aws-sdk 2.1635.0 → 2.1636.0

package/apis/location-2020-11-19.paginators.json

@@ -1,5 +1,11 @@
 {
   "pagination": {
+    "ForecastGeofenceEvents": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "ForecastedEvents"
+    },
     "GetDevicePositionHistory": {
       "input_token": "NextToken",
       "output_token": "NextToken",

package/apis/sns-2010-03-31.min.json

@@ -4,12 +4,18 @@
     "apiVersion": "2010-03-31",
     "endpointPrefix": "sns",
     "protocol": "query",
+    "protocols": [
+      "query"
+    ],
     "serviceAbbreviation": "Amazon SNS",
     "serviceFullName": "Amazon Simple Notification Service",
     "serviceId": "SNS",
     "signatureVersion": "v4",
     "uid": "sns-2010-03-31",
-    "xmlNamespace": "http://sns.amazonaws.com/doc/2010-03-31/"
+    "xmlNamespace": "http://sns.amazonaws.com/doc/2010-03-31/",
+    "auth": [
+      "aws.auth#sigv4"
+    ]
   },
   "operations": {
     "AddPermission": {

package/apis/sqs-2012-11-05.min.json

@@ -6,6 +6,9 @@
     "endpointPrefix": "sqs",
     "jsonVersion": "1.0",
     "protocol": "json",
+    "protocols": [
+      "json"
+    ],
     "serviceAbbreviation": "Amazon SQS",
     "serviceFullName": "Amazon Simple Queue Service",
     "serviceId": "SQS",

package/apis/storagegateway-2013-06-30.min.json

@@ -5,11 +5,17 @@
     "endpointPrefix": "storagegateway",
     "jsonVersion": "1.1",
     "protocol": "json",
+    "protocols": [
+      "json"
+    ],
     "serviceFullName": "AWS Storage Gateway",
     "serviceId": "Storage Gateway",
     "signatureVersion": "v4",
     "targetPrefix": "StorageGateway_20130630",
-    "uid": "storagegateway-2013-06-30"
+    "uid": "storagegateway-2013-06-30",
+    "auth": [
+      "aws.auth#sigv4"
+    ]
   },
   "operations": {
     "ActivateGateway": {
@@ -1092,7 +1098,10 @@
           "DayOfMonth": {
             "type": "integer"
           },
-          "Timezone": {}
+          "Timezone": {},
+          "SoftwareUpdatePreferences": {
+            "shape": "S5i"
+          }
         }
       }
     },
@@ -1104,7 +1113,7 @@
         ],
         "members": {
           "FileShareARNList": {
-            "shape": "S5j"
+            "shape": "S5l"
           }
         }
       },
@@ -1170,7 +1179,7 @@
         ],
         "members": {
           "FileShareARNList": {
-            "shape": "S5j"
+            "shape": "S5l"
           }
         }
       },
@@ -1265,7 +1274,7 @@
             "type": "boolean"
           },
           "SMBLocalGroups": {
-            "shape": "S5z"
+            "shape": "S61"
           }
         }
       }
@@ -1713,7 +1722,7 @@
               "type": "structure",
               "members": {
                 "AutomaticTapeCreationRules": {
-                  "shape": "S7j"
+                  "shape": "S7l"
                 },
                 "GatewayARN": {}
               }
@@ -2276,7 +2285,7 @@
         ],
         "members": {
           "AutomaticTapeCreationRules": {
-            "shape": "S7j"
+            "shape": "S7l"
           },
           "GatewayARN": {}
         }
@@ -2427,9 +2436,7 @@
       "input": {
         "type": "structure",
         "required": [
-          "GatewayARN",
-          "HourOfDay",
-          "MinuteOfHour"
+          "GatewayARN"
         ],
         "members": {
           "GatewayARN": {},
@@ -2444,6 +2451,9 @@
           },
           "DayOfMonth": {
             "type": "integer"
+          },
+          "SoftwareUpdatePreferences": {
+            "shape": "S5i"
           }
         }
       },
@@ -2587,7 +2597,7 @@
         "members": {
           "GatewayARN": {},
           "SMBLocalGroups": {
-            "shape": "S5z"
+            "shape": "S61"
           }
         }
       },
@@ -2794,11 +2804,17 @@
       "type": "string",
       "sensitive": true
     },
-    "S5j": {
+    "S5i": {
+      "type": "structure",
+      "members": {
+        "AutomaticUpdatePolicy": {}
+      }
+    },
+    "S5l": {
       "type": "list",
       "member": {}
     },
-    "S5z": {
+    "S61": {
       "type": "structure",
       "members": {
         "GatewayAdmins": {
@@ -2806,7 +2822,7 @@
         }
       }
     },
-    "S7j": {
+    "S7l": {
       "type": "list",
       "member": {
         "type": "structure",

package/clients/account.d.ts

@@ -11,6 +11,14 @@ declare class Account extends Service {
    */
   constructor(options?: Account.Types.ClientConfiguration)
   config: Config & Account.Types.ClientConfiguration;
+  /**
+   * Accepts the request that originated from StartPrimaryEmailUpdate to update the primary email address (also known as the root user email address) for the specified account.
+   */
+  acceptPrimaryEmailUpdate(params: Account.Types.AcceptPrimaryEmailUpdateRequest, callback?: (err: AWSError, data: Account.Types.AcceptPrimaryEmailUpdateResponse) => void): Request<Account.Types.AcceptPrimaryEmailUpdateResponse, AWSError>;
+  /**
+   * Accepts the request that originated from StartPrimaryEmailUpdate to update the primary email address (also known as the root user email address) for the specified account.
+   */
+  acceptPrimaryEmailUpdate(callback?: (err: AWSError, data: Account.Types.AcceptPrimaryEmailUpdateResponse) => void): Request<Account.Types.AcceptPrimaryEmailUpdateResponse, AWSError>;
   /**
    * Deletes the specified alternate contact from an Amazon Web Services account. For complete details about how to use the alternate contact operations, see Access or updating the alternate contacts.  Before you can update the alternate contact information for an Amazon Web Services account that is managed by Organizations, you must first enable integration between Amazon Web Services Account Management and Organizations. For more information, see Enabling trusted access for Amazon Web Services Account Management. 
    */
@@ -20,11 +28,11 @@ declare class Account extends Service {
    */
   deleteAlternateContact(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
-   * Disables (opts-out) a particular Region for an account.
+   * Disables (opts-out) a particular Region for an account.  The act of disabling a Region will remove all IAM access to any resources that reside in that Region. 
    */
   disableRegion(params: Account.Types.DisableRegionRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
-   * Disables (opts-out) a particular Region for an account.
+   * Disables (opts-out) a particular Region for an account.  The act of disabling a Region will remove all IAM access to any resources that reside in that Region. 
    */
   disableRegion(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
@@ -51,6 +59,14 @@ declare class Account extends Service {
    * Retrieves the primary contact information of an Amazon Web Services account. For complete details about how to use the primary contact operations, see Update the primary and alternate contact information.
    */
   getContactInformation(callback?: (err: AWSError, data: Account.Types.GetContactInformationResponse) => void): Request<Account.Types.GetContactInformationResponse, AWSError>;
+  /**
+   * Retrieves the primary email address for the specified account.
+   */
+  getPrimaryEmail(params: Account.Types.GetPrimaryEmailRequest, callback?: (err: AWSError, data: Account.Types.GetPrimaryEmailResponse) => void): Request<Account.Types.GetPrimaryEmailResponse, AWSError>;
+  /**
+   * Retrieves the primary email address for the specified account.
+   */
+  getPrimaryEmail(callback?: (err: AWSError, data: Account.Types.GetPrimaryEmailResponse) => void): Request<Account.Types.GetPrimaryEmailResponse, AWSError>;
   /**
    * Retrieves the opt-in status of a particular Region.
    */
@@ -83,8 +99,36 @@ declare class Account extends Service {
    * Updates the primary contact information of an Amazon Web Services account. For complete details about how to use the primary contact operations, see Update the primary and alternate contact information.
    */
   putContactInformation(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
+  /**
+   * Starts the process to update the primary email address for the specified account.
+   */
+  startPrimaryEmailUpdate(params: Account.Types.StartPrimaryEmailUpdateRequest, callback?: (err: AWSError, data: Account.Types.StartPrimaryEmailUpdateResponse) => void): Request<Account.Types.StartPrimaryEmailUpdateResponse, AWSError>;
+  /**
+   * Starts the process to update the primary email address for the specified account.
+   */
+  startPrimaryEmailUpdate(callback?: (err: AWSError, data: Account.Types.StartPrimaryEmailUpdateResponse) => void): Request<Account.Types.StartPrimaryEmailUpdateResponse, AWSError>;
 }
 declare namespace Account {
+  export interface AcceptPrimaryEmailUpdateRequest {
+    /**
+     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned. This operation can only be called from the management account or the delegated administrator account of an organization for a member account.  The management account can't specify its own AccountId. 
+     */
+    AccountId: AccountId;
+    /**
+     * The OTP code sent to the PrimaryEmail specified on the StartPrimaryEmailUpdate API call.
+     */
+    Otp: Otp;
+    /**
+     * The new primary email address for use with the specified account. This must match the PrimaryEmail from the StartPrimaryEmailUpdate API call.
+     */
+    PrimaryEmail: PrimaryEmailAddress;
+  }
+  export interface AcceptPrimaryEmailUpdateResponse {
+    /**
+     * Retrieves the status of the accepted primary email update request.
+     */
+    Status?: PrimaryEmailUpdateStatus;
+  }
   export type AccountId = string;
   export type AddressLine = string;
   export interface AlternateContact {
@@ -154,7 +198,7 @@ declare namespace Account {
      */
     PostalCode: PostalCode;
     /**
-     * The state or region of the primary contact address. This field is required in selected countries.
+     * The state or region of the primary contact address. If the mailing address is within the United States (US), the value in this field can be either a two character state code (for example, NJ) or the full state name (for example, New Jersey). This field is required in the following countries: US, CA, GB, DE, JP, IN, and BR.
      */
     StateOrRegion?: StateOrRegion;
     /**
@@ -176,7 +220,7 @@ declare namespace Account {
   }
   export interface DisableRegionRequest {
     /**
-     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must also be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
+     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
      */
     AccountId?: AccountId;
     /**
@@ -188,7 +232,7 @@ declare namespace Account {
   export type EmailAddress = string;
   export interface EnableRegionRequest {
     /**
-     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must also be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
+     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
      */
     AccountId?: AccountId;
     /**
@@ -215,7 +259,7 @@ declare namespace Account {
   }
   export interface GetContactInformationRequest {
     /**
-     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must also be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
+     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
      */
     AccountId?: AccountId;
   }
@@ -225,9 +269,21 @@ declare namespace Account {
      */
     ContactInformation?: ContactInformation;
   }
+  export interface GetPrimaryEmailRequest {
+    /**
+     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned. This operation can only be called from the management account or the delegated administrator account of an organization for a member account.  The management account can't specify its own AccountId. 
+     */
+    AccountId: AccountId;
+  }
+  export interface GetPrimaryEmailResponse {
+    /**
+     * Retrieves the primary email address associated with the specified account.
+     */
+    PrimaryEmail?: PrimaryEmailAddress;
+  }
   export interface GetRegionOptStatusRequest {
     /**
-     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must also be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
+     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
      */
     AccountId?: AccountId;
     /**
@@ -247,7 +303,7 @@ declare namespace Account {
   }
   export interface ListRegionsRequest {
     /**
-     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must also be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
+     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
      */
     AccountId?: AccountId;
     /**
@@ -276,8 +332,11 @@ declare namespace Account {
     Regions?: RegionOptList;
   }
   export type Name = string;
+  export type Otp = string;
   export type PhoneNumber = string;
   export type PostalCode = string;
+  export type PrimaryEmailAddress = string;
+  export type PrimaryEmailUpdateStatus = "PENDING"|"ACCEPTED"|string;
   export interface PutAlternateContactRequest {
     /**
      * Specifies the 12 digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you do not specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account, and the specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId; it must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, then don't specify this parameter, and call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
@@ -306,7 +365,7 @@ declare namespace Account {
   }
   export interface PutContactInformationRequest {
     /**
-     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must also be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
+     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
      */
     AccountId?: AccountId;
     /**
@@ -328,6 +387,22 @@ declare namespace Account {
   export type RegionOptList = Region[];
   export type RegionOptStatus = "ENABLED"|"ENABLING"|"DISABLING"|"DISABLED"|"ENABLED_BY_DEFAULT"|string;
   export type RegionOptStatusList = RegionOptStatus[];
+  export interface StartPrimaryEmailUpdateRequest {
+    /**
+     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned. This operation can only be called from the management account or the delegated administrator account of an organization for a member account.  The management account can't specify its own AccountId. 
+     */
+    AccountId: AccountId;
+    /**
+     * The new primary email address (also known as the root user email address) to use in the specified account.
+     */
+    PrimaryEmail: PrimaryEmailAddress;
+  }
+  export interface StartPrimaryEmailUpdateResponse {
+    /**
+     * The status of the primary email update request.
+     */
+    Status?: PrimaryEmailUpdateStatus;
+  }
   export type StateOrRegion = string;
   export type String = string;
   export type Title = string;

package/clients/firehose.d.ts

@@ -68,11 +68,11 @@ declare class Firehose extends Service {
    */
   putRecordBatch(callback?: (err: AWSError, data: Firehose.Types.PutRecordBatchOutput) => void): Request<Firehose.Types.PutRecordBatchOutput, AWSError>;
   /**
-   * Enables server-side encryption (SSE) for the delivery stream.  This operation is asynchronous. It returns immediately. When you invoke it, Firehose first sets the encryption status of the stream to ENABLING, and then to ENABLED. The encryption status of a delivery stream is the Status property in DeliveryStreamEncryptionConfiguration. If the operation fails, the encryption status changes to ENABLING_FAILED. You can continue to read and write data to your delivery stream while the encryption status is ENABLING, but the data is not encrypted. It can take up to 5 seconds after the encryption status changes to ENABLED before all records written to the delivery stream are encrypted. To find out whether a record or a batch of records was encrypted, check the response elements PutRecordOutput$Encrypted and PutRecordBatchOutput$Encrypted, respectively. To check the encryption status of a delivery stream, use DescribeDeliveryStream. Even if encryption is currently enabled for a delivery stream, you can still invoke this operation on it to change the ARN of the CMK or both its type and ARN. If you invoke this method to change the CMK, and the old CMK is of type CUSTOMER_MANAGED_CMK, Firehose schedules the grant it had on the old CMK for retirement. If the new CMK is of type CUSTOMER_MANAGED_CMK, Firehose creates a grant that enables it to use the new CMK to encrypt and decrypt data and to manage the grant. For the KMS grant creation to be successful, Firehose APIs StartDeliveryStreamEncryption and CreateDeliveryStream should not be called with session credentials that are more than 6 hours old. If a delivery stream already has encryption enabled and then you invoke this operation to change the ARN of the CMK or both its type and ARN and you get ENABLING_FAILED, this only means that the attempt to change the CMK failed. In this case, encryption remains enabled with the old CMK. If the encryption status of your delivery stream is ENABLING_FAILED, you can invoke this operation again with a valid CMK. The CMK must be enabled and the key policy mustn't explicitly deny the permission for Firehose to invoke KMS encrypt and decrypt operations. You can enable SSE for a delivery stream only if it's a delivery stream that uses DirectPut as its source.  The StartDeliveryStreamEncryption and StopDeliveryStreamEncryption operations have a combined limit of 25 calls per delivery stream per 24 hours. For example, you reach the limit if you call StartDeliveryStreamEncryption 13 times and StopDeliveryStreamEncryption 12 times for the same delivery stream in a 24-hour period.
+   * Enables server-side encryption (SSE) for the delivery stream.  This operation is asynchronous. It returns immediately. When you invoke it, Firehose first sets the encryption status of the stream to ENABLING, and then to ENABLED. The encryption status of a delivery stream is the Status property in DeliveryStreamEncryptionConfiguration. If the operation fails, the encryption status changes to ENABLING_FAILED. You can continue to read and write data to your delivery stream while the encryption status is ENABLING, but the data is not encrypted. It can take up to 5 seconds after the encryption status changes to ENABLED before all records written to the delivery stream are encrypted. To find out whether a record or a batch of records was encrypted, check the response elements PutRecordOutput$Encrypted and PutRecordBatchOutput$Encrypted, respectively. To check the encryption status of a delivery stream, use DescribeDeliveryStream. Even if encryption is currently enabled for a delivery stream, you can still invoke this operation on it to change the ARN of the CMK or both its type and ARN. If you invoke this method to change the CMK, and the old CMK is of type CUSTOMER_MANAGED_CMK, Firehose schedules the grant it had on the old CMK for retirement. If the new CMK is of type CUSTOMER_MANAGED_CMK, Firehose creates a grant that enables it to use the new CMK to encrypt and decrypt data and to manage the grant. For the KMS grant creation to be successful, the Firehose API operations StartDeliveryStreamEncryption and CreateDeliveryStream should not be called with session credentials that are more than 6 hours old. If a delivery stream already has encryption enabled and then you invoke this operation to change the ARN of the CMK or both its type and ARN and you get ENABLING_FAILED, this only means that the attempt to change the CMK failed. In this case, encryption remains enabled with the old CMK. If the encryption status of your delivery stream is ENABLING_FAILED, you can invoke this operation again with a valid CMK. The CMK must be enabled and the key policy mustn't explicitly deny the permission for Firehose to invoke KMS encrypt and decrypt operations. You can enable SSE for a delivery stream only if it's a delivery stream that uses DirectPut as its source.  The StartDeliveryStreamEncryption and StopDeliveryStreamEncryption operations have a combined limit of 25 calls per delivery stream per 24 hours. For example, you reach the limit if you call StartDeliveryStreamEncryption 13 times and StopDeliveryStreamEncryption 12 times for the same delivery stream in a 24-hour period.
    */
   startDeliveryStreamEncryption(params: Firehose.Types.StartDeliveryStreamEncryptionInput, callback?: (err: AWSError, data: Firehose.Types.StartDeliveryStreamEncryptionOutput) => void): Request<Firehose.Types.StartDeliveryStreamEncryptionOutput, AWSError>;
   /**
-   * Enables server-side encryption (SSE) for the delivery stream.  This operation is asynchronous. It returns immediately. When you invoke it, Firehose first sets the encryption status of the stream to ENABLING, and then to ENABLED. The encryption status of a delivery stream is the Status property in DeliveryStreamEncryptionConfiguration. If the operation fails, the encryption status changes to ENABLING_FAILED. You can continue to read and write data to your delivery stream while the encryption status is ENABLING, but the data is not encrypted. It can take up to 5 seconds after the encryption status changes to ENABLED before all records written to the delivery stream are encrypted. To find out whether a record or a batch of records was encrypted, check the response elements PutRecordOutput$Encrypted and PutRecordBatchOutput$Encrypted, respectively. To check the encryption status of a delivery stream, use DescribeDeliveryStream. Even if encryption is currently enabled for a delivery stream, you can still invoke this operation on it to change the ARN of the CMK or both its type and ARN. If you invoke this method to change the CMK, and the old CMK is of type CUSTOMER_MANAGED_CMK, Firehose schedules the grant it had on the old CMK for retirement. If the new CMK is of type CUSTOMER_MANAGED_CMK, Firehose creates a grant that enables it to use the new CMK to encrypt and decrypt data and to manage the grant. For the KMS grant creation to be successful, Firehose APIs StartDeliveryStreamEncryption and CreateDeliveryStream should not be called with session credentials that are more than 6 hours old. If a delivery stream already has encryption enabled and then you invoke this operation to change the ARN of the CMK or both its type and ARN and you get ENABLING_FAILED, this only means that the attempt to change the CMK failed. In this case, encryption remains enabled with the old CMK. If the encryption status of your delivery stream is ENABLING_FAILED, you can invoke this operation again with a valid CMK. The CMK must be enabled and the key policy mustn't explicitly deny the permission for Firehose to invoke KMS encrypt and decrypt operations. You can enable SSE for a delivery stream only if it's a delivery stream that uses DirectPut as its source.  The StartDeliveryStreamEncryption and StopDeliveryStreamEncryption operations have a combined limit of 25 calls per delivery stream per 24 hours. For example, you reach the limit if you call StartDeliveryStreamEncryption 13 times and StopDeliveryStreamEncryption 12 times for the same delivery stream in a 24-hour period.
+   * Enables server-side encryption (SSE) for the delivery stream.  This operation is asynchronous. It returns immediately. When you invoke it, Firehose first sets the encryption status of the stream to ENABLING, and then to ENABLED. The encryption status of a delivery stream is the Status property in DeliveryStreamEncryptionConfiguration. If the operation fails, the encryption status changes to ENABLING_FAILED. You can continue to read and write data to your delivery stream while the encryption status is ENABLING, but the data is not encrypted. It can take up to 5 seconds after the encryption status changes to ENABLED before all records written to the delivery stream are encrypted. To find out whether a record or a batch of records was encrypted, check the response elements PutRecordOutput$Encrypted and PutRecordBatchOutput$Encrypted, respectively. To check the encryption status of a delivery stream, use DescribeDeliveryStream. Even if encryption is currently enabled for a delivery stream, you can still invoke this operation on it to change the ARN of the CMK or both its type and ARN. If you invoke this method to change the CMK, and the old CMK is of type CUSTOMER_MANAGED_CMK, Firehose schedules the grant it had on the old CMK for retirement. If the new CMK is of type CUSTOMER_MANAGED_CMK, Firehose creates a grant that enables it to use the new CMK to encrypt and decrypt data and to manage the grant. For the KMS grant creation to be successful, the Firehose API operations StartDeliveryStreamEncryption and CreateDeliveryStream should not be called with session credentials that are more than 6 hours old. If a delivery stream already has encryption enabled and then you invoke this operation to change the ARN of the CMK or both its type and ARN and you get ENABLING_FAILED, this only means that the attempt to change the CMK failed. In this case, encryption remains enabled with the old CMK. If the encryption status of your delivery stream is ENABLING_FAILED, you can invoke this operation again with a valid CMK. The CMK must be enabled and the key policy mustn't explicitly deny the permission for Firehose to invoke KMS encrypt and decrypt operations. You can enable SSE for a delivery stream only if it's a delivery stream that uses DirectPut as its source.  The StartDeliveryStreamEncryption and StopDeliveryStreamEncryption operations have a combined limit of 25 calls per delivery stream per 24 hours. For example, you reach the limit if you call StartDeliveryStreamEncryption 13 times and StopDeliveryStreamEncryption 12 times for the same delivery stream in a 24-hour period.
    */
   startDeliveryStreamEncryption(callback?: (err: AWSError, data: Firehose.Types.StartDeliveryStreamEncryptionOutput) => void): Request<Firehose.Types.StartDeliveryStreamEncryptionOutput, AWSError>;
   /**
@@ -1182,7 +1182,7 @@ declare namespace Firehose {
     BufferingHints?: HttpEndpointBufferingHints;
     CloudWatchLoggingOptions?: CloudWatchLoggingOptions;
     /**
-     * The configuration of the requeste sent to the HTTP endpoint specified as the destination.
+     * The configuration of the request sent to the HTTP endpoint that is specified as the destination.
      */
     RequestConfiguration?: HttpEndpointRequestConfiguration;
     ProcessingConfiguration?: ProcessingConfiguration;
@@ -1199,6 +1199,10 @@ declare namespace Firehose {
      */
     S3BackupMode?: HttpEndpointS3BackupMode;
     S3Configuration: S3DestinationConfiguration;
+    /**
+     *  The configuration that defines how you access secrets for HTTP Endpoint destination. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export interface HttpEndpointDestinationDescription {
     /**
@@ -1228,6 +1232,10 @@ declare namespace Firehose {
      */
     S3BackupMode?: HttpEndpointS3BackupMode;
     S3DestinationDescription?: S3DestinationDescription;
+    /**
+     *  The configuration that defines how you access secrets for HTTP Endpoint destination. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export interface HttpEndpointDestinationUpdate {
     /**
@@ -1257,6 +1265,10 @@ declare namespace Firehose {
      */
     S3BackupMode?: HttpEndpointS3BackupMode;
     S3Update?: S3DestinationUpdate;
+    /**
+     *  The configuration that defines how you access secrets for HTTP Endpoint destination. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export type HttpEndpointName = string;
   export interface HttpEndpointRequestConfiguration {
@@ -1625,11 +1637,11 @@ declare namespace Firehose {
     /**
      * The name of the user.
      */
-    Username: Username;
+    Username?: Username;
     /**
      * The user password.
      */
-    Password: Password;
+    Password?: Password;
     /**
      * The retry behavior in case Firehose is unable to deliver documents to Amazon Redshift. Default value is 3600 (60 minutes).
      */
@@ -1654,6 +1666,10 @@ declare namespace Firehose {
      * The CloudWatch logging options for your delivery stream.
      */
     CloudWatchLoggingOptions?: CloudWatchLoggingOptions;
+    /**
+     *  The configuration that defines how you access secrets for Amazon Redshift. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export interface RedshiftDestinationDescription {
     /**
@@ -1671,7 +1687,7 @@ declare namespace Firehose {
     /**
      * The name of the user.
      */
-    Username: Username;
+    Username?: Username;
     /**
      * The retry behavior in case Firehose is unable to deliver documents to Amazon Redshift. Default value is 3600 (60 minutes).
      */
@@ -1696,6 +1712,10 @@ declare namespace Firehose {
      * The Amazon CloudWatch logging options for your delivery stream.
      */
     CloudWatchLoggingOptions?: CloudWatchLoggingOptions;
+    /**
+     *  The configuration that defines how you access secrets for Amazon Redshift. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export interface RedshiftDestinationUpdate {
     /**
@@ -1742,6 +1762,10 @@ declare namespace Firehose {
      * The Amazon CloudWatch logging options for your delivery stream.
      */
     CloudWatchLoggingOptions?: CloudWatchLoggingOptions;
+    /**
+     *  The configuration that defines how you access secrets for Amazon Redshift. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export type RedshiftRetryDurationInSeconds = number;
   export interface RedshiftRetryOptions {
@@ -1888,6 +1912,21 @@ declare namespace Firehose {
      */
     VersionId?: NonEmptyStringWithoutWhitespace;
   }
+  export type SecretARN = string;
+  export interface SecretsManagerConfiguration {
+    /**
+     * The ARN of the secret that stores your credentials. It must be in the same region as the Firehose stream and the role. The secret ARN can reside in a different account than the delivery stream and role as Firehose supports cross-account secret access. This parameter is required when Enabled is set to True.
+     */
+    SecretARN?: SecretARN;
+    /**
+     *  Specifies the role that Firehose assumes when calling the Secrets Manager API operation. When you provide the role, it overrides any destination specific role defined in the destination configuration. If you do not provide the then we use the destination specific role. This parameter is required for Splunk. 
+     */
+    RoleARN?: RoleARN;
+    /**
+     * Specifies whether you want to use the the secrets manager feature. When set as True the secrets manager configuration overwrites the existing secrets in the destination configuration. When it's set to False Firehose falls back to the credentials in the destination configuration.
+     */
+    Enabled: BooleanObject;
+  }
   export type SecurityGroupIdList = NonEmptyStringWithoutWhitespace[];
   export interface Serializer {
     /**
@@ -1912,7 +1951,7 @@ declare namespace Firehose {
     /**
      * The private key used to encrypt your Snowflake client. For information, see Using Key Pair Authentication &amp; Key Rotation.
      */
-    PrivateKey: SnowflakePrivateKey;
+    PrivateKey?: SnowflakePrivateKey;
     /**
      * Passphrase to decrypt the private key when the key is encrypted. For information, see Using Key Pair Authentication &amp; Key Rotation.
      */
@@ -1920,7 +1959,7 @@ declare namespace Firehose {
     /**
      * User login name for the Snowflake account.
      */
-    User: SnowflakeUser;
+    User?: SnowflakeUser;
     /**
      * All data in Snowflake is maintained in databases.
      */
@@ -1968,6 +2007,10 @@ declare namespace Firehose {
      */
     S3BackupMode?: SnowflakeS3BackupMode;
     S3Configuration: S3DestinationConfiguration;
+    /**
+     *  The configuration that defines how you access secrets for Snowflake. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export interface SnowflakeDestinationDescription {
     /**
@@ -2025,6 +2068,10 @@ declare namespace Firehose {
      */
     S3BackupMode?: SnowflakeS3BackupMode;
     S3DestinationDescription?: S3DestinationDescription;
+    /**
+     *  The configuration that defines how you access secrets for Snowflake. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export interface SnowflakeDestinationUpdate {
     /**
@@ -2086,6 +2133,10 @@ declare namespace Firehose {
      */
     S3BackupMode?: SnowflakeS3BackupMode;
     S3Update?: S3DestinationUpdate;
+    /**
+     *  Describes the Secrets Manager configuration in Snowflake. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export type SnowflakeKeyPassphrase = string;
   export type SnowflakeMetaDataColumnName = string;
@@ -2153,7 +2204,7 @@ declare namespace Firehose {
     /**
      * This is a GUID that you obtain from your Splunk cluster when you create a new HEC endpoint.
      */
-    HECToken: HECToken;
+    HECToken?: HECToken;
     /**
      * The amount of time that Firehose waits to receive an acknowledgment from Splunk after it sends it data. At the end of the timeout period, Firehose either tries to send the data again or considers it an error, based on your retry settings.
      */
@@ -2182,6 +2233,10 @@ declare namespace Firehose {
      * The buffering options. If no value is specified, the default values for Splunk are used.
      */
     BufferingHints?: SplunkBufferingHints;
+    /**
+     *  The configuration that defines how you access secrets for Splunk. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export interface SplunkDestinationDescription {
     /**
@@ -2224,6 +2279,10 @@ declare namespace Firehose {
      * The buffering options. If no value is specified, the default values for Splunk are used.
      */
     BufferingHints?: SplunkBufferingHints;
+    /**
+     *  The configuration that defines how you access secrets for Splunk. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export interface SplunkDestinationUpdate {
     /**
@@ -2266,6 +2325,10 @@ declare namespace Firehose {
      * The buffering options. If no value is specified, the default values for Splunk are used.
      */
     BufferingHints?: SplunkBufferingHints;
+    /**
+     *  The configuration that defines how you access secrets for Splunk. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export type SplunkRetryDurationInSeconds = number;
   export interface SplunkRetryOptions {
@@ -2382,7 +2445,7 @@ declare namespace Firehose {
      */
     AmazonOpenSearchServerlessDestinationUpdate?: AmazonOpenSearchServerlessDestinationUpdate;
     /**
-     * Update to the Snowflake destination condiguration settings
+     * Update to the Snowflake destination configuration settings.
      */
     SnowflakeDestinationUpdate?: SnowflakeDestinationUpdate;
   }