cdk-docker-image-deployment 0.0.577 → 0.0.579

package/node_modules/aws-sdk/clients/firehose.d.ts

@@ -68,11 +68,11 @@ declare class Firehose extends Service {
    */
   putRecordBatch(callback?: (err: AWSError, data: Firehose.Types.PutRecordBatchOutput) => void): Request<Firehose.Types.PutRecordBatchOutput, AWSError>;
   /**
-   * Enables server-side encryption (SSE) for the delivery stream.  This operation is asynchronous. It returns immediately. When you invoke it, Firehose first sets the encryption status of the stream to ENABLING, and then to ENABLED. The encryption status of a delivery stream is the Status property in DeliveryStreamEncryptionConfiguration. If the operation fails, the encryption status changes to ENABLING_FAILED. You can continue to read and write data to your delivery stream while the encryption status is ENABLING, but the data is not encrypted. It can take up to 5 seconds after the encryption status changes to ENABLED before all records written to the delivery stream are encrypted. To find out whether a record or a batch of records was encrypted, check the response elements PutRecordOutput$Encrypted and PutRecordBatchOutput$Encrypted, respectively. To check the encryption status of a delivery stream, use DescribeDeliveryStream. Even if encryption is currently enabled for a delivery stream, you can still invoke this operation on it to change the ARN of the CMK or both its type and ARN. If you invoke this method to change the CMK, and the old CMK is of type CUSTOMER_MANAGED_CMK, Firehose schedules the grant it had on the old CMK for retirement. If the new CMK is of type CUSTOMER_MANAGED_CMK, Firehose creates a grant that enables it to use the new CMK to encrypt and decrypt data and to manage the grant. For the KMS grant creation to be successful, Firehose APIs StartDeliveryStreamEncryption and CreateDeliveryStream should not be called with session credentials that are more than 6 hours old. If a delivery stream already has encryption enabled and then you invoke this operation to change the ARN of the CMK or both its type and ARN and you get ENABLING_FAILED, this only means that the attempt to change the CMK failed. In this case, encryption remains enabled with the old CMK. If the encryption status of your delivery stream is ENABLING_FAILED, you can invoke this operation again with a valid CMK. The CMK must be enabled and the key policy mustn't explicitly deny the permission for Firehose to invoke KMS encrypt and decrypt operations. You can enable SSE for a delivery stream only if it's a delivery stream that uses DirectPut as its source.  The StartDeliveryStreamEncryption and StopDeliveryStreamEncryption operations have a combined limit of 25 calls per delivery stream per 24 hours. For example, you reach the limit if you call StartDeliveryStreamEncryption 13 times and StopDeliveryStreamEncryption 12 times for the same delivery stream in a 24-hour period.
+   * Enables server-side encryption (SSE) for the delivery stream.  This operation is asynchronous. It returns immediately. When you invoke it, Firehose first sets the encryption status of the stream to ENABLING, and then to ENABLED. The encryption status of a delivery stream is the Status property in DeliveryStreamEncryptionConfiguration. If the operation fails, the encryption status changes to ENABLING_FAILED. You can continue to read and write data to your delivery stream while the encryption status is ENABLING, but the data is not encrypted. It can take up to 5 seconds after the encryption status changes to ENABLED before all records written to the delivery stream are encrypted. To find out whether a record or a batch of records was encrypted, check the response elements PutRecordOutput$Encrypted and PutRecordBatchOutput$Encrypted, respectively. To check the encryption status of a delivery stream, use DescribeDeliveryStream. Even if encryption is currently enabled for a delivery stream, you can still invoke this operation on it to change the ARN of the CMK or both its type and ARN. If you invoke this method to change the CMK, and the old CMK is of type CUSTOMER_MANAGED_CMK, Firehose schedules the grant it had on the old CMK for retirement. If the new CMK is of type CUSTOMER_MANAGED_CMK, Firehose creates a grant that enables it to use the new CMK to encrypt and decrypt data and to manage the grant. For the KMS grant creation to be successful, the Firehose API operations StartDeliveryStreamEncryption and CreateDeliveryStream should not be called with session credentials that are more than 6 hours old. If a delivery stream already has encryption enabled and then you invoke this operation to change the ARN of the CMK or both its type and ARN and you get ENABLING_FAILED, this only means that the attempt to change the CMK failed. In this case, encryption remains enabled with the old CMK. If the encryption status of your delivery stream is ENABLING_FAILED, you can invoke this operation again with a valid CMK. The CMK must be enabled and the key policy mustn't explicitly deny the permission for Firehose to invoke KMS encrypt and decrypt operations. You can enable SSE for a delivery stream only if it's a delivery stream that uses DirectPut as its source.  The StartDeliveryStreamEncryption and StopDeliveryStreamEncryption operations have a combined limit of 25 calls per delivery stream per 24 hours. For example, you reach the limit if you call StartDeliveryStreamEncryption 13 times and StopDeliveryStreamEncryption 12 times for the same delivery stream in a 24-hour period.
    */
   startDeliveryStreamEncryption(params: Firehose.Types.StartDeliveryStreamEncryptionInput, callback?: (err: AWSError, data: Firehose.Types.StartDeliveryStreamEncryptionOutput) => void): Request<Firehose.Types.StartDeliveryStreamEncryptionOutput, AWSError>;
   /**
-   * Enables server-side encryption (SSE) for the delivery stream.  This operation is asynchronous. It returns immediately. When you invoke it, Firehose first sets the encryption status of the stream to ENABLING, and then to ENABLED. The encryption status of a delivery stream is the Status property in DeliveryStreamEncryptionConfiguration. If the operation fails, the encryption status changes to ENABLING_FAILED. You can continue to read and write data to your delivery stream while the encryption status is ENABLING, but the data is not encrypted. It can take up to 5 seconds after the encryption status changes to ENABLED before all records written to the delivery stream are encrypted. To find out whether a record or a batch of records was encrypted, check the response elements PutRecordOutput$Encrypted and PutRecordBatchOutput$Encrypted, respectively. To check the encryption status of a delivery stream, use DescribeDeliveryStream. Even if encryption is currently enabled for a delivery stream, you can still invoke this operation on it to change the ARN of the CMK or both its type and ARN. If you invoke this method to change the CMK, and the old CMK is of type CUSTOMER_MANAGED_CMK, Firehose schedules the grant it had on the old CMK for retirement. If the new CMK is of type CUSTOMER_MANAGED_CMK, Firehose creates a grant that enables it to use the new CMK to encrypt and decrypt data and to manage the grant. For the KMS grant creation to be successful, Firehose APIs StartDeliveryStreamEncryption and CreateDeliveryStream should not be called with session credentials that are more than 6 hours old. If a delivery stream already has encryption enabled and then you invoke this operation to change the ARN of the CMK or both its type and ARN and you get ENABLING_FAILED, this only means that the attempt to change the CMK failed. In this case, encryption remains enabled with the old CMK. If the encryption status of your delivery stream is ENABLING_FAILED, you can invoke this operation again with a valid CMK. The CMK must be enabled and the key policy mustn't explicitly deny the permission for Firehose to invoke KMS encrypt and decrypt operations. You can enable SSE for a delivery stream only if it's a delivery stream that uses DirectPut as its source.  The StartDeliveryStreamEncryption and StopDeliveryStreamEncryption operations have a combined limit of 25 calls per delivery stream per 24 hours. For example, you reach the limit if you call StartDeliveryStreamEncryption 13 times and StopDeliveryStreamEncryption 12 times for the same delivery stream in a 24-hour period.
+   * Enables server-side encryption (SSE) for the delivery stream.  This operation is asynchronous. It returns immediately. When you invoke it, Firehose first sets the encryption status of the stream to ENABLING, and then to ENABLED. The encryption status of a delivery stream is the Status property in DeliveryStreamEncryptionConfiguration. If the operation fails, the encryption status changes to ENABLING_FAILED. You can continue to read and write data to your delivery stream while the encryption status is ENABLING, but the data is not encrypted. It can take up to 5 seconds after the encryption status changes to ENABLED before all records written to the delivery stream are encrypted. To find out whether a record or a batch of records was encrypted, check the response elements PutRecordOutput$Encrypted and PutRecordBatchOutput$Encrypted, respectively. To check the encryption status of a delivery stream, use DescribeDeliveryStream. Even if encryption is currently enabled for a delivery stream, you can still invoke this operation on it to change the ARN of the CMK or both its type and ARN. If you invoke this method to change the CMK, and the old CMK is of type CUSTOMER_MANAGED_CMK, Firehose schedules the grant it had on the old CMK for retirement. If the new CMK is of type CUSTOMER_MANAGED_CMK, Firehose creates a grant that enables it to use the new CMK to encrypt and decrypt data and to manage the grant. For the KMS grant creation to be successful, the Firehose API operations StartDeliveryStreamEncryption and CreateDeliveryStream should not be called with session credentials that are more than 6 hours old. If a delivery stream already has encryption enabled and then you invoke this operation to change the ARN of the CMK or both its type and ARN and you get ENABLING_FAILED, this only means that the attempt to change the CMK failed. In this case, encryption remains enabled with the old CMK. If the encryption status of your delivery stream is ENABLING_FAILED, you can invoke this operation again with a valid CMK. The CMK must be enabled and the key policy mustn't explicitly deny the permission for Firehose to invoke KMS encrypt and decrypt operations. You can enable SSE for a delivery stream only if it's a delivery stream that uses DirectPut as its source.  The StartDeliveryStreamEncryption and StopDeliveryStreamEncryption operations have a combined limit of 25 calls per delivery stream per 24 hours. For example, you reach the limit if you call StartDeliveryStreamEncryption 13 times and StopDeliveryStreamEncryption 12 times for the same delivery stream in a 24-hour period.
    */
   startDeliveryStreamEncryption(callback?: (err: AWSError, data: Firehose.Types.StartDeliveryStreamEncryptionOutput) => void): Request<Firehose.Types.StartDeliveryStreamEncryptionOutput, AWSError>;
   /**
@@ -398,6 +398,12 @@ declare namespace Firehose {
      */
     IntervalInSeconds?: IntervalInSeconds;
   }
+  export interface CatalogConfiguration {
+    /**
+     *  Specifies the Glue catalog ARN indentifier of the destination Apache Iceberg Tables. You must specify the ARN in the format arn:aws:glue:region:account-id:catalog.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    CatalogARN?: GlueDataCatalogARN;
+  }
   export interface CloudWatchLoggingOptions {
     /**
      * Enables or disables CloudWatch logging.
@@ -490,6 +496,10 @@ declare namespace Firehose {
      * Configure Snowflake destination
      */
     SnowflakeDestinationConfiguration?: SnowflakeDestinationConfiguration;
+    /**
+     *  Configure Apache Iceberg Tables destination.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    IcebergDestinationConfiguration?: IcebergDestinationConfiguration;
   }
   export interface CreateDeliveryStreamOutput {
     /**
@@ -691,9 +701,32 @@ declare namespace Firehose {
      * The destination in the Serverless offering for Amazon OpenSearch Service.
      */
     AmazonOpenSearchServerlessDestinationDescription?: AmazonOpenSearchServerlessDestinationDescription;
+    /**
+     *  Describes a destination in Apache Iceberg Tables.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    IcebergDestinationDescription?: IcebergDestinationDescription;
   }
   export type DestinationDescriptionList = DestinationDescription[];
   export type DestinationId = string;
+  export interface DestinationTableConfiguration {
+    /**
+     *  Specifies the name of the Apache Iceberg Table.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    DestinationTableName: NonEmptyStringWithoutWhitespace;
+    /**
+     *  The name of the Apache Iceberg database.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    DestinationDatabaseName: NonEmptyStringWithoutWhitespace;
+    /**
+     *  A list of unique keys for a given Apache Iceberg table. Firehose will use these for running Create/Update/Delete operations on the given Iceberg table.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    UniqueKeys?: ListOfNonEmptyStringsWithoutWhitespace;
+    /**
+     *  The table specific S3 error output prefix. All the errors that occurred while delivering to this table will be prefixed with this value in S3 destination.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    S3ErrorOutputPrefix?: ErrorOutputPrefix;
+  }
+  export type DestinationTableConfigurationList = DestinationTableConfiguration[];
   export interface DocumentIdOptions {
     /**
      * When the FIREHOSE_DEFAULT option is chosen, Firehose generates a unique document ID for each record based on a unique internal identifier. The generated document ID is stable across multiple delivery attempts, which helps prevent the same record from being indexed multiple times with different document IDs. When the NO_DOCUMENT_ID option is chosen, Firehose does not include any document IDs in the requests it sends to the Amazon OpenSearch Service. This causes the Amazon OpenSearch Service domain to generate document IDs. In case of multiple delivery attempts, this may cause the same record to be indexed more than once with different document IDs. This option enables write-heavy operations, such as the ingestion of logs and observability data, to consume less resources in the Amazon OpenSearch Service domain, resulting in improved performance.
@@ -1111,6 +1144,7 @@ declare namespace Firehose {
     Details: NonEmptyString;
   }
   export type FileExtension = string;
+  export type GlueDataCatalogARN = string;
   export type HECAcknowledgmentTimeoutInSeconds = number;
   export type HECEndpoint = string;
   export type HECEndpointType = "Raw"|"Event"|string;
@@ -1182,7 +1216,7 @@ declare namespace Firehose {
     BufferingHints?: HttpEndpointBufferingHints;
     CloudWatchLoggingOptions?: CloudWatchLoggingOptions;
     /**
-     * The configuration of the requeste sent to the HTTP endpoint specified as the destination.
+     * The configuration of the request sent to the HTTP endpoint that is specified as the destination.
      */
     RequestConfiguration?: HttpEndpointRequestConfiguration;
     ProcessingConfiguration?: ProcessingConfiguration;
@@ -1199,6 +1233,10 @@ declare namespace Firehose {
      */
     S3BackupMode?: HttpEndpointS3BackupMode;
     S3Configuration: S3DestinationConfiguration;
+    /**
+     *  The configuration that defines how you access secrets for HTTP Endpoint destination. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export interface HttpEndpointDestinationDescription {
     /**
@@ -1228,6 +1266,10 @@ declare namespace Firehose {
      */
     S3BackupMode?: HttpEndpointS3BackupMode;
     S3DestinationDescription?: S3DestinationDescription;
+    /**
+     *  The configuration that defines how you access secrets for HTTP Endpoint destination. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export interface HttpEndpointDestinationUpdate {
     /**
@@ -1257,6 +1299,10 @@ declare namespace Firehose {
      */
     S3BackupMode?: HttpEndpointS3BackupMode;
     S3Update?: S3DestinationUpdate;
+    /**
+     *  The configuration that defines how you access secrets for HTTP Endpoint destination. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export type HttpEndpointName = string;
   export interface HttpEndpointRequestConfiguration {
@@ -1278,6 +1324,76 @@ declare namespace Firehose {
   }
   export type HttpEndpointS3BackupMode = "FailedDataOnly"|"AllData"|string;
   export type HttpEndpointUrl = string;
+  export interface IcebergDestinationConfiguration {
+    /**
+     *  Provides a list of DestinationTableConfigurations which Firehose uses to deliver data to Apache Iceberg tables.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    DestinationTableConfigurationList?: DestinationTableConfigurationList;
+    BufferingHints?: BufferingHints;
+    CloudWatchLoggingOptions?: CloudWatchLoggingOptions;
+    ProcessingConfiguration?: ProcessingConfiguration;
+    /**
+     *  Describes how Firehose will backup records. Currently,Firehose only supports FailedDataOnly for preview.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    S3BackupMode?: IcebergS3BackupMode;
+    RetryOptions?: RetryOptions;
+    /**
+     *  The Amazon Resource Name (ARN) of the Apache Iceberg tables role.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    RoleARN: RoleARN;
+    /**
+     *  Configuration describing where the destination Apache Iceberg Tables are persisted.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    CatalogConfiguration: CatalogConfiguration;
+    S3Configuration: S3DestinationConfiguration;
+  }
+  export interface IcebergDestinationDescription {
+    /**
+     *  Provides a list of DestinationTableConfigurations which Firehose uses to deliver data to Apache Iceberg tables.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    DestinationTableConfigurationList?: DestinationTableConfigurationList;
+    BufferingHints?: BufferingHints;
+    CloudWatchLoggingOptions?: CloudWatchLoggingOptions;
+    ProcessingConfiguration?: ProcessingConfiguration;
+    /**
+     *  Describes how Firehose will backup records. Currently,Firehose only supports FailedDataOnly for preview.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    S3BackupMode?: IcebergS3BackupMode;
+    RetryOptions?: RetryOptions;
+    /**
+     *  The Amazon Resource Name (ARN) of the Apache Iceberg Tables role.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    RoleARN?: RoleARN;
+    /**
+     *  Configuration describing where the destination Iceberg tables are persisted.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    CatalogConfiguration?: CatalogConfiguration;
+    S3DestinationDescription?: S3DestinationDescription;
+  }
+  export interface IcebergDestinationUpdate {
+    /**
+     *  Provides a list of DestinationTableConfigurations which Firehose uses to deliver data to Apache Iceberg tables.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    DestinationTableConfigurationList?: DestinationTableConfigurationList;
+    BufferingHints?: BufferingHints;
+    CloudWatchLoggingOptions?: CloudWatchLoggingOptions;
+    ProcessingConfiguration?: ProcessingConfiguration;
+    /**
+     *  Describes how Firehose will backup records. Currently,Firehose only supports FailedDataOnly for preview.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    S3BackupMode?: IcebergS3BackupMode;
+    RetryOptions?: RetryOptions;
+    /**
+     *  The Amazon Resource Name (ARN) of the Apache Iceberg Tables role.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    RoleARN?: RoleARN;
+    /**
+     *  Configuration describing where the destination Iceberg tables are persisted.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    CatalogConfiguration?: CatalogConfiguration;
+    S3Configuration?: S3DestinationConfiguration;
+  }
+  export type IcebergS3BackupMode = "FailedDataOnly"|"AllData"|string;
   export interface InputFormatConfiguration {
     /**
      * Specifies which deserializer to use. You can choose either the Apache Hive JSON SerDe or the OpenX JSON SerDe. If both are non-null, the server rejects the request.
@@ -1386,6 +1502,10 @@ declare namespace Firehose {
      * The authentication configuration of the Amazon MSK cluster.
      */
     AuthenticationConfiguration: AuthenticationConfiguration;
+    /**
+     * The start date and time in UTC for the offset position within your MSK topic from where Firehose begins to read. By default, this is set to timestamp when Firehose becomes Active.  If you want to create a Firehose stream with Earliest start position from SDK or CLI, you need to set the ReadFromTimestamp parameter to Epoch (1970-01-01T00:00:00Z). 
+     */
+    ReadFromTimestamp?: ReadFromTimestamp;
   }
   export interface MSKSourceDescription {
     /**
@@ -1404,6 +1524,10 @@ declare namespace Firehose {
      * Firehose starts retrieving records from the topic within the Amazon MSK cluster starting with this timestamp.
      */
     DeliveryStartTimestamp?: DeliveryStartTimestamp;
+    /**
+     * The start date and time in UTC for the offset position within your MSK topic from where Firehose begins to read. By default, this is set to timestamp when Firehose becomes Active.  If you want to create a Firehose stream with Earliest start position from SDK or CLI, you need to set the ReadFromTimestampUTC parameter to Epoch (1970-01-01T00:00:00Z). 
+     */
+    ReadFromTimestamp?: ReadFromTimestamp;
   }
   export type NoEncryptionConfig = "NoEncryption"|string;
   export type NonEmptyString = string;
@@ -1603,6 +1727,7 @@ declare namespace Firehose {
     Encrypted?: BooleanObject;
   }
   export type PutResponseRecordId = string;
+  export type ReadFromTimestamp = Date;
   export interface Record {
     /**
      * The data blob, which is base64-encoded when the blob is serialized. The maximum size of the data blob, before base64-encoding, is 1,000 KiB.
@@ -1625,11 +1750,11 @@ declare namespace Firehose {
     /**
      * The name of the user.
      */
-    Username: Username;
+    Username?: Username;
     /**
      * The user password.
      */
-    Password: Password;
+    Password?: Password;
     /**
      * The retry behavior in case Firehose is unable to deliver documents to Amazon Redshift. Default value is 3600 (60 minutes).
      */
@@ -1654,6 +1779,10 @@ declare namespace Firehose {
      * The CloudWatch logging options for your delivery stream.
      */
     CloudWatchLoggingOptions?: CloudWatchLoggingOptions;
+    /**
+     *  The configuration that defines how you access secrets for Amazon Redshift. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export interface RedshiftDestinationDescription {
     /**
@@ -1671,7 +1800,7 @@ declare namespace Firehose {
     /**
      * The name of the user.
      */
-    Username: Username;
+    Username?: Username;
     /**
      * The retry behavior in case Firehose is unable to deliver documents to Amazon Redshift. Default value is 3600 (60 minutes).
      */
@@ -1696,6 +1825,10 @@ declare namespace Firehose {
      * The Amazon CloudWatch logging options for your delivery stream.
      */
     CloudWatchLoggingOptions?: CloudWatchLoggingOptions;
+    /**
+     *  The configuration that defines how you access secrets for Amazon Redshift. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export interface RedshiftDestinationUpdate {
     /**
@@ -1742,6 +1875,10 @@ declare namespace Firehose {
      * The Amazon CloudWatch logging options for your delivery stream.
      */
     CloudWatchLoggingOptions?: CloudWatchLoggingOptions;
+    /**
+     *  The configuration that defines how you access secrets for Amazon Redshift. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export type RedshiftRetryDurationInSeconds = number;
   export interface RedshiftRetryOptions {
@@ -1888,6 +2025,21 @@ declare namespace Firehose {
      */
     VersionId?: NonEmptyStringWithoutWhitespace;
   }
+  export type SecretARN = string;
+  export interface SecretsManagerConfiguration {
+    /**
+     * The ARN of the secret that stores your credentials. It must be in the same region as the Firehose stream and the role. The secret ARN can reside in a different account than the delivery stream and role as Firehose supports cross-account secret access. This parameter is required when Enabled is set to True.
+     */
+    SecretARN?: SecretARN;
+    /**
+     *  Specifies the role that Firehose assumes when calling the Secrets Manager API operation. When you provide the role, it overrides any destination specific role defined in the destination configuration. If you do not provide the then we use the destination specific role. This parameter is required for Splunk. 
+     */
+    RoleARN?: RoleARN;
+    /**
+     * Specifies whether you want to use the the secrets manager feature. When set as True the secrets manager configuration overwrites the existing secrets in the destination configuration. When it's set to False Firehose falls back to the credentials in the destination configuration.
+     */
+    Enabled: BooleanObject;
+  }
   export type SecurityGroupIdList = NonEmptyStringWithoutWhitespace[];
   export interface Serializer {
     /**
@@ -1901,6 +2053,18 @@ declare namespace Firehose {
   }
   export type SizeInMBs = number;
   export type SnowflakeAccountUrl = string;
+  export interface SnowflakeBufferingHints {
+    /**
+     *  Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 1. 
+     */
+    SizeInMBs?: SnowflakeBufferingSizeInMBs;
+    /**
+     *  Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 0. 
+     */
+    IntervalInSeconds?: SnowflakeBufferingIntervalInSeconds;
+  }
+  export type SnowflakeBufferingIntervalInSeconds = number;
+  export type SnowflakeBufferingSizeInMBs = number;
   export type SnowflakeContentColumnName = string;
   export type SnowflakeDataLoadingOption = "JSON_MAPPING"|"VARIANT_CONTENT_MAPPING"|"VARIANT_CONTENT_AND_METADATA_MAPPING"|string;
   export type SnowflakeDatabase = string;
@@ -1912,7 +2076,7 @@ declare namespace Firehose {
     /**
      * The private key used to encrypt your Snowflake client. For information, see Using Key Pair Authentication &amp; Key Rotation.
      */
-    PrivateKey: SnowflakePrivateKey;
+    PrivateKey?: SnowflakePrivateKey;
     /**
      * Passphrase to decrypt the private key when the key is encrypted. For information, see Using Key Pair Authentication &amp; Key Rotation.
      */
@@ -1920,7 +2084,7 @@ declare namespace Firehose {
     /**
      * User login name for the Snowflake account.
      */
-    User: SnowflakeUser;
+    User?: SnowflakeUser;
     /**
      * All data in Snowflake is maintained in databases.
      */
@@ -1968,6 +2132,14 @@ declare namespace Firehose {
      */
     S3BackupMode?: SnowflakeS3BackupMode;
     S3Configuration: S3DestinationConfiguration;
+    /**
+     *  The configuration that defines how you access secrets for Snowflake. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
+    /**
+     *  Describes the buffering to perform before delivering data to the Snowflake destination. If you do not specify any value, Firehose uses the default values. 
+     */
+    BufferingHints?: SnowflakeBufferingHints;
   }
   export interface SnowflakeDestinationDescription {
     /**
@@ -2025,6 +2197,14 @@ declare namespace Firehose {
      */
     S3BackupMode?: SnowflakeS3BackupMode;
     S3DestinationDescription?: S3DestinationDescription;
+    /**
+     *  The configuration that defines how you access secrets for Snowflake. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
+    /**
+     *  Describes the buffering to perform before delivering data to the Snowflake destination. If you do not specify any value, Firehose uses the default values. 
+     */
+    BufferingHints?: SnowflakeBufferingHints;
   }
   export interface SnowflakeDestinationUpdate {
     /**
@@ -2086,6 +2266,14 @@ declare namespace Firehose {
      */
     S3BackupMode?: SnowflakeS3BackupMode;
     S3Update?: S3DestinationUpdate;
+    /**
+     *  Describes the Secrets Manager configuration in Snowflake. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
+    /**
+     *  Describes the buffering to perform before delivering data to the Snowflake destination. 
+     */
+    BufferingHints?: SnowflakeBufferingHints;
   }
   export type SnowflakeKeyPassphrase = string;
   export type SnowflakeMetaDataColumnName = string;
@@ -2153,7 +2341,7 @@ declare namespace Firehose {
     /**
      * This is a GUID that you obtain from your Splunk cluster when you create a new HEC endpoint.
      */
-    HECToken: HECToken;
+    HECToken?: HECToken;
     /**
      * The amount of time that Firehose waits to receive an acknowledgment from Splunk after it sends it data. At the end of the timeout period, Firehose either tries to send the data again or considers it an error, based on your retry settings.
      */
@@ -2182,6 +2370,10 @@ declare namespace Firehose {
      * The buffering options. If no value is specified, the default values for Splunk are used.
      */
     BufferingHints?: SplunkBufferingHints;
+    /**
+     *  The configuration that defines how you access secrets for Splunk. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export interface SplunkDestinationDescription {
     /**
@@ -2224,6 +2416,10 @@ declare namespace Firehose {
      * The buffering options. If no value is specified, the default values for Splunk are used.
      */
     BufferingHints?: SplunkBufferingHints;
+    /**
+     *  The configuration that defines how you access secrets for Splunk. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export interface SplunkDestinationUpdate {
     /**
@@ -2266,6 +2462,10 @@ declare namespace Firehose {
      * The buffering options. If no value is specified, the default values for Splunk are used.
      */
     BufferingHints?: SplunkBufferingHints;
+    /**
+     *  The configuration that defines how you access secrets for Splunk. 
+     */
+    SecretsManagerConfiguration?: SecretsManagerConfiguration;
   }
   export type SplunkRetryDurationInSeconds = number;
   export interface SplunkRetryOptions {
@@ -2382,9 +2582,13 @@ declare namespace Firehose {
      */
     AmazonOpenSearchServerlessDestinationUpdate?: AmazonOpenSearchServerlessDestinationUpdate;
     /**
-     * Update to the Snowflake destination condiguration settings
+     * Update to the Snowflake destination configuration settings.
      */
     SnowflakeDestinationUpdate?: SnowflakeDestinationUpdate;
+    /**
+     *  Describes an update for a destination in Apache Iceberg Tables.  Amazon Data Firehose is in preview release and is subject to change.
+     */
+    IcebergDestinationUpdate?: IcebergDestinationUpdate;
   }
   export interface UpdateDestinationOutput {
   }

package/node_modules/aws-sdk/clients/fis.d.ts

@@ -596,6 +596,23 @@ declare namespace Fis {
     logGroupArn?: CloudWatchLogGroupArn;
   }
   export type ExperimentEndTime = Date;
+  export interface ExperimentError {
+    /**
+     * The Amazon Web Services Account ID where the experiment failure occurred.
+     */
+    accountId?: ExperimentErrorAccountId;
+    /**
+     * The error code for the failed experiment.
+     */
+    code?: ExperimentErrorCode;
+    /**
+     * Context for the section of the experiment template that failed.
+     */
+    location?: ExperimentErrorLocation;
+  }
+  export type ExperimentErrorAccountId = string;
+  export type ExperimentErrorCode = string;
+  export type ExperimentErrorLocation = string;
   export type ExperimentId = string;
   export interface ExperimentLogConfiguration {
     /**
@@ -645,6 +662,10 @@ declare namespace Fis {
      * The reason for the state.
      */
     reason?: ExperimentStatusReason;
+    /**
+     * The error information of the experiment when the action has failed.
+     */
+    error?: ExperimentError;
   }
   export type ExperimentStatus = "pending"|"initiating"|"running"|"completed"|"stopping"|"stopped"|"failed"|string;
   export type ExperimentStatusReason = string;

package/node_modules/aws-sdk/clients/fms.d.ts

@@ -1603,19 +1603,19 @@ declare namespace FMS {
   }
   export interface NetworkAclEntrySet {
     /**
-     * The rules that you want to run first in the Firewall Manager managed network ACLs.   Provide these in the order in which you want them to run. Firewall Manager will assign the specific rule numbers for you, in the network ACLs that it creates.  
+     * The rules that you want to run first in the Firewall Manager managed network ACLs.   Provide these in the order in which you want them to run. Firewall Manager will assign the specific rule numbers for you, in the network ACLs that it creates.   You must specify at least one first entry or one last entry in any network ACL policy. 
      */
     FirstEntries?: NetworkAclEntries;
     /**
-     * Applies only when remediation is enabled for the policy as a whole. Firewall Manager uses this setting when it finds policy violations that involve conflicts between the custom entries and the policy entries.  If forced remediation is disabled, Firewall Manager marks the network ACL as noncompliant and does not try to remediate. For more information about the remediation behavior, see Network access control list (ACL) policies in the Firewall Manager Developer Guide.
+     * Applies only when remediation is enabled for the policy as a whole. Firewall Manager uses this setting when it finds policy violations that involve conflicts between the custom entries and the policy entries.  If forced remediation is disabled, Firewall Manager marks the network ACL as noncompliant and does not try to remediate. For more information about the remediation behavior, see Remediation for managed network ACLs in the Firewall Manager Developer Guide.
      */
     ForceRemediateForFirstEntries: BooleanObject;
     /**
-     * The rules that you want to run last in the Firewall Manager managed network ACLs.   Provide these in the order in which you want them to run. Firewall Manager will assign the specific rule numbers for you, in the network ACLs that it creates.  
+     * The rules that you want to run last in the Firewall Manager managed network ACLs.   Provide these in the order in which you want them to run. Firewall Manager will assign the specific rule numbers for you, in the network ACLs that it creates.   You must specify at least one first entry or one last entry in any network ACL policy. 
      */
     LastEntries?: NetworkAclEntries;
     /**
-     * Applies only when remediation is enabled for the policy as a whole. Firewall Manager uses this setting when it finds policy violations that involve conflicts between the custom entries and the policy entries.  If forced remediation is disabled, Firewall Manager marks the network ACL as noncompliant and does not try to remediate. For more information about the remediation behavior, see Network access control list (ACL) policies in the Firewall Manager Developer Guide.
+     * Applies only when remediation is enabled for the policy as a whole. Firewall Manager uses this setting when it finds policy violations that involve conflicts between the custom entries and the policy entries.  If forced remediation is disabled, Firewall Manager marks the network ACL as noncompliant and does not try to remediate. For more information about the remediation behavior, see Remediation for managed network ACLs in the Firewall Manager Developer Guide.
      */
     ForceRemediateForLastEntries: BooleanObject;
   }
@@ -2043,7 +2043,7 @@ declare namespace FMS {
      */
     ResourceSetIds?: ResourceSetIds;
     /**
-     * The definition of the Network Firewall firewall policy.
+     * Your description of the Firewall Manager policy.
      */
     PolicyDescription?: ResourceDescription;
     /**
@@ -2525,7 +2525,7 @@ declare namespace FMS {
      */
     Key: ResourceTagKey;
     /**
-     * The resource tag value.
+     * The resource tag value. To specify an empty string value, either don't provide this or specify it as "". 
      */
     Value?: ResourceTagValue;
   }
@@ -2763,9 +2763,13 @@ declare namespace FMS {
   export type SecurityServiceTypeList = SecurityServiceType[];
   export interface StatefulEngineOptions {
     /**
-     * Indicates how to manage the order of stateful rule evaluation for the policy. DEFAULT_ACTION_ORDER is the default behavior. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on certain settings. For more information, see Evaluation order for stateful rules in the Network Firewall Developer Guide.
+     * Indicates how to manage the order of stateful rule evaluation for the policy. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on certain settings. For more information, see Evaluation order for stateful rules in the Network Firewall Developer Guide. Default: DEFAULT_ACTION_ORDER 
      */
     RuleOrder?: RuleOrder;
+    /**
+     * Indicates how Network Firewall should handle traffic when a network connection breaks midstream.    DROP - Fail closed and drop all subsequent traffic going to the firewall.    CONTINUE - Continue to apply rules to subsequent traffic without context from traffic before the break. This impacts the behavior of rules that depend on context. For example, with a stateful rule that drops HTTP traffic, Network Firewall won't match subsequent traffic because the it won't have the context from session initialization, which defines the application layer protocol as HTTP. However, a TCP-layer rule using a flow:stateless rule would still match, and so would the aws:drop_strict default action.     REJECT - Fail closed and drop all subsequent traffic going to the firewall. With this option, Network Firewall also sends a TCP reject packet back to the client so the client can immediately establish a new session. With the new session, Network Firewall will have context and will apply rules appropriately. For applications that are reliant on long-lived TCP connections that trigger Gateway Load Balancer idle timeouts, this is the recommended setting.     FMS_IGNORE - Firewall Manager doesn't monitor or modify the Network Firewall stream exception policy settings.    For more information, see Stream exception policy in your firewall policy in the Network Firewall Developer Guide. Default: FMS_IGNORE 
+     */
+    StreamExceptionPolicy?: StreamExceptionPolicy;
   }
   export interface StatefulRuleGroup {
     /**
@@ -2802,6 +2806,7 @@ declare namespace FMS {
   }
   export type StatelessRuleGroupList = StatelessRuleGroup[];
   export type StatelessRuleGroupPriority = number;
+  export type StreamExceptionPolicy = "DROP"|"CONTINUE"|"REJECT"|"FMS_IGNORE"|string;
   export interface Tag {
     /**
      * Part of the key:value pair that defines a tag. You can use a tag key to describe a category of information, such as "customer." Tag keys are case-sensitive.