aws-sdk 2.1625.0 → 2.1626.0

package/clients/kms.d.ts

@@ -220,11 +220,11 @@ declare class KMS extends Service {
    */
   getKeyRotationStatus(callback?: (err: AWSError, data: KMS.Types.GetKeyRotationStatusResponse) => void): Request<KMS.Types.GetKeyRotationStatusResponse, AWSError>;
   /**
-   * Returns the public key and an import token you need to import or reimport key material for a KMS key.  By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide. Before calling GetParametersForImport, use the CreateKey operation with an Origin value of EXTERNAL to create a KMS key with no key material. You can import key material for a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store. You can also use GetParametersForImport to get a public key and import token to reimport the original key material into a KMS key whose key material expired or was deleted.  GetParametersForImport returns the items that you need to import your key material.   The public key (or "wrapping key") of an RSA key pair that KMS generates. You will use this public key to encrypt ("wrap") your key material while it's in transit to KMS.    A import token that ensures that KMS can decrypt your key material and associate it with the correct KMS key.   The public key and its import token are permanently linked and must be used together. Each public key and import token set is valid for 24 hours. The expiration date and time appear in the ParametersValidTo field in the GetParametersForImport response. You cannot use an expired public key or import token in an ImportKeyMaterial request. If your key and token expire, send another GetParametersForImport request.  GetParametersForImport requires the following information:   The key ID of the KMS key for which you are importing the key material.   The key spec of the public key ("wrapping key") that you will use to encrypt your key material during import.   The wrapping algorithm that you will use with the public key to encrypt your key material.   You can use the same or a different public key spec and wrapping algorithm each time you import or reimport the same key material.  The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.  Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.  Required permissions: kms:GetParametersForImport (key policy)  Related operations:     ImportKeyMaterial     DeleteImportedKeyMaterial     Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
+   * Returns the public key and an import token you need to import or reimport key material for a KMS key.  By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide. Before calling GetParametersForImport, use the CreateKey operation with an Origin value of EXTERNAL to create a KMS key with no key material. You can import key material for a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store. You can also use GetParametersForImport to get a public key and import token to reimport the original key material into a KMS key whose key material expired or was deleted.  GetParametersForImport returns the items that you need to import your key material.   The public key (or "wrapping key") of an asymmetric key pair that KMS generates. You will use this public key to encrypt ("wrap") your key material while it's in transit to KMS.    A import token that ensures that KMS can decrypt your key material and associate it with the correct KMS key.   The public key and its import token are permanently linked and must be used together. Each public key and import token set is valid for 24 hours. The expiration date and time appear in the ParametersValidTo field in the GetParametersForImport response. You cannot use an expired public key or import token in an ImportKeyMaterial request. If your key and token expire, send another GetParametersForImport request.  GetParametersForImport requires the following information:   The key ID of the KMS key for which you are importing the key material.   The key spec of the public key ("wrapping key") that you will use to encrypt your key material during import.   The wrapping algorithm that you will use with the public key to encrypt your key material.   You can use the same or a different public key spec and wrapping algorithm each time you import or reimport the same key material.  The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.  Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.  Required permissions: kms:GetParametersForImport (key policy)  Related operations:     ImportKeyMaterial     DeleteImportedKeyMaterial     Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
    */
   getParametersForImport(params: KMS.Types.GetParametersForImportRequest, callback?: (err: AWSError, data: KMS.Types.GetParametersForImportResponse) => void): Request<KMS.Types.GetParametersForImportResponse, AWSError>;
   /**
-   * Returns the public key and an import token you need to import or reimport key material for a KMS key.  By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide. Before calling GetParametersForImport, use the CreateKey operation with an Origin value of EXTERNAL to create a KMS key with no key material. You can import key material for a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store. You can also use GetParametersForImport to get a public key and import token to reimport the original key material into a KMS key whose key material expired or was deleted.  GetParametersForImport returns the items that you need to import your key material.   The public key (or "wrapping key") of an RSA key pair that KMS generates. You will use this public key to encrypt ("wrap") your key material while it's in transit to KMS.    A import token that ensures that KMS can decrypt your key material and associate it with the correct KMS key.   The public key and its import token are permanently linked and must be used together. Each public key and import token set is valid for 24 hours. The expiration date and time appear in the ParametersValidTo field in the GetParametersForImport response. You cannot use an expired public key or import token in an ImportKeyMaterial request. If your key and token expire, send another GetParametersForImport request.  GetParametersForImport requires the following information:   The key ID of the KMS key for which you are importing the key material.   The key spec of the public key ("wrapping key") that you will use to encrypt your key material during import.   The wrapping algorithm that you will use with the public key to encrypt your key material.   You can use the same or a different public key spec and wrapping algorithm each time you import or reimport the same key material.  The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.  Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.  Required permissions: kms:GetParametersForImport (key policy)  Related operations:     ImportKeyMaterial     DeleteImportedKeyMaterial     Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
+   * Returns the public key and an import token you need to import or reimport key material for a KMS key.  By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide. Before calling GetParametersForImport, use the CreateKey operation with an Origin value of EXTERNAL to create a KMS key with no key material. You can import key material for a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store. You can also use GetParametersForImport to get a public key and import token to reimport the original key material into a KMS key whose key material expired or was deleted.  GetParametersForImport returns the items that you need to import your key material.   The public key (or "wrapping key") of an asymmetric key pair that KMS generates. You will use this public key to encrypt ("wrap") your key material while it's in transit to KMS.    A import token that ensures that KMS can decrypt your key material and associate it with the correct KMS key.   The public key and its import token are permanently linked and must be used together. Each public key and import token set is valid for 24 hours. The expiration date and time appear in the ParametersValidTo field in the GetParametersForImport response. You cannot use an expired public key or import token in an ImportKeyMaterial request. If your key and token expire, send another GetParametersForImport request.  GetParametersForImport requires the following information:   The key ID of the KMS key for which you are importing the key material.   The key spec of the public key ("wrapping key") that you will use to encrypt your key material during import.   The wrapping algorithm that you will use with the public key to encrypt your key material.   You can use the same or a different public key spec and wrapping algorithm each time you import or reimport the same key material.  The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.  Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.  Required permissions: kms:GetParametersForImport (key policy)  Related operations:     ImportKeyMaterial     DeleteImportedKeyMaterial     Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
    */
   getParametersForImport(callback?: (err: AWSError, data: KMS.Types.GetParametersForImportResponse) => void): Request<KMS.Types.GetParametersForImportResponse, AWSError>;
   /**
@@ -430,7 +430,7 @@ declare class KMS extends Service {
 }
 declare namespace KMS {
   export type AWSAccountIdType = string;
-  export type AlgorithmSpec = "RSAES_PKCS1_V1_5"|"RSAES_OAEP_SHA_1"|"RSAES_OAEP_SHA_256"|"RSA_AES_KEY_WRAP_SHA_1"|"RSA_AES_KEY_WRAP_SHA_256"|string;
+  export type AlgorithmSpec = "RSAES_PKCS1_V1_5"|"RSAES_OAEP_SHA_1"|"RSAES_OAEP_SHA_256"|"RSA_AES_KEY_WRAP_SHA_1"|"RSA_AES_KEY_WRAP_SHA_256"|"SM2PKE"|string;
   export type AliasList = AliasListEntry[];
   export interface AliasListEntry {
     /**
@@ -1171,11 +1171,11 @@ declare namespace KMS {
      */
     KeyId: KeyIdType;
     /**
-     * The algorithm you will use with the RSA public key (PublicKey) in the response to protect your key material during import. For more information, see Select a wrapping algorithm in the Key Management Service Developer Guide. For RSA_AES wrapping algorithms, you encrypt your key material with an AES key that you generate, then encrypt your AES key with the RSA public key from KMS. For RSAES wrapping algorithms, you encrypt your key material directly with the RSA public key from KMS. The wrapping algorithms that you can use depend on the type of key material that you are importing. To import an RSA private key, you must use an RSA_AES wrapping algorithm.    RSA_AES_KEY_WRAP_SHA_256 — Supported for wrapping RSA and ECC key material.    RSA_AES_KEY_WRAP_SHA_1 — Supported for wrapping RSA and ECC key material.    RSAES_OAEP_SHA_256 — Supported for all types of key material, except RSA key material (private key). You cannot use the RSAES_OAEP_SHA_256 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material.    RSAES_OAEP_SHA_1 — Supported for all types of key material, except RSA key material (private key). You cannot use the RSAES_OAEP_SHA_1 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material.    RSAES_PKCS1_V1_5 (Deprecated) — As of October 10, 2023, KMS does not support the RSAES_PKCS1_V1_5 wrapping algorithm.  
+     * The algorithm you will use with the asymmetric public key (PublicKey) in the response to protect your key material during import. For more information, see Select a wrapping algorithm in the Key Management Service Developer Guide. For RSA_AES wrapping algorithms, you encrypt your key material with an AES key that you generate, then encrypt your AES key with the RSA public key from KMS. For RSAES wrapping algorithms, you encrypt your key material directly with the RSA public key from KMS. For SM2PKE wrapping algorithms, you encrypt your key material directly with the SM2 public key from KMS. The wrapping algorithms that you can use depend on the type of key material that you are importing. To import an RSA private key, you must use an RSA_AES wrapping algorithm, except in China Regions, where you must use the SM2PKE wrapping algorithm to import an RSA private key. The SM2PKE wrapping algorithm is available only in China Regions. The RSA_AES_KEY_WRAP_SHA_256 and RSA_AES_KEY_WRAP_SHA_1 wrapping algorithms are not supported in China Regions.    RSA_AES_KEY_WRAP_SHA_256 — Supported for wrapping RSA and ECC key material.    RSA_AES_KEY_WRAP_SHA_1 — Supported for wrapping RSA and ECC key material.    RSAES_OAEP_SHA_256 — Supported for all types of key material, except RSA key material (private key). You cannot use the RSAES_OAEP_SHA_256 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material.    RSAES_OAEP_SHA_1 — Supported for all types of key material, except RSA key material (private key). You cannot use the RSAES_OAEP_SHA_1 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material.    RSAES_PKCS1_V1_5 (Deprecated) — As of October 10, 2023, KMS does not support the RSAES_PKCS1_V1_5 wrapping algorithm.    SM2PKE (China Regions only) — supported for wrapping RSA, ECC, and SM2 key material.  
      */
     WrappingAlgorithm: AlgorithmSpec;
     /**
-     * The type of RSA public key to return in the response. You will use this wrapping key with the specified wrapping algorithm to protect your key material during import.  Use the longest RSA wrapping key that is practical.  You cannot use an RSA_2048 public key to directly wrap an ECC_NIST_P521 private key. Instead, use an RSA_AES wrapping algorithm or choose a longer RSA public key.
+     * The type of public key to return in the response. You will use this wrapping key with the specified wrapping algorithm to protect your key material during import.  Use the longest wrapping key that is practical.  You cannot use an RSA_2048 public key to directly wrap an ECC_NIST_P521 private key. Instead, use an RSA_AES wrapping algorithm or choose a longer RSA public key. The SM2 wrapping key spec is available only in China Regions.
      */
     WrappingKeySpec: WrappingKeySpec;
   }
@@ -2108,7 +2108,7 @@ declare namespace KMS {
      */
     SigningAlgorithm?: SigningAlgorithmSpec;
   }
-  export type WrappingKeySpec = "RSA_2048"|"RSA_3072"|"RSA_4096"|string;
+  export type WrappingKeySpec = "RSA_2048"|"RSA_3072"|"RSA_4096"|"SM2"|string;
   export interface XksKeyConfigurationType {
     /**
      * The ID of the external key in its external key manager. This is the ID that the external key store proxy uses to identify the external key.

package/clients/opensearch.d.ts

@@ -1321,9 +1321,14 @@ declare namespace OpenSearch {
      * A description of the data source.
      */
     Description?: DataSourceDescription;
+    /**
+     * The status of the data source.
+     */
+    Status?: DataSourceStatus;
   }
   export type DataSourceList = DataSourceDetails[];
   export type DataSourceName = string;
+  export type DataSourceStatus = "ACTIVE"|"DISABLED"|string;
   export interface DataSourceType {
     /**
      * An Amazon S3 data source.
@@ -2052,7 +2057,7 @@ declare namespace OpenSearch {
      */
     Endpoints?: EndpointsMap;
     /**
-     * The DualStack Hosted Zone Id for the domain. 
+     * The dual stack hosted zone ID for the domain. 
      */
     DomainEndpointV2HostedZoneId?: HostedZoneId;
     /**
@@ -2318,6 +2323,10 @@ declare namespace OpenSearch {
      * A description of the data source.
      */
     Description?: DataSourceDescription;
+    /**
+     * The status of the data source response.
+     */
+    Status?: DataSourceStatus;
   }
   export interface GetDomainMaintenanceStatusRequest {
     /**
@@ -3579,6 +3588,10 @@ declare namespace OpenSearch {
      * A new description of the data source.
      */
     Description?: DataSourceDescription;
+    /**
+     * The status of the data source update request.
+     */
+    Status?: DataSourceStatus;
   }
   export interface UpdateDataSourceResponse {
     /**

package/clients/wafv2.d.ts

@@ -583,7 +583,7 @@ declare namespace WAFV2 {
   export type Boolean = boolean;
   export interface ByteMatchStatement {
     /**
-     * A string value that you want WAF to search for. WAF searches only in the part of web requests that you designate for inspection in FieldToMatch. The maximum length of the value is 200 bytes. Valid values depend on the component that you specify for inspection in FieldToMatch:    Method: The HTTP method that you want WAF to search for. This indicates the type of operation specified in the request.     UriPath: The value that you want WAF to search for in the URI path, for example, /images/daily-ad.jpg.     JA3Fingerprint: Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.  You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.     HeaderOrder: The list of header names to match for. WAF creates a string that contains the ordered list of header names, from the headers in the web request, and then matches against that string.    If SearchString includes alphabetic characters A-Z and a-z, note that the value is case sensitive.  If you're using the WAF API  Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 200 bytes. For example, suppose the value of Type is HEADER and the value of Data is User-Agent. If you want to search the User-Agent header for the value BadBot, you base64-encode BadBot using MIME base64-encoding and include the resulting value, QmFkQm90, in the value of SearchString.  If you're using the CLI or one of the Amazon Web Services SDKs  The value that you want WAF to search for. The SDK automatically base64 encodes the value.
+     * A string value that you want WAF to search for. WAF searches only in the part of web requests that you designate for inspection in FieldToMatch. The maximum length of the value is 200 bytes. Valid values depend on the component that you specify for inspection in FieldToMatch:    Method: The HTTP method that you want WAF to search for. This indicates the type of operation specified in the request.     UriPath: The value that you want WAF to search for in the URI path, for example, /images/daily-ad.jpg.     JA3Fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.  You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.     HeaderOrder: The list of header names to match for. WAF creates a string that contains the ordered list of header names, from the headers in the web request, and then matches against that string.    If SearchString includes alphabetic characters A-Z and a-z, note that the value is case sensitive.  If you're using the WAF API  Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 200 bytes. For example, suppose the value of Type is HEADER and the value of Data is User-Agent. If you want to search the User-Agent header for the value BadBot, you base64-encode BadBot using MIME base64-encoding and include the resulting value, QmFkQm90, in the value of SearchString.  If you're using the CLI or one of the Amazon Web Services SDKs  The value that you want WAF to search for. The SDK automatically base64 encodes the value.
      */
     SearchString: SearchString;
     /**
@@ -999,6 +999,14 @@ declare namespace WAFV2 {
      * The Amazon Resource Name (ARN) of the web ACL from which you want to delete the LoggingConfiguration.
      */
     ResourceArn: ResourceArn;
+    /**
+     * Used to distinguish between various logging options. Currently, there is one option. Default: WAF_LOGS 
+     */
+    LogType?: LogType;
+    /**
+     * The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.  The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see Collecting data from Amazon Web Services services in the Amazon Security Lake user guide.  Default: CUSTOMER 
+     */
+    LogScope?: LogScope;
   }
   export interface DeleteLoggingConfigurationResponse {
   }
@@ -1224,7 +1232,7 @@ declare namespace WAFV2 {
      */
     HeaderOrder?: HeaderOrder;
     /**
-     * Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.  You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.   You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.  Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
+     * Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.  You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.   You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.  Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
      */
     JA3Fingerprint?: JA3Fingerprint;
   }
@@ -1366,6 +1374,14 @@ declare namespace WAFV2 {
      * The Amazon Resource Name (ARN) of the web ACL for which you want to get the LoggingConfiguration.
      */
     ResourceArn: ResourceArn;
+    /**
+     * Used to distinguish between various logging options. Currently, there is one option. Default: WAF_LOGS 
+     */
+    LogType?: LogType;
+    /**
+     * The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.  The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see Collecting data from Amazon Web Services services in the Amazon Security Lake user guide.  Default: CUSTOMER 
+     */
+    LogScope?: LogScope;
   }
   export interface GetLoggingConfigurationResponse {
     /**
@@ -1941,6 +1957,10 @@ declare namespace WAFV2 {
      * The maximum number of objects that you want WAF to return for this request. If more objects are available, in the response, WAF provides a NextMarker value that you can use in a subsequent call to get the next batch of objects.
      */
     Limit?: PaginationLimit;
+    /**
+     * The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.  The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see Collecting data from Amazon Web Services services in the Amazon Security Lake user guide.  Default: CUSTOMER 
+     */
+    LogScope?: LogScope;
   }
   export interface ListLoggingConfigurationsResponse {
     /**
@@ -2115,6 +2135,8 @@ declare namespace WAFV2 {
   }
   export type LockToken = string;
   export type LogDestinationConfigs = ResourceArn[];
+  export type LogScope = "CUSTOMER"|"SECURITY_LAKE"|string;
+  export type LogType = "WAF_LOGS"|string;
   export interface LoggingConfiguration {
     /**
      * The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
@@ -2125,7 +2147,7 @@ declare namespace WAFV2 {
      */
     LogDestinationConfigs: LogDestinationConfigs;
     /**
-     * The parts of the request that you want to keep out of the logs. For example, if you redact the SingleHeader field, the HEADER field in the logs will be REDACTED for all rules that use the SingleHeader FieldToMatch setting.  Redaction applies only to the component that's specified in the rule's FieldToMatch setting, so the SingleHeader redaction doesn't apply to rules that use the Headers FieldToMatch.  You can specify only the following fields for redaction: UriPath, QueryString, SingleHeader, and Method. 
+     * The parts of the request that you want to keep out of the logs. For example, if you redact the SingleHeader field, the HEADER field in the logs will be REDACTED for all rules that use the SingleHeader FieldToMatch setting.  Redaction applies only to the component that's specified in the rule's FieldToMatch setting, so the SingleHeader redaction doesn't apply to rules that use the Headers FieldToMatch.  You can specify only the following fields for redaction: UriPath, QueryString, SingleHeader, and Method.   This setting has no impact on request sampling. With request sampling, the only way to exclude fields is by disabling sampling in the web ACL visibility configuration.  
      */
     RedactedFields?: RedactedFields;
     /**
@@ -2136,6 +2158,14 @@ declare namespace WAFV2 {
      * Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. 
      */
     LoggingFilter?: LoggingFilter;
+    /**
+     * Used to distinguish between various logging options. Currently, there is one option. Default: WAF_LOGS 
+     */
+    LogType?: LogType;
+    /**
+     * The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.  The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see Collecting data from Amazon Web Services services in the Amazon Security Lake user guide.  Default: CUSTOMER 
+     */
+    LogScope?: LogScope;
   }
   export type LoggingConfigurations = LoggingConfiguration[];
   export interface LoggingFilter {
@@ -3484,7 +3514,7 @@ declare namespace WAFV2 {
   export type VersionsToPublish = {[key: string]: VersionToPublish};
   export interface VisibilityConfig {
     /**
-     * Indicates whether WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the WAF console. 
+     * Indicates whether WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the WAF console.   Request sampling doesn't provide a field redaction option, and any field redaction that you specify in your logging configuration doesn't affect sampling. The only way to exclude fields from request sampling is by disabling sampling in the web ACL visibility configuration.  
      */
     SampledRequestsEnabled: Boolean;
     /**

package/dist/aws-sdk-core-react-native.js

@@ -83,7 +83,7 @@ return /******/ (function(modules) { // webpackBootstrap
 	  /**
 	   * @constant
 	   */
-	  VERSION: '2.1625.0',
+	  VERSION: '2.1626.0',
 
 	  /**
 	   * @api private
@@ -2949,7 +2949,9 @@ return /******/ (function(modules) { // webpackBootstrap
 	  var memberRules = rules.member || {};
 
 	  if (list.length === 0) {
-	    fn.call(this, name, null);
+	    if (rules.api.protocol !== 'ec2') {
+	      fn.call(this, name, null);
+	    }
 	    return;
 	  }