aws-sdk 2.684.0 → 2.688.0

package/clients/elbv2.d.ts

@@ -392,6 +392,8 @@ declare namespace ELBv2 {
   export interface AddTagsOutput {
   }
   export type AllocationId = string;
+  export type AlpnPolicyName = AlpnPolicyValue[];
+  export type AlpnPolicyValue = string;
   export type AuthenticateCognitoActionAuthenticationRequestExtraParams = {[key: string]: AuthenticateCognitoActionAuthenticationRequestParamValue};
   export type AuthenticateCognitoActionAuthenticationRequestParamName = string;
   export type AuthenticateCognitoActionAuthenticationRequestParamValue = string;
@@ -567,6 +569,10 @@ declare namespace ELBv2 {
      * The actions for the default rule. The rule must include one forward action or one or more fixed-response actions. If the action type is forward, you specify one or more target groups. The protocol of the target group must be HTTP or HTTPS for an Application Load Balancer. The protocol of the target group must be TCP, TLS, UDP, or TCP_UDP for a Network Load Balancer. [HTTPS listeners] If the action type is authenticate-oidc, you authenticate users through an identity provider that is OpenID Connect (OIDC) compliant. [HTTPS listeners] If the action type is authenticate-cognito, you authenticate users through the user pools supported by Amazon Cognito. [Application Load Balancer] If the action type is redirect, you redirect specified client requests from one URL to another. [Application Load Balancer] If the action type is fixed-response, you drop specified client requests and return a custom HTTP response.
      */
     DefaultActions: Actions;
+    /**
+     * [TLS listeners] The name of the Application-Layer Protocol Negotiation (ALPN) policy. You can specify one policy name. The following are the possible values:    HTTP1Only     HTTP2Only     HTTP2Optional     HTTP2Preferred     None    For more information, see ALPN Policies in the Network Load Balancers Guide.
+     */
+    AlpnPolicy?: AlpnPolicyName;
   }
   export interface CreateListenerOutput {
     /**
@@ -1086,6 +1092,10 @@ declare namespace ELBv2 {
      * The default actions for the listener.
      */
     DefaultActions?: Actions;
+    /**
+     * [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
+     */
+    AlpnPolicy?: AlpnPolicyName;
   }
   export type ListenerArn = string;
   export type ListenerArns = ListenerArn[];
@@ -1219,6 +1229,10 @@ declare namespace ELBv2 {
      * The actions for the default rule. The rule must include one forward action or one or more fixed-response actions. If the action type is forward, you specify one or more target groups. The protocol of the target group must be HTTP or HTTPS for an Application Load Balancer. The protocol of the target group must be TCP, TLS, UDP, or TCP_UDP for a Network Load Balancer. [HTTPS listeners] If the action type is authenticate-oidc, you authenticate users through an identity provider that is OpenID Connect (OIDC) compliant. [HTTPS listeners] If the action type is authenticate-cognito, you authenticate users through the user pools supported by Amazon Cognito. [Application Load Balancer] If the action type is redirect, you redirect specified client requests from one URL to another. [Application Load Balancer] If the action type is fixed-response, you drop specified client requests and return a custom HTTP response.
      */
     DefaultActions?: Actions;
+    /**
+     * [TLS listeners] The name of the Application-Layer Protocol Negotiation (ALPN) policy. You can specify one policy name. The following are the possible values:    HTTP1Only     HTTP2Only     HTTP2Optional     HTTP2Preferred     None    For more information, see ALPN Policies in the Network Load Balancers Guide.
+     */
+    AlpnPolicy?: AlpnPolicyName;
   }
   export interface ModifyListenerOutput {
     /**
@@ -1718,7 +1732,7 @@ declare namespace ELBv2 {
   export type TargetGroupArns = TargetGroupArn[];
   export interface TargetGroupAttribute {
     /**
-     * The name of the attribute. The following attributes are supported by both Application Load Balancers and Network Load Balancers:    deregistration_delay.timeout_seconds - The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds. If the target is a Lambda function, this attribute is not supported.    stickiness.enabled - Indicates whether sticky sessions are enabled. The value is true or false. The default is false.    stickiness.type - The type of sticky sessions. The possible values are lb_cookie for Application Load Balancers or source_ip for Network Load Balancers.   The following attributes are supported by Application Load Balancers if the target is not a Lambda function:    load_balancing.algorithm.type - The load balancing algorithm determines how the load balancer selects targets when routing requests. The value is round_robin or least_outstanding_requests. The default is round_robin.    slow_start.duration_seconds - The time period, in seconds, during which a newly registered target receives a linearly increasing share of the traffic to the target group. After this time period ends, the target receives its full share of traffic. The range is 30-900 seconds (15 minutes). Slow start mode is disabled by default.    stickiness.lb_cookie.duration_seconds - The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds).   The following attribute is supported only if the target is a Lambda function.    lambda.multi_value_headers.enabled - Indicates whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. The value is true or false. The default is false. If the value is false and the request contains a duplicate header field name or query parameter key, the load balancer uses the last value sent by the client.   The following attribute is supported only by Network Load Balancers:    proxy_protocol_v2.enabled - Indicates whether Proxy Protocol version 2 is enabled. The value is true or false. The default is false.  
+     * The name of the attribute. The following attributes are supported by both Application Load Balancers and Network Load Balancers:    deregistration_delay.timeout_seconds - The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds. If the target is a Lambda function, this attribute is not supported.    stickiness.enabled - Indicates whether sticky sessions are enabled. The value is true or false. The default is false.    stickiness.type - The type of sticky sessions. The possible values are lb_cookie for Application Load Balancers or source_ip for Network Load Balancers.   The following attributes are supported only if the load balancer is an Application Load Balancer and the target is an instance or an IP address:    load_balancing.algorithm.type - The load balancing algorithm determines how the load balancer selects targets when routing requests. The value is round_robin or least_outstanding_requests. The default is round_robin.    slow_start.duration_seconds - The time period, in seconds, during which a newly registered target receives an increasing share of the traffic to the target group. After this time period ends, the target receives its full share of traffic. The range is 30-900 seconds (15 minutes). Slow start mode is disabled by default.    stickiness.lb_cookie.duration_seconds - The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds).   The following attribute is supported only if the load balancer is an Application Load Balancer and the target is a Lambda function:    lambda.multi_value_headers.enabled - Indicates whether the request and response headers that are exchanged between the load balancer and the Lambda function include arrays of values or strings. The value is true or false. The default is false. If the value is false and the request contains a duplicate header field name or query parameter key, the load balancer uses the last value sent by the client.   The following attribute is supported only by Network Load Balancers:    proxy_protocol_v2.enabled - Indicates whether Proxy Protocol version 2 is enabled. The value is true or false. The default is false.  
      */
     Key?: TargetGroupAttributeKey;
     /**

package/clients/emr.d.ts

@@ -585,6 +585,10 @@ declare namespace EMR {
      * The path to the Amazon S3 location where logs for this cluster are stored.
      */
     LogUri?: String;
+    /**
+     *  The AWS KMS customer master key (CMK) used for encrypting log files. This attribute is only available with EMR version 5.30.0 and later, excluding EMR 6.0.0. 
+     */
+    LogEncryptionKmsKeyId?: String;
     /**
      * The AMI version requested for this cluster.
      */
@@ -1609,6 +1613,10 @@ declare namespace EMR {
      * The location in Amazon S3 where log files for the job are stored.
      */
     LogUri?: XmlString;
+    /**
+     * The AWS KMS customer master key (CMK) used for encrypting log files. This attribute is only available with EMR version 5.30.0 and later, excluding EMR 6.0.0.
+     */
+    LogEncryptionKmsKeyId?: XmlString;
     /**
      * Applies only to Amazon EMR AMI versions 3.x and 2.x. For Amazon EMR releases 4.0 and later, ReleaseLabel is used. To specify a custom AMI, use CustomAmiID.
      */
@@ -2188,6 +2196,10 @@ declare namespace EMR {
      * The location in Amazon S3 to write the log files of the job flow. If a value is not provided, logs are not created.
      */
     LogUri?: XmlString;
+    /**
+     * The AWS KMS customer master key (CMK) used for encrypting log files. If a value is not provided, the logs will remain encrypted by AES-256. This attribute is only available with EMR version 5.30.0 and later, excluding EMR 6.0.0.
+     */
+    LogEncryptionKmsKeyId?: XmlString;
     /**
      * A JSON string for selecting additional features.
      */

package/clients/fsx.d.ts

@@ -116,11 +116,11 @@ declare class FSx extends Service {
    */
   untagResource(callback?: (err: AWSError, data: FSx.Types.UntagResourceResponse) => void): Request<FSx.Types.UntagResourceResponse, AWSError>;
   /**
-   * Updates a file system configuration.
+   * Use this operation to update the configuration of an existing Amazon FSx file system. For an Amazon FSx for Lustre file system, you can update only the WeeklyMaintenanceStartTime. For an Amazon for Windows File Server file system, you can update the following properties:   AutomaticBackupRetentionDays   DailyAutomaticBackupStartTime   SelfManagedActiveDirectoryConfiguration   StorageCapacity   ThroughputCapacity   WeeklyMaintenanceStartTime   You can update multiple properties in a single request.
    */
   updateFileSystem(params: FSx.Types.UpdateFileSystemRequest, callback?: (err: AWSError, data: FSx.Types.UpdateFileSystemResponse) => void): Request<FSx.Types.UpdateFileSystemResponse, AWSError>;
   /**
-   * Updates a file system configuration.
+   * Use this operation to update the configuration of an existing Amazon FSx file system. For an Amazon FSx for Lustre file system, you can update only the WeeklyMaintenanceStartTime. For an Amazon for Windows File Server file system, you can update the following properties:   AutomaticBackupRetentionDays   DailyAutomaticBackupStartTime   SelfManagedActiveDirectoryConfiguration   StorageCapacity   ThroughputCapacity   WeeklyMaintenanceStartTime   You can update multiple properties in a single request.
    */
   updateFileSystem(callback?: (err: AWSError, data: FSx.Types.UpdateFileSystemResponse) => void): Request<FSx.Types.UpdateFileSystemResponse, AWSError>;
 }
@@ -137,6 +137,34 @@ declare namespace FSx {
     ActiveDirectoryId?: DirectoryId;
   }
   export type ActiveDirectoryFullyQualifiedName = string;
+  export interface AdministrativeAction {
+    AdministrativeActionType?: AdministrativeActionType;
+    /**
+     * Provides the percent complete of a STORAGE_OPTIMIZATION administrative action.
+     */
+    ProgressPercent?: ProgressPercent;
+    /**
+     * Time that the administrative action request was received.
+     */
+    RequestTime?: RequestTime;
+    /**
+     * Describes the status of the administrative action, as follows:    FAILED - Amazon FSx failed to process the administrative action successfully.    IN_PROGRESS - Amazon FSx is processing the administrative action.    PENDING - Amazon FSx is waiting to process the administrative action.    COMPLETED - Amazon FSx has finished processing the administrative task.    UPDATED_OPTIMIZING - For a storage capacity increase update, Amazon FSx has updated the file system with the new storage capacity, and is now performing the storage optimization process. For more information, see Managing Storage Capacity.  
+     */
+    Status?: Status;
+    /**
+     * Describes the target StorageCapacity or ThroughputCapacity value provided in the UpdateFileSystem operation. Returned for FILE_SYSTEM_UPDATE administrative actions. 
+     */
+    TargetFileSystemValues?: FileSystem;
+    FailureDetails?: AdministrativeActionFailureDetails;
+  }
+  export interface AdministrativeActionFailureDetails {
+    /**
+     * Error message providing details about the failure.
+     */
+    Message?: ErrorMessage;
+  }
+  export type AdministrativeActionType = "FILE_SYSTEM_UPDATE"|"STORAGE_OPTIMIZATION"|string;
+  export type AdministrativeActions = AdministrativeAction[];
   export type ArchivePath = string;
   export type AutomaticBackupRetentionDays = number;
   export interface Backup {
@@ -306,7 +334,7 @@ declare namespace FSx {
   }
   export interface CreateFileSystemLustreConfiguration {
     /**
-     * The preferred time to perform weekly maintenance, in the UTC time zone.
+     * The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone, where d is the weekday number, from 1 through 7, beginning with Monday and ending with Sunday.
      */
     WeeklyMaintenanceStartTime?: WeeklyTime;
     /**
@@ -391,7 +419,7 @@ declare namespace FSx {
      */
     ThroughputCapacity: MegabytesPerSecond;
     /**
-     * The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone.
+     * The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone, where d is the weekday number, from 1 through 7, beginning with Monday and ending with Sunday.
      */
     WeeklyMaintenanceStartTime?: WeeklyTime;
     /**
@@ -706,6 +734,10 @@ declare namespace FSx {
      */
     WindowsConfiguration?: WindowsFileSystemConfiguration;
     LustreConfiguration?: LustreFileSystemConfiguration;
+    /**
+     * A list of administrative actions for the file system that are in process or waiting to be processed. Administrative actions describe changes to the Windows file system that you have initiated using the UpdateFileSystem action. 
+     */
+    AdministrativeActions?: AdministrativeActions;
   }
   export type FileSystemAdministratorsGroupName = string;
   export interface FileSystemFailureDetails {
@@ -766,7 +798,7 @@ declare namespace FSx {
   export type LustreDeploymentType = "SCRATCH_1"|"SCRATCH_2"|"PERSISTENT_1"|string;
   export interface LustreFileSystemConfiguration {
     /**
-     * The UTC time that you want to begin your weekly maintenance window.
+     * The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone. d is the weekday number, from 1 through 7, beginning with Monday and ending with Sunday.
      */
     WeeklyMaintenanceStartTime?: WeeklyTime;
     DataRepositoryConfiguration?: DataRepositoryConfiguration;
@@ -795,6 +827,7 @@ declare namespace FSx {
   export type ProgressPercent = number;
   export type ReportFormat = "REPORT_CSV_20191124"|string;
   export type ReportScope = "FAILED_FILES_ONLY"|string;
+  export type RequestTime = Date;
   export type ResourceARN = string;
   export type SecurityGroupId = string;
   export type SecurityGroupIds = SecurityGroupId[];
@@ -861,6 +894,7 @@ declare namespace FSx {
     DnsIps?: DnsIps;
   }
   export type StartTime = Date;
+  export type Status = "FAILED"|"IN_PROGRESS"|"PENDING"|"COMPLETED"|"UPDATED_OPTIMIZING"|string;
   export type StorageCapacity = number;
   export type StorageType = "SSD"|"HDD"|string;
   export type SubnetId = string;
@@ -909,18 +943,25 @@ declare namespace FSx {
   }
   export interface UpdateFileSystemLustreConfiguration {
     /**
-     * The preferred time to perform weekly maintenance, in the UTC time zone.
+     * The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone. d is the weekday number, from 1 through 7, beginning with Monday and ending with Sunday.
      */
     WeeklyMaintenanceStartTime?: WeeklyTime;
   }
   export interface UpdateFileSystemRequest {
+    /**
+     * Identifies the file system that you are updating.
+     */
     FileSystemId: FileSystemId;
     /**
-     * (Optional) A string of up to 64 ASCII characters that Amazon FSx uses to ensure idempotent updates. This string is automatically filled on your behalf when you use the AWS Command Line Interface (AWS CLI) or an AWS SDK.
+     * A string of up to 64 ASCII characters that Amazon FSx uses to ensure idempotent updates. This string is automatically filled on your behalf when you use the AWS Command Line Interface (AWS CLI) or an AWS SDK.
      */
     ClientRequestToken?: ClientRequestToken;
     /**
-     * The configuration update for this Microsoft Windows file system. The only supported options are for backup and maintenance and for self-managed Active Directory configuration.
+     * Use this parameter to increase the storage capacity of an Amazon FSx for Windows File Server file system. Specifies the storage capacity target value, GiB, for the file system you're updating. The storage capacity target value must be at least 10 percent (%) greater than the current storage capacity value. In order to increase storage capacity, the file system needs to have at least 16 MB/s of throughput capacity. You cannot make a storage capacity increase request if there is an existing storage capacity increase request in progress. For more information, see Managing Storage Capacity.
+     */
+    StorageCapacity?: StorageCapacity;
+    /**
+     * The configuration updates for an Amazon FSx for Windows File Server file system.
      */
     WindowsConfiguration?: UpdateFileSystemWindowsConfiguration;
     LustreConfiguration?: UpdateFileSystemLustreConfiguration;
@@ -933,19 +974,23 @@ declare namespace FSx {
   }
   export interface UpdateFileSystemWindowsConfiguration {
     /**
-     * The preferred time to perform weekly maintenance, in the UTC time zone.
+     * The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone. Where d is the weekday number, from 1 through 7, with 1 = Monday and 7 = Sunday.
      */
     WeeklyMaintenanceStartTime?: WeeklyTime;
     /**
-     * The preferred time to take daily automatic backups, in the UTC time zone.
+     * The preferred time to start the daily automatic backup, in the UTC time zone, for example, 02:00 
      */
     DailyAutomaticBackupStartTime?: DailyTime;
     /**
-     * The number of days to retain automatic backups. Setting this to 0 disables automatic backups. You can retain automatic backups for a maximum of 35 days.
+     * The number of days to retain automatic daily backups. Setting this to zero (0) disables automatic daily backups. You can retain automatic daily backups for a maximum of 35 days. For more information, see Working with Automatic Daily Backups.
      */
     AutomaticBackupRetentionDays?: AutomaticBackupRetentionDays;
     /**
-     * The configuration Amazon FSx uses to join the Windows File Server instance to the self-managed Microsoft AD directory.
+     * Sets the target value for a file system's throughput capacity, in MB/s, that you are updating the file system to. Valid values are 8, 16, 32, 64, 128, 256, 512, 1024, 2048. You cannot make a throughput capacity update request if there is an existing throughput capacity update request in progress. For more information, see Managing Throughput Capacity.
+     */
+    ThroughputCapacity?: MegabytesPerSecond;
+    /**
+     * The configuration Amazon FSx uses to join the Windows File Server instance to the self-managed Microsoft AD directory. You cannot make a self-managed Microsoft AD update request if there is an existing self-managed Microsoft AD update request in progress.
      */
     SelfManagedActiveDirectoryConfiguration?: SelfManagedActiveDirectoryConfigurationUpdates;
   }
@@ -983,7 +1028,7 @@ declare namespace FSx {
      */
     MaintenanceOperationsInProgress?: FileSystemMaintenanceOperations;
     /**
-     * The preferred time to perform weekly maintenance, in the UTC time zone.
+     * The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone. d is the weekday number, from 1 through 7, beginning with Monday and ending with Sunday.
      */
     WeeklyMaintenanceStartTime?: WeeklyTime;
     /**

package/clients/guardduty.d.ts

@@ -316,11 +316,11 @@ declare class GuardDuty extends Service {
    */
   listInvitations(callback?: (err: AWSError, data: GuardDuty.Types.ListInvitationsResponse) => void): Request<GuardDuty.Types.ListInvitationsResponse, AWSError>;
   /**
-   * Lists details about associated member accounts for the current GuardDuty master account.
+   * Lists details about all member accounts for the current GuardDuty master account.
    */
   listMembers(params: GuardDuty.Types.ListMembersRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListMembersResponse) => void): Request<GuardDuty.Types.ListMembersResponse, AWSError>;
   /**
-   * Lists details about associated member accounts for the current GuardDuty master account.
+   * Lists details about all member accounts for the current GuardDuty master account.
    */
   listMembers(callback?: (err: AWSError, data: GuardDuty.Types.ListMembersResponse) => void): Request<GuardDuty.Types.ListMembersResponse, AWSError>;
   /**
@@ -469,6 +469,16 @@ declare namespace GuardDuty {
   }
   export interface AcceptInvitationResponse {
   }
+  export interface AccessControlList {
+    /**
+     * A value that indicates whether public read access for the bucket is enabled through an Access Control List (ACL).
+     */
+    AllowsPublicReadAccess?: Boolean;
+    /**
+     * A value that indicates whether public write access for the bucket is enabled through an Access Control List (ACL).
+     */
+    AllowsPublicWriteAccess?: Boolean;
+  }
   export interface AccessKeyDetails {
     /**
      * The access key ID of the user.
@@ -500,6 +510,12 @@ declare namespace GuardDuty {
   export type AccountDetails = AccountDetail[];
   export type AccountId = string;
   export type AccountIds = AccountId[];
+  export interface AccountLevelPermissions {
+    /**
+     * Describes the S3 Block Public Access settings of the bucket's parent account.
+     */
+    BlockPublicAccess?: BlockPublicAccess;
+  }
   export interface Action {
     /**
      * The GuardDuty finding activity type.
@@ -568,7 +584,49 @@ declare namespace GuardDuty {
      */
     ServiceName?: String;
   }
+  export interface BlockPublicAccess {
+    /**
+     * Indicates if S3 Block Public Access is set to IgnorePublicAcls.
+     */
+    IgnorePublicAcls?: Boolean;
+    /**
+     * Indicates if S3 Block Public Access is set to RestrictPublicBuckets.
+     */
+    RestrictPublicBuckets?: Boolean;
+    /**
+     * Indicates if S3 Block Public Access is set to BlockPublicAcls.
+     */
+    BlockPublicAcls?: Boolean;
+    /**
+     * Indicates if S3 Block Public Access is set to BlockPublicPolicy.
+     */
+    BlockPublicPolicy?: Boolean;
+  }
   export type Boolean = boolean;
+  export interface BucketLevelPermissions {
+    /**
+     * Contains information on how Access Control Policies are applied to the bucket.
+     */
+    AccessControlList?: AccessControlList;
+    /**
+     * Contains information on the bucket policies for the S3 bucket.
+     */
+    BucketPolicy?: BucketPolicy;
+    /**
+     * Contains information on which account level S3 Block Public Access settings are applied to the S3 bucket.
+     */
+    BlockPublicAccess?: BlockPublicAccess;
+  }
+  export interface BucketPolicy {
+    /**
+     * A value that indicates whether public read access for the bucket is enabled through a bucket policy.
+     */
+    AllowsPublicReadAccess?: Boolean;
+    /**
+     * A value that indicates whether public write access for the bucket is enabled through a bucket policy.
+     */
+    AllowsPublicWriteAccess?: Boolean;
+  }
   export interface City {
     /**
      * The city name of the remote IP address.
@@ -715,7 +773,7 @@ declare namespace GuardDuty {
      */
     Format: IpSetFormat;
     /**
-     * The URI of the file that contains the IPSet. For example: .
+     * The URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
      */
     Location: Location;
     /**
@@ -803,7 +861,7 @@ declare namespace GuardDuty {
      */
     Format: ThreatIntelSetFormat;
     /**
-     * The URI of the file that contains the ThreatIntelSet. For example: .
+     * The URI of the file that contains the ThreatIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
      */
     Location: Location;
     /**
@@ -838,6 +896,16 @@ declare namespace GuardDuty {
      */
     UnprocessedAccounts: UnprocessedAccounts;
   }
+  export interface DefaultServerSideEncryption {
+    /**
+     * The type of encryption used for objects within the S3 bucket.
+     */
+    EncryptionType?: String;
+    /**
+     * The Amazon Resource Name (ARN) of the KMS encryption key. Only available if the bucket EncryptionType is aws:kms.
+     */
+    KmsMasterKeyArn?: String;
+  }
   export interface DeleteDetectorRequest {
     /**
      * The unique ID of the detector that you want to delete.
@@ -1281,7 +1349,7 @@ declare namespace GuardDuty {
      */
     Format: IpSetFormat;
     /**
-     * The URI of the file that contains the IPSet. For example: .
+     * The URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
      */
     Location: Location;
     /**
@@ -1353,7 +1421,7 @@ declare namespace GuardDuty {
      */
     Format: ThreatIntelSetFormat;
     /**
-     * The URI of the file that contains the ThreatIntelSet. For example: .
+     * The URI of the file that contains the ThreatIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
      */
     Location: Location;
     /**
@@ -1528,7 +1596,7 @@ declare namespace GuardDuty {
      */
     DetectorId: DetectorId;
     /**
-     * Represents the criteria used for querying findings. Valid values include:   JSON field name   accountId   region   confidence   id   resource.accessKeyDetails.accessKeyId   resource.accessKeyDetails.principalId   resource.accessKeyDetails.userName   resource.accessKeyDetails.userType   resource.instanceDetails.iamInstanceProfile.id   resource.instanceDetails.imageId   resource.instanceDetails.instanceId   resource.instanceDetails.outpostArn   resource.instanceDetails.networkInterfaces.ipv6Addresses   resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress   resource.instanceDetails.networkInterfaces.publicDnsName   resource.instanceDetails.networkInterfaces.publicIp   resource.instanceDetails.networkInterfaces.securityGroups.groupId   resource.instanceDetails.networkInterfaces.securityGroups.groupName   resource.instanceDetails.networkInterfaces.subnetId   resource.instanceDetails.networkInterfaces.vpcId   resource.instanceDetails.tags.key   resource.instanceDetails.tags.value   resource.resourceType   service.action.actionType   service.action.awsApiCallAction.api   service.action.awsApiCallAction.callerType   service.action.awsApiCallAction.remoteIpDetails.city.cityName   service.action.awsApiCallAction.remoteIpDetails.country.countryName   service.action.awsApiCallAction.remoteIpDetails.ipAddressV4   service.action.awsApiCallAction.remoteIpDetails.organization.asn   service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg   service.action.awsApiCallAction.serviceName   service.action.dnsRequestAction.domain   service.action.networkConnectionAction.blocked   service.action.networkConnectionAction.connectionDirection   service.action.networkConnectionAction.localPortDetails.port   service.action.networkConnectionAction.protocol   service.action.networkConnectionAction.localIpDetails.ipAddressV4   service.action.networkConnectionAction.remoteIpDetails.city.cityName   service.action.networkConnectionAction.remoteIpDetails.country.countryName   service.action.networkConnectionAction.remoteIpDetails.ipAddressV4   service.action.networkConnectionAction.remoteIpDetails.organization.asn   service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg   service.action.networkConnectionAction.remotePortDetails.port   service.additionalInfo.threatListName   service.archived When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed.   service.resourceRole   severity   type   updatedAt Type: Timestamp in Unix Epoch millisecond format: 1486685375000  
+     * Represents the criteria used for querying findings. Valid values include:   JSON field name   accountId   region   confidence   id   resource.accessKeyDetails.accessKeyId   resource.accessKeyDetails.principalId   resource.accessKeyDetails.userName   resource.accessKeyDetails.userType   resource.instanceDetails.iamInstanceProfile.id   resource.instanceDetails.imageId   resource.instanceDetails.instanceId   resource.instanceDetails.networkInterfaces.ipv6Addresses   resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress   resource.instanceDetails.networkInterfaces.publicDnsName   resource.instanceDetails.networkInterfaces.publicIp   resource.instanceDetails.networkInterfaces.securityGroups.groupId   resource.instanceDetails.networkInterfaces.securityGroups.groupName   resource.instanceDetails.networkInterfaces.subnetId   resource.instanceDetails.networkInterfaces.vpcId   resource.instanceDetails.tags.key   resource.instanceDetails.tags.value   resource.resourceType   service.action.actionType   service.action.awsApiCallAction.api   service.action.awsApiCallAction.callerType   service.action.awsApiCallAction.remoteIpDetails.city.cityName   service.action.awsApiCallAction.remoteIpDetails.country.countryName   service.action.awsApiCallAction.remoteIpDetails.ipAddressV4   service.action.awsApiCallAction.remoteIpDetails.organization.asn   service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg   service.action.awsApiCallAction.serviceName   service.action.dnsRequestAction.domain   service.action.networkConnectionAction.blocked   service.action.networkConnectionAction.connectionDirection   service.action.networkConnectionAction.localPortDetails.port   service.action.networkConnectionAction.protocol   service.action.networkConnectionAction.remoteIpDetails.city.cityName   service.action.networkConnectionAction.remoteIpDetails.country.countryName   service.action.networkConnectionAction.remoteIpDetails.ipAddressV4   service.action.networkConnectionAction.remoteIpDetails.organization.asn   service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg   service.action.networkConnectionAction.remotePortDetails.port   service.additionalInfo.threatListName   service.archived When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed.   service.resourceRole   severity   type   updatedAt Type: Timestamp in Unix Epoch millisecond format: 1486685375000  
      */
     FindingCriteria?: FindingCriteria;
     /**
@@ -1612,7 +1680,7 @@ declare namespace GuardDuty {
      */
     NextToken?: String;
     /**
-     * Specifies what member accounts the response includes based on their relationship status with the master account. The default value is "true". If set to "false" the response includes all existing member accounts (including members who haven't been invited yet or have been disassociated).
+     * Specifies whether to only return associated members or to return all members (including members who haven't been invited yet or have been disassociated).
      */
     OnlyAssociated?: String;
   }
@@ -1869,6 +1937,22 @@ declare namespace GuardDuty {
      */
     Org?: String;
   }
+  export interface Owner {
+    /**
+     * The canonical user ID of the bucket owner. For information about locating your canonical user ID see Finding Your Account Canonical User ID. 
+     */
+    Id?: String;
+  }
+  export interface PermissionConfiguration {
+    /**
+     * Contains information about the bucket level permissions for the S3 bucket.
+     */
+    BucketLevelPermissions?: BucketLevelPermissions;
+    /**
+     * Contains information about the account level permissions on the S3 bucket.
+     */
+    AccountLevelPermissions?: AccountLevelPermissions;
+  }
   export interface PortProbeAction {
     /**
      * Indicates whether EC2 blocked the port probe to the instance, such as with an ACL.
@@ -1916,6 +2000,16 @@ declare namespace GuardDuty {
     ProductType?: String;
   }
   export type ProductCodes = ProductCode[];
+  export interface PublicAccess {
+    /**
+     * Contains information about how permissions are configured for the S3 bucket.
+     */
+    PermissionConfiguration?: PermissionConfiguration;
+    /**
+     * Describes the effective permission on this bucket after factoring all attached policies.
+     */
+    EffectivePermission?: String;
+  }
   export type PublishingStatus = "PENDING_VERIFICATION"|"PUBLISHING"|"UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY"|"STOPPED"|string;
   export interface RemoteIpDetails {
     /**
@@ -1954,6 +2048,10 @@ declare namespace GuardDuty {
      * The IAM access key details (IAM user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding.
      */
     AccessKeyDetails?: AccessKeyDetails;
+    /**
+     * Contains information on the S3 bucket.
+     */
+    S3BucketDetails?: S3BucketDetails;
     /**
      * The information about the EC2 instance associated with the activity that prompted GuardDuty to generate a finding.
      */
@@ -1963,6 +2061,41 @@ declare namespace GuardDuty {
      */
     ResourceType?: String;
   }
+  export interface S3BucketDetail {
+    /**
+     * The Amazon Resource Name (ARN) of the S3 bucket.
+     */
+    Arn?: String;
+    /**
+     * The name of the S3 bucket.
+     */
+    Name?: String;
+    /**
+     * Describes whether the bucket is a source or destination bucket.
+     */
+    Type?: String;
+    /**
+     * The date and time the bucket was created at.
+     */
+    CreatedAt?: Timestamp;
+    /**
+     * The owner of the S3 bucket.
+     */
+    Owner?: Owner;
+    /**
+     * All tags attached to the S3 bucket
+     */
+    Tags?: Tags;
+    /**
+     * Describes the server side encryption method used in the S3 bucket.
+     */
+    DefaultServerSideEncryption?: DefaultServerSideEncryption;
+    /**
+     * Describes the public access policies that apply to the S3 bucket.
+     */
+    PublicAccess?: PublicAccess;
+  }
+  export type S3BucketDetails = S3BucketDetail[];
   export interface SecurityGroup {
     /**
      * The security group ID of the EC2 instance.
@@ -2101,6 +2234,7 @@ declare namespace GuardDuty {
   }
   export type ThreatIntelligenceDetails = ThreatIntelligenceDetail[];
   export type ThreatNames = String[];
+  export type Timestamp = Date;
   export interface UnarchiveFindingsRequest {
     /**
      * The ID of the detector associated with the findings to unarchive.
@@ -2218,7 +2352,7 @@ declare namespace GuardDuty {
      */
     Name?: Name;
     /**
-     * The updated URI of the file that contains the IPSet. For example: .
+     * The updated URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
      */
     Location?: Location;
     /**
@@ -2270,7 +2404,7 @@ declare namespace GuardDuty {
      */
     Name?: Name;
     /**
-     * The updated URI of the file that contains the ThreateIntelSet. For example: .
+     * The updated URI of the file that contains the ThreateIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
      */
     Location?: Location;
     /**