aws-sdk 2.1624.0 → 2.1626.0

package/clients/chatbot.d.ts

@@ -163,6 +163,30 @@ declare class Chatbot extends Service {
    * Lists all Microsoft Teams user identities with a mapped role.
    */
   listMicrosoftTeamsUserIdentities(callback?: (err: AWSError, data: Chatbot.Types.ListMicrosoftTeamsUserIdentitiesResult) => void): Request<Chatbot.Types.ListMicrosoftTeamsUserIdentitiesResult, AWSError>;
+  /**
+   * Retrieves the list of tags applied to a configuration.
+   */
+  listTagsForResource(params: Chatbot.Types.ListTagsForResourceRequest, callback?: (err: AWSError, data: Chatbot.Types.ListTagsForResourceResponse) => void): Request<Chatbot.Types.ListTagsForResourceResponse, AWSError>;
+  /**
+   * Retrieves the list of tags applied to a configuration.
+   */
+  listTagsForResource(callback?: (err: AWSError, data: Chatbot.Types.ListTagsForResourceResponse) => void): Request<Chatbot.Types.ListTagsForResourceResponse, AWSError>;
+  /**
+   * Applies the supplied tags to a configuration.
+   */
+  tagResource(params: Chatbot.Types.TagResourceRequest, callback?: (err: AWSError, data: Chatbot.Types.TagResourceResponse) => void): Request<Chatbot.Types.TagResourceResponse, AWSError>;
+  /**
+   * Applies the supplied tags to a configuration.
+   */
+  tagResource(callback?: (err: AWSError, data: Chatbot.Types.TagResourceResponse) => void): Request<Chatbot.Types.TagResourceResponse, AWSError>;
+  /**
+   * Removes the supplied tags from a configuration
+   */
+  untagResource(params: Chatbot.Types.UntagResourceRequest, callback?: (err: AWSError, data: Chatbot.Types.UntagResourceResponse) => void): Request<Chatbot.Types.UntagResourceResponse, AWSError>;
+  /**
+   * Removes the supplied tags from a configuration
+   */
+  untagResource(callback?: (err: AWSError, data: Chatbot.Types.UntagResourceResponse) => void): Request<Chatbot.Types.UntagResourceResponse, AWSError>;
   /**
    * Update Chatbot account level preferences
    */
@@ -207,6 +231,7 @@ declare namespace Chatbot {
      */
     TrainingDataCollectionEnabled?: BooleanAccountPreference;
   }
+  export type AmazonResourceName = string;
   export type Arn = string;
   export type AwsUserIdentity = string;
   export type BooleanAccountPreference = boolean;
@@ -236,6 +261,10 @@ declare namespace Chatbot {
      * Specifies the logging level for this configuration. This property affects the log entries pushed to Amazon CloudWatch Logs.Logging levels include ERROR, INFO, or NONE.
      */
     LoggingLevel?: CustomerCwLogLevel;
+    /**
+     * A list of tags applied to the configuration.
+     */
+    Tags?: Tags;
   }
   export type ChimeWebhookConfigurationList = ChimeWebhookConfiguration[];
   export type ChimeWebhookDescription = string;
@@ -281,6 +310,10 @@ declare namespace Chatbot {
      * Logging levels include ERROR, INFO, or NONE.
      */
     LoggingLevel?: CustomerCwLogLevel;
+    /**
+     * A list of tags to apply to the configuration.
+     */
+    Tags?: Tags;
   }
   export interface CreateChimeWebhookConfigurationResult {
     /**
@@ -325,6 +358,10 @@ declare namespace Chatbot {
      * Enables use of a user role requirement in your chat configuration.
      */
     UserAuthorizationRequired?: BooleanAccountPreference;
+    /**
+     * A list of tags to apply to the configuration.
+     */
+    Tags?: Tags;
   }
   export interface CreateSlackChannelConfigurationResult {
     /**
@@ -377,6 +414,10 @@ declare namespace Chatbot {
      * Enables use of a user role requirement in your chat configuration.
      */
     UserAuthorizationRequired?: BooleanAccountPreference;
+    /**
+     * A list of tags to apply to the configuration.
+     */
+    Tags?: Tags;
   }
   export interface CreateTeamsChannelConfigurationResult {
     /**
@@ -611,6 +652,18 @@ declare namespace Chatbot {
      */
     NextToken?: PaginationToken;
   }
+  export interface ListTagsForResourceRequest {
+    /**
+     * The ARN of the configuration.
+     */
+    ResourceARN: AmazonResourceName;
+  }
+  export interface ListTagsForResourceResponse {
+    /**
+     * A list of tags applied to the configuration.
+     */
+    Tags?: TagList;
+  }
   export interface ListTeamsChannelConfigurationsRequest {
     /**
      * The maximum number of results to include in the response. If more results exist than the specified MaxResults value, a token is included in the response so that the remaining results can be retrieved.
@@ -682,6 +735,10 @@ declare namespace Chatbot {
      * Enables use of a user role requirement in your chat configuration.
      */
     UserAuthorizationRequired?: BooleanAccountPreference;
+    /**
+     * A list of tags applied to the configuration.
+     */
+    Tags?: Tags;
   }
   export type SlackChannelConfigurationList = SlackChannelConfiguration[];
   export type SlackChannelDisplayName = string;
@@ -725,6 +782,33 @@ declare namespace Chatbot {
   export type SlackWorkspacesList = SlackWorkspace[];
   export type SnsTopicArnList = Arn[];
   export type String = string;
+  export interface Tag {
+    /**
+     * The tag key.
+     */
+    TagKey: TagKey;
+    /**
+     * The tag value.
+     */
+    TagValue: TagValue;
+  }
+  export type TagKey = string;
+  export type TagKeyList = TagKey[];
+  export type TagList = Tag[];
+  export interface TagResourceRequest {
+    /**
+     * The ARN of the configuration.
+     */
+    ResourceARN: AmazonResourceName;
+    /**
+     * A list of tags to apply to the configuration.
+     */
+    Tags: TagList;
+  }
+  export interface TagResourceResponse {
+  }
+  export type TagValue = string;
+  export type Tags = Tag[];
   export type TeamChannelConfigurationsList = TeamsChannelConfiguration[];
   export type TeamName = string;
   export interface TeamsChannelConfiguration {
@@ -776,6 +860,10 @@ declare namespace Chatbot {
      * Enables use of a user role requirement in your chat configuration.
      */
     UserAuthorizationRequired?: BooleanAccountPreference;
+    /**
+     * A list of tags applied to the configuration.
+     */
+    Tags?: Tags;
   }
   export type TeamsChannelId = string;
   export type TeamsChannelName = string;
@@ -811,6 +899,18 @@ declare namespace Chatbot {
     TeamsTenantId?: UUID;
   }
   export type UUID = string;
+  export interface UntagResourceRequest {
+    /**
+     * The ARN of the configuration.
+     */
+    ResourceARN: AmazonResourceName;
+    /**
+     * A list of tag keys to remove from the configuration.
+     */
+    TagKeys: TagKeyList;
+  }
+  export interface UntagResourceResponse {
+  }
   export interface UpdateAccountPreferencesRequest {
     /**
      * Enables use of a user role requirement in your chat configuration.

package/clients/cloudformation.d.ts

@@ -1399,6 +1399,10 @@ declare namespace CloudFormation {
      * A unique identifier for this DeleteStack request. Specify this token if you plan to retry requests so that CloudFormation knows that you're not attempting to delete a stack with the same name. You might retry DeleteStack requests to ensure that CloudFormation successfully received them. All events initiated by a given stack operation are assigned the same client request token, which you can use to track operations. For example, if you execute a CreateStack operation with the token token1, then all the StackEvents generated by that operation will have ClientRequestToken set as token1. In the console, stack operations display the client request token on the Events tab. Stack operations that are initiated from the console use the token format Console-StackOperation-ID, which helps you easily identify the stack operation . For example, if you create a stack using the console, each stack event would be assigned the same token in the following format: Console-CreateStack-7f59c3cf-00d2-40c7-b2ff-e75db0987002.
      */
     ClientRequestToken?: ClientRequestToken;
+    /**
+     * Specifies the deletion mode for the stack. Possible values are:    STANDARD - Use the standard behavior. Specifying this value is the same as not specifying this parameter.    FORCE_DELETE_STACK - Delete the stack if it's stuck in a DELETE_FAILED state due to resource deletion failure.  
+     */
+    DeletionMode?: DeletionMode;
   }
   export interface DeleteStackInstancesInput {
     /**
@@ -1452,6 +1456,7 @@ declare namespace CloudFormation {
   }
   export interface DeleteStackSetOutput {
   }
+  export type DeletionMode = "STANDARD"|"FORCE_DELETE_STACK"|string;
   export type DeletionTime = Date;
   export interface DeploymentTargets {
     /**
@@ -2680,7 +2685,7 @@ declare namespace CloudFormation {
   }
   export interface ListStackInstanceResourceDriftsOutput {
     /**
-     * A list of StackInstanceResourceDriftSummary structures that contain information about the specified stack instances.
+     * A list of StackInstanceResourceDriftsSummary structures that contain information about the specified stack instances.
      */
     Summaries?: StackInstanceResourceDriftsSummaries;
     /**
@@ -3806,6 +3811,10 @@ declare namespace CloudFormation {
      * When set to true, newly created resources are deleted when the operation rolls back. This includes newly created resources marked with a deletion policy of Retain. Default: false 
      */
     RetainExceptOnCreate?: RetainExceptOnCreate;
+    /**
+     * Specifies the deletion mode for the stack. Possible values are:    STANDARD - Use the standard behavior. Specifying this value is the same as not specifying this parameter.    FORCE_DELETE_STACK - Delete the stack if it's stuck in a DELETE_FAILED state due to resource deletion failure.  
+     */
+    DeletionMode?: DeletionMode;
     /**
      * The detailed status of the resource or stack. If CONFIGURATION_COMPLETE is present, the resource or resource configuration phase has completed and the stabilization of the resources is in progress. The stack sets CONFIGURATION_COMPLETE when all of the resources in the stack have reached that event. For more information, see CloudFormation stack deployment in the CloudFormation User Guide.
      */
@@ -4475,7 +4484,7 @@ declare namespace CloudFormation {
      */
     MaxConcurrentPercentage?: MaxConcurrentPercentage;
     /**
-     * Specifies how the concurrency level behaves during the operation execution.    STRICT_FAILURE_TOLERANCE: This option dynamically lowers the concurrency level to ensure the number of failed accounts never exceeds the value of FailureToleranceCount +1. The initial actual concurrency is set to the lower of either the value of the MaxConcurrentCount, or the value of MaxConcurrentCount +1. The actual concurrency is then reduced proportionally by the number of failures. This is the default behavior. If failure tolerance or Maximum concurrent accounts are set to percentages, the behavior is similar.    SOFT_FAILURE_TOLERANCE: This option decouples FailureToleranceCount from the actual concurrency. This allows stack set operations to run at the concurrency level set by the MaxConcurrentCount value, or MaxConcurrentPercentage, regardless of the number of failures.  
+     * Specifies how the concurrency level behaves during the operation execution.    STRICT_FAILURE_TOLERANCE: This option dynamically lowers the concurrency level to ensure the number of failed accounts never exceeds the value of FailureToleranceCount +1. The initial actual concurrency is set to the lower of either the value of the MaxConcurrentCount, or the value of FailureToleranceCount +1. The actual concurrency is then reduced proportionally by the number of failures. This is the default behavior. If failure tolerance or Maximum concurrent accounts are set to percentages, the behavior is similar.    SOFT_FAILURE_TOLERANCE: This option decouples FailureToleranceCount from the actual concurrency. This allows stack set operations to run at the concurrency level set by the MaxConcurrentCount value, or MaxConcurrentPercentage, regardless of the number of failures.  
      */
     ConcurrencyMode?: ConcurrencyMode;
   }

package/clients/glue.d.ts

@@ -4344,6 +4344,10 @@ declare namespace Glue {
      * The details for a source control configuration for a job, allowing synchronization of job artifacts to or from a remote repository.
      */
     SourceControlDetails?: SourceControlDetails;
+    /**
+     * This field specifies a day of the week and hour for a maintenance window for streaming jobs. Glue periodically performs maintenance activities. During these maintenance windows, Glue will need to restart your streaming jobs. Glue will restart the job within 3 hours of the specified maintenance window. For instance, if you set up the maintenance window for Monday at 10:00AM GMT, your jobs will be restarted between 10:00AM GMT to 1:00PM GMT.
+     */
+    MaintenanceWindow?: MaintenanceWindow;
   }
   export interface CreateJobResponse {
     /**
@@ -8928,6 +8932,10 @@ declare namespace Glue {
      * The details for a source control configuration for a job, allowing synchronization of job artifacts to or from a remote repository.
      */
     SourceControlDetails?: SourceControlDetails;
+    /**
+     * This field specifies a day of the week and hour for a maintenance window for streaming jobs. Glue periodically performs maintenance activities. During these maintenance windows, Glue will need to restart your streaming jobs. Glue will restart the job within 3 hours of the specified maintenance window. For instance, if you set up the maintenance window for Monday at 10:00AM GMT, your jobs will be restarted between 10:00AM GMT to 1:00PM GMT.
+     */
+    MaintenanceWindow?: MaintenanceWindow;
   }
   export interface JobBookmarkEntry {
     /**
@@ -9055,7 +9063,7 @@ declare namespace Glue {
      */
     ExecutionTime?: ExecutionTime;
     /**
-     * The JobRun timeout in minutes. This is the maximum time that a job run can consume resources before it is terminated and enters TIMEOUT status. This value overrides the timeout value set in the parent job. Streaming jobs do not have a timeout. The default for non-streaming jobs is 2,880 minutes (48 hours).
+     * The JobRun timeout in minutes. This is the maximum time that a job run can consume resources before it is terminated and enters TIMEOUT status. This value overrides the timeout value set in the parent job. The maximum value for timeout for batch jobs is 7 days or 10080 minutes. The default is 2880 minutes (48 hours) for batch jobs. Any existing Glue jobs that have a greater timeout value are defaulted to 7 days. For instance you have specified a timeout of 20 days for a batch job, it will be stopped on the 7th day. Streaming jobs must have timeout values less than 7 days or 10080 minutes. When the value is left blank, the job will be restarted after 7 days based if you have not setup a maintenance window. If you have setup maintenance window, it will be restarted during the maintenance window after 7 days.
      */
     Timeout?: Timeout;
     /**
@@ -9087,16 +9095,20 @@ declare namespace Glue {
      */
     GlueVersion?: GlueVersionString;
     /**
-     * This field populates only for Auto Scaling job runs, and represents the total time each executor ran during the lifecycle of a job run in seconds, multiplied by a DPU factor (1 for G.1X, 2 for G.2X, or 0.25 for G.025X workers). This value may be different than the executionEngineRuntime * MaxCapacity as in the case of Auto Scaling jobs, as the number of executors running at a given time may be less than the MaxCapacity. Therefore, it is possible that the value of DPUSeconds is less than executionEngineRuntime * MaxCapacity.
+     * This field can be set for either job runs with execution class FLEX or when Auto Scaling is enabled, and represents the total time each executor ran during the lifecycle of a job run in seconds, multiplied by a DPU factor (1 for G.1X, 2 for G.2X, or 0.25 for G.025X workers). This value may be different than the executionEngineRuntime * MaxCapacity as in the case of Auto Scaling jobs, as the number of executors running at a given time may be less than the MaxCapacity. Therefore, it is possible that the value of DPUSeconds is less than executionEngineRuntime * MaxCapacity.
      */
     DPUSeconds?: NullableDouble;
     /**
      * Indicates whether the job is run with a standard or flexible execution class. The standard execution-class is ideal for time-sensitive workloads that require fast job startup and dedicated resources. The flexible execution class is appropriate for time-insensitive jobs whose start and completion times may vary.  Only jobs with Glue version 3.0 and above and command type glueetl will be allowed to set ExecutionClass to FLEX. The flexible execution class is available for Spark jobs.
      */
     ExecutionClass?: ExecutionClass;
+    /**
+     * This field specifies a day of the week and hour for a maintenance window for streaming jobs. Glue periodically performs maintenance activities. During these maintenance windows, Glue will need to restart your streaming jobs. Glue will restart the job within 3 hours of the specified maintenance window. For instance, if you set up the maintenance window for Monday at 10:00AM GMT, your jobs will be restarted between 10:00AM GMT to 1:00PM GMT.
+     */
+    MaintenanceWindow?: MaintenanceWindow;
   }
   export type JobRunList = JobRun[];
-  export type JobRunState = "STARTING"|"RUNNING"|"STOPPING"|"STOPPED"|"SUCCEEDED"|"FAILED"|"TIMEOUT"|"ERROR"|"WAITING"|string;
+  export type JobRunState = "STARTING"|"RUNNING"|"STOPPING"|"STOPPED"|"SUCCEEDED"|"FAILED"|"TIMEOUT"|"ERROR"|"WAITING"|"EXPIRED"|string;
   export interface JobUpdate {
     /**
      * Description of the job being defined.
@@ -9178,6 +9190,10 @@ declare namespace Glue {
      * The details for a source control configuration for a job, allowing synchronization of job artifacts to or from a remote repository.
      */
     SourceControlDetails?: SourceControlDetails;
+    /**
+     * This field specifies a day of the week and hour for a maintenance window for streaming jobs. Glue periodically performs maintenance activities. During these maintenance windows, Glue will need to restart your streaming jobs. Glue will restart the job within 3 hours of the specified maintenance window. For instance, if you set up the maintenance window for Monday at 10:00AM GMT, your jobs will be restarted between 10:00AM GMT to 1:00PM GMT.
+     */
+    MaintenanceWindow?: MaintenanceWindow;
   }
   export interface Join {
     /**
@@ -10138,6 +10154,7 @@ declare namespace Glue {
     KmsKeyId?: NameString;
   }
   export type MLUserDataEncryptionModeString = "DISABLED"|"SSE-KMS"|string;
+  export type MaintenanceWindow = string;
   export type ManyInputs = NodeId[];
   export type MapValue = {[key: string]: GenericString};
   export interface Mapping {

package/clients/kms.d.ts

@@ -220,11 +220,11 @@ declare class KMS extends Service {
    */
   getKeyRotationStatus(callback?: (err: AWSError, data: KMS.Types.GetKeyRotationStatusResponse) => void): Request<KMS.Types.GetKeyRotationStatusResponse, AWSError>;
   /**
-   * Returns the public key and an import token you need to import or reimport key material for a KMS key.  By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide. Before calling GetParametersForImport, use the CreateKey operation with an Origin value of EXTERNAL to create a KMS key with no key material. You can import key material for a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store. You can also use GetParametersForImport to get a public key and import token to reimport the original key material into a KMS key whose key material expired or was deleted.  GetParametersForImport returns the items that you need to import your key material.   The public key (or "wrapping key") of an RSA key pair that KMS generates. You will use this public key to encrypt ("wrap") your key material while it's in transit to KMS.    A import token that ensures that KMS can decrypt your key material and associate it with the correct KMS key.   The public key and its import token are permanently linked and must be used together. Each public key and import token set is valid for 24 hours. The expiration date and time appear in the ParametersValidTo field in the GetParametersForImport response. You cannot use an expired public key or import token in an ImportKeyMaterial request. If your key and token expire, send another GetParametersForImport request.  GetParametersForImport requires the following information:   The key ID of the KMS key for which you are importing the key material.   The key spec of the public key ("wrapping key") that you will use to encrypt your key material during import.   The wrapping algorithm that you will use with the public key to encrypt your key material.   You can use the same or a different public key spec and wrapping algorithm each time you import or reimport the same key material.  The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.  Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.  Required permissions: kms:GetParametersForImport (key policy)  Related operations:     ImportKeyMaterial     DeleteImportedKeyMaterial     Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
+   * Returns the public key and an import token you need to import or reimport key material for a KMS key.  By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide. Before calling GetParametersForImport, use the CreateKey operation with an Origin value of EXTERNAL to create a KMS key with no key material. You can import key material for a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store. You can also use GetParametersForImport to get a public key and import token to reimport the original key material into a KMS key whose key material expired or was deleted.  GetParametersForImport returns the items that you need to import your key material.   The public key (or "wrapping key") of an asymmetric key pair that KMS generates. You will use this public key to encrypt ("wrap") your key material while it's in transit to KMS.    A import token that ensures that KMS can decrypt your key material and associate it with the correct KMS key.   The public key and its import token are permanently linked and must be used together. Each public key and import token set is valid for 24 hours. The expiration date and time appear in the ParametersValidTo field in the GetParametersForImport response. You cannot use an expired public key or import token in an ImportKeyMaterial request. If your key and token expire, send another GetParametersForImport request.  GetParametersForImport requires the following information:   The key ID of the KMS key for which you are importing the key material.   The key spec of the public key ("wrapping key") that you will use to encrypt your key material during import.   The wrapping algorithm that you will use with the public key to encrypt your key material.   You can use the same or a different public key spec and wrapping algorithm each time you import or reimport the same key material.  The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.  Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.  Required permissions: kms:GetParametersForImport (key policy)  Related operations:     ImportKeyMaterial     DeleteImportedKeyMaterial     Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
    */
   getParametersForImport(params: KMS.Types.GetParametersForImportRequest, callback?: (err: AWSError, data: KMS.Types.GetParametersForImportResponse) => void): Request<KMS.Types.GetParametersForImportResponse, AWSError>;
   /**
-   * Returns the public key and an import token you need to import or reimport key material for a KMS key.  By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide. Before calling GetParametersForImport, use the CreateKey operation with an Origin value of EXTERNAL to create a KMS key with no key material. You can import key material for a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store. You can also use GetParametersForImport to get a public key and import token to reimport the original key material into a KMS key whose key material expired or was deleted.  GetParametersForImport returns the items that you need to import your key material.   The public key (or "wrapping key") of an RSA key pair that KMS generates. You will use this public key to encrypt ("wrap") your key material while it's in transit to KMS.    A import token that ensures that KMS can decrypt your key material and associate it with the correct KMS key.   The public key and its import token are permanently linked and must be used together. Each public key and import token set is valid for 24 hours. The expiration date and time appear in the ParametersValidTo field in the GetParametersForImport response. You cannot use an expired public key or import token in an ImportKeyMaterial request. If your key and token expire, send another GetParametersForImport request.  GetParametersForImport requires the following information:   The key ID of the KMS key for which you are importing the key material.   The key spec of the public key ("wrapping key") that you will use to encrypt your key material during import.   The wrapping algorithm that you will use with the public key to encrypt your key material.   You can use the same or a different public key spec and wrapping algorithm each time you import or reimport the same key material.  The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.  Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.  Required permissions: kms:GetParametersForImport (key policy)  Related operations:     ImportKeyMaterial     DeleteImportedKeyMaterial     Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
+   * Returns the public key and an import token you need to import or reimport key material for a KMS key.  By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide. Before calling GetParametersForImport, use the CreateKey operation with an Origin value of EXTERNAL to create a KMS key with no key material. You can import key material for a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store. You can also use GetParametersForImport to get a public key and import token to reimport the original key material into a KMS key whose key material expired or was deleted.  GetParametersForImport returns the items that you need to import your key material.   The public key (or "wrapping key") of an asymmetric key pair that KMS generates. You will use this public key to encrypt ("wrap") your key material while it's in transit to KMS.    A import token that ensures that KMS can decrypt your key material and associate it with the correct KMS key.   The public key and its import token are permanently linked and must be used together. Each public key and import token set is valid for 24 hours. The expiration date and time appear in the ParametersValidTo field in the GetParametersForImport response. You cannot use an expired public key or import token in an ImportKeyMaterial request. If your key and token expire, send another GetParametersForImport request.  GetParametersForImport requires the following information:   The key ID of the KMS key for which you are importing the key material.   The key spec of the public key ("wrapping key") that you will use to encrypt your key material during import.   The wrapping algorithm that you will use with the public key to encrypt your key material.   You can use the same or a different public key spec and wrapping algorithm each time you import or reimport the same key material.  The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.  Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.  Required permissions: kms:GetParametersForImport (key policy)  Related operations:     ImportKeyMaterial     DeleteImportedKeyMaterial     Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
    */
   getParametersForImport(callback?: (err: AWSError, data: KMS.Types.GetParametersForImportResponse) => void): Request<KMS.Types.GetParametersForImportResponse, AWSError>;
   /**
@@ -430,7 +430,7 @@ declare class KMS extends Service {
 }
 declare namespace KMS {
   export type AWSAccountIdType = string;
-  export type AlgorithmSpec = "RSAES_PKCS1_V1_5"|"RSAES_OAEP_SHA_1"|"RSAES_OAEP_SHA_256"|"RSA_AES_KEY_WRAP_SHA_1"|"RSA_AES_KEY_WRAP_SHA_256"|string;
+  export type AlgorithmSpec = "RSAES_PKCS1_V1_5"|"RSAES_OAEP_SHA_1"|"RSAES_OAEP_SHA_256"|"RSA_AES_KEY_WRAP_SHA_1"|"RSA_AES_KEY_WRAP_SHA_256"|"SM2PKE"|string;
   export type AliasList = AliasListEntry[];
   export interface AliasListEntry {
     /**
@@ -1171,11 +1171,11 @@ declare namespace KMS {
      */
     KeyId: KeyIdType;
     /**
-     * The algorithm you will use with the RSA public key (PublicKey) in the response to protect your key material during import. For more information, see Select a wrapping algorithm in the Key Management Service Developer Guide. For RSA_AES wrapping algorithms, you encrypt your key material with an AES key that you generate, then encrypt your AES key with the RSA public key from KMS. For RSAES wrapping algorithms, you encrypt your key material directly with the RSA public key from KMS. The wrapping algorithms that you can use depend on the type of key material that you are importing. To import an RSA private key, you must use an RSA_AES wrapping algorithm.    RSA_AES_KEY_WRAP_SHA_256 — Supported for wrapping RSA and ECC key material.    RSA_AES_KEY_WRAP_SHA_1 — Supported for wrapping RSA and ECC key material.    RSAES_OAEP_SHA_256 — Supported for all types of key material, except RSA key material (private key). You cannot use the RSAES_OAEP_SHA_256 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material.    RSAES_OAEP_SHA_1 — Supported for all types of key material, except RSA key material (private key). You cannot use the RSAES_OAEP_SHA_1 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material.    RSAES_PKCS1_V1_5 (Deprecated) — As of October 10, 2023, KMS does not support the RSAES_PKCS1_V1_5 wrapping algorithm.  
+     * The algorithm you will use with the asymmetric public key (PublicKey) in the response to protect your key material during import. For more information, see Select a wrapping algorithm in the Key Management Service Developer Guide. For RSA_AES wrapping algorithms, you encrypt your key material with an AES key that you generate, then encrypt your AES key with the RSA public key from KMS. For RSAES wrapping algorithms, you encrypt your key material directly with the RSA public key from KMS. For SM2PKE wrapping algorithms, you encrypt your key material directly with the SM2 public key from KMS. The wrapping algorithms that you can use depend on the type of key material that you are importing. To import an RSA private key, you must use an RSA_AES wrapping algorithm, except in China Regions, where you must use the SM2PKE wrapping algorithm to import an RSA private key. The SM2PKE wrapping algorithm is available only in China Regions. The RSA_AES_KEY_WRAP_SHA_256 and RSA_AES_KEY_WRAP_SHA_1 wrapping algorithms are not supported in China Regions.    RSA_AES_KEY_WRAP_SHA_256 — Supported for wrapping RSA and ECC key material.    RSA_AES_KEY_WRAP_SHA_1 — Supported for wrapping RSA and ECC key material.    RSAES_OAEP_SHA_256 — Supported for all types of key material, except RSA key material (private key). You cannot use the RSAES_OAEP_SHA_256 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material.    RSAES_OAEP_SHA_1 — Supported for all types of key material, except RSA key material (private key). You cannot use the RSAES_OAEP_SHA_1 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material.    RSAES_PKCS1_V1_5 (Deprecated) — As of October 10, 2023, KMS does not support the RSAES_PKCS1_V1_5 wrapping algorithm.    SM2PKE (China Regions only) — supported for wrapping RSA, ECC, and SM2 key material.  
      */
     WrappingAlgorithm: AlgorithmSpec;
     /**
-     * The type of RSA public key to return in the response. You will use this wrapping key with the specified wrapping algorithm to protect your key material during import.  Use the longest RSA wrapping key that is practical.  You cannot use an RSA_2048 public key to directly wrap an ECC_NIST_P521 private key. Instead, use an RSA_AES wrapping algorithm or choose a longer RSA public key.
+     * The type of public key to return in the response. You will use this wrapping key with the specified wrapping algorithm to protect your key material during import.  Use the longest wrapping key that is practical.  You cannot use an RSA_2048 public key to directly wrap an ECC_NIST_P521 private key. Instead, use an RSA_AES wrapping algorithm or choose a longer RSA public key. The SM2 wrapping key spec is available only in China Regions.
      */
     WrappingKeySpec: WrappingKeySpec;
   }
@@ -2108,7 +2108,7 @@ declare namespace KMS {
      */
     SigningAlgorithm?: SigningAlgorithmSpec;
   }
-  export type WrappingKeySpec = "RSA_2048"|"RSA_3072"|"RSA_4096"|string;
+  export type WrappingKeySpec = "RSA_2048"|"RSA_3072"|"RSA_4096"|"SM2"|string;
   export interface XksKeyConfigurationType {
     /**
      * The ID of the external key in its external key manager. This is the ID that the external key store proxy uses to identify the external key.

package/clients/lightsail.d.ts

@@ -1655,7 +1655,7 @@ declare namespace Lightsail {
   export type BehaviorEnum = "dont-cache"|"cache"|string;
   export interface Blueprint {
     /**
-     * The ID for the virtual private server image (app_wordpress_4_4 or app_lamp_7_0).
+     * The ID for the virtual private server image (app_wordpress_x_x or app_lamp_x_x).
      */
     blueprintId?: NonEmptyString;
     /**
@@ -1844,11 +1844,11 @@ declare namespace Lightsail {
      */
     diskSizeInGb?: integer;
     /**
-     * The bundle ID (micro_1_0).
+     * The bundle ID (micro_x_x).
      */
     bundleId?: NonEmptyString;
     /**
-     * The Amazon EC2 instance type (t2.micro).
+     * The instance type (micro).
      */
     instanceType?: string;
     /**
@@ -2912,7 +2912,7 @@ declare namespace Lightsail {
      */
     instanceSnapshotName?: ResourceName;
     /**
-     * The bundle of specification information for your virtual private server (or instance), including the pricing plan (micro_1_0).
+     * The bundle of specification information for your virtual private server (or instance), including the pricing plan (micro_x_x).
      */
     bundleId: NonEmptyString;
     /**
@@ -2932,7 +2932,7 @@ declare namespace Lightsail {
      */
     addOns?: AddOnRequestList;
     /**
-     * The IP address type for the instance. The possible values are ipv4 for IPv4 only, and dualstack for IPv4 and IPv6. The default value is dualstack.
+     * The IP address type for the instance. The possible values are ipv4 for IPv4 only, ipv6 for IPv6 only, and dualstack for IPv4 and IPv6. The default value is dualstack.
      */
     ipAddressType?: IpAddressType;
     /**
@@ -2968,11 +2968,11 @@ declare namespace Lightsail {
      */
     customImageName?: ResourceName;
     /**
-     * The ID for a virtual private server image (app_wordpress_4_4 or app_lamp_7_0). Use the get blueprints operation to return a list of available images (or blueprints).  Use active blueprints when creating new instances. Inactive blueprints are listed to support customers with existing instances and are not necessarily available to create new instances. Blueprints are marked inactive when they become outdated due to operating system updates or new application releases. 
+     * The ID for a virtual private server image (app_wordpress_x_x or app_lamp_x_x). Use the get blueprints operation to return a list of available images (or blueprints).  Use active blueprints when creating new instances. Inactive blueprints are listed to support customers with existing instances and are not necessarily available to create new instances. Blueprints are marked inactive when they become outdated due to operating system updates or new application releases. 
      */
     blueprintId: NonEmptyString;
     /**
-     * The bundle of specification information for your virtual private server (or instance), including the pricing plan (micro_1_0).
+     * The bundle of specification information for your virtual private server (or instance), including the pricing plan (medium_x_x).
      */
     bundleId: NonEmptyString;
     /**
@@ -2992,7 +2992,7 @@ declare namespace Lightsail {
      */
     addOns?: AddOnRequestList;
     /**
-     * The IP address type for the instance. The possible values are ipv4 for IPv4 only, and dualstack for IPv4 and IPv6. The default value is dualstack.
+     * The IP address type for the instance. The possible values are ipv4 for IPv4 only, ipv6 for IPv6 only, and dualstack for IPv4 and IPv6. The default value is dualstack.
      */
     ipAddressType?: IpAddressType;
   }
@@ -3060,7 +3060,7 @@ declare namespace Lightsail {
      */
     tags?: TagList;
     /**
-     * The IP address type for the load balancer. The possible values are ipv4 for IPv4 only, and dualstack for IPv4 and IPv6. The default value is dualstack.
+     * The IP address type for the load balancer. The possible values are ipv4 for IPv4 only, ipv6 for IPv6 only, and dualstack for IPv4 and IPv6. The default value is dualstack.
      */
     ipAddressType?: IpAddressType;
     /**
@@ -5337,7 +5337,7 @@ declare namespace Lightsail {
   }
   export interface Instance {
     /**
-     * The name the user gave the instance (Amazon_Linux-1GB-Ohio-1).
+     * The name the user gave the instance (Amazon_Linux_2023-1).
      */
     name?: ResourceName;
     /**
@@ -5365,15 +5365,15 @@ declare namespace Lightsail {
      */
     tags?: TagList;
     /**
-     * The blueprint ID (os_amlinux_2016_03).
+     * The blueprint ID (amazon_linux_2023).
      */
     blueprintId?: NonEmptyString;
     /**
-     * The friendly name of the blueprint (Amazon Linux).
+     * The friendly name of the blueprint (Amazon Linux 2023).
      */
     blueprintName?: NonEmptyString;
     /**
-     * The bundle for the instance (micro_1_0).
+     * The bundle for the instance (micro_x_x).
      */
     bundleId?: NonEmptyString;
     /**
@@ -5397,7 +5397,7 @@ declare namespace Lightsail {
      */
     ipv6Addresses?: Ipv6AddressList;
     /**
-     * The IP address type of the instance. The possible values are ipv4 for IPv4 only, and dualstack for IPv4 and IPv6.
+     * The IP address type of the instance. The possible values are ipv4 for IPv4 only, ipv6 for IPv6 only, and dualstack for IPv4 and IPv6.
      */
     ipAddressType?: IpAddressType;
     /**
@@ -5573,7 +5573,7 @@ declare namespace Lightsail {
      */
     toPort?: Port;
     /**
-     * The IP protocol name. The name can be one of the following:    tcp - Transmission Control Protocol (TCP) provides reliable, ordered, and error-checked delivery of streamed data between applications running on hosts communicating by an IP network. If you have an application that doesn't require reliable data stream service, use UDP instead.    all - All transport layer protocol types. For more general information, see Transport layer on Wikipedia.    udp - With User Datagram Protocol (UDP), computer applications can send messages (or datagrams) to other hosts on an Internet Protocol (IP) network. Prior communications are not required to set up transmission channels or data paths. Applications that don't require reliable data stream service can use UDP, which provides a connectionless datagram service that emphasizes reduced latency over reliability. If you do require reliable data stream service, use TCP instead.    icmp - Internet Control Message Protocol (ICMP) is used to send error messages and operational information indicating success or failure when communicating with an instance. For example, an error is indicated when an instance could not be reached. When you specify icmp as the protocol, you must specify the ICMP type using the fromPort parameter, and ICMP code using the toPort parameter.  
+     * The IP protocol name. The name can be one of the following:    tcp - Transmission Control Protocol (TCP) provides reliable, ordered, and error-checked delivery of streamed data between applications running on hosts communicating by an IP network. If you have an application that doesn't require reliable data stream service, use UDP instead.    all - All transport layer protocol types. For more general information, see Transport layer on Wikipedia.    udp - With User Datagram Protocol (UDP), computer applications can send messages (or datagrams) to other hosts on an Internet Protocol (IP) network. Prior communications are not required to set up transmission channels or data paths. Applications that don't require reliable data stream service can use UDP, which provides a connectionless datagram service that emphasizes reduced latency over reliability. If you do require reliable data stream service, use TCP instead.    icmp - Internet Control Message Protocol (ICMP) is used to send error messages and operational information indicating success or failure when communicating with an instance. For example, an error is indicated when an instance could not be reached. When you specify icmp as the protocol, you must specify the ICMP type using the fromPort parameter, and ICMP code using the toPort parameter.    icmp6 - Internet Control Message Protocol (ICMP) for IPv6. When you specify icmp6 as the protocol, you must specify the ICMP type using the fromPort parameter, and ICMP code using the toPort parameter.  
      */
     protocol?: NetworkProtocol;
     /**
@@ -5616,7 +5616,7 @@ declare namespace Lightsail {
      */
     toPort?: Port;
     /**
-     * The IP protocol name. The name can be one of the following:    tcp - Transmission Control Protocol (TCP) provides reliable, ordered, and error-checked delivery of streamed data between applications running on hosts communicating by an IP network. If you have an application that doesn't require reliable data stream service, use UDP instead.    all - All transport layer protocol types. For more general information, see Transport layer on Wikipedia.    udp - With User Datagram Protocol (UDP), computer applications can send messages (or datagrams) to other hosts on an Internet Protocol (IP) network. Prior communications are not required to set up transmission channels or data paths. Applications that don't require reliable data stream service can use UDP, which provides a connectionless datagram service that emphasizes reduced latency over reliability. If you do require reliable data stream service, use TCP instead.    icmp - Internet Control Message Protocol (ICMP) is used to send error messages and operational information indicating success or failure when communicating with an instance. For example, an error is indicated when an instance could not be reached. When you specify icmp as the protocol, you must specify the ICMP type using the fromPort parameter, and ICMP code using the toPort parameter.  
+     * The IP protocol name. The name can be one of the following:    tcp - Transmission Control Protocol (TCP) provides reliable, ordered, and error-checked delivery of streamed data between applications running on hosts communicating by an IP network. If you have an application that doesn't require reliable data stream service, use UDP instead.    all - All transport layer protocol types. For more general information, see Transport layer on Wikipedia.    udp - With User Datagram Protocol (UDP), computer applications can send messages (or datagrams) to other hosts on an Internet Protocol (IP) network. Prior communications are not required to set up transmission channels or data paths. Applications that don't require reliable data stream service can use UDP, which provides a connectionless datagram service that emphasizes reduced latency over reliability. If you do require reliable data stream service, use TCP instead.    icmp - Internet Control Message Protocol (ICMP) is used to send error messages and operational information indicating success or failure when communicating with an instance. For example, an error is indicated when an instance could not be reached. When you specify icmp as the protocol, you must specify the ICMP type using the fromPort parameter, and ICMP code using the toPort parameter.    icmp6 - Internet Control Message Protocol (ICMP) for IPv6. When you specify icmp6 as the protocol, you must specify the ICMP type using the fromPort parameter, and ICMP code using the toPort parameter.  
      */
     protocol?: NetworkProtocol;
     /**
@@ -5687,11 +5687,11 @@ declare namespace Lightsail {
      */
     fromInstanceArn?: NonEmptyString;
     /**
-     * The blueprint ID from which you created the snapshot (os_debian_8_3). A blueprint is a virtual private server (or instance) image used to create instances quickly.
+     * The blueprint ID from which you created the snapshot (amazon_linux_2023). A blueprint is a virtual private server (or instance) image used to create instances quickly.
      */
     fromBlueprintId?: string;
     /**
-     * The bundle ID from which you created the snapshot (micro_1_0).
+     * The bundle ID from which you created the snapshot (micro_x_x).
      */
     fromBundleId?: string;
     /**
@@ -5705,11 +5705,11 @@ declare namespace Lightsail {
   }
   export interface InstanceSnapshotInfo {
     /**
-     * The bundle ID from which the source instance was created (micro_1_0).
+     * The bundle ID from which the source instance was created (micro_x_x).
      */
     fromBundleId?: NonEmptyString;
     /**
-     * The blueprint ID from which the source instance (os_debian_8_3).
+     * The blueprint ID from which the source instance (amazon_linux_2023).
      */
     fromBlueprintId?: NonEmptyString;
     /**
@@ -5730,7 +5730,7 @@ declare namespace Lightsail {
     name?: string;
   }
   export type IpAddress = string;
-  export type IpAddressType = "dualstack"|"ipv4"|string;
+  export type IpAddressType = "dualstack"|"ipv4"|"ipv6"|string;
   export type Ipv6Address = string;
   export type Ipv6AddressList = Ipv6Address[];
   export interface IsVpcPeeredRequest {
@@ -5931,7 +5931,7 @@ declare namespace Lightsail {
      */
     configurationOptions?: LoadBalancerConfigurationOptions;
     /**
-     * The IP address type of the load balancer. The possible values are ipv4 for IPv4 only, and dualstack for IPv4 and IPv6.
+     * The IP address type of the load balancer. The possible values are ipv4 for IPv4 only, ipv6 for IPv6 only, and dualstack for IPv4 and IPv6.
      */
     ipAddressType?: IpAddressType;
     /**
@@ -6228,7 +6228,7 @@ declare namespace Lightsail {
     message?: string;
   }
   export type NameServersUpdateStateCode = "SUCCEEDED"|"PENDING"|"FAILED"|"STARTED"|string;
-  export type NetworkProtocol = "tcp"|"all"|"udp"|"icmp"|string;
+  export type NetworkProtocol = "tcp"|"all"|"udp"|"icmp"|"icmpv6"|string;
   export type NonEmptyString = string;
   export type NotificationTriggerList = AlarmState[];
   export interface OpenInstancePublicPortsRequest {
@@ -6383,7 +6383,7 @@ declare namespace Lightsail {
      */
     toPort?: Port;
     /**
-     * The IP protocol name. The name can be one of the following:    tcp - Transmission Control Protocol (TCP) provides reliable, ordered, and error-checked delivery of streamed data between applications running on hosts communicating by an IP network. If you have an application that doesn't require reliable data stream service, use UDP instead.    all - All transport layer protocol types. For more general information, see Transport layer on Wikipedia.    udp - With User Datagram Protocol (UDP), computer applications can send messages (or datagrams) to other hosts on an Internet Protocol (IP) network. Prior communications are not required to set up transmission channels or data paths. Applications that don't require reliable data stream service can use UDP, which provides a connectionless datagram service that emphasizes reduced latency over reliability. If you do require reliable data stream service, use TCP instead.    icmp - Internet Control Message Protocol (ICMP) is used to send error messages and operational information indicating success or failure when communicating with an instance. For example, an error is indicated when an instance could not be reached. When you specify icmp as the protocol, you must specify the ICMP type using the fromPort parameter, and ICMP code using the toPort parameter.  
+     * The IP protocol name. The name can be one of the following:    tcp - Transmission Control Protocol (TCP) provides reliable, ordered, and error-checked delivery of streamed data between applications running on hosts communicating by an IP network. If you have an application that doesn't require reliable data stream service, use UDP instead.    all - All transport layer protocol types. For more general information, see Transport layer on Wikipedia.    udp - With User Datagram Protocol (UDP), computer applications can send messages (or datagrams) to other hosts on an Internet Protocol (IP) network. Prior communications are not required to set up transmission channels or data paths. Applications that don't require reliable data stream service can use UDP, which provides a connectionless datagram service that emphasizes reduced latency over reliability. If you do require reliable data stream service, use TCP instead.    icmp - Internet Control Message Protocol (ICMP) is used to send error messages and operational information indicating success or failure when communicating with an instance. For example, an error is indicated when an instance could not be reached. When you specify icmp as the protocol, you must specify the ICMP type using the fromPort parameter, and ICMP code using the toPort parameter.    icmp6 - Internet Control Message Protocol (ICMP) for IPv6. When you specify icmp6 as the protocol, you must specify the ICMP type using the fromPort parameter, and ICMP code using the toPort parameter.  
      */
     protocol?: NetworkProtocol;
     /**
@@ -7062,9 +7062,13 @@ declare namespace Lightsail {
      */
     resourceName: ResourceName;
     /**
-     * The IP address type to set for the specified resource. The possible values are ipv4 for IPv4 only, and dualstack for IPv4 and IPv6.
+     * The IP address type to set for the specified resource. The possible values are ipv4 for IPv4 only, ipv6 for IPv6 only, and dualstack for IPv4 and IPv6.
      */
     ipAddressType: IpAddressType;
+    /**
+     * Required parameter to accept the instance bundle update when changing to, and from, IPv6-only.  An instance bundle will change when switching from dual-stack or ipv4, to ipv6. It also changes when switching from ipv6, to dual-stack or ipv4. You must include this parameter in the command to update the bundle. For example, if you switch from dual-stack to ipv6, the bundle will be updated, and billing for the IPv6-only instance bundle begins immediately. 
+     */
+    acceptBundleUpdate?: boolean;
   }
   export interface SetIpAddressTypeResult {
     /**