aws-sdk 2.779.0 → 2.783.0

package/clients/codeartifact.d.ts

@@ -117,19 +117,19 @@ declare class CodeArtifact extends Service {
    */
   disassociateExternalConnection(callback?: (err: AWSError, data: CodeArtifact.Types.DisassociateExternalConnectionResult) => void): Request<CodeArtifact.Types.DisassociateExternalConnectionResult, AWSError>;
   /**
-   *  Deletes the assets in package versions and sets the package versions' status to Disposed. A disposed package version cannot be restored in your repository because its assets are deleted.   To view all disposed package versions in a repository, use  ListackageVersions  and set the  status  parameter to Disposed.   To view information about a disposed package version, use  ListPackageVersions  and set the  status  parameter to Disposed. 
+   *  Deletes the assets in package versions and sets the package versions' status to Disposed. A disposed package version cannot be restored in your repository because its assets are deleted.   To view all disposed package versions in a repository, use  ListPackageVersions  and set the  status  parameter to Disposed.   To view information about a disposed package version, use  DescribePackageVersion .. 
    */
   disposePackageVersions(params: CodeArtifact.Types.DisposePackageVersionsRequest, callback?: (err: AWSError, data: CodeArtifact.Types.DisposePackageVersionsResult) => void): Request<CodeArtifact.Types.DisposePackageVersionsResult, AWSError>;
   /**
-   *  Deletes the assets in package versions and sets the package versions' status to Disposed. A disposed package version cannot be restored in your repository because its assets are deleted.   To view all disposed package versions in a repository, use  ListackageVersions  and set the  status  parameter to Disposed.   To view information about a disposed package version, use  ListPackageVersions  and set the  status  parameter to Disposed. 
+   *  Deletes the assets in package versions and sets the package versions' status to Disposed. A disposed package version cannot be restored in your repository because its assets are deleted.   To view all disposed package versions in a repository, use  ListPackageVersions  and set the  status  parameter to Disposed.   To view information about a disposed package version, use  DescribePackageVersion .. 
    */
   disposePackageVersions(callback?: (err: AWSError, data: CodeArtifact.Types.DisposePackageVersionsResult) => void): Request<CodeArtifact.Types.DisposePackageVersionsResult, AWSError>;
   /**
-   *  Generates a temporary authentication token for accessing repositories in the domain. This API requires the codeartifact:GetAuthorizationToken and sts:GetServiceBearerToken permissions.   CodeArtifact authorization tokens are valid for a period of 12 hours when created with the login command. You can call login periodically to refresh the token. When you create an authorization token with the GetAuthorizationToken API, you can set a custom authorization period, up to a maximum of 12 hours, with the durationSeconds parameter. The authorization period begins after login or GetAuthorizationToken is called. If login or GetAuthorizationToken is called while assuming a role, the token lifetime is independent of the maximum session duration of the role. For example, if you call sts assume-role and specify a session duration of 15 minutes, then generate a CodeArtifact authorization token, the token will be valid for the full authorization period even though this is longer than the 15-minute session duration. See Using IAM Roles for more information on controlling session duration.  
+   *  Generates a temporary authorization token for accessing repositories in the domain. This API requires the codeartifact:GetAuthorizationToken and sts:GetServiceBearerToken permissions. For more information about authorization tokens, see AWS CodeArtifact authentication and tokens.   CodeArtifact authorization tokens are valid for a period of 12 hours when created with the login command. You can call login periodically to refresh the token. When you create an authorization token with the GetAuthorizationToken API, you can set a custom authorization period, up to a maximum of 12 hours, with the durationSeconds parameter. The authorization period begins after login or GetAuthorizationToken is called. If login or GetAuthorizationToken is called while assuming a role, the token lifetime is independent of the maximum session duration of the role. For example, if you call sts assume-role and specify a session duration of 15 minutes, then generate a CodeArtifact authorization token, the token will be valid for the full authorization period even though this is longer than the 15-minute session duration. See Using IAM Roles for more information on controlling session duration.  
    */
   getAuthorizationToken(params: CodeArtifact.Types.GetAuthorizationTokenRequest, callback?: (err: AWSError, data: CodeArtifact.Types.GetAuthorizationTokenResult) => void): Request<CodeArtifact.Types.GetAuthorizationTokenResult, AWSError>;
   /**
-   *  Generates a temporary authentication token for accessing repositories in the domain. This API requires the codeartifact:GetAuthorizationToken and sts:GetServiceBearerToken permissions.   CodeArtifact authorization tokens are valid for a period of 12 hours when created with the login command. You can call login periodically to refresh the token. When you create an authorization token with the GetAuthorizationToken API, you can set a custom authorization period, up to a maximum of 12 hours, with the durationSeconds parameter. The authorization period begins after login or GetAuthorizationToken is called. If login or GetAuthorizationToken is called while assuming a role, the token lifetime is independent of the maximum session duration of the role. For example, if you call sts assume-role and specify a session duration of 15 minutes, then generate a CodeArtifact authorization token, the token will be valid for the full authorization period even though this is longer than the 15-minute session duration. See Using IAM Roles for more information on controlling session duration.  
+   *  Generates a temporary authorization token for accessing repositories in the domain. This API requires the codeartifact:GetAuthorizationToken and sts:GetServiceBearerToken permissions. For more information about authorization tokens, see AWS CodeArtifact authentication and tokens.   CodeArtifact authorization tokens are valid for a period of 12 hours when created with the login command. You can call login periodically to refresh the token. When you create an authorization token with the GetAuthorizationToken API, you can set a custom authorization period, up to a maximum of 12 hours, with the durationSeconds parameter. The authorization period begins after login or GetAuthorizationToken is called. If login or GetAuthorizationToken is called while assuming a role, the token lifetime is independent of the maximum session duration of the role. For example, if you call sts assume-role and specify a session duration of 15 minutes, then generate a CodeArtifact authorization token, the token will be valid for the full authorization period even though this is longer than the 15-minute session duration. See Using IAM Roles for more information on controlling session duration.  
    */
   getAuthorizationToken(callback?: (err: AWSError, data: CodeArtifact.Types.GetAuthorizationTokenResult) => void): Request<CodeArtifact.Types.GetAuthorizationTokenResult, AWSError>;
   /**
@@ -229,21 +229,45 @@ declare class CodeArtifact extends Service {
    */
   listRepositoriesInDomain(callback?: (err: AWSError, data: CodeArtifact.Types.ListRepositoriesInDomainResult) => void): Request<CodeArtifact.Types.ListRepositoriesInDomainResult, AWSError>;
   /**
-   *  Sets a resource policy on a domain that specifies permissions to access it. 
+   * Gets information about AWS tags for a specified Amazon Resource Name (ARN) in AWS CodeArtifact.
+   */
+  listTagsForResource(params: CodeArtifact.Types.ListTagsForResourceRequest, callback?: (err: AWSError, data: CodeArtifact.Types.ListTagsForResourceResult) => void): Request<CodeArtifact.Types.ListTagsForResourceResult, AWSError>;
+  /**
+   * Gets information about AWS tags for a specified Amazon Resource Name (ARN) in AWS CodeArtifact.
+   */
+  listTagsForResource(callback?: (err: AWSError, data: CodeArtifact.Types.ListTagsForResourceResult) => void): Request<CodeArtifact.Types.ListTagsForResourceResult, AWSError>;
+  /**
+   *  Sets a resource policy on a domain that specifies permissions to access it.   When you call PutDomainPermissionsPolicy, the resource policy on the domain is ignored when evaluting permissions. This ensures that the owner of a domain cannot lock themselves out of the domain, which would prevent them from being able to update the resource policy. 
    */
   putDomainPermissionsPolicy(params: CodeArtifact.Types.PutDomainPermissionsPolicyRequest, callback?: (err: AWSError, data: CodeArtifact.Types.PutDomainPermissionsPolicyResult) => void): Request<CodeArtifact.Types.PutDomainPermissionsPolicyResult, AWSError>;
   /**
-   *  Sets a resource policy on a domain that specifies permissions to access it. 
+   *  Sets a resource policy on a domain that specifies permissions to access it.   When you call PutDomainPermissionsPolicy, the resource policy on the domain is ignored when evaluting permissions. This ensures that the owner of a domain cannot lock themselves out of the domain, which would prevent them from being able to update the resource policy. 
    */
   putDomainPermissionsPolicy(callback?: (err: AWSError, data: CodeArtifact.Types.PutDomainPermissionsPolicyResult) => void): Request<CodeArtifact.Types.PutDomainPermissionsPolicyResult, AWSError>;
   /**
-   *  Sets the resource policy on a repository that specifies permissions to access it. 
+   *  Sets the resource policy on a repository that specifies permissions to access it.   When you call PutRepositoryPermissionsPolicy, the resource policy on the repository is ignored when evaluting permissions. This ensures that the owner of a repository cannot lock themselves out of the repository, which would prevent them from being able to update the resource policy. 
    */
   putRepositoryPermissionsPolicy(params: CodeArtifact.Types.PutRepositoryPermissionsPolicyRequest, callback?: (err: AWSError, data: CodeArtifact.Types.PutRepositoryPermissionsPolicyResult) => void): Request<CodeArtifact.Types.PutRepositoryPermissionsPolicyResult, AWSError>;
   /**
-   *  Sets the resource policy on a repository that specifies permissions to access it. 
+   *  Sets the resource policy on a repository that specifies permissions to access it.   When you call PutRepositoryPermissionsPolicy, the resource policy on the repository is ignored when evaluting permissions. This ensures that the owner of a repository cannot lock themselves out of the repository, which would prevent them from being able to update the resource policy. 
    */
   putRepositoryPermissionsPolicy(callback?: (err: AWSError, data: CodeArtifact.Types.PutRepositoryPermissionsPolicyResult) => void): Request<CodeArtifact.Types.PutRepositoryPermissionsPolicyResult, AWSError>;
+  /**
+   * Adds or updates tags for a resource in AWS CodeArtifact.
+   */
+  tagResource(params: CodeArtifact.Types.TagResourceRequest, callback?: (err: AWSError, data: CodeArtifact.Types.TagResourceResult) => void): Request<CodeArtifact.Types.TagResourceResult, AWSError>;
+  /**
+   * Adds or updates tags for a resource in AWS CodeArtifact.
+   */
+  tagResource(callback?: (err: AWSError, data: CodeArtifact.Types.TagResourceResult) => void): Request<CodeArtifact.Types.TagResourceResult, AWSError>;
+  /**
+   * Removes tags from a resource in AWS CodeArtifact.
+   */
+  untagResource(params: CodeArtifact.Types.UntagResourceRequest, callback?: (err: AWSError, data: CodeArtifact.Types.UntagResourceResult) => void): Request<CodeArtifact.Types.UntagResourceResult, AWSError>;
+  /**
+   * Removes tags from a resource in AWS CodeArtifact.
+   */
+  untagResource(callback?: (err: AWSError, data: CodeArtifact.Types.UntagResourceResult) => void): Request<CodeArtifact.Types.UntagResourceResult, AWSError>;
   /**
    *  Updates the status of one or more versions of a package. 
    */
@@ -373,6 +397,10 @@ declare namespace CodeArtifact {
      *  The encryption key for the domain. This is used to encrypt content stored in a domain. An encryption key can be a key ID, a key Amazon Resource Name (ARN), a key alias, or a key alias ARN. To specify an encryptionKey, your IAM role must have kms:DescribeKey and kms:CreateGrant permissions on the encryption key that is used. For more information, see DescribeKey in the AWS Key Management Service API Reference and AWS KMS API Permissions Reference in the AWS Key Management Service Developer Guide.    CodeArtifact supports only symmetric CMKs. Do not associate an asymmetric CMK with your domain. For more information, see Using symmetric and asymmetric keys in the AWS Key Management Service Developer Guide.  
      */
     encryptionKey?: Arn;
+    /**
+     * One or more tag key-value pairs for the domain.
+     */
+    tags?: TagList;
   }
   export interface CreateDomainResult {
     /**
@@ -401,6 +429,10 @@ declare namespace CodeArtifact {
      *  A list of upstream repositories to associate with the repository. The order of the upstream repositories in the list determines their priority order when AWS CodeArtifact looks for a requested package version. For more information, see Working with upstream repositories. 
      */
     upstreams?: UpstreamRepositoryList;
+    /**
+     * One or more tag key-value pairs for the repository.
+     */
+    tags?: TagList;
   }
   export interface CreateRepositoryResult {
     /**
@@ -707,6 +739,10 @@ declare namespace CodeArtifact {
      *  The total size of all assets in the domain. 
      */
     assetSizeBytes?: Long;
+    /**
+     * The Amazon Resource Name (ARN) of the Amazon S3 bucket that is used to store package assets in the domain.
+     */
+    s3BucketArn?: Arn;
   }
   export type DomainName = string;
   export type DomainStatus = "Active"|"Deleted"|string;
@@ -750,7 +786,7 @@ declare namespace CodeArtifact {
      */
     domainOwner?: AccountId;
     /**
-     * The time, in seconds, that the generated authorization token is valid.
+     * The time, in seconds, that the generated authorization token is valid. Valid values are 0 and any number between 900 (15 minutes) and 43200 (12 hours). A value of 0 will set the expiration of the authorization token to the same expiration of the user's role's temporary credentials.
      */
     durationSeconds?: AuthorizationTokenDurationSeconds;
   }
@@ -1280,6 +1316,18 @@ declare namespace CodeArtifact {
      */
     nextToken?: PaginationToken;
   }
+  export interface ListTagsForResourceRequest {
+    /**
+     * The Amazon Resource Name (ARN) of the resource to get tags for.
+     */
+    resourceArn: Arn;
+  }
+  export interface ListTagsForResourceResult {
+    /**
+     * A list of tag key and value pairs associated with the specified resource.
+     */
+    tags?: TagList;
+  }
   export type Long = number;
   export type LongOptional = number;
   export interface PackageDependency {
@@ -1561,7 +1609,45 @@ declare namespace CodeArtifact {
     status?: PackageVersionStatus;
   }
   export type SuccessfulPackageVersionInfoMap = {[key: string]: SuccessfulPackageVersionInfo};
+  export interface Tag {
+    /**
+     * The tag's key.
+     */
+    key: TagKey;
+    /**
+     * The tag's value.
+     */
+    value: TagValue;
+  }
+  export type TagKey = string;
+  export type TagKeyList = TagKey[];
+  export type TagList = Tag[];
+  export interface TagResourceRequest {
+    /**
+     * The Amazon Resource Name (ARN) of the resource to which you want to add or update tags.
+     */
+    resourceArn: Arn;
+    /**
+     * The tags you want to modify or add to the resource.
+     */
+    tags: TagList;
+  }
+  export interface TagResourceResult {
+  }
+  export type TagValue = string;
   export type Timestamp = Date;
+  export interface UntagResourceRequest {
+    /**
+     * The Amazon Resource Name (ARN) of the resource to which you want to remove tags.
+     */
+    resourceArn: Arn;
+    /**
+     * The tag key for each tag that you want to remove from the resource.
+     */
+    tagKeys: TagKeyList;
+  }
+  export interface UntagResourceResult {
+  }
   export interface UpdatePackageVersionsStatusRequest {
     /**
      *  The domain that contains the repository that contains the package versions with a status to be updated. 

package/clients/dms.d.ts

@@ -767,6 +767,7 @@ declare namespace DMS {
      * A friendly name for the resource identifier at the end of the EndpointArn response parameter that is returned in the created Endpoint object. The value for this parameter can have up to 31 characters. It can contain only ASCII letters, digits, and hyphen ('-'). Also, it can't end with a hyphen or contain two consecutive hyphens, and can only begin with a letter, such as Example-App-ARN1. For example, this value might result in the EndpointArn value arn:aws:dms:eu-west-1:012345678901:rep:Example-App-ARN1. If you don't specify a ResourceIdentifier value, AWS DMS generates a default identifier value for the end of EndpointArn.
      */
     ResourceIdentifier?: String;
+    DocDbSettings?: DocDbSettings;
   }
   export interface CreateEndpointResponse {
     /**
@@ -1608,6 +1609,44 @@ declare namespace DMS {
      */
     BucketName?: String;
   }
+  export interface DocDbSettings {
+    /**
+     * The user name you use to access the DocumentDB source endpoint. 
+     */
+    Username?: String;
+    /**
+     *  The password for the user account you use to access the DocumentDB source endpoint. 
+     */
+    Password?: SecretString;
+    /**
+     *  The name of the server on the DocumentDB source endpoint. 
+     */
+    ServerName?: String;
+    /**
+     *  The port value for the DocumentDB source endpoint. 
+     */
+    Port?: IntegerOptional;
+    /**
+     *  The database name on the DocumentDB source endpoint. 
+     */
+    DatabaseName?: String;
+    /**
+     *  Specifies either document or table mode.  Default value is "none". Specify "none" to use document mode. Specify "one" to use table mode.
+     */
+    NestingLevel?: NestingLevelValue;
+    /**
+     *  Specifies the document ID. Use this setting when NestingLevel is set to "none".  Default value is "false". 
+     */
+    ExtractDocId?: BooleanOptional;
+    /**
+     *  Indicates the number of documents to preview to determine the document organization. Use this setting when NestingLevel is set to "one".  Must be a positive value greater than 0. Default value is 1000.
+     */
+    DocsToInvestigate?: IntegerOptional;
+    /**
+     * The AWS KMS key identifier that is used to encrypt the content on the replication instance. If you don't specify a value for the KmsKeyId parameter, then AWS DMS uses your default encryption key. AWS KMS creates the default encryption key for your AWS account. Your AWS account has a different default encryption key for each AWS Region.
+     */
+    KmsKeyId?: String;
+  }
   export interface DynamoDbSettings {
     /**
      *  The Amazon Resource Name (ARN) used by the service access IAM role. 
@@ -1763,6 +1802,7 @@ declare namespace DMS {
      * The settings for the IBM Db2 LUW source endpoint. For more information, see the IBMDb2Settings structure. 
      */
     IBMDb2Settings?: IBMDb2Settings;
+    DocDbSettings?: DocDbSettings;
   }
   export type EndpointList = Endpoint[];
   export interface Event {
@@ -2166,6 +2206,10 @@ declare namespace DMS {
      * Settings in JSON format for the source IBM Db2 LUW endpoint. For information about other available settings, see Extra connection attributes when using Db2 LUW as a source for AWS DMS in the AWS Database Migration Service User Guide. 
      */
     IBMDb2Settings?: IBMDb2Settings;
+    /**
+     * Settings in JSON format for the source DocumentDB endpoint. For more information about the available settings, see the configuration properties section in  Using DocumentDB as a Target for AWS Database Migration Service in the AWS Database Migration Service User Guide. 
+     */
+    DocDbSettings?: DocDbSettings;
   }
   export interface ModifyEndpointResponse {
     /**
@@ -3373,7 +3417,7 @@ declare namespace DMS {
      */
     CdcInsertsAndUpdates?: BooleanOptional;
     /**
-     * When set to true, this parameter partitions S3 bucket folders based on transaction commit dates. The default value is false. For more information about date-based folder partitoning, see Using date-based folder partitioning 
+     * When set to true, this parameter partitions S3 bucket folders based on transaction commit dates. The default value is false. For more information about date-based folder partitoning, see Using date-based folder partitioning.
      */
     DatePartitionEnabled?: BooleanOptional;
     /**

package/clients/ec2.d.ts

@@ -124,6 +124,14 @@ declare class EC2 extends Service {
    * Associates a set of DHCP options (that you've previously created) with the specified VPC, or associates no DHCP options with the VPC. After you associate the options with the VPC, any existing instances and all new instances that you launch in that VPC use the options. You don't need to restart or relaunch the instances. They automatically pick up the changes within a few hours, depending on how frequently the instance renews its DHCP lease. You can explicitly renew the lease using the operating system on the instance. For more information, see DHCP Options Sets in the Amazon Virtual Private Cloud User Guide.
    */
   associateDhcpOptions(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
+  /**
+   * Associates an AWS Identity and Access Management (IAM) role with an AWS Certificate Manager (ACM) certificate. This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see AWS Certificate Manager for Nitro Enclaves in the Amazon Elastic Compute Cloud User Guide. When the IAM role is associated with the ACM certificate, places the certificate, certificate chain, and encrypted private key in an Amazon S3 bucket that only the associated IAM role can access. The private key of the certificate is encrypted with an AWS-managed KMS key that has an attached attestation-based key policy. To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the AWS KMS key, you must grant it permission to call kms:Decrypt on AWS KMS key returned by the command. For more information, see  Grant the role permission to access the certificate and encryption key in the Amazon Elastic Compute Cloud User Guide.
+   */
+  associateEnclaveCertificateIamRole(params: EC2.Types.AssociateEnclaveCertificateIamRoleRequest, callback?: (err: AWSError, data: EC2.Types.AssociateEnclaveCertificateIamRoleResult) => void): Request<EC2.Types.AssociateEnclaveCertificateIamRoleResult, AWSError>;
+  /**
+   * Associates an AWS Identity and Access Management (IAM) role with an AWS Certificate Manager (ACM) certificate. This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see AWS Certificate Manager for Nitro Enclaves in the Amazon Elastic Compute Cloud User Guide. When the IAM role is associated with the ACM certificate, places the certificate, certificate chain, and encrypted private key in an Amazon S3 bucket that only the associated IAM role can access. The private key of the certificate is encrypted with an AWS-managed KMS key that has an attached attestation-based key policy. To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the AWS KMS key, you must grant it permission to call kms:Decrypt on AWS KMS key returned by the command. For more information, see  Grant the role permission to access the certificate and encryption key in the Amazon Elastic Compute Cloud User Guide.
+   */
+  associateEnclaveCertificateIamRole(callback?: (err: AWSError, data: EC2.Types.AssociateEnclaveCertificateIamRoleResult) => void): Request<EC2.Types.AssociateEnclaveCertificateIamRoleResult, AWSError>;
   /**
    * Associates an IAM instance profile with a running or stopped instance. You cannot associate more than one IAM instance profile with an instance.
    */
@@ -2252,6 +2260,14 @@ declare class EC2 extends Service {
    * Disassociates a target network from the specified Client VPN endpoint. When you disassociate the last target network from a Client VPN, the following happens:   The route that was automatically added for the VPC is deleted   All active client connections are terminated   New client connections are disallowed   The Client VPN endpoint's status changes to pending-associate   
    */
   disassociateClientVpnTargetNetwork(callback?: (err: AWSError, data: EC2.Types.DisassociateClientVpnTargetNetworkResult) => void): Request<EC2.Types.DisassociateClientVpnTargetNetworkResult, AWSError>;
+  /**
+   * Disassociates an IAM role from an AWS Certificate Manager (ACM) certificate. Disassociating an IAM role from an ACM certificate removes the Amazon S3 object that contains the certificate, certificate chain, and encrypted private key from the Amazon S3 bucket. It also revokes the IAM role's permission to use the AWS Key Management Service (KMS) key used to encrypt the private key. This effectively revokes the role's permission to use the certificate. 
+   */
+  disassociateEnclaveCertificateIamRole(params: EC2.Types.DisassociateEnclaveCertificateIamRoleRequest, callback?: (err: AWSError, data: EC2.Types.DisassociateEnclaveCertificateIamRoleResult) => void): Request<EC2.Types.DisassociateEnclaveCertificateIamRoleResult, AWSError>;
+  /**
+   * Disassociates an IAM role from an AWS Certificate Manager (ACM) certificate. Disassociating an IAM role from an ACM certificate removes the Amazon S3 object that contains the certificate, certificate chain, and encrypted private key from the Amazon S3 bucket. It also revokes the IAM role's permission to use the AWS Key Management Service (KMS) key used to encrypt the private key. This effectively revokes the role's permission to use the certificate. 
+   */
+  disassociateEnclaveCertificateIamRole(callback?: (err: AWSError, data: EC2.Types.DisassociateEnclaveCertificateIamRoleResult) => void): Request<EC2.Types.DisassociateEnclaveCertificateIamRoleResult, AWSError>;
   /**
    * Disassociates an IAM instance profile from a running or stopped instance. Use DescribeIamInstanceProfileAssociations to get the association ID.
    */
@@ -2388,6 +2404,14 @@ declare class EC2 extends Service {
    * Exports routes from the specified transit gateway route table to the specified S3 bucket. By default, all routes are exported. Alternatively, you can filter by CIDR range. The routes are saved to the specified bucket in a JSON file. For more information, see Export Route Tables to Amazon S3 in Transit Gateways.
    */
   exportTransitGatewayRoutes(callback?: (err: AWSError, data: EC2.Types.ExportTransitGatewayRoutesResult) => void): Request<EC2.Types.ExportTransitGatewayRoutesResult, AWSError>;
+  /**
+   * Returns the IAM roles that are associated with the specified AWS Certificate Manager (ACM) certificate. It also returns the name of the Amazon S3 bucket and the Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored, and the ARN of the AWS Key Management Service (KMS) key that's used to encrypt the private key.
+   */
+  getAssociatedEnclaveCertificateIamRoles(params: EC2.Types.GetAssociatedEnclaveCertificateIamRolesRequest, callback?: (err: AWSError, data: EC2.Types.GetAssociatedEnclaveCertificateIamRolesResult) => void): Request<EC2.Types.GetAssociatedEnclaveCertificateIamRolesResult, AWSError>;
+  /**
+   * Returns the IAM roles that are associated with the specified AWS Certificate Manager (ACM) certificate. It also returns the name of the Amazon S3 bucket and the Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored, and the ARN of the AWS Key Management Service (KMS) key that's used to encrypt the private key.
+   */
+  getAssociatedEnclaveCertificateIamRoles(callback?: (err: AWSError, data: EC2.Types.GetAssociatedEnclaveCertificateIamRolesResult) => void): Request<EC2.Types.GetAssociatedEnclaveCertificateIamRolesResult, AWSError>;
   /**
    * Gets information about the IPv6 CIDR block associations for a specified IPv6 address pool.
    */
@@ -3961,6 +3985,7 @@ declare namespace EC2 {
   }
   export type AllowedPrincipalSet = AllowedPrincipal[];
   export type AllowsMultipleInstanceTypes = "on"|"off"|string;
+  export type ApplianceModeSupportValue = "enable"|"disable"|string;
   export interface ApplySecurityGroupsToClientVpnTargetNetworkRequest {
     /**
      * The ID of the Client VPN endpoint.
@@ -4125,6 +4150,34 @@ declare namespace EC2 {
      */
     DryRun?: Boolean;
   }
+  export interface AssociateEnclaveCertificateIamRoleRequest {
+    /**
+     * The ARN of the ACM certificate with which to associate the IAM role.
+     */
+    CertificateArn?: ResourceArn;
+    /**
+     * The ARN of the IAM role to associate with the ACM certificate. You can associate up to 16 IAM roles with an ACM certificate.
+     */
+    RoleArn?: ResourceArn;
+    /**
+     * Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
+     */
+    DryRun?: Boolean;
+  }
+  export interface AssociateEnclaveCertificateIamRoleResult {
+    /**
+     * The name of the Amazon S3 bucket to which the certificate was uploaded.
+     */
+    CertificateS3BucketName?: String;
+    /**
+     * The Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored. The object key is formatted as follows: certificate_arn/role_arn.
+     */
+    CertificateS3ObjectKey?: String;
+    /**
+     * The ID of the AWS Key Management Service (KMS) key used to encrypt the private key of the certificate.
+     */
+    EncryptionKmsKeyId?: String;
+  }
   export interface AssociateIamInstanceProfileRequest {
     /**
      * The IAM instance profile.
@@ -4274,6 +4327,25 @@ declare namespace EC2 {
     VpcId?: String;
   }
   export type AssociatedNetworkType = "vpc"|string;
+  export interface AssociatedRole {
+    /**
+     * The ARN of the associated IAM role.
+     */
+    AssociatedRoleArn?: ResourceArn;
+    /**
+     * The name of the Amazon S3 bucket in which the Amazon S3 object is stored.
+     */
+    CertificateS3BucketName?: String;
+    /**
+     * The key of the Amazon S3 object ey where the certificate, certificate chain, and encrypted private key bundle is stored. The object key is formated as follows: certificate_arn/role_arn. 
+     */
+    CertificateS3ObjectKey?: String;
+    /**
+     * The ID of the KMS key used to encrypt the private key.
+     */
+    EncryptionKmsKeyId?: String;
+  }
+  export type AssociatedRolesList = AssociatedRole[];
   export interface AssociatedTargetNetwork {
     /**
      * The ID of the subnet.
@@ -5391,6 +5463,10 @@ declare namespace EC2 {
      * The ID of the VPC.
      */
     VpcId?: VpcId;
+    /**
+     * The URL of the self-service portal.
+     */
+    SelfServicePortalUrl?: String;
   }
   export type ClientVpnEndpointId = string;
   export type ClientVpnEndpointIdList = ClientVpnEndpointId[];
@@ -5902,6 +5978,10 @@ declare namespace EC2 {
      * The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
      */
     VpcId?: VpcId;
+    /**
+     * Specify whether to enable the self-service portal for the Client VPN endpoint. Default Value: enabled 
+     */
+    SelfServicePortal?: SelfServicePortal;
   }
   export interface CreateClientVpnEndpointResult {
     /**
@@ -7347,6 +7427,10 @@ declare namespace EC2 {
      * Enable or disable IPv6 support. The default is enable.
      */
     Ipv6Support?: Ipv6SupportValue;
+    /**
+     * Enable or disable support for appliance mode. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. The default is disable.
+     */
+    ApplianceModeSupport?: ApplianceModeSupportValue;
   }
   export interface CreateTransitGatewayVpcAttachmentResult {
     /**
@@ -12619,6 +12703,26 @@ declare namespace EC2 {
      */
     Status?: AssociationStatus;
   }
+  export interface DisassociateEnclaveCertificateIamRoleRequest {
+    /**
+     * The ARN of the ACM certificate from which to disassociate the IAM role.
+     */
+    CertificateArn?: ResourceArn;
+    /**
+     * The ARN of the IAM role to disassociate.
+     */
+    RoleArn?: ResourceArn;
+    /**
+     * Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
+     */
+    DryRun?: Boolean;
+  }
+  export interface DisassociateEnclaveCertificateIamRoleResult {
+    /**
+     * Returns true if the request succeeds; otherwise, it returns an error.
+     */
+    Return?: Boolean;
+  }
   export interface DisassociateIamInstanceProfileRequest {
     /**
      * The ID of the IAM instance profile association.
@@ -13240,6 +13344,18 @@ declare namespace EC2 {
      */
     Return?: Boolean;
   }
+  export interface EnclaveOptions {
+    /**
+     * If this parameter is set to true, the instance is enabled for AWS Nitro Enclaves; otherwise, it is not enabled for AWS Nitro Enclaves.
+     */
+    Enabled?: Boolean;
+  }
+  export interface EnclaveOptionsRequest {
+    /**
+     * To enable the instance for AWS Nitro Enclaves, set this parameter to true.
+     */
+    Enabled?: Boolean;
+  }
   export type EndDateType = "unlimited"|"limited"|string;
   export type EndpointSet = ClientVpnEndpoint[];
   export type EphemeralNvmeSupport = "unsupported"|"supported"|"required"|string;
@@ -13544,12 +13660,20 @@ declare namespace EC2 {
      * The Amazon Resource Name (ARN) of the IAM SAML identity provider.
      */
     SamlProviderArn?: String;
+    /**
+     * The Amazon Resource Name (ARN) of the IAM SAML identity provider for the self-service portal.
+     */
+    SelfServiceSamlProviderArn?: String;
   }
   export interface FederatedAuthenticationRequest {
     /**
      * The Amazon Resource Name (ARN) of the IAM SAML identity provider.
      */
     SAMLProviderArn?: String;
+    /**
+     * The Amazon Resource Name (ARN) of the IAM SAML identity provider for the self-service portal.
+     */
+    SelfServiceSAMLProviderArn?: String;
   }
   export interface Filter {
     /**
@@ -13970,6 +14094,22 @@ declare namespace EC2 {
   }
   export type FreeTierEligibleFlag = boolean;
   export type GatewayType = "ipsec.1"|string;
+  export interface GetAssociatedEnclaveCertificateIamRolesRequest {
+    /**
+     * The ARN of the ACM certificate for which to view the associated IAM roles, encryption keys, and Amazon S3 object information.
+     */
+    CertificateArn?: ResourceArn;
+    /**
+     * Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
+     */
+    DryRun?: Boolean;
+  }
+  export interface GetAssociatedEnclaveCertificateIamRolesResult {
+    /**
+     * Information about the associated IAM roles.
+     */
+    AssociatedRoles?: AssociatedRolesList;
+  }
   export interface GetAssociatedIpv6PoolCidrsRequest {
     /**
      * The ID of the IPv6 address pool.
@@ -15822,6 +15962,10 @@ declare namespace EC2 {
      * The metadata options for the instance.
      */
     MetadataOptions?: InstanceMetadataOptionsResponse;
+    /**
+     * Indicates whether the instance is enabled for AWS Nitro Enclaves.
+     */
+    EnclaveOptions?: EnclaveOptions;
   }
   export interface InstanceAttribute {
     /**
@@ -15840,6 +15984,10 @@ declare namespace EC2 {
      * Indicates whether enhanced networking with ENA is enabled.
      */
     EnaSupport?: AttributeBooleanValue;
+    /**
+     * To enable the instance for AWS Nitro Enclaves, set this parameter to true; otherwise, set it to false.
+     */
+    EnclaveOptions?: EnclaveOptions;
     /**
      * Indicates whether the instance is optimized for Amazon EBS I/O.
      */
@@ -15885,7 +16033,7 @@ declare namespace EC2 {
      */
     UserData?: AttributeValue;
   }
-  export type InstanceAttributeName = "instanceType"|"kernel"|"ramdisk"|"userData"|"disableApiTermination"|"instanceInitiatedShutdownBehavior"|"rootDeviceName"|"blockDeviceMapping"|"productCodes"|"sourceDestCheck"|"groupSet"|"ebsOptimized"|"sriovNetSupport"|"enaSupport"|string;
+  export type InstanceAttributeName = "instanceType"|"kernel"|"ramdisk"|"userData"|"disableApiTermination"|"instanceInitiatedShutdownBehavior"|"rootDeviceName"|"blockDeviceMapping"|"productCodes"|"sourceDestCheck"|"groupSet"|"ebsOptimized"|"sriovNetSupport"|"enaSupport"|"enclaveOptions"|string;
   export interface InstanceBlockDeviceMapping {
     /**
      * The device name (for example, /dev/sdh or xvdh).
@@ -17000,6 +17148,18 @@ declare namespace EC2 {
     Count?: Integer;
   }
   export type LaunchTemplateElasticInferenceAcceleratorResponseList = LaunchTemplateElasticInferenceAcceleratorResponse[];
+  export interface LaunchTemplateEnclaveOptions {
+    /**
+     * If this parameter is set to true, the instance is enabled for AWS Nitro Enclaves; otherwise, it is not enabled for AWS Nitro Enclaves.
+     */
+    Enabled?: Boolean;
+  }
+  export interface LaunchTemplateEnclaveOptionsRequest {
+    /**
+     * To enable the instance for AWS Nitro Enclaves, set this parameter to true.
+     */
+    Enabled?: Boolean;
+  }
   export type LaunchTemplateErrorCode = "launchTemplateIdDoesNotExist"|"launchTemplateIdMalformed"|"launchTemplateNameDoesNotExist"|"launchTemplateNameMalformed"|"launchTemplateVersionDoesNotExist"|"unexpectedError"|string;
   export interface LaunchTemplateHibernationOptions {
     /**
@@ -17891,6 +18051,10 @@ declare namespace EC2 {
      * The ID of the VPC to associate with the Client VPN endpoint.
      */
     VpcId?: VpcId;
+    /**
+     * Specify whether to enable the self-service portal for the Client VPN endpoint.
+     */
+    SelfServicePortal?: SelfServicePortal;
   }
   export interface ModifyClientVpnEndpointResult {
     /**
@@ -18727,6 +18891,10 @@ declare namespace EC2 {
      * Enable or disable IPv6 support. The default is enable.
      */
     Ipv6Support?: Ipv6SupportValue;
+    /**
+     * Enable or disable support for appliance mode. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. The default is disable.
+     */
+    ApplianceModeSupport?: ApplianceModeSupportValue;
   }
   export interface ModifyTransitGatewayVpcAttachmentResult {
     /**
@@ -20971,6 +21139,10 @@ declare namespace EC2 {
      * The metadata options for the instance. For more information, see Instance Metadata and User Data in the Amazon Elastic Compute Cloud User Guide.
      */
     MetadataOptions?: LaunchTemplateInstanceMetadataOptionsRequest;
+    /**
+     * Indicates whether the instance is enabled for AWS Nitro Enclaves. For more information, see  AWS Nitro Enclaves in the Amazon Elastic Compute Cloud User Guide. You can't enable AWS Nitro Enclaves and hibernation on the same instance. For more information about AWS Nitro Enclaves requirements, see  AWS Nitro Enclaves in the Amazon Elastic Compute Cloud User Guide.
+     */
+    EnclaveOptions?: LaunchTemplateEnclaveOptionsRequest;
   }
   export interface RequestSpotFleetRequest {
     /**
@@ -21656,6 +21828,10 @@ declare namespace EC2 {
      * The metadata options for the instance. For more information, see Instance Metadata and User Data in the Amazon Elastic Compute Cloud User Guide.
      */
     MetadataOptions?: LaunchTemplateInstanceMetadataOptions;
+    /**
+     * Indicates whether the instance is enabled for AWS Nitro Enclaves.
+     */
+    EnclaveOptions?: LaunchTemplateEnclaveOptions;
   }
   export type RestorableByStringList = String[];
   export interface RestoreAddressToClassicRequest {
@@ -22111,7 +22287,7 @@ declare namespace EC2 {
      */
     CapacityReservationSpecification?: CapacityReservationSpecification;
     /**
-     * Indicates whether an instance is enabled for hibernation. For more information, see Hibernate your instance in the Amazon Elastic Compute Cloud User Guide.
+     * Indicates whether an instance is enabled for hibernation. For more information, see Hibernate your instance in the Amazon Elastic Compute Cloud User Guide. You can't enable hibernation and AWS Nitro Enclaves on the same instance.
      */
     HibernationOptions?: HibernationOptionsRequest;
     /**
@@ -22122,6 +22298,10 @@ declare namespace EC2 {
      * The metadata options for the instance. For more information, see Instance metadata and user data.
      */
     MetadataOptions?: InstanceMetadataOptionsRequest;
+    /**
+     * Indicates whether the instance is enabled for AWS Nitro Enclaves. For more information, see  AWS Nitro Enclaves in the Amazon Elastic Compute Cloud User Guide. You can't enable AWS Nitro Enclaves and hibernation on the same instance. For more information about AWS Nitro Enclaves requirements, see  AWS Nitro Enclaves in the Amazon Elastic Compute Cloud User Guide.
+     */
+    EnclaveOptions?: EnclaveOptionsRequest;
   }
   export interface RunScheduledInstancesRequest {
     /**
@@ -22691,6 +22871,7 @@ declare namespace EC2 {
   }
   export type SecurityGroupReferences = SecurityGroupReference[];
   export type SecurityGroupStringList = SecurityGroupName[];
+  export type SelfServicePortal = "enabled"|"disabled"|string;
   export interface SendDiagnosticInterruptRequest {
     /**
      * The ID of the instance.
@@ -24810,6 +24991,10 @@ declare namespace EC2 {
      * Indicates whether IPv6 support is disabled.
      */
     Ipv6Support?: Ipv6SupportValue;
+    /**
+     * Indicates whether appliance mode support is enabled.
+     */
+    ApplianceModeSupport?: ApplianceModeSupportValue;
   }
   export type TransportProtocol = "tcp"|"udp"|string;
   export type TunnelInsideIpVersion = "ipv4"|"ipv6"|string;