aws-sdk 2.1637.0 → 2.1639.0

package/clients/applicationsignals.js

@@ -0,0 +1,18 @@
+require('../lib/node_loader');
+var AWS = require('../lib/core');
+var Service = AWS.Service;
+var apiLoader = AWS.apiLoader;
+
+apiLoader.services['applicationsignals'] = {};
+AWS.ApplicationSignals = Service.defineService('applicationsignals', ['2024-04-15']);
+Object.defineProperty(apiLoader.services['applicationsignals'], '2024-04-15', {
+  get: function get() {
+    var model = require('../apis/application-signals-2024-04-15.min.json');
+    model.paginators = require('../apis/application-signals-2024-04-15.paginators.json').pagination;
+    return model;
+  },
+  enumerable: true,
+  configurable: true
+});
+
+module.exports = AWS.ApplicationSignals;

package/clients/ecs.d.ts

@@ -341,11 +341,11 @@ declare class ECS extends Service {
    */
   startTask(callback?: (err: AWSError, data: ECS.Types.StartTaskResponse) => void): Request<ECS.Types.StartTaskResponse, AWSError>;
   /**
-   * Stops a running task. Any tags associated with the task will be deleted. When StopTask is called on a task, the equivalent of docker stop is issued to the containers running in the task. This results in a SIGTERM value and a default 30-second timeout, after which the SIGKILL value is sent and the containers are forcibly stopped. If the container handles the SIGTERM value gracefully and exits within 30 seconds from receiving it, no SIGKILL value is sent.  The default 30-second timeout can be configured on the Amazon ECS container agent with the ECS_CONTAINER_STOP_TIMEOUT variable. For more information, see Amazon ECS Container Agent Configuration in the Amazon Elastic Container Service Developer Guide. 
+   * Stops a running task. Any tags associated with the task will be deleted. When StopTask is called on a task, the equivalent of docker stop is issued to the containers running in the task. This results in a SIGTERM value and a default 30-second timeout, after which the SIGKILL value is sent and the containers are forcibly stopped. If the container handles the SIGTERM value gracefully and exits within 30 seconds from receiving it, no SIGKILL value is sent. For Windows containers, POSIX signals do not work and runtime stops the container by sending a CTRL_SHUTDOWN_EVENT. For more information, see Unable to react to graceful shutdown of (Windows) container #25982 on GitHub.  The default 30-second timeout can be configured on the Amazon ECS container agent with the ECS_CONTAINER_STOP_TIMEOUT variable. For more information, see Amazon ECS Container Agent Configuration in the Amazon Elastic Container Service Developer Guide. 
    */
   stopTask(params: ECS.Types.StopTaskRequest, callback?: (err: AWSError, data: ECS.Types.StopTaskResponse) => void): Request<ECS.Types.StopTaskResponse, AWSError>;
   /**
-   * Stops a running task. Any tags associated with the task will be deleted. When StopTask is called on a task, the equivalent of docker stop is issued to the containers running in the task. This results in a SIGTERM value and a default 30-second timeout, after which the SIGKILL value is sent and the containers are forcibly stopped. If the container handles the SIGTERM value gracefully and exits within 30 seconds from receiving it, no SIGKILL value is sent.  The default 30-second timeout can be configured on the Amazon ECS container agent with the ECS_CONTAINER_STOP_TIMEOUT variable. For more information, see Amazon ECS Container Agent Configuration in the Amazon Elastic Container Service Developer Guide. 
+   * Stops a running task. Any tags associated with the task will be deleted. When StopTask is called on a task, the equivalent of docker stop is issued to the containers running in the task. This results in a SIGTERM value and a default 30-second timeout, after which the SIGKILL value is sent and the containers are forcibly stopped. If the container handles the SIGTERM value gracefully and exits within 30 seconds from receiving it, no SIGKILL value is sent. For Windows containers, POSIX signals do not work and runtime stops the container by sending a CTRL_SHUTDOWN_EVENT. For more information, see Unable to react to graceful shutdown of (Windows) container #25982 on GitHub.  The default 30-second timeout can be configured on the Amazon ECS container agent with the ECS_CONTAINER_STOP_TIMEOUT variable. For more information, see Amazon ECS Container Agent Configuration in the Amazon Elastic Container Service Developer Guide. 
    */
   stopTask(callback?: (err: AWSError, data: ECS.Types.StopTaskResponse) => void): Request<ECS.Types.StopTaskResponse, AWSError>;
   /**
@@ -720,6 +720,10 @@ declare namespace ECS {
      * The details of the execute command configuration.
      */
     executeCommandConfiguration?: ExecuteCommandConfiguration;
+    /**
+     * The details of the managed storage configuration.
+     */
+    managedStorageConfiguration?: ManagedStorageConfiguration;
   }
   export type ClusterField = "ATTACHMENTS"|"CONFIGURATIONS"|"SETTINGS"|"STATISTICS"|"TAGS"|string;
   export type ClusterFieldList = ClusterField[];
@@ -1564,6 +1568,10 @@ declare namespace ECS {
      * The details of the volume that was configuredAtLaunch. You can configure different settings like the size, throughput, volumeType, and ecryption in ServiceManagedEBSVolumeConfiguration. The name of the volume must match the name from the task definition.
      */
     volumeConfigurations?: ServiceVolumeConfigurations;
+    /**
+     * The Fargate ephemeral storage settings for the deployment.
+     */
+    fargateEphemeralStorage?: DeploymentEphemeralStorage;
   }
   export interface DeploymentAlarms {
     /**
@@ -1614,6 +1622,12 @@ declare namespace ECS {
     type: DeploymentControllerType;
   }
   export type DeploymentControllerType = "ECS"|"CODE_DEPLOY"|"EXTERNAL"|string;
+  export interface DeploymentEphemeralStorage {
+    /**
+     * Specify an Key Management Service key ID to encrypt the ephemeral storage for deployment.
+     */
+    kmsKeyId?: String;
+  }
   export type DeploymentRolloutState = "COMPLETED"|"FAILED"|"IN_PROGRESS"|string;
   export type Deployments = Deployment[];
   export interface DeregisterContainerInstanceRequest {
@@ -2656,6 +2670,16 @@ declare namespace ECS {
   export type ManagedScalingStatus = "ENABLED"|"DISABLED"|string;
   export type ManagedScalingStepSize = number;
   export type ManagedScalingTargetCapacity = number;
+  export interface ManagedStorageConfiguration {
+    /**
+     * Specify a Key Management Service key ID to encrypt the managed storage.
+     */
+    kmsKeyId?: String;
+    /**
+     * Specify the Key Management Service key ID for the Fargate ephemeral storage.
+     */
+    fargateEphemeralStorageKmsKeyId?: String;
+  }
   export type ManagedTerminationProtection = "ENABLED"|"DISABLED"|string;
   export interface MountPoint {
     /**
@@ -3001,7 +3025,7 @@ declare namespace ECS {
      */
     ephemeralStorage?: EphemeralStorage;
     /**
-     * The operating system that your tasks definitions run on. A platform family is specified only for tasks using the Fargate launch type.  When you specify a task definition in a service, this value must match the runtimePlatform value of the service.
+     * The operating system that your tasks definitions run on. A platform family is specified only for tasks using the Fargate launch type. 
      */
     runtimePlatform?: RuntimePlatform;
   }
@@ -3050,11 +3074,11 @@ declare namespace ECS {
   }
   export interface ResourceRequirement {
     /**
-     * The value for the specified resource type. If the GPU type is used, the value is the number of physical GPUs the Amazon ECS container agent reserves for the container. The number of GPUs that's reserved for all containers in a task can't exceed the number of available GPUs on the container instance that the task is launched on. If the InferenceAccelerator type is used, the value matches the deviceName for an InferenceAccelerator specified in a task definition.
+     * The value for the specified resource type. When the type is GPU, the value is the number of physical GPUs the Amazon ECS container agent reserves for the container. The number of GPUs that's reserved for all containers in a task can't exceed the number of available GPUs on the container instance that the task is launched on. When the type is InferenceAccelerator, the value matches the deviceName for an InferenceAccelerator specified in a task definition.
      */
     value: String;
     /**
-     * The type of resource to assign to a container. The supported values are GPU or InferenceAccelerator.
+     * The type of resource to assign to a container. 
      */
     type: ResourceType;
   }
@@ -3896,6 +3920,10 @@ declare namespace ECS {
      * The ephemeral storage settings for the task.
      */
     ephemeralStorage?: EphemeralStorage;
+    /**
+     * The Fargate ephemeral storage settings for the task.
+     */
+    fargateEphemeralStorage?: TaskEphemeralStorage;
   }
   export interface TaskDefinition {
     /**
@@ -4012,6 +4040,16 @@ declare namespace ECS {
   export type TaskDefinitionPlacementConstraintType = "memberOf"|string;
   export type TaskDefinitionPlacementConstraints = TaskDefinitionPlacementConstraint[];
   export type TaskDefinitionStatus = "ACTIVE"|"INACTIVE"|"DELETE_IN_PROGRESS"|string;
+  export interface TaskEphemeralStorage {
+    /**
+     * The total amount, in GiB, of the ephemeral storage to set for the task. The minimum supported value is 20 GiB and the maximum supported value is&#x2028; 200 GiB.
+     */
+    sizeInGiB?: Integer;
+    /**
+     * Specify an Key Management Service key ID to encrypt the ephemeral storage for the task.
+     */
+    kmsKeyId?: String;
+  }
   export type TaskField = "TAGS"|string;
   export type TaskFieldList = TaskField[];
   export type TaskFilesystemType = "ext3"|"ext4"|"xfs"|string;
@@ -4194,6 +4232,10 @@ declare namespace ECS {
      * The metadata that you apply to the task set to help you categorize and organize them. Each tag consists of a key and an optional value. You define both. The following basic restrictions apply to tags:   Maximum number of tags per resource - 50   For each resource, each tag key must be unique, and each tag key can have only one value.   Maximum key length - 128 Unicode characters in UTF-8   Maximum value length - 256 Unicode characters in UTF-8   If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.   Tag keys and values are case-sensitive.   Do not use aws:, AWS:, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.  
      */
     tags?: Tags;
+    /**
+     * The Fargate ephemeral storage settings for the task set.
+     */
+    fargateEphemeralStorage?: DeploymentEphemeralStorage;
   }
   export type TaskSetField = "TAGS"|string;
   export type TaskSetFieldList = TaskSetField[];

package/clients/guardduty.d.ts

@@ -59,6 +59,14 @@ declare class GuardDuty extends Service {
    * Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with Amazon Web Services infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation.
    */
   createIPSet(callback?: (err: AWSError, data: GuardDuty.Types.CreateIPSetResponse) => void): Request<GuardDuty.Types.CreateIPSetResponse, AWSError>;
+  /**
+   * Creates a new Malware Protection plan for the protected resource. When you create a Malware Protection plan, the Amazon Web Services service terms for GuardDuty Malware Protection apply. For more information, see Amazon Web Services service terms for GuardDuty Malware Protection.
+   */
+  createMalwareProtectionPlan(params: GuardDuty.Types.CreateMalwareProtectionPlanRequest, callback?: (err: AWSError, data: GuardDuty.Types.CreateMalwareProtectionPlanResponse) => void): Request<GuardDuty.Types.CreateMalwareProtectionPlanResponse, AWSError>;
+  /**
+   * Creates a new Malware Protection plan for the protected resource. When you create a Malware Protection plan, the Amazon Web Services service terms for GuardDuty Malware Protection apply. For more information, see Amazon Web Services service terms for GuardDuty Malware Protection.
+   */
+  createMalwareProtectionPlan(callback?: (err: AWSError, data: GuardDuty.Types.CreateMalwareProtectionPlanResponse) => void): Request<GuardDuty.Types.CreateMalwareProtectionPlanResponse, AWSError>;
   /**
    * Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization. As a delegated administrator, using CreateMembers will enable GuardDuty in the added member accounts, with the exception of the organization delegated administrator account. A delegated administrator must enable GuardDuty prior to being added as a member. When you use CreateMembers as an Organizations delegated administrator, GuardDuty applies your organization's auto-enable settings to the member accounts in this request, irrespective of the accounts being new or existing members. For more information about the existing auto-enable settings for your organization, see DescribeOrganizationConfiguration. If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API.  When the member accounts added through Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API.
    */
@@ -131,6 +139,14 @@ declare class GuardDuty extends Service {
    * Deletes invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.
    */
   deleteInvitations(callback?: (err: AWSError, data: GuardDuty.Types.DeleteInvitationsResponse) => void): Request<GuardDuty.Types.DeleteInvitationsResponse, AWSError>;
+  /**
+   * Deletes the Malware Protection plan ID associated with the Malware Protection plan resource. Use this API only when you no longer want to protect the resource associated with this Malware Protection plan ID.
+   */
+  deleteMalwareProtectionPlan(params: GuardDuty.Types.DeleteMalwareProtectionPlanRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
+  /**
+   * Deletes the Malware Protection plan ID associated with the Malware Protection plan resource. Use this API only when you no longer want to protect the resource associated with this Malware Protection plan ID.
+   */
+  deleteMalwareProtectionPlan(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
    * Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs. With autoEnableOrganizationMembers configuration for your organization set to ALL, you'll receive an error if you attempt to disable GuardDuty for a member account in your organization.
    */
@@ -283,6 +299,14 @@ declare class GuardDuty extends Service {
    * Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.
    */
   getInvitationsCount(callback?: (err: AWSError, data: GuardDuty.Types.GetInvitationsCountResponse) => void): Request<GuardDuty.Types.GetInvitationsCountResponse, AWSError>;
+  /**
+   * Retrieves the Malware Protection plan details associated with a Malware Protection plan ID.
+   */
+  getMalwareProtectionPlan(params: GuardDuty.Types.GetMalwareProtectionPlanRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetMalwareProtectionPlanResponse) => void): Request<GuardDuty.Types.GetMalwareProtectionPlanResponse, AWSError>;
+  /**
+   * Retrieves the Malware Protection plan details associated with a Malware Protection plan ID.
+   */
+  getMalwareProtectionPlan(callback?: (err: AWSError, data: GuardDuty.Types.GetMalwareProtectionPlanResponse) => void): Request<GuardDuty.Types.GetMalwareProtectionPlanResponse, AWSError>;
   /**
    * Returns the details of the malware scan settings. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
    */
@@ -399,6 +423,14 @@ declare class GuardDuty extends Service {
    * Lists all GuardDuty membership invitations that were sent to the current Amazon Web Services account.
    */
   listInvitations(callback?: (err: AWSError, data: GuardDuty.Types.ListInvitationsResponse) => void): Request<GuardDuty.Types.ListInvitationsResponse, AWSError>;
+  /**
+   * Lists the Malware Protection plan IDs associated with the protected resources in your Amazon Web Services account.
+   */
+  listMalwareProtectionPlans(params: GuardDuty.Types.ListMalwareProtectionPlansRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListMalwareProtectionPlansResponse) => void): Request<GuardDuty.Types.ListMalwareProtectionPlansResponse, AWSError>;
+  /**
+   * Lists the Malware Protection plan IDs associated with the protected resources in your Amazon Web Services account.
+   */
+  listMalwareProtectionPlans(callback?: (err: AWSError, data: GuardDuty.Types.ListMalwareProtectionPlansResponse) => void): Request<GuardDuty.Types.ListMalwareProtectionPlansResponse, AWSError>;
   /**
    * Lists details about all member accounts for the current GuardDuty administrator account.
    */
@@ -519,6 +551,14 @@ declare class GuardDuty extends Service {
    * Updates the IPSet specified by the IPSet ID.
    */
   updateIPSet(callback?: (err: AWSError, data: GuardDuty.Types.UpdateIPSetResponse) => void): Request<GuardDuty.Types.UpdateIPSetResponse, AWSError>;
+  /**
+   * Updates an existing Malware Protection plan resource.
+   */
+  updateMalwareProtectionPlan(params: GuardDuty.Types.UpdateMalwareProtectionPlanRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
+  /**
+   * Updates an existing Malware Protection plan resource.
+   */
+  updateMalwareProtectionPlan(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
    * Updates the malware scan settings. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
    */
@@ -1261,6 +1301,34 @@ declare namespace GuardDuty {
      */
     IpSetId: String;
   }
+  export interface CreateMalwareProtectionPlanRequest {
+    /**
+     * The idempotency token for the create request.
+     */
+    ClientToken?: ClientToken;
+    /**
+     * IAM role with permissions required to scan and add tags to the associated protected resource.
+     */
+    Role: String;
+    /**
+     * Information about the protected resource that is associated with the created Malware Protection plan. Presently, S3Bucket is the only supported protected resource.
+     */
+    ProtectedResource: CreateProtectedResource;
+    /**
+     * Information about whether the tags will be added to the S3 object after scanning.
+     */
+    Actions?: MalwareProtectionPlanActions;
+    /**
+     * Tags added to the Malware Protection plan resource. 
+     */
+    Tags?: TagMap;
+  }
+  export interface CreateMalwareProtectionPlanResponse {
+    /**
+     * A unique identifier associated with the Malware Protection plan resource.
+     */
+    MalwareProtectionPlanId?: String;
+  }
   export interface CreateMembersRequest {
     /**
      * The unique ID of the detector of the GuardDuty account that you want to associate member accounts with.
@@ -1277,6 +1345,12 @@ declare namespace GuardDuty {
      */
     UnprocessedAccounts: UnprocessedAccounts;
   }
+  export interface CreateProtectedResource {
+    /**
+     * Information about the protected S3 bucket resource.
+     */
+    S3Bucket?: CreateS3BucketResource;
+  }
   export interface CreatePublishingDestinationRequest {
     /**
      * The ID of the GuardDuty detector associated with the publishing destination.
@@ -1301,6 +1375,16 @@ declare namespace GuardDuty {
      */
     DestinationId: String;
   }
+  export interface CreateS3BucketResource {
+    /**
+     * Name of the S3 bucket.
+     */
+    BucketName?: String;
+    /**
+     * Information about the specified object prefixes. The S3 object will be scanned only if it belongs to any of the specified object prefixes.
+     */
+    ObjectPrefixes?: MalwareProtectionPlanObjectPrefixesList;
+  }
   export interface CreateSampleFindingsRequest {
     /**
      * The ID of the detector to create sample findings for.
@@ -1498,6 +1582,12 @@ declare namespace GuardDuty {
      */
     UnprocessedAccounts: UnprocessedAccounts;
   }
+  export interface DeleteMalwareProtectionPlanRequest {
+    /**
+     * A unique identifier associated with Malware Protection plan resource.
+     */
+    MalwareProtectionPlanId: String;
+  }
   export interface DeleteMembersRequest {
     /**
      * The unique ID of the detector of the GuardDuty account whose members you want to delete.
@@ -2317,6 +2407,46 @@ declare namespace GuardDuty {
      */
     InvitationsCount?: Integer;
   }
+  export interface GetMalwareProtectionPlanRequest {
+    /**
+     * A unique identifier associated with Malware Protection plan resource.
+     */
+    MalwareProtectionPlanId: String;
+  }
+  export interface GetMalwareProtectionPlanResponse {
+    /**
+     * Amazon Resource Name (ARN) of the protected resource.
+     */
+    Arn?: String;
+    /**
+     * IAM role that includes the permissions required to scan and add tags to the associated protected resource.
+     */
+    Role?: String;
+    /**
+     * Information about the protected resource that is associated with the created Malware Protection plan. Presently, S3Bucket is the only supported protected resource.
+     */
+    ProtectedResource?: CreateProtectedResource;
+    /**
+     * Information about whether the tags will be added to the S3 object after scanning.
+     */
+    Actions?: MalwareProtectionPlanActions;
+    /**
+     * The timestamp when the Malware Protection plan resource was created.
+     */
+    CreatedAt?: Timestamp;
+    /**
+     * Malware Protection plan status.
+     */
+    Status?: MalwareProtectionPlanStatus;
+    /**
+     * Information about the issue code and message associated to the status of your Malware Protection plan.
+     */
+    StatusReasons?: MalwareProtectionPlanStatusReasonsList;
+    /**
+     * Tags added to the Malware Protection plan resource.
+     */
+    Tags?: TagMap;
+  }
   export interface GetMalwareScanSettingsRequest {
     /**
      * The unique ID of the detector that the scan setting is associated with.
@@ -2626,6 +2756,17 @@ declare namespace GuardDuty {
   export type IpSetStatus = "INACTIVE"|"ACTIVATING"|"ACTIVE"|"DEACTIVATING"|"ERROR"|"DELETE_PENDING"|"DELETED"|string;
   export type Ipv6Addresses = String[];
   export type Issues = String[];
+  export interface ItemPath {
+    /**
+     * The nested item path where the infected file was found.
+     */
+    NestedItemPath?: String;
+    /**
+     * The hash value of the infected resource.
+     */
+    Hash?: String;
+  }
+  export type ItemPaths = ItemPath[];
   export interface KubernetesApiCallAction {
     /**
      * The Kubernetes API request URI.
@@ -3056,6 +3197,22 @@ declare namespace GuardDuty {
      */
     NextToken?: String;
   }
+  export interface ListMalwareProtectionPlansRequest {
+    /**
+     * You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
+     */
+    NextToken?: String;
+  }
+  export interface ListMalwareProtectionPlansResponse {
+    /**
+     * A list of unique identifiers associated with each Malware Protection plan.
+     */
+    MalwareProtectionPlans?: MalwareProtectionPlansSummary;
+    /**
+     * You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
+     */
+    NextToken?: String;
+  }
   export interface ListMembersRequest {
     /**
      * The unique ID of the detector the member is associated with.
@@ -3228,6 +3385,45 @@ declare namespace GuardDuty {
      */
     ScanEc2InstanceWithFindings?: DataSourceFreeTrial;
   }
+  export interface MalwareProtectionPlanActions {
+    /**
+     * Indicates whether the scanned S3 object will have tags about the scan result.
+     */
+    Tagging?: MalwareProtectionPlanTaggingAction;
+  }
+  export type MalwareProtectionPlanObjectPrefixesList = String[];
+  export type MalwareProtectionPlanStatus = "ACTIVE"|"WARNING"|"ERROR"|string;
+  export interface MalwareProtectionPlanStatusReason {
+    /**
+     * Issue code.
+     */
+    Code?: String;
+    /**
+     * Issue message that specifies the reason. For information about potential troubleshooting steps, see Troubleshooting Malware Protection for S3 status issues in the GuardDuty User Guide.
+     */
+    Message?: String;
+  }
+  export type MalwareProtectionPlanStatusReasonsList = MalwareProtectionPlanStatusReason[];
+  export interface MalwareProtectionPlanSummary {
+    /**
+     * A unique identifier associated with Malware Protection plan.
+     */
+    MalwareProtectionPlanId?: String;
+  }
+  export interface MalwareProtectionPlanTaggingAction {
+    /**
+     * Indicates whether or not the tags will added.
+     */
+    Status?: MalwareProtectionPlanTaggingActionStatus;
+  }
+  export type MalwareProtectionPlanTaggingActionStatus = "ENABLED"|"DISABLED"|string;
+  export type MalwareProtectionPlansSummary = MalwareProtectionPlanSummary[];
+  export interface MalwareScanDetails {
+    /**
+     * Information about the detected threats associated with the generated GuardDuty finding.
+     */
+    Threats?: Threats;
+  }
   export type ManagementType = "AUTO_MANAGED"|"MANUAL"|"DISABLED"|string;
   export type MapEquals = ScanConditionPair[];
   export interface Master {
@@ -3958,7 +4154,7 @@ declare namespace GuardDuty {
   export type ResourceArn = string;
   export interface ResourceDetails {
     /**
-     * InstanceArn that was scanned in the scan entry.
+     * Instance ARN that was scanned in the scan entry.
      */
     InstanceArn?: InstanceArn;
   }
@@ -4109,6 +4305,10 @@ declare namespace GuardDuty {
      * Describes the public access policies that apply to the S3 bucket.
      */
     PublicAccess?: PublicAccess;
+    /**
+     * Information about the S3 object that was scanned.
+     */
+    S3ObjectDetails?: S3ObjectDetails;
   }
   export type S3BucketDetails = S3BucketDetail[];
   export interface S3LogsConfiguration {
@@ -4123,6 +4323,29 @@ declare namespace GuardDuty {
      */
     Status: DataSourceStatus;
   }
+  export interface S3ObjectDetail {
+    /**
+     * Amazon Resource Name (ARN) of the S3 object.
+     */
+    ObjectArn?: String;
+    /**
+     * Key of the S3 object.
+     */
+    Key?: String;
+    /**
+     * The entity tag is a hash of the S3 object. The ETag reflects changes only to the contents of an object, and not its metadata.
+     */
+    ETag?: String;
+    /**
+     * Hash of the threat detected in this finding.
+     */
+    Hash?: String;
+    /**
+     * Version ID of the object.
+     */
+    VersionId?: String;
+  }
+  export type S3ObjectDetails = S3ObjectDetail[];
   export interface Scan {
     /**
      * The unique ID of the detector that the request is associated with.
@@ -4239,7 +4462,7 @@ declare namespace GuardDuty {
      */
     FilePath?: String;
     /**
-     * EBS volume Arn details of the infected file.
+     * EBS volume ARN details of the infected file.
      */
     VolumeArn?: String;
     /**
@@ -4387,6 +4610,10 @@ declare namespace GuardDuty {
      * Contains information about the detected unusual behavior.
      */
     Detection?: Detection;
+    /**
+     * Returns details from the malware scan that generated a GuardDuty finding.
+     */
+    MalwareScanDetails?: MalwareScanDetails;
   }
   export interface ServiceAdditionalInfo {
     /**
@@ -4484,6 +4711,20 @@ declare namespace GuardDuty {
   }
   export type TagValue = string;
   export type Tags = Tag[];
+  export interface Threat {
+    /**
+     * Name of the detected threat that caused GuardDuty to generate this finding.
+     */
+    Name?: String;
+    /**
+     * Source of the threat that generated this finding.
+     */
+    Source?: String;
+    /**
+     * Information about the nested item path and hash of the protected resource.
+     */
+    ItemPaths?: ItemPaths;
+  }
   export interface ThreatDetectedByName {
     /**
      * Total number of infected files identified.
@@ -4521,6 +4762,7 @@ declare namespace GuardDuty {
   }
   export type ThreatIntelligenceDetails = ThreatIntelligenceDetail[];
   export type ThreatNames = String[];
+  export type Threats = Threat[];
   export interface ThreatsDetectedItemCount {
     /**
      * Total number of infected files.
@@ -4686,6 +4928,24 @@ declare namespace GuardDuty {
   }
   export interface UpdateIPSetResponse {
   }
+  export interface UpdateMalwareProtectionPlanRequest {
+    /**
+     * A unique identifier associated with the Malware Protection plan.
+     */
+    MalwareProtectionPlanId: String;
+    /**
+     * IAM role with permissions required to scan and add tags to the associated protected resource.
+     */
+    Role?: String;
+    /**
+     * Information about whether the tags will be added to the S3 object after scanning.
+     */
+    Actions?: MalwareProtectionPlanActions;
+    /**
+     * Information about the protected resource that is associated with the created Malware Protection plan. Presently, S3Bucket is the only supported protected resource.
+     */
+    ProtectedResource?: UpdateProtectedResource;
+  }
   export interface UpdateMalwareScanSettingsRequest {
     /**
      * The unique ID of the detector that specifies the GuardDuty service where you want to update scan settings.
@@ -4750,6 +5010,12 @@ declare namespace GuardDuty {
   }
   export interface UpdateOrganizationConfigurationResponse {
   }
+  export interface UpdateProtectedResource {
+    /**
+     * Information about the protected S3 bucket resource.
+     */
+    S3Bucket?: UpdateS3BucketResource;
+  }
   export interface UpdatePublishingDestinationRequest {
     /**
      * The ID of the detector associated with the publishing destinations to update.
@@ -4766,6 +5032,12 @@ declare namespace GuardDuty {
   }
   export interface UpdatePublishingDestinationResponse {
   }
+  export interface UpdateS3BucketResource {
+    /**
+     * Information about the specified object prefixes. The S3 object will be scanned only if it belongs to any of the specified object prefixes.
+     */
+    ObjectPrefixes?: MalwareProtectionPlanObjectPrefixesList;
+  }
   export interface UpdateThreatIntelSetRequest {
     /**
      * The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update.
@@ -4909,7 +5181,7 @@ declare namespace GuardDuty {
   }
   export interface VolumeDetail {
     /**
-     * EBS volume Arn information.
+     * EBS volume ARN information.
      */
     VolumeArn?: String;
     /**
@@ -4929,11 +5201,11 @@ declare namespace GuardDuty {
      */
     EncryptionType?: String;
     /**
-     * Snapshot Arn of the EBS volume.
+     * Snapshot ARN of the EBS volume.
      */
     SnapshotArn?: String;
     /**
-     * KMS key Arn used to encrypt the EBS volume.
+     * KMS key ARN used to encrypt the EBS volume.
      */
     KmsKeyArn?: String;
   }