aws-sdk 2.996.0 → 2.1000.0

package/clients/ssm.d.ts

@@ -1230,7 +1230,7 @@ declare namespace SSM {
      */
     DocumentVersion?: DocumentVersion;
     /**
-     * The instances targeted by the request to create an association. 
+     * The instances targeted by the request to create an association. You can target all instances in an Amazon Web Services account by specifying the InstanceIds key with a value of *.
      */
     Targets?: Targets;
     /**
@@ -2495,7 +2495,7 @@ declare namespace SSM {
      */
     Parameters?: Parameters;
     /**
-     * The targets for the association. You can target instances by using tags, Amazon Web Services resource groups, all instances in an Amazon Web Services account, or individual instance IDs. For more information about choosing targets for an association, see Using targets and rate controls with State Manager associations in the Amazon Web Services Systems Manager User Guide.
+     * The targets for the association. You can target instances by using tags, Amazon Web Services resource groups, all instances in an Amazon Web Services account, or individual instance IDs. You can target all instances in an Amazon Web Services account by specifying the InstanceIds key with a value of *. For more information about choosing targets for an association, see Using targets and rate controls with State Manager associations in the Amazon Web Services Systems Manager User Guide.
      */
     Targets?: Targets;
     /**
@@ -8380,7 +8380,7 @@ declare namespace SSM {
   export type S3KeyPrefix = string;
   export interface S3OutputLocation {
     /**
-     * (Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the Region of the S3 bucket.
+     * The Amazon Web Services Region of the S3 bucket.
      */
     OutputS3Region?: S3Region;
     /**
@@ -8732,6 +8732,10 @@ declare namespace SSM {
      * The user-provided idempotency token. The token must be unique, is case insensitive, enforces the UUID format, and can't be reused.
      */
     ClientToken?: IdempotencyToken;
+    /**
+     * Indicates whether the change request can be approved automatically without the need for manual approvals. If AutoApprovable is enabled in a change template, then setting AutoApprove to true in StartChangeRequestExecution creates a change request that bypasses approver review.  Change Calendar restrictions are not bypassed in this scenario. If the state of an associated calendar is CLOSED, change freeze approvers must still grant permission for this change request to run. If they don't, the change won't be processed until the calendar state is again OPEN.  
+     */
+    AutoApprove?: Boolean;
     /**
      * Information about the Automation runbooks that are run during the runbook workflow.  The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received. 
      */

package/clients/synthetics.d.ts

@@ -117,6 +117,18 @@ declare class Synthetics extends Service {
   updateCanary(callback?: (err: AWSError, data: Synthetics.Types.UpdateCanaryResponse) => void): Request<Synthetics.Types.UpdateCanaryResponse, AWSError>;
 }
 declare namespace Synthetics {
+  export interface ArtifactConfigInput {
+    /**
+     * A structure that contains the configuration of the encryption-at-rest settings for artifacts that the canary uploads to Amazon S3. Artifact encryption functionality is available only for canaries that use Synthetics runtime version syn-nodejs-puppeteer-3.3 or later. For more information, see Encrypting canary artifacts 
+     */
+    S3Encryption?: S3EncryptionConfig;
+  }
+  export interface ArtifactConfigOutput {
+    /**
+     * A structure that contains the configuration of encryption settings for canary artifacts that are stored in Amazon S3. 
+     */
+    S3Encryption?: S3EncryptionConfig;
+  }
   export interface BaseScreenshot {
     /**
      * The name of the screenshot. This is generated the first time the canary is run after the UpdateCanary operation that specified for this canary to perform visual monitoring.
@@ -189,6 +201,10 @@ declare namespace Synthetics {
      * The list of key-value pairs that are associated with the canary.
      */
     Tags?: TagMap;
+    /**
+     * A structure that contains the configuration for canary artifacts, including the encryption-at-rest settings for artifacts that the canary uploads to Amazon S3.
+     */
+    ArtifactConfig?: ArtifactConfigOutput;
   }
   export type CanaryArn = string;
   export interface CanaryCodeInput {
@@ -414,6 +430,10 @@ declare namespace Synthetics {
      * A list of key-value pairs to associate with the canary. You can associate as many as 50 tags with a canary. Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only the resources that have certain tag values.
      */
     Tags?: TagMap;
+    /**
+     * A structure that contains the configuration for canary artifacts, including the encryption-at-rest settings for artifacts that the canary uploads to Amazon S3.
+     */
+    ArtifactConfig?: ArtifactConfigInput;
   }
   export interface CreateCanaryResponse {
     /**
@@ -489,6 +509,7 @@ declare namespace Synthetics {
      */
     NextToken?: Token;
   }
+  export type EncryptionMode = "SSE_S3"|"SSE_KMS"|string;
   export type EnvironmentVariableName = string;
   export type EnvironmentVariableValue = string;
   export type EnvironmentVariablesMap = {[key: string]: EnvironmentVariableValue};
@@ -529,6 +550,7 @@ declare namespace Synthetics {
      */
     NextToken?: Token;
   }
+  export type KmsKeyArn = string;
   export interface ListTagsForResourceRequest {
     /**
      * The ARN of the canary that you want to view tags for. The ARN format of a canary is arn:aws:synthetics:Region:account-id:canary:canary-name .
@@ -568,6 +590,16 @@ declare namespace Synthetics {
     DeprecationDate?: Timestamp;
   }
   export type RuntimeVersionList = RuntimeVersion[];
+  export interface S3EncryptionConfig {
+    /**
+     *  The encryption method to use for artifacts created by this canary. Specify SSE_S3 to use server-side encryption (SSE) with an Amazon S3-managed key. Specify SSE-KMS to use server-side encryption with a customer-managed KMS key. If you omit this parameter, an Amazon Web Services-managed KMS key is used. 
+     */
+    EncryptionMode?: EncryptionMode;
+    /**
+     * The ARN of the customer-managed KMS key to use, if you specify SSE-KMS for EncryptionMode 
+     */
+    KmsKeyArn?: KmsKeyArn;
+  }
   export type SecurityGroupId = string;
   export type SecurityGroupIds = SecurityGroupId[];
   export interface StartCanaryRequest {
@@ -661,6 +693,14 @@ declare namespace Synthetics {
      * Defines the screenshots to use as the baseline for comparisons during visual monitoring comparisons during future runs of this canary. If you omit this parameter, no changes are made to any baseline screenshots that the canary might be using already. Visual monitoring is supported only on canaries running the syn-puppeteer-node-3.2 runtime or later. For more information, see  Visual monitoring and  Visual monitoring blueprint 
      */
     VisualReference?: VisualReferenceInput;
+    /**
+     * The location in Amazon S3 where Synthetics stores artifacts from the test runs of this canary. Artifacts include the log file, screenshots, and HAR files. The name of the S3 bucket can't include a period (.).
+     */
+    ArtifactS3Location?: String;
+    /**
+     * A structure that contains the configuration for canary artifacts, including the encryption-at-rest settings for artifacts that the canary uploads to Amazon S3.
+     */
+    ArtifactConfig?: ArtifactConfigInput;
   }
   export interface UpdateCanaryResponse {
   }

package/clients/transfer.d.ts

@@ -295,7 +295,7 @@ declare namespace Transfer {
      */
     HomeDirectoryType?: HomeDirectoryType;
     /**
-     * Logical directory mappings that specify what Amazon S3 or Amazon EFS paths and keys should be visible to your user and how you want to make them visible. You must specify the Entry and Target pair, where Entry shows how the path is made visible and Target is the actual Amazon S3 or Amazon EFS path. If you only specify a target, it is displayed as is. You also must ensure that your Amazon Web Services Identity and Access Management (IAM) role provides access to paths in Target. This value can only be set when HomeDirectoryType is set to LOGICAL. The following is an Entry and Target pair example.  [ { "Entry": "your-personal-report.pdf", "Target": "/bucket3/customized-reports/${transfer:UserName}.pdf" } ]  In most cases, you can use this value instead of the session policy to lock down your user to the designated home directory ("chroot"). To do this, you can set Entry to / and set Target to the HomeDirectory parameter value. The following is an Entry and Target pair example for chroot.  [ { "Entry:": "/", "Target": "/bucket_name/home/mydirectory" } ]   If the target of a logical directory entry does not exist in Amazon S3 or EFS, the entry is ignored. As a workaround, you can use the Amazon S3 API or EFS API to create 0 byte objects as place holders for your directory. If using the CLI, use the s3api or efsapi call instead of s3 or efs so you can use the put-object operation. For example, you use the following: aws s3api put-object --bucket bucketname --key path/to/folder/. Make sure that the end of the key name ends in a / for it to be considered a folder. 
+     * Logical directory mappings that specify what Amazon S3 or Amazon EFS paths and keys should be visible to your user and how you want to make them visible. You must specify the Entry and Target pair, where Entry shows how the path is made visible and Target is the actual Amazon S3 or Amazon EFS path. If you only specify a target, it is displayed as is. You also must ensure that your Amazon Web Services Identity and Access Management (IAM) role provides access to paths in Target. This value can only be set when HomeDirectoryType is set to LOGICAL. The following is an Entry and Target pair example.  [ { "Entry": "/directory1", "Target": "/bucket_name/home/mydirectory" } ]  In most cases, you can use this value instead of the session policy to lock down your user to the designated home directory ("chroot"). To do this, you can set Entry to / and set Target to the HomeDirectory parameter value. The following is an Entry and Target pair example for chroot.  [ { "Entry:": "/", "Target": "/bucket_name/home/mydirectory" } ]   If the target of a logical directory entry does not exist in Amazon S3 or EFS, the entry is ignored. As a workaround, you can use the Amazon S3 API or EFS API to create 0 byte objects as place holders for your directory. If using the CLI, use the s3api or efsapi call instead of s3 or efs so you can use the put-object operation. For example, you use the following: aws s3api put-object --bucket bucketname --key path/to/folder/. Make sure that the end of the key name ends in a / for it to be considered a folder. 
      */
     HomeDirectoryMappings?: HomeDirectoryMappings;
     /**
@@ -392,7 +392,7 @@ declare namespace Transfer {
      */
     HomeDirectoryType?: HomeDirectoryType;
     /**
-     * Logical directory mappings that specify what Amazon S3 or Amazon EFS paths and keys should be visible to your user and how you want to make them visible. You must specify the Entry and Target pair, where Entry shows how the path is made visible and Target is the actual Amazon S3 or Amazon EFS path. If you only specify a target, it is displayed as is. You also must ensure that your Amazon Web Services Identity and Access Management (IAM) role provides access to paths in Target. This value can only be set when HomeDirectoryType is set to LOGICAL. The following is an Entry and Target pair example.  [ { "Entry": "your-personal-report.pdf", "Target": "/bucket3/customized-reports/${transfer:UserName}.pdf" } ]  In most cases, you can use this value instead of the session policy to lock your user down to the designated home directory ("chroot"). To do this, you can set Entry to / and set Target to the HomeDirectory parameter value. The following is an Entry and Target pair example for chroot.  [ { "Entry:": "/", "Target": "/bucket_name/home/mydirectory" } ]   If the target of a logical directory entry does not exist in Amazon S3 or EFS, the entry is ignored. As a workaround, you can use the Amazon S3 API or EFS API to create 0 byte objects as place holders for your directory. If using the CLI, use the s3api or efsapi call instead of s3 or efs so you can use the put-object operation. For example, you use the following: aws s3api put-object --bucket bucketname --key path/to/folder/. Make sure that the end of the key name ends in a / for it to be considered a folder. 
+     * Logical directory mappings that specify what Amazon S3 or Amazon EFS paths and keys should be visible to your user and how you want to make them visible. You must specify the Entry and Target pair, where Entry shows how the path is made visible and Target is the actual Amazon S3 or Amazon EFS path. If you only specify a target, it is displayed as is. You also must ensure that your Amazon Web Services Identity and Access Management (IAM) role provides access to paths in Target. This value can only be set when HomeDirectoryType is set to LOGICAL. The following is an Entry and Target pair example.  [ { "Entry": "/directory1", "Target": "/bucket_name/home/mydirectory" } ]  In most cases, you can use this value instead of the session policy to lock your user down to the designated home directory ("chroot"). To do this, you can set Entry to / and set Target to the HomeDirectory parameter value. The following is an Entry and Target pair example for chroot.  [ { "Entry:": "/", "Target": "/bucket_name/home/mydirectory" } ]   If the target of a logical directory entry does not exist in Amazon S3 or EFS, the entry is ignored. As a workaround, you can use the Amazon S3 API or EFS API to create 0 byte objects as place holders for your directory. If using the CLI, use the s3api or efsapi call instead of s3 or efs so you can use the put-object operation. For example, you use the following: aws s3api put-object --bucket bucketname --key path/to/folder/. Make sure that the end of the key name ends in a / for it to be considered a folder. 
      */
     HomeDirectoryMappings?: HomeDirectoryMappings;
     /**
@@ -440,11 +440,11 @@ declare namespace Transfer {
      */
     Description?: WorkflowDescription;
     /**
-     * Specifies the details for the steps that are in the specified workflow.  The TYPE specifies which of the following actions is being taken for this step.     Copy: copy the file to another location    Custom: custom step with a lambda target    Delete: delete the file    Tag: add a tag to the file    For file location, you specify either the S3 bucket and key, or the EFS filesystem ID and path. 
+     * Specifies the details for the steps that are in the specified workflow.  The TYPE specifies which of the following actions is being taken for this step.     Copy: copy the file to another location    Custom: custom step with a lambda target    Delete: delete the file    Tag: add a tag to the file     Currently, copying and tagging are supported only on S3.    For file location, you specify either the S3 bucket and key, or the EFS filesystem ID and path. 
      */
     Steps: WorkflowSteps;
     /**
-     * Specifies the steps (actions) to take if any errors are encountered during execution of the workflow.
+     * Specifies the steps (actions) to take if errors are encountered during execution of the workflow.  For custom steps, the lambda function needs to send FAILURE to the call back API to kick off the exception steps. Additionally, if the lambda does not send SUCCESS before it times out, the exception steps are executed. 
      */
     OnExceptionSteps?: WorkflowSteps;
     /**
@@ -834,7 +834,7 @@ declare namespace Transfer {
      */
     Steps?: WorkflowSteps;
     /**
-     * Specifies the steps (actions) to take if any errors are encountered during execution of the workflow.
+     * Specifies the steps (actions) to take if errors are encountered during execution of the workflow.
      */
     OnExceptionSteps?: WorkflowSteps;
     /**
@@ -902,7 +902,7 @@ declare namespace Transfer {
      */
     Steps?: ExecutionStepResults;
     /**
-     * Specifies the steps (actions) to take if any errors are encountered during execution of the workflow.
+     * Specifies the steps (actions) to take if errors are encountered during execution of the workflow.
      */
     OnExceptionSteps?: ExecutionStepResults;
   }
@@ -998,7 +998,7 @@ declare namespace Transfer {
      */
     S3FileLocation?: S3InputFileLocation;
     /**
-     * Specifies the details for the Amazon EFS file being copied.
+     * Reserved for future use.
      */
     EfsFileLocation?: EfsFileLocation;
   }
@@ -1357,7 +1357,7 @@ declare namespace Transfer {
   }
   export interface S3InputFileLocation {
     /**
-     * Specifies the S3 bucket that contains the file being copied.
+     * Specifies the S3 bucket for the customer input file.
      */
     Bucket?: S3Bucket;
     /**
@@ -1545,7 +1545,7 @@ declare namespace Transfer {
      */
     HomeDirectoryType?: HomeDirectoryType;
     /**
-     * Logical directory mappings that specify what Amazon S3 or Amazon EFS paths and keys should be visible to your user and how you want to make them visible. You must specify the Entry and Target pair, where Entry shows how the path is made visible and Target is the actual Amazon S3 or Amazon EFS path. If you only specify a target, it is displayed as is. You also must ensure that your Amazon Web Services Identity and Access Management (IAM) role provides access to paths in Target. This value can only be set when HomeDirectoryType is set to LOGICAL. The following is an Entry and Target pair example.  [ { "Entry": "your-personal-report.pdf", "Target": "/bucket3/customized-reports/${transfer:UserName}.pdf" } ]  In most cases, you can use this value instead of the session policy to lock down your user to the designated home directory ("chroot"). To do this, you can set Entry to / and set Target to the HomeDirectory parameter value. The following is an Entry and Target pair example for chroot.  [ { "Entry:": "/", "Target": "/bucket_name/home/mydirectory" } ]   If the target of a logical directory entry does not exist in Amazon S3 or EFS, the entry is ignored. As a workaround, you can use the Amazon S3 API or EFS API to create 0 byte objects as place holders for your directory. If using the CLI, use the s3api or efsapi call instead of s3 or efs so you can use the put-object operation. For example, you use the following: aws s3api put-object --bucket bucketname --key path/to/folder/. Make sure that the end of the key name ends in a / for it to be considered a folder. 
+     * Logical directory mappings that specify what Amazon S3 or Amazon EFS paths and keys should be visible to your user and how you want to make them visible. You must specify the Entry and Target pair, where Entry shows how the path is made visible and Target is the actual Amazon S3 or Amazon EFS path. If you only specify a target, it is displayed as is. You also must ensure that your Amazon Web Services Identity and Access Management (IAM) role provides access to paths in Target. This value can only be set when HomeDirectoryType is set to LOGICAL. The following is an Entry and Target pair example.  [ { "Entry": "/directory1", "Target": "/bucket_name/home/mydirectory" } ]  In most cases, you can use this value instead of the session policy to lock down your user to the designated home directory ("chroot"). To do this, you can set Entry to / and set Target to the HomeDirectory parameter value. The following is an Entry and Target pair example for chroot.  [ { "Entry:": "/", "Target": "/bucket_name/home/mydirectory" } ]   If the target of a logical directory entry does not exist in Amazon S3 or EFS, the entry is ignored. As a workaround, you can use the Amazon S3 API or EFS API to create 0 byte objects as place holders for your directory. If using the CLI, use the s3api or efsapi call instead of s3 or efs so you can use the put-object operation. For example, you use the following: aws s3api put-object --bucket bucketname --key path/to/folder/. Make sure that the end of the key name ends in a / for it to be considered a folder. 
      */
     HomeDirectoryMappings?: HomeDirectoryMappings;
     /**
@@ -1638,7 +1638,7 @@ declare namespace Transfer {
      */
     HomeDirectoryType?: HomeDirectoryType;
     /**
-     * Logical directory mappings that specify what Amazon S3 or Amazon EFS paths and keys should be visible to your user and how you want to make them visible. You must specify the Entry and Target pair, where Entry shows how the path is made visible and Target is the actual Amazon S3 or Amazon EFS path. If you only specify a target, it is displayed as is. You also must ensure that your Amazon Web Services Identity and Access Management (IAM) role provides access to paths in Target. This value can only be set when HomeDirectoryType is set to LOGICAL. The following is an Entry and Target pair example.  [ { "Entry": "your-personal-report.pdf", "Target": "/bucket3/customized-reports/${transfer:UserName}.pdf" } ]  In most cases, you can use this value instead of the session policy to lock down your user to the designated home directory ("chroot"). To do this, you can set Entry to '/' and set Target to the HomeDirectory parameter value. The following is an Entry and Target pair example for chroot.  [ { "Entry:": "/", "Target": "/bucket_name/home/mydirectory" } ]   If the target of a logical directory entry does not exist in Amazon S3 or EFS, the entry is ignored. As a workaround, you can use the Amazon S3 API or EFS API to create 0 byte objects as place holders for your directory. If using the CLI, use the s3api or efsapi call instead of s3 or efs so you can use the put-object operation. For example, you use the following: aws s3api put-object --bucket bucketname --key path/to/folder/. Make sure that the end of the key name ends in a / for it to be considered a folder. 
+     * Logical directory mappings that specify what Amazon S3 or Amazon EFS paths and keys should be visible to your user and how you want to make them visible. You must specify the Entry and Target pair, where Entry shows how the path is made visible and Target is the actual Amazon S3 or Amazon EFS path. If you only specify a target, it is displayed as is. You also must ensure that your Amazon Web Services Identity and Access Management (IAM) role provides access to paths in Target. This value can only be set when HomeDirectoryType is set to LOGICAL. The following is an Entry and Target pair example.  [ { "Entry": "/directory1", "Target": "/bucket_name/home/mydirectory" } ]  In most cases, you can use this value instead of the session policy to lock down your user to the designated home directory ("chroot"). To do this, you can set Entry to '/' and set Target to the HomeDirectory parameter value. The following is an Entry and Target pair example for chroot.  [ { "Entry:": "/", "Target": "/bucket_name/home/mydirectory" } ]   If the target of a logical directory entry does not exist in Amazon S3 or EFS, the entry is ignored. As a workaround, you can use the Amazon S3 API or EFS API to create 0 byte objects as place holders for your directory. If using the CLI, use the s3api or efsapi call instead of s3 or efs so you can use the put-object operation. For example, you use the following: aws s3api put-object --bucket bucketname --key path/to/folder/. Make sure that the end of the key name ends in a / for it to be considered a folder. 
      */
     HomeDirectoryMappings?: HomeDirectoryMappings;
     /**
@@ -1716,7 +1716,7 @@ declare namespace Transfer {
      */
     Type?: WorkflowStepType;
     /**
-     * Details for a step that performs a file copy.  Consists of the following values:    A description   An S3 or EFS location for the destination of the file copy.   A flag that indicates whether or not to overwrite an existing file of the same name. The default is FALSE.  
+     * Details for a step that performs a file copy.  Consists of the following values:    A description   An S3 location for the destination of the file copy.   A flag that indicates whether or not to overwrite an existing file of the same name. The default is FALSE.  
      */
     CopyStepDetails?: CopyStepDetails;
     /**
@@ -1724,7 +1724,7 @@ declare namespace Transfer {
      */
     CustomStepDetails?: CustomStepDetails;
     /**
-     * You need to specify the name of the file to be deleted.
+     * Details for a step that deletes the file.
      */
     DeleteStepDetails?: DeleteStepDetails;
     /**

package/clients/workmail.d.ts

@@ -115,6 +115,14 @@ declare class WorkMail extends Service {
    * Deletes permissions granted to a member (user or group).
    */
   deleteMailboxPermissions(callback?: (err: AWSError, data: WorkMail.Types.DeleteMailboxPermissionsResponse) => void): Request<WorkMail.Types.DeleteMailboxPermissionsResponse, AWSError>;
+  /**
+   * Deletes the mobile device access override for the given WorkMail organization, user, and device.
+   */
+  deleteMobileDeviceAccessOverride(params: WorkMail.Types.DeleteMobileDeviceAccessOverrideRequest, callback?: (err: AWSError, data: WorkMail.Types.DeleteMobileDeviceAccessOverrideResponse) => void): Request<WorkMail.Types.DeleteMobileDeviceAccessOverrideResponse, AWSError>;
+  /**
+   * Deletes the mobile device access override for the given WorkMail organization, user, and device.
+   */
+  deleteMobileDeviceAccessOverride(callback?: (err: AWSError, data: WorkMail.Types.DeleteMobileDeviceAccessOverrideResponse) => void): Request<WorkMail.Types.DeleteMobileDeviceAccessOverrideResponse, AWSError>;
   /**
    * Deletes a mobile device access rule for the specified Amazon WorkMail organization.
    */
@@ -251,6 +259,14 @@ declare class WorkMail extends Service {
    * Simulates the effect of the mobile device access rules for the given attributes of a sample access event. Use this method to test the effects of the current set of mobile device access rules for the Amazon WorkMail organization for a particular user's attributes.
    */
   getMobileDeviceAccessEffect(callback?: (err: AWSError, data: WorkMail.Types.GetMobileDeviceAccessEffectResponse) => void): Request<WorkMail.Types.GetMobileDeviceAccessEffectResponse, AWSError>;
+  /**
+   * Gets the mobile device access override for the given WorkMail organization, user, and device.
+   */
+  getMobileDeviceAccessOverride(params: WorkMail.Types.GetMobileDeviceAccessOverrideRequest, callback?: (err: AWSError, data: WorkMail.Types.GetMobileDeviceAccessOverrideResponse) => void): Request<WorkMail.Types.GetMobileDeviceAccessOverrideResponse, AWSError>;
+  /**
+   * Gets the mobile device access override for the given WorkMail organization, user, and device.
+   */
+  getMobileDeviceAccessOverride(callback?: (err: AWSError, data: WorkMail.Types.GetMobileDeviceAccessOverrideResponse) => void): Request<WorkMail.Types.GetMobileDeviceAccessOverrideResponse, AWSError>;
   /**
    * Lists the access control rules for the specified organization.
    */
@@ -299,6 +315,14 @@ declare class WorkMail extends Service {
    * Lists the mailbox permissions associated with a user, group, or resource mailbox.
    */
   listMailboxPermissions(callback?: (err: AWSError, data: WorkMail.Types.ListMailboxPermissionsResponse) => void): Request<WorkMail.Types.ListMailboxPermissionsResponse, AWSError>;
+  /**
+   * Lists all the mobile device access overrides for any given combination of WorkMail organization, user, or device.
+   */
+  listMobileDeviceAccessOverrides(params: WorkMail.Types.ListMobileDeviceAccessOverridesRequest, callback?: (err: AWSError, data: WorkMail.Types.ListMobileDeviceAccessOverridesResponse) => void): Request<WorkMail.Types.ListMobileDeviceAccessOverridesResponse, AWSError>;
+  /**
+   * Lists all the mobile device access overrides for any given combination of WorkMail organization, user, or device.
+   */
+  listMobileDeviceAccessOverrides(callback?: (err: AWSError, data: WorkMail.Types.ListMobileDeviceAccessOverridesResponse) => void): Request<WorkMail.Types.ListMobileDeviceAccessOverridesResponse, AWSError>;
   /**
    * Lists the mobile device access rules for the specified Amazon WorkMail organization.
    */
@@ -363,6 +387,14 @@ declare class WorkMail extends Service {
    * Sets permissions for a user, group, or resource. This replaces any pre-existing permissions.
    */
   putMailboxPermissions(callback?: (err: AWSError, data: WorkMail.Types.PutMailboxPermissionsResponse) => void): Request<WorkMail.Types.PutMailboxPermissionsResponse, AWSError>;
+  /**
+   * Creates or updates a mobile device access override for the given WorkMail organization, user, and device.
+   */
+  putMobileDeviceAccessOverride(params: WorkMail.Types.PutMobileDeviceAccessOverrideRequest, callback?: (err: AWSError, data: WorkMail.Types.PutMobileDeviceAccessOverrideResponse) => void): Request<WorkMail.Types.PutMobileDeviceAccessOverrideResponse, AWSError>;
+  /**
+   * Creates or updates a mobile device access override for the given WorkMail organization, user, and device.
+   */
+  putMobileDeviceAccessOverride(callback?: (err: AWSError, data: WorkMail.Types.PutMobileDeviceAccessOverrideResponse) => void): Request<WorkMail.Types.PutMobileDeviceAccessOverrideResponse, AWSError>;
   /**
    * Puts a retention policy to the specified organization.
    */
@@ -797,6 +829,22 @@ declare namespace WorkMail {
   }
   export interface DeleteMailboxPermissionsResponse {
   }
+  export interface DeleteMobileDeviceAccessOverrideRequest {
+    /**
+     * The Amazon WorkMail organization for which the access override will be deleted.
+     */
+    OrganizationId: OrganizationId;
+    /**
+     * The WorkMail user for which you want to delete the override. Accepts the following types of user identities:   User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234    Email address: user@domain.tld    User name: user   
+     */
+    UserId: EntityIdentifier;
+    /**
+     * The mobile device for which you delete the override. DeviceId is case insensitive.
+     */
+    DeviceId: DeviceId;
+  }
+  export interface DeleteMobileDeviceAccessOverrideResponse {
+  }
   export interface DeleteMobileDeviceAccessRuleRequest {
     /**
      * The Amazon WorkMail organization under which the rule will be deleted.
@@ -1110,6 +1158,7 @@ declare namespace WorkMail {
     DisabledDate?: Timestamp;
   }
   export type Description = string;
+  export type DeviceId = string;
   export type DeviceModel = string;
   export type DeviceModelList = DeviceModel[];
   export type DeviceOperatingSystem = string;
@@ -1164,6 +1213,7 @@ declare namespace WorkMail {
   export type DomainName = string;
   export type Domains = Domain[];
   export type EmailAddress = string;
+  export type EntityIdentifier = string;
   export type EntityState = "ENABLED"|"DISABLED"|"DELETED"|string;
   export interface FolderConfiguration {
     /**
@@ -1285,6 +1335,46 @@ declare namespace WorkMail {
      */
     MatchedRules?: MobileDeviceAccessMatchedRuleList;
   }
+  export interface GetMobileDeviceAccessOverrideRequest {
+    /**
+     * The Amazon WorkMail organization to which you want to apply the override.
+     */
+    OrganizationId: OrganizationId;
+    /**
+     * Identifies the WorkMail user for the override. Accepts the following types of user identities:    User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234    Email address: user@domain.tld    User name: user   
+     */
+    UserId: EntityIdentifier;
+    /**
+     * The mobile device to which the override applies. DeviceId is case insensitive.
+     */
+    DeviceId: DeviceId;
+  }
+  export interface GetMobileDeviceAccessOverrideResponse {
+    /**
+     * The WorkMail user to which the access override applies.
+     */
+    UserId?: WorkMailIdentifier;
+    /**
+     * The device to which the access override applies.
+     */
+    DeviceId?: DeviceId;
+    /**
+     * The effect of the override, ALLOW or DENY.
+     */
+    Effect?: MobileDeviceAccessRuleEffect;
+    /**
+     * A description of the override.
+     */
+    Description?: MobileDeviceAccessRuleDescription;
+    /**
+     * The date the override was first created.
+     */
+    DateCreated?: Timestamp;
+    /**
+     * The date the description was last modified.
+     */
+    DateModified?: Timestamp;
+  }
   export interface Group {
     /**
      * The identifier of the group.
@@ -1464,6 +1554,38 @@ declare namespace WorkMail {
      */
     NextToken?: NextToken;
   }
+  export interface ListMobileDeviceAccessOverridesRequest {
+    /**
+     * The Amazon WorkMail organization under which to list mobile device access overrides.
+     */
+    OrganizationId: OrganizationId;
+    /**
+     * The WorkMail user under which you list the mobile device access overrides. Accepts the following types of user identities:   User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234    Email address: user@domain.tld    User name: user   
+     */
+    UserId?: EntityIdentifier;
+    /**
+     * The mobile device to which the access override applies.
+     */
+    DeviceId?: DeviceId;
+    /**
+     * The token to use to retrieve the next page of results. The first call does not require a token.
+     */
+    NextToken?: NextToken;
+    /**
+     * The maximum number of results to return in a single call.
+     */
+    MaxResults?: MaxResults;
+  }
+  export interface ListMobileDeviceAccessOverridesResponse {
+    /**
+     * The list of mobile device access overrides that exist for the specified Amazon WorkMail organization and user.
+     */
+    Overrides?: MobileDeviceAccessOverridesList;
+    /**
+     * The token to use to retrieve the next page of results. The value is “null” when there are no more results to return.
+     */
+    NextToken?: NextToken;
+  }
   export interface ListMobileDeviceAccessRulesRequest {
     /**
      * The Amazon WorkMail organization for which to list the rules.
@@ -1667,6 +1789,33 @@ declare namespace WorkMail {
     Name?: MobileDeviceAccessRuleName;
   }
   export type MobileDeviceAccessMatchedRuleList = MobileDeviceAccessMatchedRule[];
+  export interface MobileDeviceAccessOverride {
+    /**
+     * The WorkMail user to which the access override applies.
+     */
+    UserId?: WorkMailIdentifier;
+    /**
+     * The device to which the override applies.
+     */
+    DeviceId?: DeviceId;
+    /**
+     * The effect of the override, ALLOW or DENY.
+     */
+    Effect?: MobileDeviceAccessRuleEffect;
+    /**
+     * A description of the override.
+     */
+    Description?: MobileDeviceAccessRuleDescription;
+    /**
+     * The date the override was first created.
+     */
+    DateCreated?: Timestamp;
+    /**
+     * The date the override was last modified.
+     */
+    DateModified?: Timestamp;
+  }
+  export type MobileDeviceAccessOverridesList = MobileDeviceAccessOverride[];
   export interface MobileDeviceAccessRule {
     /**
      * The ID assigned to a mobile access rule. 
@@ -1840,6 +1989,30 @@ declare namespace WorkMail {
   }
   export interface PutMailboxPermissionsResponse {
   }
+  export interface PutMobileDeviceAccessOverrideRequest {
+    /**
+     * Identifies the Amazon WorkMail organization for which you create the override.
+     */
+    OrganizationId: OrganizationId;
+    /**
+     * The WorkMail user for which you create the override. Accepts the following types of user identities:   User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234    Email address: user@domain.tld    User name: user   
+     */
+    UserId: EntityIdentifier;
+    /**
+     * The mobile device for which you create the override. DeviceId is case insensitive.
+     */
+    DeviceId: DeviceId;
+    /**
+     * The effect of the override, ALLOW or DENY.
+     */
+    Effect: MobileDeviceAccessRuleEffect;
+    /**
+     * A description of the override.
+     */
+    Description?: MobileDeviceAccessRuleDescription;
+  }
+  export interface PutMobileDeviceAccessOverrideResponse {
+  }
   export interface PutRetentionPolicyRequest {
     /**
      * The organization ID.