aws-sdk 2.981.0 → 2.982.0

package/clients/accessanalyzer.d.ts

@@ -28,11 +28,11 @@ declare class AccessAnalyzer extends Service {
    */
   cancelPolicyGeneration(callback?: (err: AWSError, data: AccessAnalyzer.Types.CancelPolicyGenerationResponse) => void): Request<AccessAnalyzer.Types.CancelPolicyGenerationResponse, AWSError>;
   /**
-   * Creates an access preview that allows you to preview Access Analyzer findings for your resource before deploying resource permissions.
+   * Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before deploying resource permissions.
    */
   createAccessPreview(params: AccessAnalyzer.Types.CreateAccessPreviewRequest, callback?: (err: AWSError, data: AccessAnalyzer.Types.CreateAccessPreviewResponse) => void): Request<AccessAnalyzer.Types.CreateAccessPreviewResponse, AWSError>;
   /**
-   * Creates an access preview that allows you to preview Access Analyzer findings for your resource before deploying resource permissions.
+   * Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before deploying resource permissions.
    */
   createAccessPreview(callback?: (err: AWSError, data: AccessAnalyzer.Types.CreateAccessPreviewResponse) => void): Request<AccessAnalyzer.Types.CreateAccessPreviewResponse, AWSError>;
   /**
@@ -44,19 +44,19 @@ declare class AccessAnalyzer extends Service {
    */
   createAnalyzer(callback?: (err: AWSError, data: AccessAnalyzer.Types.CreateAnalyzerResponse) => void): Request<AccessAnalyzer.Types.CreateAnalyzerResponse, AWSError>;
   /**
-   * Creates an archive rule for the specified analyzer. Archive rules automatically archive new findings that meet the criteria you define when you create the rule. To learn about filter keys that you can use to create an archive rule, see Access Analyzer filter keys in the IAM User Guide.
+   * Creates an archive rule for the specified analyzer. Archive rules automatically archive new findings that meet the criteria you define when you create the rule. To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide.
    */
   createArchiveRule(params: AccessAnalyzer.Types.CreateArchiveRuleRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
-   * Creates an archive rule for the specified analyzer. Archive rules automatically archive new findings that meet the criteria you define when you create the rule. To learn about filter keys that you can use to create an archive rule, see Access Analyzer filter keys in the IAM User Guide.
+   * Creates an archive rule for the specified analyzer. Archive rules automatically archive new findings that meet the criteria you define when you create the rule. To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide.
    */
   createArchiveRule(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
-   * Deletes the specified analyzer. When you delete an analyzer, Access Analyzer is disabled for the account or organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action.
+   * Deletes the specified analyzer. When you delete an analyzer, IAM Access Analyzer is disabled for the account or organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action.
    */
   deleteAnalyzer(params: AccessAnalyzer.Types.DeleteAnalyzerRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
-   * Deletes the specified analyzer. When you delete an analyzer, Access Analyzer is disabled for the account or organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action.
+   * Deletes the specified analyzer. When you delete an analyzer, IAM Access Analyzer is disabled for the account or organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action.
    */
   deleteAnalyzer(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
@@ -92,11 +92,11 @@ declare class AccessAnalyzer extends Service {
    */
   getAnalyzer(callback?: (err: AWSError, data: AccessAnalyzer.Types.GetAnalyzerResponse) => void): Request<AccessAnalyzer.Types.GetAnalyzerResponse, AWSError>;
   /**
-   * Retrieves information about an archive rule. To learn about filter keys that you can use to create an archive rule, see Access Analyzer filter keys in the IAM User Guide.
+   * Retrieves information about an archive rule. To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide.
    */
   getArchiveRule(params: AccessAnalyzer.Types.GetArchiveRuleRequest, callback?: (err: AWSError, data: AccessAnalyzer.Types.GetArchiveRuleResponse) => void): Request<AccessAnalyzer.Types.GetArchiveRuleResponse, AWSError>;
   /**
-   * Retrieves information about an archive rule. To learn about filter keys that you can use to create an archive rule, see Access Analyzer filter keys in the IAM User Guide.
+   * Retrieves information about an archive rule. To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide.
    */
   getArchiveRule(callback?: (err: AWSError, data: AccessAnalyzer.Types.GetArchiveRuleResponse) => void): Request<AccessAnalyzer.Types.GetArchiveRuleResponse, AWSError>;
   /**
@@ -156,11 +156,11 @@ declare class AccessAnalyzer extends Service {
    */
   listArchiveRules(callback?: (err: AWSError, data: AccessAnalyzer.Types.ListArchiveRulesResponse) => void): Request<AccessAnalyzer.Types.ListArchiveRulesResponse, AWSError>;
   /**
-   * Retrieves a list of findings generated by the specified analyzer. To learn about filter keys that you can use to retrieve a list of findings, see Access Analyzer filter keys in the IAM User Guide.
+   * Retrieves a list of findings generated by the specified analyzer. To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys in the IAM User Guide.
    */
   listFindings(params: AccessAnalyzer.Types.ListFindingsRequest, callback?: (err: AWSError, data: AccessAnalyzer.Types.ListFindingsResponse) => void): Request<AccessAnalyzer.Types.ListFindingsResponse, AWSError>;
   /**
-   * Retrieves a list of findings generated by the specified analyzer. To learn about filter keys that you can use to retrieve a list of findings, see Access Analyzer filter keys in the IAM User Guide.
+   * Retrieves a list of findings generated by the specified analyzer. To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys in the IAM User Guide.
    */
   listFindings(callback?: (err: AWSError, data: AccessAnalyzer.Types.ListFindingsResponse) => void): Request<AccessAnalyzer.Types.ListFindingsResponse, AWSError>;
   /**
@@ -271,7 +271,7 @@ declare namespace AccessAnalyzer {
      */
     action?: ActionList;
     /**
-     * Provides context on how the access preview finding compares to existing access identified in Access Analyzer.    New - The finding is for newly-introduced access.    Unchanged - The preview finding is an existing finding that would remain unchanged.    Changed - The preview finding is an existing finding with a change in status.   For example, a Changed finding with preview status Resolved and existing status Active indicates the existing Active finding would become Resolved as a result of the proposed permissions change.
+     * Provides context on how the access preview finding compares to existing access identified in IAM Access Analyzer.    New - The finding is for newly-introduced access.    Unchanged - The preview finding is an existing finding that would remain unchanged.    Changed - The preview finding is an existing finding with a change in status.   For example, a Changed finding with preview status Resolved and existing status Active indicates the existing Active finding would become Resolved as a result of the proposed permissions change.
      */
     changeType: FindingChangeType;
     /**
@@ -287,7 +287,7 @@ declare namespace AccessAnalyzer {
      */
     error?: String;
     /**
-     * The existing ID of the finding in Access Analyzer, provided only for existing findings.
+     * The existing ID of the finding in IAM Access Analyzer, provided only for existing findings.
      */
     existingFindingId?: FindingId;
     /**
@@ -311,7 +311,7 @@ declare namespace AccessAnalyzer {
      */
     resource?: String;
     /**
-     * The AWS account ID that owns the resource. For most AWS resources, the owning account is the account in which the resource was created.
+     * The Amazon Web Services account ID that owns the resource. For most Amazon Web Services resources, the owning account is the account in which the resource was created.
      */
     resourceOwnerAccount: String;
     /**
@@ -361,7 +361,7 @@ declare namespace AccessAnalyzer {
   export type AclCanonicalId = string;
   export interface AclGrantee {
     /**
-     * The value specified is the canonical user ID of an AWS account.
+     * The value specified is the canonical user ID of an Amazon Web Services account.
      */
     id?: AclCanonicalId;
     /**
@@ -398,7 +398,7 @@ declare namespace AccessAnalyzer {
      */
     resourceArn: ResourceArn;
     /**
-     * The AWS account ID that owns the resource.
+     * The Amazon Web Services account ID that owns the resource.
      */
     resourceOwnerAccount: String;
     /**
@@ -424,7 +424,7 @@ declare namespace AccessAnalyzer {
      */
     resourceArn: ResourceArn;
     /**
-     * The AWS account ID that owns the resource.
+     * The Amazon Web Services account ID that owns the resource.
      */
     resourceOwnerAccount: String;
     /**
@@ -457,11 +457,11 @@ declare namespace AccessAnalyzer {
      */
     name: Name;
     /**
-     * The status of the analyzer. An Active analyzer successfully monitors supported resources and generates new findings. The analyzer is Disabled when a user action, such as removing trusted access for AWS IAM Access Analyzer from AWS Organizations, causes the analyzer to stop generating new findings. The status is Creating when the analyzer creation is in progress and Failed when the analyzer creation has failed. 
+     * The status of the analyzer. An Active analyzer successfully monitors supported resources and generates new findings. The analyzer is Disabled when a user action, such as removing trusted access for Identity and Access Management Access Analyzer from Organizations, causes the analyzer to stop generating new findings. The status is Creating when the analyzer creation is in progress and Failed when the analyzer creation has failed. 
      */
     status: AnalyzerStatus;
     /**
-     * The statusReason provides more details about the current status of the analyzer. For example, if the creation for the analyzer fails, a Failed status is returned. For an analyzer with organization as the type, this failure can be due to an issue with creating the service-linked roles required in the member accounts of the AWS organization.
+     * The statusReason provides more details about the current status of the analyzer. For example, if the creation for the analyzer fails, a Failed status is returned. For an analyzer with organization as the type, this failure can be due to an issue with creating the service-linked roles required in the member accounts of the Amazon Web Services organization.
      */
     statusReason?: StatusReason;
     /**
@@ -519,15 +519,15 @@ declare namespace AccessAnalyzer {
   export type CloudTrailArn = string;
   export interface CloudTrailDetails {
     /**
-     * The ARN of the service role that Access Analyzer uses to access your CloudTrail trail and service last accessed information.
+     * The ARN of the service role that IAM Access Analyzer uses to access your CloudTrail trail and service last accessed information.
      */
     accessRole: RoleArn;
     /**
-     * The end of the time range for which Access Analyzer reviews your CloudTrail events. Events with a timestamp after this time are not considered to generate a policy. If this is not included in the request, the default value is the current time.
+     * The end of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events with a timestamp after this time are not considered to generate a policy. If this is not included in the request, the default value is the current time.
      */
     endTime?: Timestamp;
     /**
-     * The start of the time range for which Access Analyzer reviews your CloudTrail events. Events with a timestamp before this time are not considered to generate a policy.
+     * The start of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events with a timestamp before this time are not considered to generate a policy.
      */
     startTime: Timestamp;
     /**
@@ -537,11 +537,11 @@ declare namespace AccessAnalyzer {
   }
   export interface CloudTrailProperties {
     /**
-     * The end of the time range for which Access Analyzer reviews your CloudTrail events. Events with a timestamp after this time are not considered to generate a policy. If this is not included in the request, the default value is the current time.
+     * The end of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events with a timestamp after this time are not considered to generate a policy. If this is not included in the request, the default value is the current time.
      */
     endTime: Timestamp;
     /**
-     * The start of the time range for which Access Analyzer reviews your CloudTrail events. Events with a timestamp before this time are not considered to generate a policy.
+     * The start of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events with a timestamp before this time are not considered to generate a policy.
      */
     startTime: Timestamp;
     /**
@@ -568,7 +568,7 @@ declare namespace AccessAnalyzer {
      */
     secretsManagerSecret?: SecretsManagerSecretConfiguration;
     /**
-     * The access control configuration is for an SQS queue. 
+     * The access control configuration is for an Amazon SQS queue. 
      */
     sqsQueue?: SqsQueueConfiguration;
   }
@@ -721,7 +721,7 @@ declare namespace AccessAnalyzer {
      */
     resource?: String;
     /**
-     * The AWS account ID that owns the resource.
+     * The Amazon Web Services account ID that owns the resource.
      */
     resourceOwnerAccount: String;
     /**
@@ -756,7 +756,7 @@ declare namespace AccessAnalyzer {
   }
   export interface FindingSourceDetail {
     /**
-     * The ARN of the access point that generated the finding.
+     * The ARN of the access point that generated the finding. The ARN format depends on whether the ARN represents an access point or a multi-region access point.
      */
     accessPointArn?: String;
   }
@@ -802,7 +802,7 @@ declare namespace AccessAnalyzer {
      */
     resource?: String;
     /**
-     * The AWS account ID that owns the resource.
+     * The Amazon Web Services account ID that owns the resource.
      */
     resourceOwnerAccount: String;
     /**
@@ -836,7 +836,7 @@ declare namespace AccessAnalyzer {
      */
     cloudTrailProperties?: CloudTrailProperties;
     /**
-     * This value is set to true if the generated policy contains all possible actions for a service that Access Analyzer identified from the CloudTrail trail that you specified, and false otherwise.
+     * This value is set to true if the generated policy contains all possible actions for a service that IAM Access Analyzer identified from the CloudTrail trail that you specified, and false otherwise.
      */
     isComplete?: Boolean;
     /**
@@ -882,7 +882,7 @@ declare namespace AccessAnalyzer {
   }
   export interface GetAnalyzedResourceResponse {
     /**
-     * An AnalyzedResource object that contains information that Access Analyzer found when it analyzed the resource.
+     * An AnalyzedResource object that contains information that IAM Access Analyzer found when it analyzed the resource.
      */
     resource?: AnalyzedResource;
   }
@@ -933,7 +933,7 @@ declare namespace AccessAnalyzer {
      */
     includeResourcePlaceholders?: Boolean;
     /**
-     * The level of detail that you want to generate. You can specify whether to generate service-level policies.  Access Analyzer uses iam:servicelastaccessed to identify services that have been used recently to create this service-level template.
+     * The level of detail that you want to generate. You can specify whether to generate service-level policies.  IAM Access Analyzer uses iam:servicelastaccessed to identify services that have been used recently to create this service-level template.
      */
     includeServiceLevelTemplate?: Boolean;
     /**
@@ -980,6 +980,9 @@ declare namespace AccessAnalyzer {
      * A timestamp of when the job was completed.
      */
     completedOn?: Timestamp;
+    /**
+     * The job error for the policy generation request.
+     */
     jobError?: JobError;
     /**
      * The JobId that is returned by the StartPolicyGeneration operation. The JobId can be used with GetGeneratedPolicy to retrieve the generated policies or used with CancelPolicyGeneration to cancel the policy generation request.
@@ -1020,7 +1023,7 @@ declare namespace AccessAnalyzer {
      */
     granteePrincipal: GranteePrincipal;
     /**
-     *  The AWS account under which the grant was issued. The account is used to propose KMS grants issued by accounts other than the owner of the key.
+     *  The Amazon Web Services account under which the grant was issued. The account is used to propose KMS grants issued by accounts other than the owner of the key.
      */
     issuingAccount: IssuingAccount;
     /**
@@ -1274,7 +1277,7 @@ declare namespace AccessAnalyzer {
   export type Name = string;
   export interface NetworkOriginConfiguration {
     /**
-     * The configuration for the Amazon S3 access point with an Internet origin.
+     * The configuration for the Amazon S3 access point or multi-region access point with an Internet origin.
      */
     internetConfiguration?: InternetConfiguration;
     vpcConfiguration?: VpcConfiguration;
@@ -1355,15 +1358,15 @@ declare namespace AccessAnalyzer {
   export type RoleArn = string;
   export interface S3AccessPointConfiguration {
     /**
-     * The access point policy.
+     * The access point or multi-region access point policy.
      */
     accessPointPolicy?: AccessPointPolicy;
     /**
-     * The proposed Internet and VpcConfiguration to apply to this Amazon S3 access point. If the access preview is for a new resource and neither is specified, the access preview uses Internet for the network origin. If the access preview is for an existing resource and neither is specified, the access preview uses the exiting network origin.
+     * The proposed Internet and VpcConfiguration to apply to this Amazon S3 access point. VpcConfiguration does not apply to multi-region access points. If the access preview is for a new resource and neither is specified, the access preview uses Internet for the network origin. If the access preview is for an existing resource and neither is specified, the access preview uses the exiting network origin.
      */
     networkOrigin?: NetworkOriginConfiguration;
     /**
-     * The proposed S3PublicAccessBlock configuration to apply to this Amazon S3 Access Point.
+     * The proposed S3PublicAccessBlock configuration to apply to this Amazon S3 access point or multi-region access point.
      */
     publicAccessBlock?: S3PublicAccessBlockConfiguration;
   }
@@ -1381,7 +1384,7 @@ declare namespace AccessAnalyzer {
   export type S3BucketAclGrantConfigurationsList = S3BucketAclGrantConfiguration[];
   export interface S3BucketConfiguration {
     /**
-     * The configuration of Amazon S3 access points for the bucket.
+     * The configuration of Amazon S3 access points or multi-region access points for the bucket. You can propose up to 10 new access points per bucket.
      */
     accessPoints?: S3AccessPointConfigurationsMap;
     /**
@@ -1410,7 +1413,7 @@ declare namespace AccessAnalyzer {
   }
   export interface SecretsManagerSecretConfiguration {
     /**
-     * The proposed ARN, key ID, or alias of the AWS KMS customer master key (CMK).
+     * The proposed ARN, key ID, or alias of the KMS customer master key (CMK).
      */
     kmsKeyId?: SecretsManagerSecretKmsId;
     /**
@@ -1443,14 +1446,14 @@ declare namespace AccessAnalyzer {
   }
   export interface SqsQueueConfiguration {
     /**
-     *  The proposed resource policy for the SQS queue. 
+     *  The proposed resource policy for the Amazon SQS queue. 
      */
     queuePolicy?: SqsQueuePolicy;
   }
   export type SqsQueuePolicy = string;
   export interface StartPolicyGenerationRequest {
     /**
-     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, the subsequent retries with the same client token return the result from the original successful request and they have no additional effect. If you do not specify a client token, one is automatically generated by the AWS SDK.
+     * A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, the subsequent retries with the same client token return the result from the original successful request and they have no additional effect. If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
      */
     clientToken?: String;
     /**
@@ -1513,7 +1516,7 @@ declare namespace AccessAnalyzer {
   export type Token = string;
   export interface Trail {
     /**
-     * Possible values are true or false. If set to true, Access Analyzer retrieves CloudTrail data from all regions to analyze and generate a policy.
+     * Possible values are true or false. If set to true, IAM Access Analyzer retrieves CloudTrail data from all regions to analyze and generate a policy.
      */
     allRegions?: Boolean;
     /**
@@ -1528,7 +1531,7 @@ declare namespace AccessAnalyzer {
   export type TrailList = Trail[];
   export interface TrailProperties {
     /**
-     * Possible values are true or false. If set to true, Access Analyzer retrieves CloudTrail data from all regions to analyze and generate a policy.
+     * Possible values are true or false. If set to true, IAM Access Analyzer retrieves CloudTrail data from all regions to analyze and generate a policy.
      */
     allRegions?: Boolean;
     /**
@@ -1636,13 +1639,13 @@ declare namespace AccessAnalyzer {
      */
     policyDocument: PolicyDocument;
     /**
-     * The type of policy to validate. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups. They also include service-control policies (SCPs) that are attached to an AWS organization, organizational unit (OU), or an account. Resource policies grant permissions on AWS resources. Resource policies include trust policies for IAM roles and bucket policies for S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or S3 bucket policy. 
+     * The type of policy to validate. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups. They also include service-control policies (SCPs) that are attached to an Amazon Web Services organization, organizational unit (OU), or an account. Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or Amazon S3 bucket policy. 
      */
     policyType: PolicyType;
   }
   export interface ValidatePolicyResponse {
     /**
-     * The list of findings in a policy returned by Access Analyzer based on its suite of policy checks.
+     * The list of findings in a policy returned by IAM Access Analyzer based on its suite of policy checks.
      */
     findings: ValidatePolicyFindingList;
     /**

package/clients/acmpca.d.ts

@@ -13,11 +13,11 @@ declare class ACMPCA extends Service {
   constructor(options?: ACMPCA.Types.ClientConfiguration)
   config: Config & ACMPCA.Types.ClientConfiguration;
   /**
-   * Creates a root or subordinate private certificate authority (CA). You must specify the CA configuration, the certificate revocation list (CRL) configuration, the CA type, and an optional idempotency token to avoid accidental creation of multiple CAs. The CA configuration specifies the name of the algorithm and key size to be used to create the CA private key, the type of signing algorithm that the CA uses, and X.500 subject information. The CRL configuration specifies the CRL expiration period in days (the validity period of the CRL), the Amazon S3 bucket that will contain the CRL, and a CNAME alias for the S3 bucket that is included in certificates issued by the CA. If successful, this action returns the Amazon Resource Name (ARN) of the CA. ACM Private CA assets that are stored in Amazon S3 can be protected with encryption. For more information, see Encrypting Your CRLs.  Both PCA and the IAM principal must have permission to write to the S3 bucket that you specify. If the IAM principal making the call does not have permission to write to the bucket, then an exception is thrown. For more information, see Configure Access to ACM Private CA. 
+   * Creates a root or subordinate private certificate authority (CA). You must specify the CA configuration, an optional configuration for Online Certificate Status Protocol (OCSP) and/or a certificate revocation list (CRL), the CA type, and an optional idempotency token to avoid accidental creation of multiple CAs. The CA configuration specifies the name of the algorithm and key size to be used to create the CA private key, the type of signing algorithm that the CA uses, and X.500 subject information. The OCSP configuration can optionally specify a custom URL for the OCSP responder. The CRL configuration specifies the CRL expiration period in days (the validity period of the CRL), the Amazon S3 bucket that will contain the CRL, and a CNAME alias for the S3 bucket that is included in certificates issued by the CA. If successful, this action returns the Amazon Resource Name (ARN) of the CA. ACM Private CA assets that are stored in Amazon S3 can be protected with encryption. For more information, see Encrypting Your CRLs.  Both PCA and the IAM principal must have permission to write to the S3 bucket that you specify. If the IAM principal making the call does not have permission to write to the bucket, then an exception is thrown. For more information, see Configure Access to ACM Private CA. 
    */
   createCertificateAuthority(params: ACMPCA.Types.CreateCertificateAuthorityRequest, callback?: (err: AWSError, data: ACMPCA.Types.CreateCertificateAuthorityResponse) => void): Request<ACMPCA.Types.CreateCertificateAuthorityResponse, AWSError>;
   /**
-   * Creates a root or subordinate private certificate authority (CA). You must specify the CA configuration, the certificate revocation list (CRL) configuration, the CA type, and an optional idempotency token to avoid accidental creation of multiple CAs. The CA configuration specifies the name of the algorithm and key size to be used to create the CA private key, the type of signing algorithm that the CA uses, and X.500 subject information. The CRL configuration specifies the CRL expiration period in days (the validity period of the CRL), the Amazon S3 bucket that will contain the CRL, and a CNAME alias for the S3 bucket that is included in certificates issued by the CA. If successful, this action returns the Amazon Resource Name (ARN) of the CA. ACM Private CA assets that are stored in Amazon S3 can be protected with encryption. For more information, see Encrypting Your CRLs.  Both PCA and the IAM principal must have permission to write to the S3 bucket that you specify. If the IAM principal making the call does not have permission to write to the bucket, then an exception is thrown. For more information, see Configure Access to ACM Private CA. 
+   * Creates a root or subordinate private certificate authority (CA). You must specify the CA configuration, an optional configuration for Online Certificate Status Protocol (OCSP) and/or a certificate revocation list (CRL), the CA type, and an optional idempotency token to avoid accidental creation of multiple CAs. The CA configuration specifies the name of the algorithm and key size to be used to create the CA private key, the type of signing algorithm that the CA uses, and X.500 subject information. The OCSP configuration can optionally specify a custom URL for the OCSP responder. The CRL configuration specifies the CRL expiration period in days (the validity period of the CRL), the Amazon S3 bucket that will contain the CRL, and a CNAME alias for the S3 bucket that is included in certificates issued by the CA. If successful, this action returns the Amazon Resource Name (ARN) of the CA. ACM Private CA assets that are stored in Amazon S3 can be protected with encryption. For more information, see Encrypting Your CRLs.  Both PCA and the IAM principal must have permission to write to the S3 bucket that you specify. If the IAM principal making the call does not have permission to write to the bucket, then an exception is thrown. For more information, see Configure Access to ACM Private CA. 
    */
   createCertificateAuthority(callback?: (err: AWSError, data: ACMPCA.Types.CreateCertificateAuthorityResponse) => void): Request<ACMPCA.Types.CreateCertificateAuthorityResponse, AWSError>;
   /**
@@ -366,7 +366,7 @@ declare namespace ACMPCA {
      */
     CertificateAuthorityConfiguration?: CertificateAuthorityConfiguration;
     /**
-     * Information about the certificate revocation list (CRL) created and maintained by your private CA. 
+     * Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA. 
      */
     RevocationConfiguration?: RevocationConfiguration;
     /**
@@ -434,7 +434,7 @@ declare namespace ACMPCA {
      */
     CertificateAuthorityConfiguration: CertificateAuthorityConfiguration;
     /**
-     * Contains a Boolean value that you can use to enable a certification revocation list (CRL) for the CA, the name of the S3 bucket to which ACM Private CA will write the CRL, and an optional CNAME alias that you can use to hide the name of your bucket in the CRL Distribution Points extension of your CA certificate. For more information, see the CrlConfiguration structure. 
+     * Contains information to enable Online Certificate Status Protocol (OCSP) support, to enable a certificate revocation list (CRL), to enable both, or to enable neither. The default is for both certificate validation mechanisms to be disabled. For more information, see the OcspConfiguration and CrlConfiguration types.
      */
     RevocationConfiguration?: RevocationConfiguration;
     /**
@@ -492,7 +492,7 @@ declare namespace ACMPCA {
      */
     CustomCname?: String253;
     /**
-     * Name of the S3 bucket that contains the CRL. If you do not provide a value for the CustomCname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You can change the name of your bucket by calling the UpdateCertificateAuthority action. You must specify a bucket policy that allows ACM Private CA to write the CRL to your bucket.
+     * Name of the S3 bucket that contains the CRL. If you do not provide a value for the CustomCname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You can change the name of your bucket by calling the UpdateCertificateAuthority operation. You must specify a bucket policy that allows ACM Private CA to write the CRL to your bucket.
      */
     S3BucketName?: String3To255;
     /**
@@ -883,6 +883,16 @@ declare namespace ACMPCA {
   }
   export type MaxResults = number;
   export type NextToken = string;
+  export interface OcspConfiguration {
+    /**
+     * Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating certificate revocation status.
+     */
+    Enabled: Boolean;
+    /**
+     * By default, ACM Private CA injects an AWS domain into certificates being validated by the Online Certificate Status Protocol (OCSP). A customer can alternatively use this object to define a CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://". For more information, see Customizing Online Certificate Status Protocol (OCSP)  in the AWS Certificate Manager Private Certificate Authority (PCA) User Guide.
+     */
+    OcspCustomCname?: String253;
+  }
   export interface OtherName {
     /**
      * Specifies an OID. 
@@ -970,9 +980,13 @@ declare namespace ACMPCA {
   }
   export interface RevocationConfiguration {
     /**
-     * Configuration of the certificate revocation list (CRL), if any, maintained by your private CA.
+     * Configuration of the certificate revocation list (CRL), if any, maintained by your private CA. A CRL is typically updated approximately 30 minutes after a certificate is revoked. If for any reason a CRL update fails, ACM Private CA makes further attempts every 15 minutes.
      */
     CrlConfiguration?: CrlConfiguration;
+    /**
+     * Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by your private CA. When you revoke a certificate, OCSP responses may take up to 60 minutes to reflect the new status.
+     */
+    OcspConfiguration?: OcspConfiguration;
   }
   export type RevocationReason = "UNSPECIFIED"|"KEY_COMPROMISE"|"CERTIFICATE_AUTHORITY_COMPROMISE"|"AFFILIATION_CHANGED"|"SUPERSEDED"|"CESSATION_OF_OPERATION"|"PRIVILEGE_WITHDRAWN"|"A_A_COMPROMISE"|string;
   export interface RevokeCertificateRequest {
@@ -1044,7 +1058,7 @@ declare namespace ACMPCA {
      */
     CertificateAuthorityArn: Arn;
     /**
-     * Revocation information for your private CA.
+     * Contains information to enable Online Certificate Status Protocol (OCSP) support, to enable a certificate revocation list (CRL), to enable both, or to enable neither. If this parameter is not supplied, existing capibilites remain unchanged. For more information, see the OcspConfiguration and CrlConfiguration types.
      */
     RevocationConfiguration?: RevocationConfiguration;
     /**

package/clients/ebs.d.ts

@@ -292,7 +292,7 @@ declare namespace EBS {
   export type SnapshotId = string;
   export interface StartSnapshotRequest {
     /**
-     * The size of the volume, in GiB. The maximum size is 16384 GiB (16 TiB).
+     * The size of the volume, in GiB. The maximum size is 65536 GiB (64 TiB).
      */
     VolumeSize: VolumeSize;
     /**