aws-sdk 2.1642.0 → 2.1644.0

package/apis/sagemaker-2017-07-24.paginators.json

@@ -216,6 +216,12 @@
       "limit_key": "MaxResults",
       "result_key": "LineageGroupSummaries"
     },
+    "ListMlflowTrackingServers": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "TrackingServerSummaries"
+    },
     "ListModelBiasJobDefinitions": {
       "input_token": "NextToken",
       "output_token": "NextToken",

package/apis/shield-2016-06-02.min.json

@@ -5,12 +5,18 @@
     "endpointPrefix": "shield",
     "jsonVersion": "1.1",
     "protocol": "json",
+    "protocols": [
+      "json"
+    ],
     "serviceAbbreviation": "AWS Shield",
     "serviceFullName": "AWS Shield",
     "serviceId": "Shield",
     "signatureVersion": "v4",
     "targetPrefix": "AWSShield_20160616",
-    "uid": "shield-2016-06-02"
+    "uid": "shield-2016-06-02",
+    "auth": [
+      "aws.auth#sigv4"
+    ]
   },
   "operations": {
     "AssociateDRTLogBucket": {

package/apis/snowball-2016-06-30.min.json

@@ -5,12 +5,18 @@
     "endpointPrefix": "snowball",
     "jsonVersion": "1.1",
     "protocol": "json",
+    "protocols": [
+      "json"
+    ],
     "serviceAbbreviation": "Amazon Snowball",
     "serviceFullName": "Amazon Import/Export Snowball",
     "serviceId": "Snowball",
     "signatureVersion": "v4",
     "targetPrefix": "AWSIESnowballJobManagementService",
-    "uid": "snowball-2016-06-30"
+    "uid": "snowball-2016-06-30",
+    "auth": [
+      "aws.auth#sigv4"
+    ]
   },
   "operations": {
     "CancelCluster": {

package/apis/waf-2015-08-24.min.json

@@ -5,12 +5,18 @@
     "endpointPrefix": "waf",
     "jsonVersion": "1.1",
     "protocol": "json",
+    "protocols": [
+      "json"
+    ],
     "serviceAbbreviation": "WAF",
     "serviceFullName": "AWS WAF",
     "serviceId": "WAF",
     "signatureVersion": "v4",
     "targetPrefix": "AWSWAF_20150824",
-    "uid": "waf-2015-08-24"
+    "uid": "waf-2015-08-24",
+    "auth": [
+      "aws.auth#sigv4"
+    ]
   },
   "operations": {
     "CreateByteMatchSet": {

package/clients/acmpca.d.ts

@@ -109,11 +109,11 @@ declare class ACMPCA extends Service {
    */
   getPolicy(callback?: (err: AWSError, data: ACMPCA.Types.GetPolicyResponse) => void): Request<ACMPCA.Types.GetPolicyResponse, AWSError>;
   /**
-   * Imports a signed private CA certificate into Amazon Web Services Private CA. This action is used when you are using a chain of trust whose root is located outside Amazon Web Services Private CA. Before you can call this action, the following preparations must in place:   In Amazon Web Services Private CA, call the CreateCertificateAuthority action to create the private CA that you plan to back with the imported certificate.   Call the GetCertificateAuthorityCsr action to generate a certificate signing request (CSR).   Sign the CSR using a root or intermediate CA hosted by either an on-premises PKI hierarchy or by a commercial CA.   Create a certificate chain and copy the signed certificate and the certificate chain to your working directory.   Amazon Web Services Private CA supports three scenarios for installing a CA certificate:   Installing a certificate for a root CA hosted by Amazon Web Services Private CA.   Installing a subordinate CA certificate whose parent authority is hosted by Amazon Web Services Private CA.   Installing a subordinate CA certificate whose parent authority is externally hosted.   The following additional requirements apply when you import a CA certificate.   Only a self-signed certificate can be imported as a root CA.   A self-signed certificate cannot be imported as a subordinate CA.   Your certificate chain must not include the private CA certificate that you are importing.   Your root CA must be the last certificate in your chain. The subordinate certificate, if any, that your root CA signed must be next to last. The subordinate certificate signed by the preceding subordinate CA must come next, and so on until your chain is built.    The chain must be PEM-encoded.   The maximum allowed size of a certificate is 32 KB.   The maximum allowed size of a certificate chain is 2 MB.    Enforcement of Critical Constraints  Amazon Web Services Private CA allows the following extensions to be marked critical in the imported CA certificate or chain.   Basic constraints (must be marked critical)   Subject alternative names   Key usage   Extended key usage   Authority key identifier   Subject key identifier   Issuer alternative name   Subject directory attributes   Subject information access   Certificate policies   Policy mappings   Inhibit anyPolicy   Amazon Web Services Private CA rejects the following extensions when they are marked critical in an imported CA certificate or chain.   Name constraints   Policy constraints   CRL distribution points   Authority information access   Freshest CRL   Any other extension  
+   * Imports a signed private CA certificate into Amazon Web Services Private CA. This action is used when you are using a chain of trust whose root is located outside Amazon Web Services Private CA. Before you can call this action, the following preparations must in place:   In Amazon Web Services Private CA, call the CreateCertificateAuthority action to create the private CA that you plan to back with the imported certificate.   Call the GetCertificateAuthorityCsr action to generate a certificate signing request (CSR).   Sign the CSR using a root or intermediate CA hosted by either an on-premises PKI hierarchy or by a commercial CA.   Create a certificate chain and copy the signed certificate and the certificate chain to your working directory.   Amazon Web Services Private CA supports three scenarios for installing a CA certificate:   Installing a certificate for a root CA hosted by Amazon Web Services Private CA.   Installing a subordinate CA certificate whose parent authority is hosted by Amazon Web Services Private CA.   Installing a subordinate CA certificate whose parent authority is externally hosted.   The following additional requirements apply when you import a CA certificate.   Only a self-signed certificate can be imported as a root CA.   A self-signed certificate cannot be imported as a subordinate CA.   Your certificate chain must not include the private CA certificate that you are importing.   Your root CA must be the last certificate in your chain. The subordinate certificate, if any, that your root CA signed must be next to last. The subordinate certificate signed by the preceding subordinate CA must come next, and so on until your chain is built.    The chain must be PEM-encoded.   The maximum allowed size of a certificate is 32 KB.   The maximum allowed size of a certificate chain is 2 MB.    Enforcement of Critical Constraints  Amazon Web Services Private CA allows the following extensions to be marked critical in the imported CA certificate or chain.   Authority key identifier   Basic constraints (must be marked critical)   Certificate policies   Extended key usage   Inhibit anyPolicy   Issuer alternative name   Key usage   Name constraints   Policy mappings   Subject alternative name   Subject directory attributes   Subject key identifier   Subject information access   Amazon Web Services Private CA rejects the following extensions when they are marked critical in an imported CA certificate or chain.   Authority information access   CRL distribution points   Freshest CRL   Policy constraints   Amazon Web Services Private Certificate Authority will also reject any other extension marked as critical not contained on the preceding list of allowed extensions.
    */
   importCertificateAuthorityCertificate(params: ACMPCA.Types.ImportCertificateAuthorityCertificateRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
-   * Imports a signed private CA certificate into Amazon Web Services Private CA. This action is used when you are using a chain of trust whose root is located outside Amazon Web Services Private CA. Before you can call this action, the following preparations must in place:   In Amazon Web Services Private CA, call the CreateCertificateAuthority action to create the private CA that you plan to back with the imported certificate.   Call the GetCertificateAuthorityCsr action to generate a certificate signing request (CSR).   Sign the CSR using a root or intermediate CA hosted by either an on-premises PKI hierarchy or by a commercial CA.   Create a certificate chain and copy the signed certificate and the certificate chain to your working directory.   Amazon Web Services Private CA supports three scenarios for installing a CA certificate:   Installing a certificate for a root CA hosted by Amazon Web Services Private CA.   Installing a subordinate CA certificate whose parent authority is hosted by Amazon Web Services Private CA.   Installing a subordinate CA certificate whose parent authority is externally hosted.   The following additional requirements apply when you import a CA certificate.   Only a self-signed certificate can be imported as a root CA.   A self-signed certificate cannot be imported as a subordinate CA.   Your certificate chain must not include the private CA certificate that you are importing.   Your root CA must be the last certificate in your chain. The subordinate certificate, if any, that your root CA signed must be next to last. The subordinate certificate signed by the preceding subordinate CA must come next, and so on until your chain is built.    The chain must be PEM-encoded.   The maximum allowed size of a certificate is 32 KB.   The maximum allowed size of a certificate chain is 2 MB.    Enforcement of Critical Constraints  Amazon Web Services Private CA allows the following extensions to be marked critical in the imported CA certificate or chain.   Basic constraints (must be marked critical)   Subject alternative names   Key usage   Extended key usage   Authority key identifier   Subject key identifier   Issuer alternative name   Subject directory attributes   Subject information access   Certificate policies   Policy mappings   Inhibit anyPolicy   Amazon Web Services Private CA rejects the following extensions when they are marked critical in an imported CA certificate or chain.   Name constraints   Policy constraints   CRL distribution points   Authority information access   Freshest CRL   Any other extension  
+   * Imports a signed private CA certificate into Amazon Web Services Private CA. This action is used when you are using a chain of trust whose root is located outside Amazon Web Services Private CA. Before you can call this action, the following preparations must in place:   In Amazon Web Services Private CA, call the CreateCertificateAuthority action to create the private CA that you plan to back with the imported certificate.   Call the GetCertificateAuthorityCsr action to generate a certificate signing request (CSR).   Sign the CSR using a root or intermediate CA hosted by either an on-premises PKI hierarchy or by a commercial CA.   Create a certificate chain and copy the signed certificate and the certificate chain to your working directory.   Amazon Web Services Private CA supports three scenarios for installing a CA certificate:   Installing a certificate for a root CA hosted by Amazon Web Services Private CA.   Installing a subordinate CA certificate whose parent authority is hosted by Amazon Web Services Private CA.   Installing a subordinate CA certificate whose parent authority is externally hosted.   The following additional requirements apply when you import a CA certificate.   Only a self-signed certificate can be imported as a root CA.   A self-signed certificate cannot be imported as a subordinate CA.   Your certificate chain must not include the private CA certificate that you are importing.   Your root CA must be the last certificate in your chain. The subordinate certificate, if any, that your root CA signed must be next to last. The subordinate certificate signed by the preceding subordinate CA must come next, and so on until your chain is built.    The chain must be PEM-encoded.   The maximum allowed size of a certificate is 32 KB.   The maximum allowed size of a certificate chain is 2 MB.    Enforcement of Critical Constraints  Amazon Web Services Private CA allows the following extensions to be marked critical in the imported CA certificate or chain.   Authority key identifier   Basic constraints (must be marked critical)   Certificate policies   Extended key usage   Inhibit anyPolicy   Issuer alternative name   Key usage   Name constraints   Policy mappings   Subject alternative name   Subject directory attributes   Subject key identifier   Subject information access   Amazon Web Services Private CA rejects the following extensions when they are marked critical in an imported CA certificate or chain.   Authority information access   CRL distribution points   Freshest CRL   Policy constraints   Amazon Web Services Private Certificate Authority will also reject any other extension marked as critical not contained on the preceding list of allowed extensions.
    */
   importCertificateAuthorityCertificate(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**

package/clients/bedrockruntime.d.ts

@@ -13,19 +13,19 @@ declare class BedrockRuntime extends Service {
   constructor(options?: BedrockRuntime.Types.ClientConfiguration)
   config: Config & BedrockRuntime.Types.ClientConfiguration;
   /**
-   * Sends messages to the specified Amazon Bedrock model. Converse provides a consistent interface that works with all models that support messages. This allows you to write code once and use it with different models. Should a model have unique inference parameters, you can also pass those unique parameters to the model. For more information, see Run inference in the Bedrock User Guide. This operation requires permission for the bedrock:InvokeModel action. 
+   * Sends messages to the specified Amazon Bedrock model. Converse provides a consistent interface that works with all models that support messages. This allows you to write code once and use it with different models. Should a model have unique inference parameters, you can also pass those unique parameters to the model. For information about the Converse API, see Use the Converse API in the Amazon Bedrock User Guide. To use a guardrail, see Use a guardrail with the Converse API in the Amazon Bedrock User Guide. To use a tool with a model, see Tool use (Function calling) in the Amazon Bedrock User Guide  For example code, see Converse API examples in the Amazon Bedrock User Guide.  This operation requires permission for the bedrock:InvokeModel action. 
    */
   converse(params: BedrockRuntime.Types.ConverseRequest, callback?: (err: AWSError, data: BedrockRuntime.Types.ConverseResponse) => void): Request<BedrockRuntime.Types.ConverseResponse, AWSError>;
   /**
-   * Sends messages to the specified Amazon Bedrock model. Converse provides a consistent interface that works with all models that support messages. This allows you to write code once and use it with different models. Should a model have unique inference parameters, you can also pass those unique parameters to the model. For more information, see Run inference in the Bedrock User Guide. This operation requires permission for the bedrock:InvokeModel action. 
+   * Sends messages to the specified Amazon Bedrock model. Converse provides a consistent interface that works with all models that support messages. This allows you to write code once and use it with different models. Should a model have unique inference parameters, you can also pass those unique parameters to the model. For information about the Converse API, see Use the Converse API in the Amazon Bedrock User Guide. To use a guardrail, see Use a guardrail with the Converse API in the Amazon Bedrock User Guide. To use a tool with a model, see Tool use (Function calling) in the Amazon Bedrock User Guide  For example code, see Converse API examples in the Amazon Bedrock User Guide.  This operation requires permission for the bedrock:InvokeModel action. 
    */
   converse(callback?: (err: AWSError, data: BedrockRuntime.Types.ConverseResponse) => void): Request<BedrockRuntime.Types.ConverseResponse, AWSError>;
   /**
-   * Sends messages to the specified Amazon Bedrock model and returns the response in a stream. ConverseStream provides a consistent API that works with all Amazon Bedrock models that support messages. This allows you to write code once and use it with different models. Should a model have unique inference parameters, you can also pass those unique parameters to the model. For more information, see Run inference in the Bedrock User Guide. To find out if a model supports streaming, call GetFoundationModel and check the responseStreamingSupported field in the response. For example code, see Invoke model with streaming code example in the Amazon Bedrock User Guide.  This operation requires permission for the bedrock:InvokeModelWithResponseStream action.
+   * Sends messages to the specified Amazon Bedrock model and returns the response in a stream. ConverseStream provides a consistent API that works with all Amazon Bedrock models that support messages. This allows you to write code once and use it with different models. Should a model have unique inference parameters, you can also pass those unique parameters to the model.  To find out if a model supports streaming, call GetFoundationModel and check the responseStreamingSupported field in the response. For information about the Converse API, see Use the Converse API in the Amazon Bedrock User Guide. To use a guardrail, see Use a guardrail with the Converse API in the Amazon Bedrock User Guide. To use a tool with a model, see Tool use (Function calling) in the Amazon Bedrock User Guide  For example code, see Conversation streaming example in the Amazon Bedrock User Guide.  This operation requires permission for the bedrock:InvokeModelWithResponseStream action.
    */
   converseStream(params: BedrockRuntime.Types.ConverseStreamRequest, callback?: (err: AWSError, data: BedrockRuntime.Types.ConverseStreamResponse) => void): Request<BedrockRuntime.Types.ConverseStreamResponse, AWSError>;
   /**
-   * Sends messages to the specified Amazon Bedrock model and returns the response in a stream. ConverseStream provides a consistent API that works with all Amazon Bedrock models that support messages. This allows you to write code once and use it with different models. Should a model have unique inference parameters, you can also pass those unique parameters to the model. For more information, see Run inference in the Bedrock User Guide. To find out if a model supports streaming, call GetFoundationModel and check the responseStreamingSupported field in the response. For example code, see Invoke model with streaming code example in the Amazon Bedrock User Guide.  This operation requires permission for the bedrock:InvokeModelWithResponseStream action.
+   * Sends messages to the specified Amazon Bedrock model and returns the response in a stream. ConverseStream provides a consistent API that works with all Amazon Bedrock models that support messages. This allows you to write code once and use it with different models. Should a model have unique inference parameters, you can also pass those unique parameters to the model.  To find out if a model supports streaming, call GetFoundationModel and check the responseStreamingSupported field in the response. For information about the Converse API, see Use the Converse API in the Amazon Bedrock User Guide. To use a guardrail, see Use a guardrail with the Converse API in the Amazon Bedrock User Guide. To use a tool with a model, see Tool use (Function calling) in the Amazon Bedrock User Guide  For example code, see Conversation streaming example in the Amazon Bedrock User Guide.  This operation requires permission for the bedrock:InvokeModelWithResponseStream action.
    */
   converseStream(callback?: (err: AWSError, data: BedrockRuntime.Types.ConverseStreamResponse) => void): Request<BedrockRuntime.Types.ConverseStreamResponse, AWSError>;
   /**
@@ -68,6 +68,10 @@ declare namespace BedrockRuntime {
      * The result for a tool request that a model makes.
      */
     toolResult?: ToolResultBlock;
+    /**
+     * Contains the content to assess with the guardrail. If you don't specify guardContent in a call to the Converse API, the guardrail (if passed in the Converse API) assesses the entire message. For more information, see Use a guardrail with the Converse API in the Amazon Bedrock User Guide.  &lt;/p&gt; 
+     */
+    guardContent?: GuardrailConverseContentBlock;
   }
   export interface ContentBlockDelta {
     /**
@@ -147,12 +151,16 @@ declare namespace BedrockRuntime {
      * Configuration information for the tools that the model can use when generating a response.   This field is only supported by Anthropic Claude 3, Cohere Command R, Cohere Command R+, and Mistral Large models. 
      */
     toolConfig?: ToolConfiguration;
+    /**
+     * Configuration information for a guardrail that you want to use in the request. 
+     */
+    guardrailConfig?: GuardrailConfiguration;
     /**
      * Additional inference parameters that the model supports, beyond the base set of inference parameters that Converse supports in the inferenceConfig field. For more information, see Model parameters.
      */
     additionalModelRequestFields?: Document;
     /**
-     * Additional model parameters field paths to return in the response. Converse returns the requested fields as a JSON Pointer object in the additionalModelResultFields field. The following is example JSON for additionalModelResponseFieldPaths.  [ "/stop_sequence" ]  For information about the JSON Pointer syntax, see the Internet Engineering Task Force (IETF) documentation.  Converse rejects an empty JSON Pointer or incorrectly structured JSON Pointer with a 400 error code. if the JSON Pointer is valid, but the requested field is not in the model response, it is ignored by Converse.
+     * Additional model parameters field paths to return in the response. Converse returns the requested fields as a JSON Pointer object in the additionalModelResponseFields field. The following is example JSON for additionalModelResponseFieldPaths.  [ "/stop_sequence" ]  For information about the JSON Pointer syntax, see the Internet Engineering Task Force (IETF) documentation.  Converse rejects an empty JSON Pointer or incorrectly structured JSON Pointer with a 400 error code. if the JSON Pointer is valid, but the requested field is not in the model response, it is ignored by Converse.
      */
     additionalModelResponseFieldPaths?: ConverseRequestAdditionalModelResponseFieldPathsList;
   }
@@ -179,6 +187,10 @@ declare namespace BedrockRuntime {
      * Additional fields in the response that are unique to the model. 
      */
     additionalModelResponseFields?: Document;
+    /**
+     * A trace object that contains information about the Guardrail behavior.
+     */
+    trace?: ConverseTrace;
   }
   export interface ConverseStreamMetadataEvent {
     /**
@@ -189,6 +201,10 @@ declare namespace BedrockRuntime {
      * The metrics for the conversation stream metadata event.
      */
     metrics: ConverseStreamMetrics;
+    /**
+     * The trace object in the response from ConverseStream that contains information about the guardrail behavior.
+     */
+    trace?: ConverseStreamTrace;
   }
   export interface ConverseStreamMetrics {
     /**
@@ -218,12 +234,16 @@ declare namespace BedrockRuntime {
      * Configuration information for the tools that the model can use when generating a response.  This field is only supported by Anthropic Claude 3 models. 
      */
     toolConfig?: ToolConfiguration;
+    /**
+     * Configuration information for a guardrail that you want to use in the request. 
+     */
+    guardrailConfig?: GuardrailStreamConfiguration;
     /**
      * Additional inference parameters that the model supports, beyond the base set of inference parameters that ConverseStream supports in the inferenceConfig field.
      */
     additionalModelRequestFields?: Document;
     /**
-     * Additional model parameters field paths to return in the response. ConverseStream returns the requested fields as a JSON Pointer object in the additionalModelResultFields field. The following is example JSON for additionalModelResponseFieldPaths.  [ "/stop_sequence" ]  For information about the JSON Pointer syntax, see the Internet Engineering Task Force (IETF) documentation.  ConverseStream rejects an empty JSON Pointer or incorrectly structured JSON Pointer with a 400 error code. if the JSON Pointer is valid, but the requested field is not in the model response, it is ignored by ConverseStream.
+     * Additional model parameters field paths to return in the response. ConverseStream returns the requested fields as a JSON Pointer object in the additionalModelResponseFields field. The following is example JSON for additionalModelResponseFieldPaths.  [ "/stop_sequence" ]  For information about the JSON Pointer syntax, see the Internet Engineering Task Force (IETF) documentation.  ConverseStream rejects an empty JSON Pointer or incorrectly structured JSON Pointer with a 400 error code. if the JSON Pointer is valid, but the requested field is not in the model response, it is ignored by ConverseStream.
      */
     additionalModelResponseFieldPaths?: ConverseStreamRequestAdditionalModelResponseFieldPathsList;
   }
@@ -235,10 +255,235 @@ declare namespace BedrockRuntime {
      */
     stream?: ConverseStreamOutput;
   }
+  export interface ConverseStreamTrace {
+    /**
+     * The guardrail trace object. 
+     */
+    guardrail?: GuardrailTraceAssessment;
+  }
+  export interface ConverseTrace {
+    /**
+     * The guardrail trace object. 
+     */
+    guardrail?: GuardrailTraceAssessment;
+  }
   export interface Document {
   }
+  export interface GuardrailAssessment {
+    /**
+     * The topic policy.
+     */
+    topicPolicy?: GuardrailTopicPolicyAssessment;
+    /**
+     * The content policy.
+     */
+    contentPolicy?: GuardrailContentPolicyAssessment;
+    /**
+     * The word policy.
+     */
+    wordPolicy?: GuardrailWordPolicyAssessment;
+    /**
+     * The sensitive information policy.
+     */
+    sensitiveInformationPolicy?: GuardrailSensitiveInformationPolicyAssessment;
+  }
+  export type GuardrailAssessmentList = GuardrailAssessment[];
+  export type GuardrailAssessmentListMap = {[key: string]: GuardrailAssessmentList};
+  export type GuardrailAssessmentMap = {[key: string]: GuardrailAssessment};
+  export interface GuardrailConfiguration {
+    /**
+     * The identifier for the guardrail.
+     */
+    guardrailIdentifier: GuardrailIdentifier;
+    /**
+     * The version of the guardrail.
+     */
+    guardrailVersion: GuardrailVersion;
+    /**
+     * The trace behavior for the guardrail.
+     */
+    trace?: GuardrailTrace;
+  }
+  export interface GuardrailContentFilter {
+    /**
+     * The guardrail type.
+     */
+    type: GuardrailContentFilterType;
+    /**
+     * The guardrail confidence.
+     */
+    confidence: GuardrailContentFilterConfidence;
+    /**
+     * The guardrail action.
+     */
+    action: GuardrailContentPolicyAction;
+  }
+  export type GuardrailContentFilterConfidence = "NONE"|"LOW"|"MEDIUM"|"HIGH"|string;
+  export type GuardrailContentFilterList = GuardrailContentFilter[];
+  export type GuardrailContentFilterType = "INSULTS"|"HATE"|"SEXUAL"|"VIOLENCE"|"MISCONDUCT"|"PROMPT_ATTACK"|string;
+  export type GuardrailContentPolicyAction = "BLOCKED"|string;
+  export interface GuardrailContentPolicyAssessment {
+    /**
+     * The content policy filters.
+     */
+    filters: GuardrailContentFilterList;
+  }
+  export interface GuardrailConverseContentBlock {
+    /**
+     * The text to guard.
+     */
+    text?: GuardrailConverseTextBlock;
+  }
+  export interface GuardrailConverseTextBlock {
+    /**
+     * The text that you want to guard.
+     */
+    text: String;
+  }
+  export interface GuardrailCustomWord {
+    /**
+     * The match for the custom word.
+     */
+    match: String;
+    /**
+     * The action for the custom word.
+     */
+    action: GuardrailWordPolicyAction;
+  }
+  export type GuardrailCustomWordList = GuardrailCustomWord[];
   export type GuardrailIdentifier = string;
+  export interface GuardrailManagedWord {
+    /**
+     * The match for the managed word.
+     */
+    match: String;
+    /**
+     * The type for the managed word.
+     */
+    type: GuardrailManagedWordType;
+    /**
+     * The action for the managed word.
+     */
+    action: GuardrailWordPolicyAction;
+  }
+  export type GuardrailManagedWordList = GuardrailManagedWord[];
+  export type GuardrailManagedWordType = "PROFANITY"|string;
+  export type GuardrailOutputText = string;
+  export interface GuardrailPiiEntityFilter {
+    /**
+     * The PII entity filter match.
+     */
+    match: String;
+    /**
+     * The PII entity filter type.
+     */
+    type: GuardrailPiiEntityType;
+    /**
+     * The PII entity filter action.
+     */
+    action: GuardrailSensitiveInformationPolicyAction;
+  }
+  export type GuardrailPiiEntityFilterList = GuardrailPiiEntityFilter[];
+  export type GuardrailPiiEntityType = "ADDRESS"|"AGE"|"AWS_ACCESS_KEY"|"AWS_SECRET_KEY"|"CA_HEALTH_NUMBER"|"CA_SOCIAL_INSURANCE_NUMBER"|"CREDIT_DEBIT_CARD_CVV"|"CREDIT_DEBIT_CARD_EXPIRY"|"CREDIT_DEBIT_CARD_NUMBER"|"DRIVER_ID"|"EMAIL"|"INTERNATIONAL_BANK_ACCOUNT_NUMBER"|"IP_ADDRESS"|"LICENSE_PLATE"|"MAC_ADDRESS"|"NAME"|"PASSWORD"|"PHONE"|"PIN"|"SWIFT_CODE"|"UK_NATIONAL_HEALTH_SERVICE_NUMBER"|"UK_NATIONAL_INSURANCE_NUMBER"|"UK_UNIQUE_TAXPAYER_REFERENCE_NUMBER"|"URL"|"USERNAME"|"US_BANK_ACCOUNT_NUMBER"|"US_BANK_ROUTING_NUMBER"|"US_INDIVIDUAL_TAX_IDENTIFICATION_NUMBER"|"US_PASSPORT_NUMBER"|"US_SOCIAL_SECURITY_NUMBER"|"VEHICLE_IDENTIFICATION_NUMBER"|string;
+  export interface GuardrailRegexFilter {
+    /**
+     * The regex filter name.
+     */
+    name?: String;
+    /**
+     * The regesx filter match.
+     */
+    match?: String;
+    /**
+     * The regex query.
+     */
+    regex?: String;
+    /**
+     * The region filter action.
+     */
+    action: GuardrailSensitiveInformationPolicyAction;
+  }
+  export type GuardrailRegexFilterList = GuardrailRegexFilter[];
+  export type GuardrailSensitiveInformationPolicyAction = "ANONYMIZED"|"BLOCKED"|string;
+  export interface GuardrailSensitiveInformationPolicyAssessment {
+    /**
+     * The PII entities in the assessment.
+     */
+    piiEntities: GuardrailPiiEntityFilterList;
+    /**
+     * The regex queries in the assessment.
+     */
+    regexes: GuardrailRegexFilterList;
+  }
+  export interface GuardrailStreamConfiguration {
+    /**
+     * The identifier for the guardrail.
+     */
+    guardrailIdentifier: GuardrailIdentifier;
+    /**
+     * The version of the guardrail.
+     */
+    guardrailVersion: GuardrailVersion;
+    /**
+     * The trace behavior for the guardrail.
+     */
+    trace?: GuardrailTrace;
+    /**
+     * The processing mode.  The processing mode. For more information, see Configure streaming response behavior in the Amazon Bedrock User Guide. 
+     */
+    streamProcessingMode?: GuardrailStreamProcessingMode;
+  }
+  export type GuardrailStreamProcessingMode = "sync"|"async"|string;
+  export interface GuardrailTopic {
+    /**
+     * The name for the guardrail.
+     */
+    name: String;
+    /**
+     * The type behavior that the guardrail should perform when the model detects the topic.
+     */
+    type: GuardrailTopicType;
+    /**
+     * The action the guardrail should take when it intervenes on a topic.
+     */
+    action: GuardrailTopicPolicyAction;
+  }
+  export type GuardrailTopicList = GuardrailTopic[];
+  export type GuardrailTopicPolicyAction = "BLOCKED"|string;
+  export interface GuardrailTopicPolicyAssessment {
+    /**
+     * The topics in the assessment.
+     */
+    topics: GuardrailTopicList;
+  }
+  export type GuardrailTopicType = "DENY"|string;
+  export type GuardrailTrace = "enabled"|"disabled"|string;
+  export interface GuardrailTraceAssessment {
+    /**
+     * The output from the model.
+     */
+    modelOutput?: ModelOutputs;
+    /**
+     * The input assessment.
+     */
+    inputAssessment?: GuardrailAssessmentMap;
+    /**
+     * the output assessments.
+     */
+    outputAssessments?: GuardrailAssessmentListMap;
+  }
   export type GuardrailVersion = string;
+  export type GuardrailWordPolicyAction = "BLOCKED"|string;
+  export interface GuardrailWordPolicyAssessment {
+    /**
+     * Custom words in the assessment.
+     */
+    customWords: GuardrailCustomWordList;
+    /**
+     * Managed word lists in the assessment.
+     */
+    managedWordLists: GuardrailManagedWordList;
+  }
   export interface ImageBlock {
     /**
      * The format of the image.
@@ -259,7 +504,7 @@ declare namespace BedrockRuntime {
   export type ImageSourceBytesBlob = Buffer|Uint8Array|Blob|string;
   export interface InferenceConfiguration {
     /**
-     * The maximum number of tokens to allow in the generated response. The default value is the maximum allowed value for the model that you are using. For more information, see Inference parameters for foundatio{ "messages": [ { "role": "user", "content": [ { "text": "what's the weather in Queens, NY and Austin, TX?" } ] }, { "role": "assistant", "content": [ { "toolUse": { "toolUseId": "1", "name": "get_weather", "input": { "city": "Queens", "state": "NY" } } }, { "toolUse": { "toolUseId": "2", "name": "get_weather", "input": { "city": "Austin", "state": "TX" } } } ] }, { "role": "user", "content": [ { "toolResult": { "toolUseId": "2", "content": [ { "json": { "weather": "40" } } ] } }, { "text": "..." }, { "toolResult": { "toolUseId": "1", "content": [ { "text": "result text" } ] } } ] } ], "toolConfig": { "tools": [ { "name": "get_weather", "description": "Get weather", "inputSchema": { "type": "object", "properties": { "city": { "type": "string", "description": "City of location" }, "state": { "type": "string", "description": "State of location" } }, "required": ["city", "state"] } } ] } } n models. 
+     * The maximum number of tokens to allow in the generated response. The default value is the maximum allowed value for the model that you are using. For more information, see Inference parameters for foundation models. 
      */
     maxTokens?: InferenceConfigurationMaxTokensInteger;
     /**
@@ -285,11 +530,11 @@ declare namespace BedrockRuntime {
   export type InvokeModelIdentifier = string;
   export interface InvokeModelRequest {
     /**
-     * The prompt and inference parameters in the format specified in the contentType in the header. To see the format and content of the request and response bodies for different models, refer to Inference parameters. For more information, see Run inference in the Bedrock User Guide.
+     * The prompt and inference parameters in the format specified in the contentType in the header. You must provide the body in JSON format. To see the format and content of the request and response bodies for different models, refer to Inference parameters. For more information, see Run inference in the Bedrock User Guide.
      */
     body: Body;
     /**
-     * The MIME type of the input data in the request. The default value is application/json.
+     * The MIME type of the input data in the request. You must specify application/json.
      */
     contentType?: MimeType;
     /**
@@ -325,11 +570,11 @@ declare namespace BedrockRuntime {
   }
   export interface InvokeModelWithResponseStreamRequest {
     /**
-     * The prompt and inference parameters in the format specified in the contentType in the header. To see the format and content of the request and response bodies for different models, refer to Inference parameters. For more information, see Run inference in the Bedrock User Guide.
+     * The prompt and inference parameters in the format specified in the contentType in the header. You must provide the body in JSON format. To see the format and content of the request and response bodies for different models, refer to Inference parameters. For more information, see Run inference in the Bedrock User Guide.
      */
     body: Body;
     /**
-     * The MIME type of the input data in the request. The default value is application/json.
+     * The MIME type of the input data in the request. You must specify application/json.
      */
     contentType?: MimeType;
     /**
@@ -392,6 +637,7 @@ declare namespace BedrockRuntime {
   }
   export type Messages = Message[];
   export type MimeType = string;
+  export type ModelOutputs = GuardrailOutputText[];
   export interface ModelStreamErrorException {
     message?: NonBlankString;
     /**
@@ -424,13 +670,17 @@ declare namespace BedrockRuntime {
     name: ToolName;
   }
   export type StatusCode = number;
-  export type StopReason = "end_turn"|"tool_use"|"max_tokens"|"stop_sequence"|"content_filtered"|string;
+  export type StopReason = "end_turn"|"tool_use"|"max_tokens"|"stop_sequence"|"guardrail_intervened"|"content_filtered"|string;
   export type String = string;
   export interface SystemContentBlock {
     /**
      * A system prompt for the model. 
      */
     text?: NonEmptyString;
+    /**
+     * A content block to assess with the guardrail. Use with the Converse API (Converse and ConverseStream).  For more information, see Use a guardrail with the Converse API in the Amazon Bedrock User Guide.
+     */
+    guardContent?: GuardrailConverseContentBlock;
   }
   export type SystemContentBlocks = SystemContentBlock[];
   export interface ThrottlingException {
@@ -461,7 +711,7 @@ declare namespace BedrockRuntime {
   }
   export interface ToolChoice {
     /**
-     * The Model automatically decides if a tool should be called or to whether to generate text instead.
+     * (Default). The Model automatically decides if a tool should be called or whether to generate text instead. 
      */
     auto?: AutoToolChoice;
     /**
@@ -469,7 +719,7 @@ declare namespace BedrockRuntime {
      */
     any?: AnyToolChoice;
     /**
-     * The Model must request the specified tool.
+     * The Model must request the specified tool. Only supported by Anthropic Claude 3 models. 
      */
     tool?: SpecificToolChoice;
   }

package/clients/codebuild.d.ts

@@ -1204,6 +1204,10 @@ declare namespace CodeBuild {
      * If manualCreation is true, CodeBuild doesn't create a webhook in GitHub and instead returns payloadUrl and secret values for the webhook. The payloadUrl and secret values in the output can be used to manually create a webhook within GitHub.   manualCreation is only available for GitHub webhooks. 
      */
     manualCreation?: WrapperBoolean;
+    /**
+     * The scope configuration for global or organization webhooks.  Global or organization webhooks are only available for GitHub and Github Enterprise webhooks. 
+     */
+    scopeConfiguration?: ScopeConfiguration;
   }
   export interface CreateWebhookOutput {
     /**
@@ -2603,6 +2607,20 @@ declare namespace CodeBuild {
      */
     desiredCapacity?: FleetCapacity;
   }
+  export interface ScopeConfiguration {
+    /**
+     * The name of either the enterprise or organization that will send webhook events to CodeBuild, depending on if the webhook is a global or organization webhook respectively.
+     */
+    name: String;
+    /**
+     * The domain of the GitHub Enterprise organization. Note that this parameter is only required if your project's source type is GITHUB_ENTERPRISE
+     */
+    domain?: String;
+    /**
+     * The type of scope for a GitHub webhook.
+     */
+    scope: WebhookScopeType;
+  }
   export type SecurityGroupIds = NonEmptyString[];
   export type SensitiveNonEmptyString = string;
   export type SensitiveString = string;
@@ -3263,11 +3281,15 @@ declare namespace CodeBuild {
      * A timestamp that indicates the last time a repository's secret token was modified. 
      */
     lastModifiedSecret?: Timestamp;
+    /**
+     * The scope configuration for global or organization webhooks.  Global or organization webhooks are only available for GitHub and Github Enterprise webhooks. 
+     */
+    scopeConfiguration?: ScopeConfiguration;
   }
   export type WebhookBuildType = "BUILD"|"BUILD_BATCH"|string;
   export interface WebhookFilter {
     /**
-     *  The type of webhook filter. There are nine webhook filter types: EVENT, ACTOR_ACCOUNT_ID, HEAD_REF, BASE_REF, FILE_PATH, COMMIT_MESSAGE, TAG_NAME, RELEASE_NAME, and WORKFLOW_NAME.     EVENT     A webhook event triggers a build when the provided pattern matches one of nine event types: PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED, PULL_REQUEST_CLOSED, PULL_REQUEST_REOPENED, PULL_REQUEST_MERGED, RELEASED, PRERELEASED, and WORKFLOW_JOB_QUEUED. The EVENT patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED filters all push, pull request created, and pull request updated events.    Types PULL_REQUEST_REOPENED and WORKFLOW_JOB_QUEUED work with GitHub and GitHub Enterprise only. Types RELEASED and PRERELEASED work with GitHub only.      ACTOR_ACCOUNT_ID    A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern.      HEAD_REF    A webhook event triggers a build when the head reference matches the regular expression pattern. For example, refs/heads/branch-name and refs/tags/tag-name.    Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.      BASE_REF    A webhook event triggers a build when the base reference matches the regular expression pattern. For example, refs/heads/branch-name.    Works with pull request events only.       FILE_PATH    A webhook triggers a build when the path of a changed file matches the regular expression pattern.    Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.       COMMIT_MESSAGE   A webhook triggers a build when the head commit message matches the regular expression pattern.   Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.       TAG_NAME   A webhook triggers a build when the tag name of the release matches the regular expression pattern.   Works with RELEASED and PRERELEASED events only.       RELEASE_NAME   A webhook triggers a build when the release name matches the regular expression pattern.   Works with RELEASED and PRERELEASED events only.       WORKFLOW_NAME   A webhook triggers a build when the workflow name matches the regular expression pattern.   Works with WORKFLOW_JOB_QUEUED events only.      
+     *  The type of webhook filter. There are nine webhook filter types: EVENT, ACTOR_ACCOUNT_ID, HEAD_REF, BASE_REF, FILE_PATH, COMMIT_MESSAGE, TAG_NAME, RELEASE_NAME, and WORKFLOW_NAME.     EVENT     A webhook event triggers a build when the provided pattern matches one of nine event types: PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED, PULL_REQUEST_CLOSED, PULL_REQUEST_REOPENED, PULL_REQUEST_MERGED, RELEASED, PRERELEASED, and WORKFLOW_JOB_QUEUED. The EVENT patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED filters all push, pull request created, and pull request updated events.    Types PULL_REQUEST_REOPENED and WORKFLOW_JOB_QUEUED work with GitHub and GitHub Enterprise only. Types RELEASED and PRERELEASED work with GitHub only.      ACTOR_ACCOUNT_ID    A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern.      HEAD_REF    A webhook event triggers a build when the head reference matches the regular expression pattern. For example, refs/heads/branch-name and refs/tags/tag-name.    Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.      BASE_REF    A webhook event triggers a build when the base reference matches the regular expression pattern. For example, refs/heads/branch-name.    Works with pull request events only.       FILE_PATH    A webhook triggers a build when the path of a changed file matches the regular expression pattern.    Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.       COMMIT_MESSAGE   A webhook triggers a build when the head commit message matches the regular expression pattern.   Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.       TAG_NAME   A webhook triggers a build when the tag name of the release matches the regular expression pattern.   Works with RELEASED and PRERELEASED events only.       RELEASE_NAME   A webhook triggers a build when the release name matches the regular expression pattern.   Works with RELEASED and PRERELEASED events only.       REPOSITORY_NAME   A webhook triggers a build when the repository name matches the regular expression pattern.   Works with GitHub global or organization webhooks only.       WORKFLOW_NAME   A webhook triggers a build when the workflow name matches the regular expression pattern.   Works with WORKFLOW_JOB_QUEUED events only.      
      */
     type: WebhookFilterType;
     /**
@@ -3280,6 +3302,7 @@ declare namespace CodeBuild {
     excludeMatchedPattern?: WrapperBoolean;
   }
   export type WebhookFilterType = "EVENT"|"BASE_REF"|"HEAD_REF"|"ACTOR_ACCOUNT_ID"|"FILE_PATH"|"COMMIT_MESSAGE"|"WORKFLOW_NAME"|"TAG_NAME"|"RELEASE_NAME"|string;
+  export type WebhookScopeType = "GITHUB_ORGANIZATION"|"GITHUB_GLOBAL"|string;
   export type WrapperBoolean = boolean;
   export type WrapperDouble = number;
   export type WrapperInt = number;

package/clients/eks.d.ts

@@ -1896,7 +1896,33 @@ declare namespace EKS {
      * Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
      */
     tags?: TagMap;
+    /**
+     * The health status of the Fargate profile. If there are issues with your Fargate profile's health, they are listed here.
+     */
+    health?: FargateProfileHealth;
+  }
+  export interface FargateProfileHealth {
+    /**
+     * Any issues that are associated with the Fargate profile.
+     */
+    issues?: FargateProfileIssueList;
+  }
+  export interface FargateProfileIssue {
+    /**
+     * A brief description of the error.
+     */
+    code?: FargateProfileIssueCode;
+    /**
+     * The error message associated with the issue.
+     */
+    message?: String;
+    /**
+     * The Amazon Web Services resources that are affected by this issue.
+     */
+    resourceIds?: StringList;
   }
+  export type FargateProfileIssueCode = "PodExecutionRoleAlreadyInUse"|"AccessDenied"|"ClusterUnreachable"|"InternalFailure"|string;
+  export type FargateProfileIssueList = FargateProfileIssue[];
   export type FargateProfileLabel = {[key: string]: String};
   export interface FargateProfileSelector {
     /**