key material. Before reimporting key material, if necessary, call DeleteImportedKeyMaterial to delete the current imported key material.  Each time you import key material into KMS, you can determine whether (ExpirationModel) and when (ValidTo) the key material expires. To change the expiration of your key material, you must import it again, either by calling ImportKeyMaterial or using the import features of the KMS console. Before calling ImportKeyMaterial:   Create or identify a KMS key with no key material. The KMS key must have an Origin value of EXTERNAL, which indicates that the KMS key is designed for imported key material.  To create an new KMS key for imported key material, call the CreateKey operation with an Origin value of EXTERNAL. You can create a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store.   Use the DescribeKey operation to verify that the KeyState of the KMS key is PendingImport, which indicates that the KMS key has no key material.  If you are reimporting the same key material into an existing KMS key, you might need to call the DeleteImportedKeyMaterial to delete its existing key material.   Call the GetParametersForImport operation to get a public key and import token set for importing key material.    Use the public key in the GetParametersForImport response to encrypt your key material.    Then, in an ImportKeyMaterial request, you submit your encrypted key material and import token. When calling this operation, you must specify the following values:   The key ID or key ARN of the KMS key to associate with the imported key material. Its Origin must be EXTERNAL and its KeyState must be PendingImport. You cannot perform this operation on a KMS key in a custom key store, or on a KMS key in a different Amazon Web Services account. To get the Origin and KeyState of a KMS key, call DescribeKey.   The encrypted key material.    The import token that GetParametersForImport returned. You must use a public key and token from the same GetParametersForImport response.   Whether the key material expires (ExpirationModel) and, if so, when (ValidTo). For help with this choice, see Setting an expiration time in the Key Management Service Developer Guide. If you set an expiration date, KMS deletes the key material from the KMS key on the specified date, making the KMS key unusable. To use the KMS key in cryptographic operations again, you must reimport the same key material. However, you can delete and reimport the key material at any time, including before the key material expires. Each time you reimport, you can eliminate or reset the expiration time.   When this operation is successful, the key state of the KMS key changes from PendingImport to Enabled, and you can use the KMS key in cryptographic operations. If this operation fails, use the exception to help determine the problem. If the error is related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key and repeat the import procedure. For help, see How To Import Key Material in the Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.  Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.  Required permissions: kms:ImportKeyMaterial (key policy)  Related operations:     DeleteImportedKeyMaterial     GetParametersForImport     Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
+   * Imports or reimports key material into an existing KMS key that was created without key material. ImportKeyMaterial also sets the expiration model and expiration date of the imported key material. By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide. After you successfully import key material into a KMS key, you can reimport the same key material into that KMS key, but you cannot import different key material. You might reimport key material to replace key material that expired or key material that you deleted. You might also reimport key material to change the expiration model or expiration date of the key material.  Each time you import key material into KMS, you can determine whether (ExpirationModel) and when (ValidTo) the key material expires. To change the expiration of your key material, you must import it again, either by calling ImportKeyMaterial or using the import features of the KMS console. Before calling ImportKeyMaterial:   Create or identify a KMS key with no key material. The KMS key must have an Origin value of EXTERNAL, which indicates that the KMS key is designed for imported key material.  To create an new KMS key for imported key material, call the CreateKey operation with an Origin value of EXTERNAL. You can create a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store.   Use the DescribeKey operation to verify that the KeyState of the KMS key is PendingImport, which indicates that the KMS key has no key material.  If you are reimporting the same key material into an existing KMS key, you might need to call the DeleteImportedKeyMaterial to delete its existing key material.   Call the GetParametersForImport operation to get a public key and import token set for importing key material.    Use the public key in the GetParametersForImport response to encrypt your key material.    Then, in an ImportKeyMaterial request, you submit your encrypted key material and import token. When calling this operation, you must specify the following values:   The key ID or key ARN of the KMS key to associate with the imported key material. Its Origin must be EXTERNAL and its KeyState must be PendingImport. You cannot perform this operation on a KMS key in a custom key store, or on a KMS key in a different Amazon Web Services account. To get the Origin and KeyState of a KMS key, call DescribeKey.   The encrypted key material.    The import token that GetParametersForImport returned. You must use a public key and token from the same GetParametersForImport response.   Whether the key material expires (ExpirationModel) and, if so, when (ValidTo). For help with this choice, see Setting an expiration time in the Key Management Service Developer Guide. If you set an expiration date, KMS deletes the key material from the KMS key on the specified date, making the KMS key unusable. To use the KMS key in cryptographic operations again, you must reimport the same key material. However, you can delete and reimport the key material at any time, including before the key material expires. Each time you reimport, you can eliminate or reset the expiration time.   When this operation is successful, the key state of the KMS key changes from PendingImport to Enabled, and you can use the KMS key in cryptographic operations. If this operation fails, use the exception to help determine the problem. If the error is related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key and repeat the import procedure. For help, see How To Import Key Material in the Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.  Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.  Required permissions: kms:ImportKeyMaterial (key policy)  Related operations:     DeleteImportedKeyMaterial     GetParametersForImport     Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
    */
   importKeyMaterial(callback?: (err: AWSError, data: KMS.Types.ImportKeyMaterialResponse) => void): Request<KMS.Types.ImportKeyMaterialResponse, AWSError>;
   /**
@@ -1103,15 +1103,19 @@ declare namespace KMS {
      */
     KeyId: KeyIdType;
     /**
-     * Specifies the name of the key policy. The only valid name is default. To get the names of key policies, use ListKeyPolicies.
+     * Specifies the name of the key policy. If no policy name is specified, the default value is default. The only valid name is default. To get the names of key policies, use ListKeyPolicies.
      */
-    PolicyName: PolicyNameType;
+    PolicyName?: PolicyNameType;
   }
   export interface GetKeyPolicyResponse {
     /**
      * A key policy document in JSON format.
      */
     Policy?: PolicyType;
+    /**
+     * The name of the key policy. The only valid value is default.
+     */
+    PolicyName?: PolicyNameType;
   }
   export interface GetKeyRotationStatusRequest {
     /**
@@ -1597,9 +1601,9 @@ declare namespace KMS {
      */
     KeyId: KeyIdType;
     /**
-     * The name of the key policy. The only valid value is default.
+     * The name of the key policy. If no policy name is specified, the default value is default. The only valid value is default.
      */
-    PolicyName: PolicyNameType;
+    PolicyName?: PolicyNameType;
     /**
      * The key policy to attach to the KMS key. The key policy must meet the following criteria:   The key policy must allow the calling principal to make a subsequent PutKeyPolicy request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, see Default key policy in the Key Management Service Developer Guide. (To omit this condition, set BypassPolicyLockoutSafetyCheck to true.)   Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal, you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access Management User Guide.   A key policy document can include only the following characters:   Printable ASCII characters from the space character (\u0020) through the end of the ASCII character range.   Printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF).   The tab (\u0009), line feed (\u000A), and carriage return (\u000D) special characters   For information about key policies, see Key policies in KMS in the Key Management Service Developer Guide.For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the  Identity and Access Management User Guide .
      */