aws-sdk 2.1603.0 → 2.1605.0

package/clients/sagemaker.d.ts

@@ -6967,11 +6967,11 @@ declare namespace SageMaker {
   export type DebugRuleEvaluationStatuses = DebugRuleEvaluationStatus[];
   export interface DefaultEbsStorageSettings {
     /**
-     * The default size of the EBS storage volume for a private space.
+     * The default size of the EBS storage volume for a space.
      */
     DefaultEbsVolumeSizeInGb: SpaceEbsVolumeSizeInGb;
     /**
-     * The maximum size of the EBS storage volume for a private space.
+     * The maximum size of the EBS storage volume for a space.
      */
     MaximumEbsVolumeSizeInGb: SpaceEbsVolumeSizeInGb;
   }
@@ -6987,10 +6987,17 @@ declare namespace SageMaker {
     SecurityGroups?: SecurityGroupIds;
     JupyterServerAppSettings?: JupyterServerAppSettings;
     KernelGatewayAppSettings?: KernelGatewayAppSettings;
+    JupyterLabAppSettings?: JupyterLabAppSettings;
+    SpaceStorageSettings?: DefaultSpaceStorageSettings;
+    CustomPosixUserConfig?: CustomPosixUserConfig;
+    /**
+     * The settings for assigning a custom file system to a domain. Permitted users can access this file system in Amazon SageMaker Studio.
+     */
+    CustomFileSystemConfigs?: CustomFileSystemConfigs;
   }
   export interface DefaultSpaceStorageSettings {
     /**
-     * The default EBS storage settings for a private space.
+     * The default EBS storage settings for a space.
      */
     DefaultEbsStorageSettings?: DefaultEbsStorageSettings;
   }
@@ -11359,7 +11366,7 @@ declare namespace SageMaker {
   }
   export interface EbsStorageSettings {
     /**
-     * The size of an EBS storage volume for a private space.
+     * The size of an EBS storage volume for a space.
      */
     EbsVolumeSizeInGb: SpaceEbsVolumeSizeInGb;
   }
@@ -19284,13 +19291,13 @@ declare namespace SageMaker {
   export type OutputParameterList = OutputParameter[];
   export interface OwnershipSettings {
     /**
-     * The user profile who is the owner of the private space.
+     * The user profile who is the owner of the space.
      */
     OwnerUserProfileName: UserProfileName;
   }
   export interface OwnershipSettingsSummary {
     /**
-     * The user profile who is the owner of the private space.
+     * The user profile who is the owner of the space.
      */
     OwnerUserProfileName?: UserProfileName;
   }
@@ -21612,7 +21619,7 @@ declare namespace SageMaker {
      */
     AppType?: AppType;
     /**
-     * The storage settings for a private space.
+     * The storage settings for a space.
      */
     SpaceStorageSettings?: SpaceStorageSettings;
     /**
@@ -21626,7 +21633,7 @@ declare namespace SageMaker {
      */
     AppType?: AppType;
     /**
-     * The storage settings for a private space.
+     * The storage settings for a space.
      */
     SpaceStorageSettings?: SpaceStorageSettings;
   }
@@ -21646,7 +21653,7 @@ declare namespace SageMaker {
   export type SpaceStatus = "Deleting"|"Failed"|"InService"|"Pending"|"Updating"|"Update_Failed"|"Delete_Failed"|string;
   export interface SpaceStorageSettings {
     /**
-     * A collection of EBS storage settings for a private space.
+     * A collection of EBS storage settings for a space.
      */
     EbsStorageSettings?: EbsStorageSettings;
   }
@@ -24197,7 +24204,7 @@ declare namespace SageMaker {
      */
     JupyterLabAppSettings?: JupyterLabAppSettings;
     /**
-     * The storage settings for a private space.
+     * The storage settings for a space.
      */
     SpaceStorageSettings?: DefaultSpaceStorageSettings;
     /**

package/clients/servicediscovery.d.ts

@@ -148,11 +148,11 @@ declare class ServiceDiscovery extends Service {
    */
   listOperations(callback?: (err: AWSError, data: ServiceDiscovery.Types.ListOperationsResponse) => void): Request<ServiceDiscovery.Types.ListOperationsResponse, AWSError>;
   /**
-   * Lists summary information for all the services that are associated with one or more specified namespaces.
+   * Lists summary information for all the services that are associated with one or more namespaces.
    */
   listServices(params: ServiceDiscovery.Types.ListServicesRequest, callback?: (err: AWSError, data: ServiceDiscovery.Types.ListServicesResponse) => void): Request<ServiceDiscovery.Types.ListServicesResponse, AWSError>;
   /**
-   * Lists summary information for all the services that are associated with one or more specified namespaces.
+   * Lists summary information for all the services that are associated with one or more namespaces.
    */
   listServices(callback?: (err: AWSError, data: ServiceDiscovery.Types.ListServicesResponse) => void): Request<ServiceDiscovery.Types.ListServicesResponse, AWSError>;
   /**
@@ -402,7 +402,7 @@ declare namespace ServiceDiscovery {
   }
   export interface DiscoverInstancesRequest {
     /**
-     * The HttpName name of the namespace. It's found in the HttpProperties member of the Properties member of the namespace.
+     * The HttpName name of the namespace. It's found in the HttpProperties member of the Properties member of the namespace. In most cases, Name and HttpName match. However, if you reuse Name for namespace creation, a generated hash is added to HttpName to distinguish the two.
      */
     NamespaceName: NamespaceName;
     /**
@@ -1029,7 +1029,7 @@ declare namespace ServiceDiscovery {
      */
     CreatorRequestId?: ResourceId;
     /**
-     * A string map that contains the following information for the service that you specify in ServiceId:   The attributes that apply to the records that are defined in the service.    For each attribute, the applicable value.    Do not include sensitive information in the attributes if the namespace is discoverable by public DNS queries.  Supported attribute keys include the following:  AWS_ALIAS_DNS_NAME  If you want Cloud Map to create an Amazon Route 53 alias record that routes traffic to an Elastic Load Balancing load balancer, specify the DNS name that's associated with the load balancer. For information about how to get the DNS name, see "DNSName" in the topic AliasTarget in the Route 53 API Reference. Note the following:   The configuration for the service that's specified by ServiceId must include settings for an A record, an AAAA record, or both.   In the service that's specified by ServiceId, the value of RoutingPolicy must be WEIGHTED.   If the service that's specified by ServiceId includes HealthCheckConfig settings, Cloud Map will create the Route 53 health check, but it doesn't associate the health check with the alias record.   Cloud Map currently doesn't support creating alias records that route traffic to Amazon Web Services resources other than Elastic Load Balancing load balancers.   If you specify a value for AWS_ALIAS_DNS_NAME, don't specify values for any of the AWS_INSTANCE attributes.    AWS_EC2_INSTANCE_ID   HTTP namespaces only. The Amazon EC2 instance ID for the instance. If the AWS_EC2_INSTANCE_ID attribute is specified, then the only other attribute that can be specified is AWS_INIT_HEALTH_STATUS. When the AWS_EC2_INSTANCE_ID attribute is specified, then the AWS_INSTANCE_IPV4 attribute will be filled out with the primary private IPv4 address.  AWS_INIT_HEALTH_STATUS  If the service configuration includes HealthCheckCustomConfig, you can optionally use AWS_INIT_HEALTH_STATUS to specify the initial status of the custom health check, HEALTHY or UNHEALTHY. If you don't specify a value for AWS_INIT_HEALTH_STATUS, the initial status is HEALTHY.  AWS_INSTANCE_CNAME  If the service configuration includes a CNAME record, the domain name that you want Route 53 to return in response to DNS queries (for example, example.com). This value is required if the service specified by ServiceId includes settings for an CNAME record.  AWS_INSTANCE_IPV4  If the service configuration includes an A record, the IPv4 address that you want Route 53 to return in response to DNS queries (for example, 192.0.2.44). This value is required if the service specified by ServiceId includes settings for an A record. If the service includes settings for an SRV record, you must specify a value for AWS_INSTANCE_IPV4, AWS_INSTANCE_IPV6, or both.  AWS_INSTANCE_IPV6  If the service configuration includes an AAAA record, the IPv6 address that you want Route 53 to return in response to DNS queries (for example, 2001:0db8:85a3:0000:0000:abcd:0001:2345). This value is required if the service specified by ServiceId includes settings for an AAAA record. If the service includes settings for an SRV record, you must specify a value for AWS_INSTANCE_IPV4, AWS_INSTANCE_IPV6, or both.  AWS_INSTANCE_PORT  If the service includes an SRV record, the value that you want Route 53 to return for the port. If the service includes HealthCheckConfig, the port on the endpoint that you want Route 53 to send requests to.  This value is required if you specified settings for an SRV record or a Route 53 health check when you created the service.  Custom attributes  You can add up to 30 custom attributes. For each key-value pair, the maximum length of the attribute name is 255 characters, and the maximum length of the attribute value is 1,024 characters. The total size of all provided attributes (sum of all keys and values) must not exceed 5,000 characters.  
+     * A string map that contains the following information for the service that you specify in ServiceId:   The attributes that apply to the records that are defined in the service.    For each attribute, the applicable value.    Do not include sensitive information in the attributes if the namespace is discoverable by public DNS queries.  The following are the supported attribute keys.  AWS_ALIAS_DNS_NAME  If you want Cloud Map to create an Amazon Route 53 alias record that routes traffic to an Elastic Load Balancing load balancer, specify the DNS name that's associated with the load balancer. For information about how to get the DNS name, see "DNSName" in the topic AliasTarget in the Route 53 API Reference. Note the following:   The configuration for the service that's specified by ServiceId must include settings for an A record, an AAAA record, or both.   In the service that's specified by ServiceId, the value of RoutingPolicy must be WEIGHTED.   If the service that's specified by ServiceId includes HealthCheckConfig settings, Cloud Map will create the Route 53 health check, but it doesn't associate the health check with the alias record.   Cloud Map currently doesn't support creating alias records that route traffic to Amazon Web Services resources other than Elastic Load Balancing load balancers.   If you specify a value for AWS_ALIAS_DNS_NAME, don't specify values for any of the AWS_INSTANCE attributes.   The AWS_ALIAS_DNS_NAME is not supported in the GovCloud (US) Regions.    AWS_EC2_INSTANCE_ID   HTTP namespaces only. The Amazon EC2 instance ID for the instance. If the AWS_EC2_INSTANCE_ID attribute is specified, then the only other attribute that can be specified is AWS_INIT_HEALTH_STATUS. When the AWS_EC2_INSTANCE_ID attribute is specified, then the AWS_INSTANCE_IPV4 attribute will be filled out with the primary private IPv4 address.  AWS_INIT_HEALTH_STATUS  If the service configuration includes HealthCheckCustomConfig, you can optionally use AWS_INIT_HEALTH_STATUS to specify the initial status of the custom health check, HEALTHY or UNHEALTHY. If you don't specify a value for AWS_INIT_HEALTH_STATUS, the initial status is HEALTHY.  AWS_INSTANCE_CNAME  If the service configuration includes a CNAME record, the domain name that you want Route 53 to return in response to DNS queries (for example, example.com). This value is required if the service specified by ServiceId includes settings for an CNAME record.  AWS_INSTANCE_IPV4  If the service configuration includes an A record, the IPv4 address that you want Route 53 to return in response to DNS queries (for example, 192.0.2.44). This value is required if the service specified by ServiceId includes settings for an A record. If the service includes settings for an SRV record, you must specify a value for AWS_INSTANCE_IPV4, AWS_INSTANCE_IPV6, or both.  AWS_INSTANCE_IPV6  If the service configuration includes an AAAA record, the IPv6 address that you want Route 53 to return in response to DNS queries (for example, 2001:0db8:85a3:0000:0000:abcd:0001:2345). This value is required if the service specified by ServiceId includes settings for an AAAA record. If the service includes settings for an SRV record, you must specify a value for AWS_INSTANCE_IPV4, AWS_INSTANCE_IPV6, or both.  AWS_INSTANCE_PORT  If the service includes an SRV record, the value that you want Route 53 to return for the port. If the service includes HealthCheckConfig, the port on the endpoint that you want Route 53 to send requests to.  This value is required if you specified settings for an SRV record or a Route 53 health check when you created the service.  Custom attributes  You can add up to 30 custom attributes. For each key-value pair, the maximum length of the attribute name is 255 characters, and the maximum length of the attribute value is 1,024 characters. The total size of all provided attributes (sum of all keys and values) must not exceed 5,000 characters.  
      */
     Attributes: Attributes;
   }

package/clients/transfer.d.ts

@@ -365,11 +365,19 @@ declare class Transfer extends Service {
    */
   sendWorkflowStepState(callback?: (err: AWSError, data: Transfer.Types.SendWorkflowStepStateResponse) => void): Request<Transfer.Types.SendWorkflowStepStateResponse, AWSError>;
   /**
-   * Begins a file transfer between local Amazon Web Services storage and a remote AS2 or SFTP server.   For an AS2 connector, you specify the ConnectorId and one or more SendFilePaths to identify the files you want to transfer.   For an SFTP connector, the file transfer can be either outbound or inbound. In both cases, you specify the ConnectorId. Depending on the direction of the transfer, you also specify the following items:   If you are transferring file from a partner's SFTP server to Amazon Web Services storage, you specify one or more RetreiveFilePaths to identify the files you want to transfer, and a LocalDirectoryPath to specify the destination folder.   If you are transferring file to a partner's SFTP server from Amazon Web Services storage, you specify one or more SendFilePaths to identify the files you want to transfer, and a RemoteDirectoryPath to specify the destination folder.    
+   * Retrieves a list of the contents of a directory from a remote SFTP server. You specify the connector ID, the output path, and the remote directory path. You can also specify the optional MaxItems value to control the maximum number of items that are listed from the remote directory. This API returns a list of all files and directories in the remote directory (up to the maximum value), but does not return files or folders in sub-directories. That is, it only returns a list of files and directories one-level deep. After you receive the listing file, you can provide the files that you want to transfer to the RetrieveFilePaths parameter of the StartFileTransfer API call. The naming convention for the output file is  connector-ID-listing-ID.json. The output file contains the following information:    filePath: the complete path of a remote file, relative to the directory of the listing request for your SFTP connector on the remote server.    modifiedTimestamp: the last time the file was modified, in UTC time format. This field is optional. If the remote file attributes don't contain a timestamp, it is omitted from the file listing.    size: the size of the file, in bytes. This field is optional. If the remote file attributes don't contain a file size, it is omitted from the file listing.    path: the complete path of a remote directory, relative to the directory of the listing request for your SFTP connector on the remote server.    truncated: a flag indicating whether the list output contains all of the items contained in the remote directory or not. If your Truncated output value is true, you can increase the value provided in the optional max-items input attribute to be able to list more items (up to the maximum allowed list size of 10,000 items).  
+   */
+  startDirectoryListing(params: Transfer.Types.StartDirectoryListingRequest, callback?: (err: AWSError, data: Transfer.Types.StartDirectoryListingResponse) => void): Request<Transfer.Types.StartDirectoryListingResponse, AWSError>;
+  /**
+   * Retrieves a list of the contents of a directory from a remote SFTP server. You specify the connector ID, the output path, and the remote directory path. You can also specify the optional MaxItems value to control the maximum number of items that are listed from the remote directory. This API returns a list of all files and directories in the remote directory (up to the maximum value), but does not return files or folders in sub-directories. That is, it only returns a list of files and directories one-level deep. After you receive the listing file, you can provide the files that you want to transfer to the RetrieveFilePaths parameter of the StartFileTransfer API call. The naming convention for the output file is  connector-ID-listing-ID.json. The output file contains the following information:    filePath: the complete path of a remote file, relative to the directory of the listing request for your SFTP connector on the remote server.    modifiedTimestamp: the last time the file was modified, in UTC time format. This field is optional. If the remote file attributes don't contain a timestamp, it is omitted from the file listing.    size: the size of the file, in bytes. This field is optional. If the remote file attributes don't contain a file size, it is omitted from the file listing.    path: the complete path of a remote directory, relative to the directory of the listing request for your SFTP connector on the remote server.    truncated: a flag indicating whether the list output contains all of the items contained in the remote directory or not. If your Truncated output value is true, you can increase the value provided in the optional max-items input attribute to be able to list more items (up to the maximum allowed list size of 10,000 items).  
+   */
+  startDirectoryListing(callback?: (err: AWSError, data: Transfer.Types.StartDirectoryListingResponse) => void): Request<Transfer.Types.StartDirectoryListingResponse, AWSError>;
+  /**
+   * Begins a file transfer between local Amazon Web Services storage and a remote AS2 or SFTP server.   For an AS2 connector, you specify the ConnectorId and one or more SendFilePaths to identify the files you want to transfer.   For an SFTP connector, the file transfer can be either outbound or inbound. In both cases, you specify the ConnectorId. Depending on the direction of the transfer, you also specify the following items:   If you are transferring file from a partner's SFTP server to Amazon Web Services storage, you specify one or more RetrieveFilePaths to identify the files you want to transfer, and a LocalDirectoryPath to specify the destination folder.   If you are transferring file to a partner's SFTP server from Amazon Web Services storage, you specify one or more SendFilePaths to identify the files you want to transfer, and a RemoteDirectoryPath to specify the destination folder.    
    */
   startFileTransfer(params: Transfer.Types.StartFileTransferRequest, callback?: (err: AWSError, data: Transfer.Types.StartFileTransferResponse) => void): Request<Transfer.Types.StartFileTransferResponse, AWSError>;
   /**
-   * Begins a file transfer between local Amazon Web Services storage and a remote AS2 or SFTP server.   For an AS2 connector, you specify the ConnectorId and one or more SendFilePaths to identify the files you want to transfer.   For an SFTP connector, the file transfer can be either outbound or inbound. In both cases, you specify the ConnectorId. Depending on the direction of the transfer, you also specify the following items:   If you are transferring file from a partner's SFTP server to Amazon Web Services storage, you specify one or more RetreiveFilePaths to identify the files you want to transfer, and a LocalDirectoryPath to specify the destination folder.   If you are transferring file to a partner's SFTP server from Amazon Web Services storage, you specify one or more SendFilePaths to identify the files you want to transfer, and a RemoteDirectoryPath to specify the destination folder.    
+   * Begins a file transfer between local Amazon Web Services storage and a remote AS2 or SFTP server.   For an AS2 connector, you specify the ConnectorId and one or more SendFilePaths to identify the files you want to transfer.   For an SFTP connector, the file transfer can be either outbound or inbound. In both cases, you specify the ConnectorId. Depending on the direction of the transfer, you also specify the following items:   If you are transferring file from a partner's SFTP server to Amazon Web Services storage, you specify one or more RetrieveFilePaths to identify the files you want to transfer, and a LocalDirectoryPath to specify the destination folder.   If you are transferring file to a partner's SFTP server from Amazon Web Services storage, you specify one or more SendFilePaths to identify the files you want to transfer, and a RemoteDirectoryPath to specify the destination folder.    
    */
   startFileTransfer(callback?: (err: AWSError, data: Transfer.Types.StartFileTransferResponse) => void): Request<Transfer.Types.StartFileTransferResponse, AWSError>;
   /**
@@ -1255,7 +1263,7 @@ declare namespace Transfer {
      */
     CertificateId?: CertificateId;
     /**
-     * Specifies how this certificate is used. It can be used in the following ways:    SIGNING: For signing AS2 messages    ENCRYPTION: For encrypting AS2 messages    TLS: For securing AS2 communications sent over HTTPS  
+     * Specifies whether this certificate is used for signing or encryption.
      */
     Usage?: CertificateUsageType;
     /**
@@ -1770,7 +1778,7 @@ declare namespace Transfer {
   export type IdentityProviderType = "SERVICE_MANAGED"|"API_GATEWAY"|"AWS_DIRECTORY_SERVICE"|"AWS_LAMBDA"|string;
   export interface ImportCertificateRequest {
     /**
-     * Specifies how this certificate is used. It can be used in the following ways:    SIGNING: For signing AS2 messages    ENCRYPTION: For encrypting AS2 messages    TLS: For securing AS2 communications sent over HTTPS  
+     * Specifies whether this certificate is used for signing or encryption.
      */
     Usage: CertificateUsageType;
     /**
@@ -2222,7 +2230,7 @@ declare namespace Transfer {
      */
     CertificateId?: CertificateId;
     /**
-     * Specifies how this certificate is used. It can be used in the following ways:    SIGNING: For signing AS2 messages    ENCRYPTION: For encrypting AS2 messages    TLS: For securing AS2 communications sent over HTTPS  
+     * Specifies whether this certificate is used for signing or encryption.
      */
     Usage?: CertificateUsageType;
     /**
@@ -2404,6 +2412,7 @@ declare namespace Transfer {
     Arn?: Arn;
   }
   export type ListedWorkflows = ListedWorkflow[];
+  export type ListingId = string;
   export type LogGroupName = string;
   export interface LoggingConfiguration {
     /**
@@ -2418,6 +2427,7 @@ declare namespace Transfer {
   export type MapEntry = string;
   export type MapTarget = string;
   export type MapType = "FILE"|"DIRECTORY"|string;
+  export type MaxItems = number;
   export type MaxResults = number;
   export type MdnResponse = "SYNC"|"NONE"|string;
   export type MdnSigningAlg = "SHA256"|"SHA384"|"SHA512"|"SHA1"|"NONE"|"DEFAULT"|string;
@@ -2427,6 +2437,7 @@ declare namespace Transfer {
   export type NullableRole = string;
   export type OnPartialUploadWorkflowDetails = WorkflowDetail[];
   export type OnUploadWorkflowDetails = WorkflowDetail[];
+  export type OutputFileName = string;
   export type OverwriteExisting = "TRUE"|"FALSE"|string;
   export type PassiveIp = string;
   export type Policy = string;
@@ -2599,6 +2610,34 @@ declare namespace Transfer {
   export type SshPublicKeyCount = number;
   export type SshPublicKeyId = string;
   export type SshPublicKeys = SshPublicKey[];
+  export interface StartDirectoryListingRequest {
+    /**
+     * The unique identifier for the connector.
+     */
+    ConnectorId: ConnectorId;
+    /**
+     * Specifies the directory on the remote SFTP server for which you want to list its contents.
+     */
+    RemoteDirectoryPath: FilePath;
+    /**
+     * An optional parameter where you can specify the maximum number of file/directory names to retrieve. The default value is 1,000.
+     */
+    MaxItems?: MaxItems;
+    /**
+     * Specifies the path (bucket and prefix) in Amazon S3 storage to store the results of the directory listing.
+     */
+    OutputDirectoryPath: FilePath;
+  }
+  export interface StartDirectoryListingResponse {
+    /**
+     * Returns a unique identifier for the directory listing call.
+     */
+    ListingId: ListingId;
+    /**
+     * Returns the file name where the results are stored. This is a combination of the connector ID and the listing ID: &lt;connector-id&gt;-&lt;listing-id&gt;.json.
+     */
+    OutputFileName: OutputFileName;
+  }
   export interface StartFileTransferRequest {
     /**
      * The unique identifier for the connector.

package/clients/workspacesweb.d.ts

@@ -602,6 +602,10 @@ declare namespace WorkSpacesWeb {
   export type AuthenticationType = "Standard"|"IAM_Identity_Center"|string;
   export type BrowserPolicy = string;
   export interface BrowserSettings {
+    /**
+     * The additional encryption context of the browser settings.
+     */
+    additionalEncryptionContext?: EncryptionContextMap;
     /**
      * A list of web portal ARNs that this browser settings is associated with.
      */
@@ -614,6 +618,10 @@ declare namespace WorkSpacesWeb {
      * The ARN of the browser settings.
      */
     browserSettingsArn: ARN;
+    /**
+     * The customer managed key used to encrypt sensitive information in the browser settings.
+     */
+    customerManagedKey?: keyArn;
   }
   export type BrowserSettingsList = BrowserSettingsSummary[];
   export interface BrowserSettingsSummary {
@@ -716,7 +724,7 @@ declare namespace WorkSpacesWeb {
      */
     browserPolicy: BrowserPolicy;
     /**
-     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the AWS SDK. 
+     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK. 
      */
     clientToken?: ClientToken;
     /**
@@ -736,11 +744,11 @@ declare namespace WorkSpacesWeb {
   }
   export interface CreateIdentityProviderRequest {
     /**
-     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the AWS SDK.
+     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
      */
     clientToken?: ClientToken;
     /**
-     * The identity provider details. The following list describes the provider detail keys for each identity provider type.    For Google and Login with Amazon:    client_id     client_secret     authorize_scopes      For Facebook:    client_id     client_secret     authorize_scopes     api_version      For Sign in with Apple:    client_id     team_id     key_id     private_key     authorize_scopes      For OIDC providers:    client_id     client_secret     attributes_request_method     oidc_issuer     authorize_scopes     authorize_url if not available from discovery URL specified by oidc_issuer key     token_url if not available from discovery URL specified by oidc_issuer key     attributes_url if not available from discovery URL specified by oidc_issuer key     jwks_uri if not available from discovery URL specified by oidc_issuer key      For SAML providers:    MetadataFile OR MetadataURL     IDPSignout (boolean) optional     
+     * The identity provider details. The following list describes the provider detail keys for each identity provider type.    For Google and Login with Amazon:    client_id     client_secret     authorize_scopes      For Facebook:    client_id     client_secret     authorize_scopes     api_version      For Sign in with Apple:    client_id     team_id     key_id     private_key     authorize_scopes      For OIDC providers:    client_id     client_secret     attributes_request_method     oidc_issuer     authorize_scopes     authorize_url if not available from discovery URL specified by oidc_issuer key     token_url if not available from discovery URL specified by oidc_issuer key     attributes_url if not available from discovery URL specified by oidc_issuer key     jwks_uri if not available from discovery URL specified by oidc_issuer key      For SAML providers:    MetadataFile OR MetadataURL     IDPSignout (boolean) optional     IDPInit (boolean) optional     RequestSigningAlgorithm (string) optional - Only accepts rsa-sha256     EncryptedResponses (boolean) optional     
      */
     identityProviderDetails: IdentityProviderDetails;
     /**
@@ -768,7 +776,7 @@ declare namespace WorkSpacesWeb {
      */
     additionalEncryptionContext?: EncryptionContextMap;
     /**
-     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.  If you do not specify a client token, one is automatically generated by the AWS SDK.
+     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.  If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
      */
     clientToken?: ClientToken;
     /**
@@ -800,7 +808,7 @@ declare namespace WorkSpacesWeb {
   }
   export interface CreateNetworkSettingsRequest {
     /**
-     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.  If you do not specify a client token, one is automatically generated by the AWS SDK.
+     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.  If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
      */
     clientToken?: ClientToken;
     /**
@@ -832,11 +840,11 @@ declare namespace WorkSpacesWeb {
      */
     additionalEncryptionContext?: EncryptionContextMap;
     /**
-     * The type of authentication integration points used when signing into the web portal. Defaults to Standard.  Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.  IAM_Identity_Center web portals are authenticated through AWS IAM Identity Center (successor to AWS Single Sign-On). They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.
+     * The type of authentication integration points used when signing into the web portal. Defaults to Standard.  Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.  IAM Identity Center web portals are authenticated through IAM Identity Center (successor to Single Sign-On). Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.
      */
     authenticationType?: AuthenticationType;
     /**
-     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.  If you do not specify a client token, one is automatically generated by the AWS SDK.
+     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.  If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
      */
     clientToken?: ClientToken;
     /**
@@ -847,6 +855,14 @@ declare namespace WorkSpacesWeb {
      * The name of the web portal. This is not visible to users who log into the web portal.
      */
     displayName?: DisplayName;
+    /**
+     * The type and resources of the underlying instance.
+     */
+    instanceType?: InstanceType;
+    /**
+     * The maximum number of concurrent sessions for the portal.
+     */
+    maxConcurrentSessions?: MaxConcurrentSessions;
     /**
      * The tags to add to the web portal. A tag is a key-value pair.
      */
@@ -868,7 +884,7 @@ declare namespace WorkSpacesWeb {
      */
     certificateList: CertificateList;
     /**
-     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.  If you do not specify a client token, one is automatically generated by the AWS SDK.
+     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.  If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
      */
     clientToken?: ClientToken;
     /**
@@ -884,7 +900,7 @@ declare namespace WorkSpacesWeb {
   }
   export interface CreateUserAccessLoggingSettingsRequest {
     /**
-     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.  If you do not specify a client token, one is automatically generated by the AWS SDK.
+     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.  If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
      */
     clientToken?: ClientToken;
     /**
@@ -908,7 +924,7 @@ declare namespace WorkSpacesWeb {
      */
     additionalEncryptionContext?: EncryptionContextMap;
     /**
-     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.  If you do not specify a client token, one is automatically generated by the AWS SDK.
+     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.  If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
      */
     clientToken?: ClientToken;
     /**
@@ -1213,7 +1229,7 @@ declare namespace WorkSpacesWeb {
      */
     identityProviderArn: SubresourceARN;
     /**
-     * The identity provider details. The following list describes the provider detail keys for each identity provider type.    For Google and Login with Amazon:    client_id     client_secret     authorize_scopes      For Facebook:    client_id     client_secret     authorize_scopes     api_version      For Sign in with Apple:    client_id     team_id     key_id     private_key     authorize_scopes      For OIDC providers:    client_id     client_secret     attributes_request_method     oidc_issuer     authorize_scopes     authorize_url if not available from discovery URL specified by oidc_issuer key     token_url if not available from discovery URL specified by oidc_issuer key     attributes_url if not available from discovery URL specified by oidc_issuer key     jwks_uri if not available from discovery URL specified by oidc_issuer key      For SAML providers:    MetadataFile OR MetadataURL     IDPSignout optional     
+     * The identity provider details. The following list describes the provider detail keys for each identity provider type.    For Google and Login with Amazon:    client_id     client_secret     authorize_scopes      For Facebook:    client_id     client_secret     authorize_scopes     api_version      For Sign in with Apple:    client_id     team_id     key_id     private_key     authorize_scopes      For OIDC providers:    client_id     client_secret     attributes_request_method     oidc_issuer     authorize_scopes     authorize_url if not available from discovery URL specified by oidc_issuer key     token_url if not available from discovery URL specified by oidc_issuer key     attributes_url if not available from discovery URL specified by oidc_issuer key     jwks_uri if not available from discovery URL specified by oidc_issuer key      For SAML providers:    MetadataFile OR MetadataURL     IDPSignout (boolean) optional     IDPInit (boolean) optional     RequestSigningAlgorithm (string) optional - Only accepts rsa-sha256     EncryptedResponses (boolean) optional     
      */
     identityProviderDetails?: IdentityProviderDetails;
     /**
@@ -1244,7 +1260,12 @@ declare namespace WorkSpacesWeb {
   }
   export type IdentityProviderType = "SAML"|"Facebook"|"Google"|"LoginWithAmazon"|"SignInWithApple"|"OIDC"|string;
   export type IdleDisconnectTimeoutInMinutes = number;
+  export type InstanceType = "standard.regular"|"standard.large"|"standard.xlarge"|string;
   export interface IpAccessSettings {
+    /**
+     * The additional encryption context of the IP access settings.
+     */
+    additionalEncryptionContext?: EncryptionContextMap;
     /**
      * A list of web portal ARNs that this IP access settings resource is associated with.
      */
@@ -1253,6 +1274,10 @@ declare namespace WorkSpacesWeb {
      * The creation date timestamp of the IP access settings.
      */
     creationDate?: Timestamp;
+    /**
+     * The customer managed key used to encrypt sensitive information in the IP access settings.
+     */
+    customerManagedKey?: keyArn;
     /**
      * The description of the IP access settings.
      */
@@ -1506,6 +1531,7 @@ declare namespace WorkSpacesWeb {
      */
     userSettings?: UserSettingsList;
   }
+  export type MaxConcurrentSessions = number;
   export type MaxResults = number;
   export interface NetworkSettings {
     /**
@@ -1543,7 +1569,11 @@ declare namespace WorkSpacesWeb {
   export type PaginationToken = string;
   export interface Portal {
     /**
-     * The type of authentication integration points used when signing into the web portal. Defaults to Standard.  Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.  IAM_Identity_Center web portals are authenticated through AWS IAM Identity Center (successor to AWS Single Sign-On). They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.
+     * The additional encryption context of the portal.
+     */
+    additionalEncryptionContext?: EncryptionContextMap;
+    /**
+     * The type of authentication integration points used when signing into the web portal. Defaults to Standard.  Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.  IAM Identity Center web portals are authenticated through IAM Identity Center (successor to Single Sign-On). Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.
      */
     authenticationType?: AuthenticationType;
     /**
@@ -1558,14 +1588,26 @@ declare namespace WorkSpacesWeb {
      * The creation date of the web portal.
      */
     creationDate?: Timestamp;
+    /**
+     * The customer managed key used to encrypt sensitive information in the portal.
+     */
+    customerManagedKey?: keyArn;
     /**
      * The name of the web portal.
      */
     displayName?: DisplayName;
+    /**
+     * The type and resources of the underlying instance.
+     */
+    instanceType?: InstanceType;
     /**
      * The ARN of the IP access settings.
      */
     ipAccessSettingsArn?: ARN;
+    /**
+     * The maximum number of concurrent sessions for the portal.
+     */
+    maxConcurrentSessions?: MaxConcurrentSessions;
     /**
      * The ARN of the network settings that is associated with the web portal.
      */
@@ -1608,7 +1650,7 @@ declare namespace WorkSpacesWeb {
   export type PortalStatus = "Incomplete"|"Pending"|"Active"|string;
   export interface PortalSummary {
     /**
-     * The type of authentication integration points used when signing into the web portal. Defaults to Standard.  Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.  IAM_Identity_Center web portals are authenticated through AWS IAM Identity Center (successor to AWS Single Sign-On). They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.
+     * The type of authentication integration points used when signing into the web portal. Defaults to Standard.  Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.  IAM Identity Center web portals are authenticated through IAM Identity Center (successor to Single Sign-On). Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.
      */
     authenticationType?: AuthenticationType;
     /**
@@ -1627,10 +1669,18 @@ declare namespace WorkSpacesWeb {
      * The name of the web portal.
      */
     displayName?: DisplayName;
+    /**
+     * The type and resources of the underlying instance.
+     */
+    instanceType?: InstanceType;
     /**
      * The ARN of the IP access settings.
      */
     ipAccessSettingsArn?: ARN;
+    /**
+     * The maximum number of concurrent sessions for the portal.
+     */
+    maxConcurrentSessions?: MaxConcurrentSessions;
     /**
      * The ARN of the network settings that is associated with the web portal.
      */
@@ -1688,7 +1738,7 @@ declare namespace WorkSpacesWeb {
   export type TagList = Tag[];
   export interface TagResourceRequest {
     /**
-     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.  If you do not specify a client token, one is automatically generated by the AWS SDK.
+     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.  If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
      */
     clientToken?: ClientToken;
     /**
@@ -1743,7 +1793,7 @@ declare namespace WorkSpacesWeb {
      */
     browserSettingsArn: ARN;
     /**
-     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.  If you do not specify a client token, one is automatically generated by the AWS SDK.
+     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.  If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
      */
     clientToken?: ClientToken;
   }
@@ -1755,7 +1805,7 @@ declare namespace WorkSpacesWeb {
   }
   export interface UpdateIdentityProviderRequest {
     /**
-     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.  If you do not specify a client token, one is automatically generated by the AWS SDK.
+     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.  If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
      */
     clientToken?: ClientToken;
     /**
@@ -1763,7 +1813,7 @@ declare namespace WorkSpacesWeb {
      */
     identityProviderArn: SubresourceARN;
     /**
-     * The details of the identity provider. The following list describes the provider detail keys for each identity provider type.    For Google and Login with Amazon:    client_id     client_secret     authorize_scopes      For Facebook:    client_id     client_secret     authorize_scopes     api_version      For Sign in with Apple:    client_id     team_id     key_id     private_key     authorize_scopes      For OIDC providers:    client_id     client_secret     attributes_request_method     oidc_issuer     authorize_scopes     authorize_url if not available from discovery URL specified by oidc_issuer key     token_url if not available from discovery URL specified by oidc_issuer key     attributes_url if not available from discovery URL specified by oidc_issuer key     jwks_uri if not available from discovery URL specified by oidc_issuer key      For SAML providers:    MetadataFile OR MetadataURL     IDPSignout (boolean) optional     
+     * The details of the identity provider. The following list describes the provider detail keys for each identity provider type.    For Google and Login with Amazon:    client_id     client_secret     authorize_scopes      For Facebook:    client_id     client_secret     authorize_scopes     api_version      For Sign in with Apple:    client_id     team_id     key_id     private_key     authorize_scopes      For OIDC providers:    client_id     client_secret     attributes_request_method     oidc_issuer     authorize_scopes     authorize_url if not available from discovery URL specified by oidc_issuer key     token_url if not available from discovery URL specified by oidc_issuer key     attributes_url if not available from discovery URL specified by oidc_issuer key     jwks_uri if not available from discovery URL specified by oidc_issuer key      For SAML providers:    MetadataFile OR MetadataURL     IDPSignout (boolean) optional     IDPInit (boolean) optional     RequestSigningAlgorithm (string) optional - Only accepts rsa-sha256     EncryptedResponses (boolean) optional     
      */
     identityProviderDetails?: IdentityProviderDetails;
     /**
@@ -1783,7 +1833,7 @@ declare namespace WorkSpacesWeb {
   }
   export interface UpdateIpAccessSettingsRequest {
     /**
-     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.  If you do not specify a client token, one is automatically generated by the AWS SDK.
+     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.  If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
      */
     clientToken?: ClientToken;
     /**
@@ -1811,7 +1861,7 @@ declare namespace WorkSpacesWeb {
   }
   export interface UpdateNetworkSettingsRequest {
     /**
-     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.  If you do not specify a client token, one is automatically generated by the AWS SDK.
+     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.  If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
      */
     clientToken?: ClientToken;
     /**
@@ -1839,13 +1889,21 @@ declare namespace WorkSpacesWeb {
   }
   export interface UpdatePortalRequest {
     /**
-     * The type of authentication integration points used when signing into the web portal. Defaults to Standard.  Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.  IAM_Identity_Center web portals are authenticated through AWS IAM Identity Center (successor to AWS Single Sign-On). They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.
+     * The type of authentication integration points used when signing into the web portal. Defaults to Standard.  Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.  IAM Identity Center web portals are authenticated through IAM Identity Center (successor to Single Sign-On). Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.
      */
     authenticationType?: AuthenticationType;
     /**
      * The name of the web portal. This is not visible to users who log into the web portal.
      */
     displayName?: DisplayName;
+    /**
+     * The type and resources of the underlying instance.
+     */
+    instanceType?: InstanceType;
+    /**
+     * The maximum number of concurrent sessions for the portal.
+     */
+    maxConcurrentSessions?: MaxConcurrentSessions;
     /**
      * The ARN of the web portal.
      */
@@ -1867,7 +1925,7 @@ declare namespace WorkSpacesWeb {
      */
     certificatesToDelete?: CertificateThumbprintList;
     /**
-     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.  If you do not specify a client token, one is automatically generated by the AWS SDK.
+     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.  If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
      */
     clientToken?: ClientToken;
     /**
@@ -1883,7 +1941,7 @@ declare namespace WorkSpacesWeb {
   }
   export interface UpdateUserAccessLoggingSettingsRequest {
     /**
-     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.  If you do not specify a client token, one is automatically generated by the AWS SDK.
+     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.  If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
      */
     clientToken?: ClientToken;
     /**
@@ -1903,7 +1961,7 @@ declare namespace WorkSpacesWeb {
   }
   export interface UpdateUserSettingsRequest {
     /**
-     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.  If you do not specify a client token, one is automatically generated by the AWS SDK.
+     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.  If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
      */
     clientToken?: ClientToken;
     /**
@@ -1975,6 +2033,10 @@ declare namespace WorkSpacesWeb {
     userAccessLoggingSettingsArn: ARN;
   }
   export interface UserSettings {
+    /**
+     * The additional encryption context of the user settings.
+     */
+    additionalEncryptionContext?: EncryptionContextMap;
     /**
      * A list of web portal ARNs that this user settings is associated with.
      */
@@ -1987,6 +2049,10 @@ declare namespace WorkSpacesWeb {
      * Specifies whether the user can copy text from the streaming session to the local device.
      */
     copyAllowed?: EnabledType;
+    /**
+     * The customer managed key used to encrypt sensitive information in the user settings.
+     */
+    customerManagedKey?: keyArn;
     /**
      * The amount of time that a streaming session remains active after users disconnect.
      */