aws-sdk 2.875.0 → 2.879.0

package/clients/ec2.d.ts

@@ -133,11 +133,11 @@ declare class EC2 extends Service {
    */
   associateDhcpOptions(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
-   * Associates an AWS Identity and Access Management (IAM) role with an AWS Certificate Manager (ACM) certificate. This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see AWS Certificate Manager for Nitro Enclaves in the AWS Nitro Enclaves User Guide. When the IAM role is associated with the ACM certificate, places the certificate, certificate chain, and encrypted private key in an Amazon S3 bucket that only the associated IAM role can access. The private key of the certificate is encrypted with an AWS-managed KMS customer master (CMK) that has an attached attestation-based CMK policy. To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the AWS KMS CMK, you must grant it permission to call kms:Decrypt on AWS KMS CMK returned by the command. For more information, see  Grant the role permission to access the certificate and encryption key in the AWS Nitro Enclaves User Guide.
+   * Associates an AWS Identity and Access Management (IAM) role with an AWS Certificate Manager (ACM) certificate. This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see AWS Certificate Manager for Nitro Enclaves in the AWS Nitro Enclaves User Guide. When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 bucket that only the associated IAM role can access. The private key of the certificate is encrypted with an AWS-managed KMS customer master (CMK) that has an attached attestation-based CMK policy. To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the AWS KMS CMK, you must grant it permission to call kms:Decrypt on the AWS KMS CMK returned by the command. For more information, see  Grant the role permission to access the certificate and encryption key in the AWS Nitro Enclaves User Guide.
    */
   associateEnclaveCertificateIamRole(params: EC2.Types.AssociateEnclaveCertificateIamRoleRequest, callback?: (err: AWSError, data: EC2.Types.AssociateEnclaveCertificateIamRoleResult) => void): Request<EC2.Types.AssociateEnclaveCertificateIamRoleResult, AWSError>;
   /**
-   * Associates an AWS Identity and Access Management (IAM) role with an AWS Certificate Manager (ACM) certificate. This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see AWS Certificate Manager for Nitro Enclaves in the AWS Nitro Enclaves User Guide. When the IAM role is associated with the ACM certificate, places the certificate, certificate chain, and encrypted private key in an Amazon S3 bucket that only the associated IAM role can access. The private key of the certificate is encrypted with an AWS-managed KMS customer master (CMK) that has an attached attestation-based CMK policy. To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the AWS KMS CMK, you must grant it permission to call kms:Decrypt on AWS KMS CMK returned by the command. For more information, see  Grant the role permission to access the certificate and encryption key in the AWS Nitro Enclaves User Guide.
+   * Associates an AWS Identity and Access Management (IAM) role with an AWS Certificate Manager (ACM) certificate. This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see AWS Certificate Manager for Nitro Enclaves in the AWS Nitro Enclaves User Guide. When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 bucket that only the associated IAM role can access. The private key of the certificate is encrypted with an AWS-managed KMS customer master (CMK) that has an attached attestation-based CMK policy. To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the AWS KMS CMK, you must grant it permission to call kms:Decrypt on the AWS KMS CMK returned by the command. For more information, see  Grant the role permission to access the certificate and encryption key in the AWS Nitro Enclaves User Guide.
    */
   associateEnclaveCertificateIamRole(callback?: (err: AWSError, data: EC2.Types.AssociateEnclaveCertificateIamRoleResult) => void): Request<EC2.Types.AssociateEnclaveCertificateIamRoleResult, AWSError>;
   /**
@@ -580,6 +580,14 @@ declare class EC2 extends Service {
    * Creates a placement group in which to launch instances. The strategy of the placement group determines how the instances are organized within the group.  A cluster placement group is a logical grouping of instances within a single Availability Zone that benefit from low network latency, high network throughput. A spread placement group places instances on distinct hardware. A partition placement group places groups of instances in different partitions, where instances in one partition do not share the same hardware with instances in another partition. For more information, see Placement groups in the Amazon EC2 User Guide.
    */
   createPlacementGroup(callback?: (err: AWSError, data: EC2.Types.CreatePlacementGroupResult) => void): Request<EC2.Types.CreatePlacementGroupResult, AWSError>;
+  /**
+   * Creates a root volume replacement task for an Amazon EC2 instance. The root volume can either be restored to its initial launch state, or it can be restored using a specific snapshot. For more information, see Replace a root volume in the Amazon Elastic Compute Cloud User Guide.
+   */
+  createReplaceRootVolumeTask(params: EC2.Types.CreateReplaceRootVolumeTaskRequest, callback?: (err: AWSError, data: EC2.Types.CreateReplaceRootVolumeTaskResult) => void): Request<EC2.Types.CreateReplaceRootVolumeTaskResult, AWSError>;
+  /**
+   * Creates a root volume replacement task for an Amazon EC2 instance. The root volume can either be restored to its initial launch state, or it can be restored using a specific snapshot. For more information, see Replace a root volume in the Amazon Elastic Compute Cloud User Guide.
+   */
+  createReplaceRootVolumeTask(callback?: (err: AWSError, data: EC2.Types.CreateReplaceRootVolumeTaskResult) => void): Request<EC2.Types.CreateReplaceRootVolumeTaskResult, AWSError>;
   /**
    * Creates a listing for Amazon EC2 Standard Reserved Instances to be sold in the Reserved Instance Marketplace. You can submit one Standard Reserved Instance listing at a time. To get a list of your Standard Reserved Instances, you can use the DescribeReservedInstances operation.  Only Standard Reserved Instances can be sold in the Reserved Instance Marketplace. Convertible Reserved Instances cannot be sold.  The Reserved Instance Marketplace matches sellers who want to resell Standard Reserved Instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought and sold through the Reserved Instance Marketplace work like any other Reserved Instances. To sell your Standard Reserved Instances, you must first register as a seller in the Reserved Instance Marketplace. After completing the registration process, you can create a Reserved Instance Marketplace listing of some or all of your Standard Reserved Instances, and specify the upfront price to receive for them. Your Standard Reserved Instance listings then become available for purchase. To view the details of your Standard Reserved Instance listing, you can use the DescribeReservedInstancesListings operation. For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide.
    */
@@ -1876,6 +1884,14 @@ declare class EC2 extends Service {
    * Describes the Regions that are enabled for your account, or all Regions. For a list of the Regions supported by Amazon EC2, see  Regions and Endpoints. For information about enabling and disabling Regions for your account, see Managing AWS Regions in the AWS General Reference.
    */
   describeRegions(callback?: (err: AWSError, data: EC2.Types.DescribeRegionsResult) => void): Request<EC2.Types.DescribeRegionsResult, AWSError>;
+  /**
+   * Describes a root volume replacement task. For more information, see Replace a root volume in the Amazon Elastic Compute Cloud User Guide.
+   */
+  describeReplaceRootVolumeTasks(params: EC2.Types.DescribeReplaceRootVolumeTasksRequest, callback?: (err: AWSError, data: EC2.Types.DescribeReplaceRootVolumeTasksResult) => void): Request<EC2.Types.DescribeReplaceRootVolumeTasksResult, AWSError>;
+  /**
+   * Describes a root volume replacement task. For more information, see Replace a root volume in the Amazon Elastic Compute Cloud User Guide.
+   */
+  describeReplaceRootVolumeTasks(callback?: (err: AWSError, data: EC2.Types.DescribeReplaceRootVolumeTasksResult) => void): Request<EC2.Types.DescribeReplaceRootVolumeTasksResult, AWSError>;
   /**
    * Describes one or more of the Reserved Instances that you purchased. For more information about Reserved Instances, see Reserved Instances in the Amazon EC2 User Guide.
    */
@@ -2316,6 +2332,14 @@ declare class EC2 extends Service {
    * Disables fast snapshot restores for the specified snapshots in the specified Availability Zones.
    */
   disableFastSnapshotRestores(callback?: (err: AWSError, data: EC2.Types.DisableFastSnapshotRestoresResult) => void): Request<EC2.Types.DisableFastSnapshotRestoresResult, AWSError>;
+  /**
+   * Disables access to the EC2 serial console of all instances for your account. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.
+   */
+  disableSerialConsoleAccess(params: EC2.Types.DisableSerialConsoleAccessRequest, callback?: (err: AWSError, data: EC2.Types.DisableSerialConsoleAccessResult) => void): Request<EC2.Types.DisableSerialConsoleAccessResult, AWSError>;
+  /**
+   * Disables access to the EC2 serial console of all instances for your account. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.
+   */
+  disableSerialConsoleAccess(callback?: (err: AWSError, data: EC2.Types.DisableSerialConsoleAccessResult) => void): Request<EC2.Types.DisableSerialConsoleAccessResult, AWSError>;
   /**
    * Disables the specified resource attachment from propagating routes to the specified propagation route table.
    */
@@ -2421,11 +2445,11 @@ declare class EC2 extends Service {
    */
   disassociateVpcCidrBlock(callback?: (err: AWSError, data: EC2.Types.DisassociateVpcCidrBlockResult) => void): Request<EC2.Types.DisassociateVpcCidrBlockResult, AWSError>;
   /**
-   * Enables EBS encryption by default for your account in the current Region. After you enable encryption by default, the EBS volumes that you create are are always encrypted, either using the default CMK or the CMK that you specified when you created each volume. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide. You can specify the default CMK for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId. Enabling encryption by default has no effect on the encryption status of your existing volumes. After you enable encryption by default, you can no longer launch instances using instance types that do not support encryption. For more information, see Supported instance types.
+   * Enables EBS encryption by default for your account in the current Region. After you enable encryption by default, the EBS volumes that you create are always encrypted, either using the default CMK or the CMK that you specified when you created each volume. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide. You can specify the default CMK for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId. Enabling encryption by default has no effect on the encryption status of your existing volumes. After you enable encryption by default, you can no longer launch instances using instance types that do not support encryption. For more information, see Supported instance types.
    */
   enableEbsEncryptionByDefault(params: EC2.Types.EnableEbsEncryptionByDefaultRequest, callback?: (err: AWSError, data: EC2.Types.EnableEbsEncryptionByDefaultResult) => void): Request<EC2.Types.EnableEbsEncryptionByDefaultResult, AWSError>;
   /**
-   * Enables EBS encryption by default for your account in the current Region. After you enable encryption by default, the EBS volumes that you create are are always encrypted, either using the default CMK or the CMK that you specified when you created each volume. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide. You can specify the default CMK for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId. Enabling encryption by default has no effect on the encryption status of your existing volumes. After you enable encryption by default, you can no longer launch instances using instance types that do not support encryption. For more information, see Supported instance types.
+   * Enables EBS encryption by default for your account in the current Region. After you enable encryption by default, the EBS volumes that you create are always encrypted, either using the default CMK or the CMK that you specified when you created each volume. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide. You can specify the default CMK for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId. Enabling encryption by default has no effect on the encryption status of your existing volumes. After you enable encryption by default, you can no longer launch instances using instance types that do not support encryption. For more information, see Supported instance types.
    */
   enableEbsEncryptionByDefault(callback?: (err: AWSError, data: EC2.Types.EnableEbsEncryptionByDefaultResult) => void): Request<EC2.Types.EnableEbsEncryptionByDefaultResult, AWSError>;
   /**
@@ -2436,6 +2460,14 @@ declare class EC2 extends Service {
    * Enables fast snapshot restores for the specified snapshots in the specified Availability Zones. You get the full benefit of fast snapshot restores after they enter the enabled state. To get the current state of fast snapshot restores, use DescribeFastSnapshotRestores. To disable fast snapshot restores, use DisableFastSnapshotRestores. For more information, see Amazon EBS fast snapshot restore in the Amazon Elastic Compute Cloud User Guide.
    */
   enableFastSnapshotRestores(callback?: (err: AWSError, data: EC2.Types.EnableFastSnapshotRestoresResult) => void): Request<EC2.Types.EnableFastSnapshotRestoresResult, AWSError>;
+  /**
+   * Enables access to the EC2 serial console of all instances for your account. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.
+   */
+  enableSerialConsoleAccess(params: EC2.Types.EnableSerialConsoleAccessRequest, callback?: (err: AWSError, data: EC2.Types.EnableSerialConsoleAccessResult) => void): Request<EC2.Types.EnableSerialConsoleAccessResult, AWSError>;
+  /**
+   * Enables access to the EC2 serial console of all instances for your account. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.
+   */
+  enableSerialConsoleAccess(callback?: (err: AWSError, data: EC2.Types.EnableSerialConsoleAccessResult) => void): Request<EC2.Types.EnableSerialConsoleAccessResult, AWSError>;
   /**
    * Enables the specified attachment to propagate routes to the specified propagation route table.
    */
@@ -2580,6 +2612,14 @@ declare class EC2 extends Service {
    * Describes whether EBS encryption by default is enabled for your account in the current Region. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.
    */
   getEbsEncryptionByDefault(callback?: (err: AWSError, data: EC2.Types.GetEbsEncryptionByDefaultResult) => void): Request<EC2.Types.GetEbsEncryptionByDefaultResult, AWSError>;
+  /**
+   * Generates a CloudFormation template that streamlines and automates the integration of VPC flow logs with Amazon Athena. This make it easier for you to query and gain insights from VPC flow logs data. Based on the information that you provide, we configure resources in the template to do the following:   Create a table in Athena that maps fields to a custom log format   Create a Lambda function that updates the table with new partitions on a daily, weekly, or monthly basis   Create a table partitioned between two timestamps in the past   Create a set of named queries in Athena that you can use to get started quickly  
+   */
+  getFlowLogsIntegrationTemplate(params: EC2.Types.GetFlowLogsIntegrationTemplateRequest, callback?: (err: AWSError, data: EC2.Types.GetFlowLogsIntegrationTemplateResult) => void): Request<EC2.Types.GetFlowLogsIntegrationTemplateResult, AWSError>;
+  /**
+   * Generates a CloudFormation template that streamlines and automates the integration of VPC flow logs with Amazon Athena. This make it easier for you to query and gain insights from VPC flow logs data. Based on the information that you provide, we configure resources in the template to do the following:   Create a table in Athena that maps fields to a custom log format   Create a Lambda function that updates the table with new partitions on a daily, weekly, or monthly basis   Create a table partitioned between two timestamps in the past   Create a set of named queries in Athena that you can use to get started quickly  
+   */
+  getFlowLogsIntegrationTemplate(callback?: (err: AWSError, data: EC2.Types.GetFlowLogsIntegrationTemplateResult) => void): Request<EC2.Types.GetFlowLogsIntegrationTemplateResult, AWSError>;
   /**
    * Lists the resource groups to which a Capacity Reservation has been added.
    */
@@ -2636,6 +2676,14 @@ declare class EC2 extends Service {
    * Returns a quote and exchange information for exchanging one or more specified Convertible Reserved Instances for a new Convertible Reserved Instance. If the exchange cannot be performed, the reason is returned in the response. Use AcceptReservedInstancesExchangeQuote to perform the exchange.
    */
   getReservedInstancesExchangeQuote(callback?: (err: AWSError, data: EC2.Types.GetReservedInstancesExchangeQuoteResult) => void): Request<EC2.Types.GetReservedInstancesExchangeQuoteResult, AWSError>;
+  /**
+   * Retrieves the access status of your account to the EC2 serial console of all instances. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.
+   */
+  getSerialConsoleAccessStatus(params: EC2.Types.GetSerialConsoleAccessStatusRequest, callback?: (err: AWSError, data: EC2.Types.GetSerialConsoleAccessStatusResult) => void): Request<EC2.Types.GetSerialConsoleAccessStatusResult, AWSError>;
+  /**
+   * Retrieves the access status of your account to the EC2 serial console of all instances. By default, access to the EC2 serial console is disabled for your account. For more information, see Manage account access to the EC2 serial console in the Amazon EC2 User Guide.
+   */
+  getSerialConsoleAccessStatus(callback?: (err: AWSError, data: EC2.Types.GetSerialConsoleAccessStatusResult) => void): Request<EC2.Types.GetSerialConsoleAccessStatusResult, AWSError>;
   /**
    * Lists the route tables to which the specified resource attachment propagates routes.
    */
@@ -4574,14 +4622,14 @@ declare namespace EC2 {
     AssociationState?: RouteTableAssociationState;
   }
   export interface AssociateSubnetCidrBlockRequest {
-    /**
-     * The ID of your subnet.
-     */
-    SubnetId: SubnetId;
     /**
      * The IPv6 CIDR block for your subnet. The subnet must have a /64 prefix length.
      */
     Ipv6CidrBlock: String;
+    /**
+     * The ID of your subnet.
+     */
+    SubnetId: SubnetId;
   }
   export interface AssociateSubnetCidrBlockResult {
     /**
@@ -4720,6 +4768,25 @@ declare namespace EC2 {
     Message?: String;
   }
   export type AssociationStatusCode = "associating"|"associated"|"association-failed"|"disassociating"|"disassociated"|string;
+  export interface AthenaIntegration {
+    /**
+     * The location in Amazon S3 to store the generated CloudFormation template.
+     */
+    IntegrationResultS3DestinationArn: String;
+    /**
+     * The schedule for adding new partitions to the table.
+     */
+    PartitionLoadFrequency: PartitionLoadFrequency;
+    /**
+     * The start date for the partition.
+     */
+    PartitionStartDate?: MillisecondDateTime;
+    /**
+     * The end date for the partition.
+     */
+    PartitionEndDate?: MillisecondDateTime;
+  }
+  export type AthenaIntegrationsSet = AthenaIntegration[];
   export interface AttachClassicLinkVpcRequest {
     /**
      * Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
@@ -7275,6 +7342,34 @@ declare namespace EC2 {
   export interface CreatePlacementGroupResult {
     PlacementGroup?: PlacementGroup;
   }
+  export interface CreateReplaceRootVolumeTaskRequest {
+    /**
+     * The ID of the instance for which to replace the root volume.
+     */
+    InstanceId: InstanceId;
+    /**
+     * The ID of the snapshot from which to restore the replacement root volume. If you want to restore the volume to the initial launch state, omit this parameter.
+     */
+    SnapshotId?: SnapshotId;
+    /**
+     * Unique, case-sensitive identifier you provide to ensure the idempotency of the request. If you do not specify a client token, a randomly generated token is used for the request to ensure idempotency. For more information, see Ensuring Idempotency.
+     */
+    ClientToken?: String;
+    /**
+     * Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
+     */
+    DryRun?: Boolean;
+    /**
+     * The tags to apply to the root volume replacement task.
+     */
+    TagSpecifications?: TagSpecificationList;
+  }
+  export interface CreateReplaceRootVolumeTaskResult {
+    /**
+     * Information about the root volume replacement task.
+     */
+    ReplaceRootVolumeTask?: ReplaceRootVolumeTask;
+  }
   export interface CreateReservedInstancesListingRequest {
     /**
      * Unique, case-sensitive identifier you provide to ensure idempotency of your listings. This helps avoid duplicate listings. For more information, see Ensuring Idempotency.
@@ -7506,6 +7601,10 @@ declare namespace EC2 {
      * The AZ ID or the Local Zone ID of the subnet.
      */
     AvailabilityZoneId?: String;
+    /**
+     * The IPv4 network range for the subnet, in CIDR notation. For example, 10.0.0.0/24. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.
+     */
+    CidrBlock: String;
     /**
      * The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.
      */
@@ -7522,10 +7621,6 @@ declare namespace EC2 {
      * Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
      */
     DryRun?: Boolean;
-    /**
-     * The IPv4 network range for the subnet, in CIDR notation. For example, 10.0.0.0/24. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.
-     */
-    CidrBlock: String;
   }
   export interface CreateSubnetResult {
     /**
@@ -11650,6 +11745,39 @@ declare namespace EC2 {
      */
     Regions?: RegionList;
   }
+  export type DescribeReplaceRootVolumeTasksMaxResults = number;
+  export interface DescribeReplaceRootVolumeTasksRequest {
+    /**
+     * The ID of the root volume replacement task to view.
+     */
+    ReplaceRootVolumeTaskIds?: ReplaceRootVolumeTaskIds;
+    /**
+     * Filter to use:    instance-id - The ID of the instance for which the root volume replacement task was created.  
+     */
+    Filters?: FilterList;
+    /**
+     * The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.
+     */
+    MaxResults?: DescribeReplaceRootVolumeTasksMaxResults;
+    /**
+     * The token for the next page of results.
+     */
+    NextToken?: NextToken;
+    /**
+     * Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
+     */
+    DryRun?: Boolean;
+  }
+  export interface DescribeReplaceRootVolumeTasksResult {
+    /**
+     * Information about the root volume replacement task.
+     */
+    ReplaceRootVolumeTasks?: ReplaceRootVolumeTasks;
+    /**
+     * The token to use to retrieve the next page of results. This value is null when there are no more results to return.
+     */
+    NextToken?: String;
+  }
   export interface DescribeReservedInstancesListingsRequest {
     /**
      * One or more filters.    reserved-instances-id - The ID of the Reserved Instances.    reserved-instances-listing-id - The ID of the Reserved Instances listing.    status - The status of the Reserved Instance listing (pending | active | cancelled | closed).    status-message - The reason for the status.  
@@ -12264,7 +12392,7 @@ declare namespace EC2 {
   export type DescribeSubnetsMaxResults = number;
   export interface DescribeSubnetsRequest {
     /**
-     * One or more filters.    availability-zone - The Availability Zone for the subnet. You can also use availabilityZone as the filter name.    availability-zone-id - The ID of the Availability Zone for the subnet. You can also use availabilityZoneId as the filter name.    available-ip-address-count - The number of IPv4 addresses in the subnet that are available.    cidr-block - The IPv4 CIDR block of the subnet. The CIDR block you specify must exactly match the subnet's CIDR block for information to be returned for the subnet. You can also use cidr or cidrBlock as the filter names.    default-for-az - Indicates whether this is the default subnet for the Availability Zone. You can also use defaultForAz as the filter name.    ipv6-cidr-block-association.ipv6-cidr-block - An IPv6 CIDR block associated with the subnet.    ipv6-cidr-block-association.association-id - An association ID for an IPv6 CIDR block associated with the subnet.    ipv6-cidr-block-association.state - The state of an IPv6 CIDR block associated with the subnet.    owner-id - The ID of the AWS account that owns the subnet.    state - The state of the subnet (pending | available).    subnet-arn - The Amazon Resource Name (ARN) of the subnet.    subnet-id - The ID of the subnet.    tag:&lt;key&gt; - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.    tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.    vpc-id - The ID of the VPC for the subnet.  
+     * One or more filters.    availability-zone - The Availability Zone for the subnet. You can also use availabilityZone as the filter name.    availability-zone-id - The ID of the Availability Zone for the subnet. You can also use availabilityZoneId as the filter name.    available-ip-address-count - The number of IPv4 addresses in the subnet that are available.    cidr-block - The IPv4 CIDR block of the subnet. The CIDR block you specify must exactly match the subnet's CIDR block for information to be returned for the subnet. You can also use cidr or cidrBlock as the filter names.    default-for-az - Indicates whether this is the default subnet for the Availability Zone. You can also use defaultForAz as the filter name.    ipv6-cidr-block-association.ipv6-cidr-block - An IPv6 CIDR block associated with the subnet.    ipv6-cidr-block-association.association-id - An association ID for an IPv6 CIDR block associated with the subnet.    ipv6-cidr-block-association.state - The state of an IPv6 CIDR block associated with the subnet.    outpost-arn - The Amazon Resource Name (ARN) of the Outpost.    owner-id - The ID of the AWS account that owns the subnet.    state - The state of the subnet (pending | available).    subnet-arn - The Amazon Resource Name (ARN) of the subnet.    subnet-id - The ID of the subnet.    tag:&lt;key&gt; - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.    tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.    vpc-id - The ID of the VPC for the subnet.  
      */
     Filters?: FilterList;
     /**
@@ -13415,6 +13543,18 @@ declare namespace EC2 {
      */
     Unsuccessful?: DisableFastSnapshotRestoreErrorSet;
   }
+  export interface DisableSerialConsoleAccessRequest {
+    /**
+     * Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
+     */
+    DryRun?: Boolean;
+  }
+  export interface DisableSerialConsoleAccessResult {
+    /**
+     * If true, access to the EC2 serial console of all instances is enabled for your account. If false, access to the EC2 serial console of all instances is disabled for your account.
+     */
+    SerialConsoleAccessEnabled?: Boolean;
+  }
   export interface DisableTransitGatewayRouteTablePropagationRequest {
     /**
      * The ID of the propagation route table.
@@ -14098,6 +14238,18 @@ declare namespace EC2 {
      */
     Unsuccessful?: EnableFastSnapshotRestoreErrorSet;
   }
+  export interface EnableSerialConsoleAccessRequest {
+    /**
+     * Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
+     */
+    DryRun?: Boolean;
+  }
+  export interface EnableSerialConsoleAccessResult {
+    /**
+     * If true, access to the EC2 serial console of all instances is enabled for your account. If false, access to the EC2 serial console of all instances is disabled for your account.
+     */
+    SerialConsoleAccessEnabled?: Boolean;
+  }
   export interface EnableTransitGatewayRouteTablePropagationRequest {
     /**
      * The ID of the propagation route table.
@@ -15349,6 +15501,30 @@ declare namespace EC2 {
      */
     EbsEncryptionByDefault?: Boolean;
   }
+  export interface GetFlowLogsIntegrationTemplateRequest {
+    /**
+     * Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
+     */
+    DryRun?: Boolean;
+    /**
+     * The ID of the flow log.
+     */
+    FlowLogId: VpcFlowLogId;
+    /**
+     * To store the CloudFormation template in Amazon S3, specify the location in Amazon S3.
+     */
+    ConfigDeliveryS3DestinationArn: String;
+    /**
+     * Information about the service integration.
+     */
+    IntegrateServices: IntegrateServices;
+  }
+  export interface GetFlowLogsIntegrationTemplateResult {
+    /**
+     * The generated CloudFormation template.
+     */
+    Result?: String;
+  }
   export interface GetGroupsForCapacityReservationRequest {
     /**
      * The ID of the Capacity Reservation.
@@ -15559,6 +15735,18 @@ declare namespace EC2 {
      */
     ValidationFailureReason?: String;
   }
+  export interface GetSerialConsoleAccessStatusRequest {
+    /**
+     * Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
+     */
+    DryRun?: Boolean;
+  }
+  export interface GetSerialConsoleAccessStatusResult {
+    /**
+     * If true, access to the EC2 serial console of all instances is enabled for your account. If false, access to the EC2 serial console of all instances is disabled for your account.
+     */
+    SerialConsoleAccessEnabled?: Boolean;
+  }
   export interface GetTransitGatewayAttachmentPropagationsRequest {
     /**
      * The ID of the attachment.
@@ -17723,6 +17911,12 @@ declare namespace EC2 {
   }
   export type InstanceUsageSet = InstanceUsage[];
   export type Integer = number;
+  export interface IntegrateServices {
+    /**
+     * Information about the integration with Amazon Athena.
+     */
+    AthenaIntegrations?: AthenaIntegrationsSet;
+  }
   export type InterfacePermissionType = "INSTANCE-ATTACH"|"EIP-ASSOCIATE"|string;
   export interface InternetGateway {
     /**
@@ -20047,7 +20241,7 @@ declare namespace EC2 {
      */
     VolumeType?: VolumeType;
     /**
-     * The target IOPS rate of the volume. This parameter is valid only for gp3, io1, and io2 volumes. The following are the supported values for each volume type:    gp3: 3,000-16,000 IOPS    io1: 100-64,000 IOPS    io2: 100-64,000 IOPS   Default: If no IOPS value is specified, the existing value is retained.
+     * The target IOPS rate of the volume. This parameter is valid only for gp3, io1, and io2 volumes. The following are the supported values for each volume type:    gp3: 3,000-16,000 IOPS    io1: 100-64,000 IOPS    io2: 100-64,000 IOPS   Default: If no IOPS value is specified, the existing value is retained, unless a volume type is modified that supports different values.
      */
     Iops?: Integer;
     /**
@@ -21112,6 +21306,7 @@ declare namespace EC2 {
   }
   export type OperationType = "add"|"remove"|string;
   export type OwnerStringList = String[];
+  export type PartitionLoadFrequency = "none"|"daily"|"weekly"|"monthly"|string;
   export interface PathComponent {
     /**
      * The sequence number.
@@ -22250,6 +22445,36 @@ declare namespace EC2 {
      */
     RuleNumber: Integer;
   }
+  export interface ReplaceRootVolumeTask {
+    /**
+     * The ID of the root volume replacement task.
+     */
+    ReplaceRootVolumeTaskId?: ReplaceRootVolumeTaskId;
+    /**
+     * The ID of the instance for which the root volume replacement task was created.
+     */
+    InstanceId?: String;
+    /**
+     * The state of the task. The task can be in one of the following states:    pending - the replacement volume is being created.    in-progress - the original volume is being detached and the replacement volume is being attached.    succeeded - the replacement volume has been successfully attached to the instance and the instance is available.    failing - the replacement task is in the process of failing.    failed - the replacement task has failed but the original root volume is still attached.    failing-detached - the replacement task is in the process of failing. The instance might have no root volume attached.    failed-detached - the replacement task has failed and the instance has no root volume attached.  
+     */
+    TaskState?: ReplaceRootVolumeTaskState;
+    /**
+     * The time the task was started.
+     */
+    StartTime?: String;
+    /**
+     * The time the task completed.
+     */
+    CompleteTime?: String;
+    /**
+     * The tags assigned to the task.
+     */
+    Tags?: TagList;
+  }
+  export type ReplaceRootVolumeTaskId = string;
+  export type ReplaceRootVolumeTaskIds = ReplaceRootVolumeTaskId[];
+  export type ReplaceRootVolumeTaskState = "pending"|"in-progress"|"failing"|"succeeded"|"failed"|"failed-detached"|string;
+  export type ReplaceRootVolumeTasks = ReplaceRootVolumeTask[];
   export interface ReplaceRouteRequest {
     /**
      * The IPv4 CIDR address block used for the destination match. The value that you provide must match the CIDR of an existing route in the table.

package/clients/ec2instanceconnect.d.ts

@@ -12,13 +12,21 @@ declare class EC2InstanceConnect extends Service {
   constructor(options?: EC2InstanceConnect.Types.ClientConfiguration)
   config: Config & EC2InstanceConnect.Types.ClientConfiguration;
   /**
-   * Pushes an SSH public key to a particular OS user on a given EC2 instance for 60 seconds.
+   * Pushes an SSH public key to the specified EC2 instance for use by the specified user. The key remains for 60 seconds. For more information, see Connect to your Linux instance using EC2 Instance Connect in the Amazon EC2 User Guide.
    */
   sendSSHPublicKey(params: EC2InstanceConnect.Types.SendSSHPublicKeyRequest, callback?: (err: AWSError, data: EC2InstanceConnect.Types.SendSSHPublicKeyResponse) => void): Request<EC2InstanceConnect.Types.SendSSHPublicKeyResponse, AWSError>;
   /**
-   * Pushes an SSH public key to a particular OS user on a given EC2 instance for 60 seconds.
+   * Pushes an SSH public key to the specified EC2 instance for use by the specified user. The key remains for 60 seconds. For more information, see Connect to your Linux instance using EC2 Instance Connect in the Amazon EC2 User Guide.
    */
   sendSSHPublicKey(callback?: (err: AWSError, data: EC2InstanceConnect.Types.SendSSHPublicKeyResponse) => void): Request<EC2InstanceConnect.Types.SendSSHPublicKeyResponse, AWSError>;
+  /**
+   * Pushes an SSH public key to the specified EC2 instance. The key remains for 60 seconds, which gives you 60 seconds to establish a serial console connection to the instance using SSH. For more information, see EC2 Serial Console in the Amazon EC2 User Guide.
+   */
+  sendSerialConsoleSSHPublicKey(params: EC2InstanceConnect.Types.SendSerialConsoleSSHPublicKeyRequest, callback?: (err: AWSError, data: EC2InstanceConnect.Types.SendSerialConsoleSSHPublicKeyResponse) => void): Request<EC2InstanceConnect.Types.SendSerialConsoleSSHPublicKeyResponse, AWSError>;
+  /**
+   * Pushes an SSH public key to the specified EC2 instance. The key remains for 60 seconds, which gives you 60 seconds to establish a serial console connection to the instance using SSH. For more information, see EC2 Serial Console in the Amazon EC2 User Guide.
+   */
+  sendSerialConsoleSSHPublicKey(callback?: (err: AWSError, data: EC2InstanceConnect.Types.SendSerialConsoleSSHPublicKeyResponse) => void): Request<EC2InstanceConnect.Types.SendSerialConsoleSSHPublicKeyResponse, AWSError>;
 }
 declare namespace EC2InstanceConnect {
   export type AvailabilityZone = string;
@@ -28,32 +36,57 @@ declare namespace EC2InstanceConnect {
   export type SSHPublicKey = string;
   export interface SendSSHPublicKeyRequest {
     /**
-     * The EC2 instance you wish to publish the SSH key to.
+     * The ID of the EC2 instance.
      */
     InstanceId: InstanceId;
     /**
-     * The OS user on the EC2 instance whom the key may be used to authenticate as.
+     * The OS user on the EC2 instance for whom the key can be used to authenticate.
      */
     InstanceOSUser: InstanceOSUser;
     /**
-     * The public key to be published to the instance. To use it after publication you must have the matching private key.
+     * The public key material. To use the public key, you must have the matching private key.
      */
     SSHPublicKey: SSHPublicKey;
     /**
-     * The availability zone the EC2 instance was launched in.
+     * The Availability Zone in which the EC2 instance was launched.
      */
     AvailabilityZone: AvailabilityZone;
   }
   export interface SendSSHPublicKeyResponse {
     /**
-     * The request ID as logged by EC2 Connect. Please provide this when contacting AWS Support.
+     * The ID of the request. Please provide this ID when contacting AWS Support for assistance.
+     */
+    RequestId?: RequestId;
+    /**
+     * Is true if the request succeeds and an error otherwise.
+     */
+    Success?: Success;
+  }
+  export interface SendSerialConsoleSSHPublicKeyRequest {
+    /**
+     * The ID of the EC2 instance.
+     */
+    InstanceId: InstanceId;
+    /**
+     * The serial port of the EC2 instance. Currently only port 0 is supported. Default: 0
+     */
+    SerialPort?: SerialPort;
+    /**
+     * The public key material. To use the public key, you must have the matching private key. For information about the supported key formats and lengths, see Requirements for key pairs in the Amazon EC2 User Guide.
+     */
+    SSHPublicKey: SSHPublicKey;
+  }
+  export interface SendSerialConsoleSSHPublicKeyResponse {
+    /**
+     * The ID of the request. Please provide this ID when contacting AWS Support for assistance.
      */
     RequestId?: RequestId;
     /**
-     * Indicates request success.
+     * Is true if the request succeeds and an error otherwise.
      */
     Success?: Success;
   }
+  export type SerialPort = number;
   export type Success = boolean;
   /**
    * A string in YYYY-MM-DD format that represents the latest possible API version that can be used in this service. Specify 'latest' to use the latest possible version.

package/clients/fms.d.ts

@@ -332,6 +332,7 @@ declare namespace FMS {
      */
     PossibleSecurityGroupRemediationActions?: SecurityGroupRemediationActions;
   }
+  export type BasicInteger = number;
   export type Boolean = boolean;
   export type CIDR = string;
   export interface ComplianceViolator {
@@ -381,6 +382,54 @@ declare namespace FMS {
   export type DetailedInfo = string;
   export interface DisassociateAdminAccountRequest {
   }
+  export interface DnsDuplicateRuleGroupViolation {
+    /**
+     * The ID of the VPC. 
+     */
+    ViolationTarget?: ViolationTarget;
+    /**
+     * A description of the violation that specifies the rule group and VPC.
+     */
+    ViolationTargetDescription?: LengthBoundedString;
+  }
+  export interface DnsRuleGroupLimitExceededViolation {
+    /**
+     * The ID of the VPC. 
+     */
+    ViolationTarget?: ViolationTarget;
+    /**
+     * A description of the violation that specifies the rule group and VPC.
+     */
+    ViolationTargetDescription?: LengthBoundedString;
+    /**
+     * The number of rule groups currently associated with the VPC. 
+     */
+    NumberOfRuleGroupsAlreadyAssociated?: BasicInteger;
+  }
+  export type DnsRuleGroupPriorities = DnsRuleGroupPriority[];
+  export type DnsRuleGroupPriority = number;
+  export interface DnsRuleGroupPriorityConflictViolation {
+    /**
+     * The ID of the VPC. 
+     */
+    ViolationTarget?: ViolationTarget;
+    /**
+     * A description of the violation that specifies the VPC and the rule group that's already associated with it.
+     */
+    ViolationTargetDescription?: LengthBoundedString;
+    /**
+     * The priority setting of the two conflicting rule groups.
+     */
+    ConflictingPriority?: DnsRuleGroupPriority;
+    /**
+     * The ID of the Firewall Manager DNS Firewall policy that was already applied to the VPC. This policy contains the rule group that's already associated with the VPC. 
+     */
+    ConflictingPolicyId?: PolicyId;
+    /**
+     * The priorities of rule groups that are already associated with the VPC. To retry your operation, choose priority settings that aren't in this list for the rule groups in your new DNS Firewall policy. 
+     */
+    UnavailablePriorities?: DnsRuleGroupPriorities;
+  }
   export interface EvaluationResult {
     /**
      * Describes an AWS account's compliance with the AWS Firewall Manager policy.
@@ -1114,6 +1163,18 @@ declare namespace FMS {
      * Violation detail for an Network Firewall policy that indicates that a firewall policy in an individual account has been modified in a way that makes it noncompliant. For example, the individual account owner might have deleted a rule group, changed the priority of a stateless rule group, or changed a policy default action.
      */
     NetworkFirewallPolicyModifiedViolation?: NetworkFirewallPolicyModifiedViolation;
+    /**
+     * Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager tried to associate with a VPC has the same priority as a rule group that's already associated. 
+     */
+    DnsRuleGroupPriorityConflictViolation?: DnsRuleGroupPriorityConflictViolation;
+    /**
+     * Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again. 
+     */
+    DnsDuplicateRuleGroupViolation?: DnsDuplicateRuleGroupViolation;
+    /**
+     * Violation details for a DNS Firewall policy that indicates that the VPC reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed. 
+     */
+    DnsRuleGroupLimitExceededViolation?: DnsRuleGroupLimitExceededViolation;
   }
   export type ResourceViolations = ResourceViolation[];
   export interface SecurityGroupRemediationAction {
@@ -1171,7 +1232,7 @@ declare namespace FMS {
      */
     ManagedServiceData?: ManagedServiceData;
   }
-  export type SecurityServiceType = "WAF"|"WAFV2"|"SHIELD_ADVANCED"|"SECURITY_GROUPS_COMMON"|"SECURITY_GROUPS_CONTENT_AUDIT"|"SECURITY_GROUPS_USAGE_AUDIT"|"NETWORK_FIREWALL"|string;
+  export type SecurityServiceType = "WAF"|"WAFV2"|"SHIELD_ADVANCED"|"SECURITY_GROUPS_COMMON"|"SECURITY_GROUPS_CONTENT_AUDIT"|"SECURITY_GROUPS_USAGE_AUDIT"|"NETWORK_FIREWALL"|"DNS_FIREWALL"|string;
   export interface StatefulRuleGroup {
     /**
      * The name of the rule group.
@@ -1271,7 +1332,7 @@ declare namespace FMS {
      */
     ResourceDescription?: LengthBoundedString;
   }
-  export type ViolationReason = "WEB_ACL_MISSING_RULE_GROUP"|"RESOURCE_MISSING_WEB_ACL"|"RESOURCE_INCORRECT_WEB_ACL"|"RESOURCE_MISSING_SHIELD_PROTECTION"|"RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION"|"RESOURCE_MISSING_SECURITY_GROUP"|"RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP"|"SECURITY_GROUP_UNUSED"|"SECURITY_GROUP_REDUNDANT"|"MISSING_FIREWALL"|"MISSING_FIREWALL_SUBNET_IN_AZ"|"MISSING_EXPECTED_ROUTE_TABLE"|"NETWORK_FIREWALL_POLICY_MODIFIED"|string;
+  export type ViolationReason = "WEB_ACL_MISSING_RULE_GROUP"|"RESOURCE_MISSING_WEB_ACL"|"RESOURCE_INCORRECT_WEB_ACL"|"RESOURCE_MISSING_SHIELD_PROTECTION"|"RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION"|"RESOURCE_MISSING_SECURITY_GROUP"|"RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP"|"SECURITY_GROUP_UNUSED"|"SECURITY_GROUP_REDUNDANT"|"FMS_CREATED_SECURITY_GROUP_EDITED"|"MISSING_FIREWALL"|"MISSING_FIREWALL_SUBNET_IN_AZ"|"MISSING_EXPECTED_ROUTE_TABLE"|"NETWORK_FIREWALL_POLICY_MODIFIED"|"RESOURCE_MISSING_DNS_FIREWALL"|string;
   export type ViolationTarget = string;
   /**
    * A string in YYYY-MM-DD format that represents the latest possible API version that can be used in this service. Specify 'latest' to use the latest possible version.