cdk-docker-image-deployment 0.0.577 → 0.0.579

package/node_modules/aws-sdk/clients/ssmsap.d.ts

@@ -91,6 +91,14 @@ declare class SsmSap extends Service {
    * Lists the SAP HANA databases of an application registered with AWS Systems Manager for SAP.
    */
   listDatabases(callback?: (err: AWSError, data: SsmSap.Types.ListDatabasesOutput) => void): Request<SsmSap.Types.ListDatabasesOutput, AWSError>;
+  /**
+   * Returns a list of operations events. Available parameters include OperationID, as well as optional parameters MaxResults, NextToken, and Filters.
+   */
+  listOperationEvents(params: SsmSap.Types.ListOperationEventsInput, callback?: (err: AWSError, data: SsmSap.Types.ListOperationEventsOutput) => void): Request<SsmSap.Types.ListOperationEventsOutput, AWSError>;
+  /**
+   * Returns a list of operations events. Available parameters include OperationID, as well as optional parameters MaxResults, NextToken, and Filters.
+   */
+  listOperationEvents(callback?: (err: AWSError, data: SsmSap.Types.ListOperationEventsOutput) => void): Request<SsmSap.Types.ListOperationEventsOutput, AWSError>;
   /**
    * Lists the operations performed by AWS Systems Manager for SAP.
    */
@@ -123,6 +131,14 @@ declare class SsmSap extends Service {
    * Register an SAP application with AWS Systems Manager for SAP. You must meet the following requirements before registering.  The SAP application you want to register with AWS Systems Manager for SAP is running on Amazon EC2. AWS Systems Manager Agent must be setup on an Amazon EC2 instance along with the required IAM permissions. Amazon EC2 instance(s) must have access to the secrets created in AWS Secrets Manager to manage SAP applications and components.
    */
   registerApplication(callback?: (err: AWSError, data: SsmSap.Types.RegisterApplicationOutput) => void): Request<SsmSap.Types.RegisterApplicationOutput, AWSError>;
+  /**
+   * Request is an operation which starts an application. Parameter ApplicationId is required.
+   */
+  startApplication(params: SsmSap.Types.StartApplicationInput, callback?: (err: AWSError, data: SsmSap.Types.StartApplicationOutput) => void): Request<SsmSap.Types.StartApplicationOutput, AWSError>;
+  /**
+   * Request is an operation which starts an application. Parameter ApplicationId is required.
+   */
+  startApplication(callback?: (err: AWSError, data: SsmSap.Types.StartApplicationOutput) => void): Request<SsmSap.Types.StartApplicationOutput, AWSError>;
   /**
    * Refreshes a registered application.
    */
@@ -131,6 +147,14 @@ declare class SsmSap extends Service {
    * Refreshes a registered application.
    */
   startApplicationRefresh(callback?: (err: AWSError, data: SsmSap.Types.StartApplicationRefreshOutput) => void): Request<SsmSap.Types.StartApplicationRefreshOutput, AWSError>;
+  /**
+   * Request is an operation to stop an application. Parameter ApplicationId is required. Parameters StopConnectedEntity and IncludeEc2InstanceShutdown are optional.
+   */
+  stopApplication(params: SsmSap.Types.StopApplicationInput, callback?: (err: AWSError, data: SsmSap.Types.StopApplicationOutput) => void): Request<SsmSap.Types.StopApplicationOutput, AWSError>;
+  /**
+   * Request is an operation to stop an application. Parameter ApplicationId is required. Parameters StopConnectedEntity and IncludeEc2InstanceShutdown are optional.
+   */
+  stopApplication(callback?: (err: AWSError, data: SsmSap.Types.StopApplicationOutput) => void): Request<SsmSap.Types.StopApplicationOutput, AWSError>;
   /**
    * Creates tag for a resource by specifying the ARN.
    */
@@ -380,6 +404,7 @@ declare namespace SsmSap {
   }
   export type ComponentSummaryList = ComponentSummary[];
   export type ComponentType = "HANA"|"HANA_NODE"|"ABAP"|"ASCS"|"DIALOG"|"WEBDISP"|"WD"|"ERS"|string;
+  export type ConnectedEntityType = "DBMS"|string;
   export type CredentialType = "ADMIN"|string;
   export interface Database {
     /**
@@ -672,7 +697,7 @@ declare namespace SsmSap {
      */
     NextToken?: NextToken;
     /**
-     * The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value. 
+     * The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.
      */
     MaxResults?: MaxResults;
     /**
@@ -742,6 +767,34 @@ declare namespace SsmSap {
      */
     NextToken?: NextToken;
   }
+  export interface ListOperationEventsInput {
+    /**
+     * The ID of the operation.
+     */
+    OperationId: OperationId;
+    /**
+     * The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value. If you do not specify a value for MaxResults, the request returns 50 items per page by default.
+     */
+    MaxResults?: MaxResults;
+    /**
+     * The token to use to retrieve the next page of results. This value is null when there are no more results to return.
+     */
+    NextToken?: NextToken;
+    /**
+     * Optionally specify filters to narrow the returned operation event items. Valid filter names include status, resourceID, and resourceType. The valid operator for all three filters is Equals.
+     */
+    Filters?: FilterList;
+  }
+  export interface ListOperationEventsOutput {
+    /**
+     * A returned list of operation events that meet the filter criteria.
+     */
+    OperationEvents?: OperationEventList;
+    /**
+     * The token to use to retrieve the next page of results. This value is null when there are no more results to return.
+     */
+    NextToken?: NextToken;
+  }
   export interface ListOperationsInput {
     /**
      * The ID of the application.
@@ -830,6 +883,31 @@ declare namespace SsmSap {
      */
     LastUpdatedTime?: Timestamp;
   }
+  export interface OperationEvent {
+    /**
+     * A description of the operation event. For example, "Stop the EC2 instance i-abcdefgh987654321".
+     */
+    Description?: String;
+    /**
+     * The resource involved in the operations event. Contains ResourceArn ARN and ResourceType.
+     */
+    Resource?: Resource;
+    /**
+     * The status of the operation event. The possible statuses are: IN_PROGRESS, COMPLETED, and FAILED.
+     */
+    Status?: OperationEventStatus;
+    /**
+     * The status message relating to a specific operation event.
+     */
+    StatusMessage?: String;
+    /**
+     * The timestamp of the specified operation event.
+     */
+    Timestamp?: Timestamp;
+  }
+  export type OperationEventList = OperationEvent[];
+  export type OperationEventResourceType = string;
+  export type OperationEventStatus = "IN_PROGRESS"|"COMPLETED"|"FAILED"|string;
   export type OperationId = string;
   export type OperationIdList = OperationId[];
   export type OperationList = Operation[];
@@ -925,12 +1003,34 @@ declare namespace SsmSap {
      */
     EnqueueReplication?: Boolean;
   }
+  export interface Resource {
+    /**
+     * The Amazon Resource Name (ARN) of the source resource. Example of ResourceArn: "arn:aws:ec2:us-east-1:111111111111:instance/i-abcdefgh987654321"
+     */
+    ResourceArn?: Arn;
+    /**
+     * The resource type. Example of ResourceType: "AWS::SystemsManagerSAP::Component" or "AWS::EC2::Instance".
+     */
+    ResourceType?: OperationEventResourceType;
+  }
   export type ResourceId = string;
   export type ResourceType = string;
   export type SAPInstanceNumber = string;
   export type SID = string;
   export type SecretId = string;
   export type SsmSapArn = string;
+  export interface StartApplicationInput {
+    /**
+     * The ID of the application.
+     */
+    ApplicationId: ApplicationId;
+  }
+  export interface StartApplicationOutput {
+    /**
+     * The ID of the operation.
+     */
+    OperationId?: OperationId;
+  }
   export interface StartApplicationRefreshInput {
     /**
      * The ID of the application.
@@ -943,6 +1043,26 @@ declare namespace SsmSap {
      */
     OperationId?: OperationId;
   }
+  export interface StopApplicationInput {
+    /**
+     * The ID of the application.
+     */
+    ApplicationId: ApplicationId;
+    /**
+     * Specify the ConnectedEntityType. Accepted type is DBMS. If this parameter is included, the connected DBMS (Database Management System) will be stopped.
+     */
+    StopConnectedEntity?: ConnectedEntityType;
+    /**
+     * Boolean. If included and if set to True, the StopApplication operation will shut down the associated Amazon EC2 instance in addition to the application.
+     */
+    IncludeEc2InstanceShutdown?: Boolean;
+  }
+  export interface StopApplicationOutput {
+    /**
+     * The ID of the operation.
+     */
+    OperationId?: OperationId;
+  }
   export type String = string;
   export type TagKey = string;
   export type TagKeyList = TagKey[];

package/node_modules/aws-sdk/clients/ssooidc.d.ts

@@ -20,11 +20,11 @@ declare class SSOOIDC extends Service {
    */
   createToken(callback?: (err: AWSError, data: SSOOIDC.Types.CreateTokenResponse) => void): Request<SSOOIDC.Types.CreateTokenResponse, AWSError>;
   /**
-   * Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. The access token can be used to fetch short-term credentials for the assigned AWS accounts or to access application APIs using bearer authentication.
+   * Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. The access token can be used to fetch short-term credentials for the assigned Amazon Web Services accounts or to access application APIs using bearer authentication.
    */
   createTokenWithIAM(params: SSOOIDC.Types.CreateTokenWithIAMRequest, callback?: (err: AWSError, data: SSOOIDC.Types.CreateTokenWithIAMResponse) => void): Request<SSOOIDC.Types.CreateTokenWithIAMResponse, AWSError>;
   /**
-   * Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. The access token can be used to fetch short-term credentials for the assigned AWS accounts or to access application APIs using bearer authentication.
+   * Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. The access token can be used to fetch short-term credentials for the assigned Amazon Web Services accounts or to access application APIs using bearer authentication.
    */
   createTokenWithIAM(callback?: (err: AWSError, data: SSOOIDC.Types.CreateTokenWithIAMResponse) => void): Request<SSOOIDC.Types.CreateTokenWithIAMResponse, AWSError>;
   /**
@@ -46,12 +46,14 @@ declare class SSOOIDC extends Service {
 }
 declare namespace SSOOIDC {
   export type AccessToken = string;
+  export type ArnType = string;
   export type Assertion = string;
   export type AuthCode = string;
   export type ClientId = string;
   export type ClientName = string;
   export type ClientSecret = string;
   export type ClientType = string;
+  export type CodeVerifier = string;
   export interface CreateTokenRequest {
     /**
      * The unique identifier string for the client or application. This value comes from the result of the RegisterClient API.
@@ -85,10 +87,14 @@ declare namespace SSOOIDC {
      * Used only when calling this API for the Authorization Code grant type. This value specifies the location of the client or application that has registered to receive the authorization code.
      */
     redirectUri?: URI;
+    /**
+     * Used only when calling this API for the Authorization Code grant type. This value is generated by the client and presented to validate the original code challenge value the client passed at authorization time.
+     */
+    codeVerifier?: CodeVerifier;
   }
   export interface CreateTokenResponse {
     /**
-     * A bearer token to access AWS accounts and applications assigned to a user.
+     * A bearer token to access Amazon Web Services accounts and applications assigned to a user.
      */
     accessToken?: AccessToken;
     /**
@@ -149,10 +155,14 @@ declare namespace SSOOIDC {
      * Used only when calling this API for the Token Exchange grant type. This value specifies the type of token that the requester can receive. The following values are supported: * Access Token - urn:ietf:params:oauth:token-type:access_token  * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token 
      */
     requestedTokenType?: TokenTypeURI;
+    /**
+     * Used only when calling this API for the Authorization Code grant type. This value is generated by the client and presented to validate the original code challenge value the client passed at authorization time.
+     */
+    codeVerifier?: CodeVerifier;
   }
   export interface CreateTokenWithIAMResponse {
     /**
-     * A bearer token to access AWS accounts and applications assigned to a user.
+     * A bearer token to access Amazon Web Services accounts and applications assigned to a user.
      */
     accessToken?: AccessToken;
     /**
@@ -183,9 +193,11 @@ declare namespace SSOOIDC {
   export type DeviceCode = string;
   export type ExpirationInSeconds = number;
   export type GrantType = string;
+  export type GrantTypes = GrantType[];
   export type IdToken = string;
   export type IntervalInSeconds = number;
   export type LongTimeStampType = number;
+  export type RedirectUris = URI[];
   export type RefreshToken = string;
   export interface RegisterClientRequest {
     /**
@@ -200,6 +212,22 @@ declare namespace SSOOIDC {
      * The list of scopes that are defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token.
      */
     scopes?: Scopes;
+    /**
+     * The list of redirect URI that are defined by the client. At completion of authorization, this list is used to restrict what locations the user agent can be redirected back to.
+     */
+    redirectUris?: RedirectUris;
+    /**
+     * The list of OAuth 2.0 grant types that are defined by the client. This list is used to restrict the token granting flows available to the client.
+     */
+    grantTypes?: GrantTypes;
+    /**
+     * The IAM Identity Center Issuer URL associated with an instance of IAM Identity Center. This value is needed for user access to resources through the client.
+     */
+    issuerUrl?: URI;
+    /**
+     * This IAM Identity Center application ARN is used to define administrator-managed configuration for public client access to resources. At authorization, the scopes, grants, and redirect URI available to this client will be restricted by this application resource.
+     */
+    entitledApplicationArn?: ArnType;
   }
   export interface RegisterClientResponse {
     /**

package/node_modules/aws-sdk/clients/stepfunctions.d.ts

@@ -20,11 +20,11 @@ declare class StepFunctions extends Service {
    */
   createActivity(callback?: (err: AWSError, data: StepFunctions.Types.CreateActivityOutput) => void): Request<StepFunctions.Types.CreateActivityOutput, AWSError>;
   /**
-   * Creates a state machine. A state machine consists of a collection of states that can do work (Task states), determine to which states to transition next (Choice states), stop an execution with an error (Fail states), and so on. State machines are specified using a JSON-based, structured language. For more information, see Amazon States Language in the Step Functions User Guide. If you set the publish parameter of this API action to true, it publishes version 1 as the first revision of the state machine.  This operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.    CreateStateMachine is an idempotent API. Subsequent requests won’t create a duplicate resource if it was already created. CreateStateMachine's idempotency check is based on the state machine name, definition, type, LoggingConfiguration, and TracingConfiguration. The check is also based on the publish and versionDescription parameters. If a following request has a different roleArn or tags, Step Functions will ignore these differences and treat it as an idempotent request of the previous. In this case, roleArn and tags will not be updated, even if they are different. 
+   * Creates a state machine. A state machine consists of a collection of states that can do work (Task states), determine to which states to transition next (Choice states), stop an execution with an error (Fail states), and so on. State machines are specified using a JSON-based, structured language. For more information, see Amazon States Language in the Step Functions User Guide. If you set the publish parameter of this API action to true, it publishes version 1 as the first revision of the state machine.  For additional control over security, you can encrypt your data using a customer-managed key for Step Functions state machines. You can configure a symmetric KMS key and data key reuse period when creating or updating a State Machine. The execution history and state machine definition will be encrypted with the key applied to the State Machine.   This operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.    CreateStateMachine is an idempotent API. Subsequent requests won’t create a duplicate resource if it was already created. CreateStateMachine's idempotency check is based on the state machine name, definition, type, LoggingConfiguration, TracingConfiguration, and EncryptionConfiguration The check is also based on the publish and versionDescription parameters. If a following request has a different roleArn or tags, Step Functions will ignore these differences and treat it as an idempotent request of the previous. In this case, roleArn and tags will not be updated, even if they are different. 
    */
   createStateMachine(params: StepFunctions.Types.CreateStateMachineInput, callback?: (err: AWSError, data: StepFunctions.Types.CreateStateMachineOutput) => void): Request<StepFunctions.Types.CreateStateMachineOutput, AWSError>;
   /**
-   * Creates a state machine. A state machine consists of a collection of states that can do work (Task states), determine to which states to transition next (Choice states), stop an execution with an error (Fail states), and so on. State machines are specified using a JSON-based, structured language. For more information, see Amazon States Language in the Step Functions User Guide. If you set the publish parameter of this API action to true, it publishes version 1 as the first revision of the state machine.  This operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.    CreateStateMachine is an idempotent API. Subsequent requests won’t create a duplicate resource if it was already created. CreateStateMachine's idempotency check is based on the state machine name, definition, type, LoggingConfiguration, and TracingConfiguration. The check is also based on the publish and versionDescription parameters. If a following request has a different roleArn or tags, Step Functions will ignore these differences and treat it as an idempotent request of the previous. In this case, roleArn and tags will not be updated, even if they are different. 
+   * Creates a state machine. A state machine consists of a collection of states that can do work (Task states), determine to which states to transition next (Choice states), stop an execution with an error (Fail states), and so on. State machines are specified using a JSON-based, structured language. For more information, see Amazon States Language in the Step Functions User Guide. If you set the publish parameter of this API action to true, it publishes version 1 as the first revision of the state machine.  For additional control over security, you can encrypt your data using a customer-managed key for Step Functions state machines. You can configure a symmetric KMS key and data key reuse period when creating or updating a State Machine. The execution history and state machine definition will be encrypted with the key applied to the State Machine.   This operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.    CreateStateMachine is an idempotent API. Subsequent requests won’t create a duplicate resource if it was already created. CreateStateMachine's idempotency check is based on the state machine name, definition, type, LoggingConfiguration, TracingConfiguration, and EncryptionConfiguration The check is also based on the publish and versionDescription parameters. If a following request has a different roleArn or tags, Step Functions will ignore these differences and treat it as an idempotent request of the previous. In this case, roleArn and tags will not be updated, even if they are different. 
    */
   createStateMachine(callback?: (err: AWSError, data: StepFunctions.Types.CreateStateMachineOutput) => void): Request<StepFunctions.Types.CreateStateMachineOutput, AWSError>;
   /**
@@ -204,11 +204,11 @@ declare class StepFunctions extends Service {
    */
   redriveExecution(callback?: (err: AWSError, data: StepFunctions.Types.RedriveExecutionOutput) => void): Request<StepFunctions.Types.RedriveExecutionOutput, AWSError>;
   /**
-   * Used by activity workers, Task states using the callback pattern, and optionally Task states using the job run pattern to report that the task identified by the taskToken failed.
+   * Used by activity workers, Task states using the callback pattern, and optionally Task states using the job run pattern to report that the task identified by the taskToken failed. For an execution with encryption enabled, Step Functions will encrypt the error and cause fields using the KMS key for the execution role. A caller can mark a task as fail without using any KMS permissions in the execution role if the caller provides a null value for both error and cause fields because no data needs to be encrypted.
    */
   sendTaskFailure(params: StepFunctions.Types.SendTaskFailureInput, callback?: (err: AWSError, data: StepFunctions.Types.SendTaskFailureOutput) => void): Request<StepFunctions.Types.SendTaskFailureOutput, AWSError>;
   /**
-   * Used by activity workers, Task states using the callback pattern, and optionally Task states using the job run pattern to report that the task identified by the taskToken failed.
+   * Used by activity workers, Task states using the callback pattern, and optionally Task states using the job run pattern to report that the task identified by the taskToken failed. For an execution with encryption enabled, Step Functions will encrypt the error and cause fields using the KMS key for the execution role. A caller can mark a task as fail without using any KMS permissions in the execution role if the caller provides a null value for both error and cause fields because no data needs to be encrypted.
    */
   sendTaskFailure(callback?: (err: AWSError, data: StepFunctions.Types.SendTaskFailureOutput) => void): Request<StepFunctions.Types.SendTaskFailureOutput, AWSError>;
   /**
@@ -244,11 +244,11 @@ declare class StepFunctions extends Service {
    */
   startSyncExecution(callback?: (err: AWSError, data: StepFunctions.Types.StartSyncExecutionOutput) => void): Request<StepFunctions.Types.StartSyncExecutionOutput, AWSError>;
   /**
-   * Stops an execution. This API action is not supported by EXPRESS state machines.
+   * Stops an execution. This API action is not supported by EXPRESS state machines. For an execution with encryption enabled, Step Functions will encrypt the error and cause fields using the KMS key for the execution role. A caller can stop an execution without using any KMS permissions in the execution role if the caller provides a null value for both error and cause fields because no data needs to be encrypted.
    */
   stopExecution(params: StepFunctions.Types.StopExecutionInput, callback?: (err: AWSError, data: StepFunctions.Types.StopExecutionOutput) => void): Request<StepFunctions.Types.StopExecutionOutput, AWSError>;
   /**
-   * Stops an execution. This API action is not supported by EXPRESS state machines.
+   * Stops an execution. This API action is not supported by EXPRESS state machines. For an execution with encryption enabled, Step Functions will encrypt the error and cause fields using the KMS key for the execution role. A caller can stop an execution without using any KMS permissions in the execution role if the caller provides a null value for both error and cause fields because no data needs to be encrypted.
    */
   stopExecution(callback?: (err: AWSError, data: StepFunctions.Types.StopExecutionOutput) => void): Request<StepFunctions.Types.StopExecutionOutput, AWSError>;
   /**
@@ -284,11 +284,11 @@ declare class StepFunctions extends Service {
    */
   updateMapRun(callback?: (err: AWSError, data: StepFunctions.Types.UpdateMapRunOutput) => void): Request<StepFunctions.Types.UpdateMapRunOutput, AWSError>;
   /**
-   * Updates an existing state machine by modifying its definition, roleArn, or loggingConfiguration. Running executions will continue to use the previous definition and roleArn. You must include at least one of definition or roleArn or you will receive a MissingRequiredParameter error. A qualified state machine ARN refers to a Distributed Map state defined within a state machine. For example, the qualified state machine ARN arn:partition:states:region:account-id:stateMachine:stateMachineName/mapStateLabel refers to a Distributed Map state with a label mapStateLabel in the state machine named stateMachineName. A qualified state machine ARN can either refer to a Distributed Map state defined within a state machine, a version ARN, or an alias ARN. The following are some examples of qualified and unqualified state machine ARNs:   The following qualified state machine ARN refers to a Distributed Map state with a label mapStateLabel in a state machine named myStateMachine.  arn:partition:states:region:account-id:stateMachine:myStateMachine/mapStateLabel   If you provide a qualified state machine ARN that refers to a Distributed Map state, the request fails with ValidationException.    The following qualified state machine ARN refers to an alias named PROD.  arn:&lt;partition&gt;:states:&lt;region&gt;:&lt;account-id&gt;:stateMachine:&lt;myStateMachine:PROD&gt;   If you provide a qualified state machine ARN that refers to a version ARN or an alias ARN, the request starts execution for that version or alias.    The following unqualified state machine ARN refers to a state machine named myStateMachine.  arn:&lt;partition&gt;:states:&lt;region&gt;:&lt;account-id&gt;:stateMachine:&lt;myStateMachine&gt;    After you update your state machine, you can set the publish parameter to true in the same action to publish a new version. This way, you can opt-in to strict versioning of your state machine.  Step Functions assigns monotonically increasing integers for state machine versions, starting at version number 1.   All StartExecution calls within a few seconds use the updated definition and roleArn. Executions started immediately after you call UpdateStateMachine may use the previous state machine definition and roleArn.  
+   * Updates an existing state machine by modifying its definition, roleArn, loggingConfiguration, or EncryptionConfiguration. Running executions will continue to use the previous definition and roleArn. You must include at least one of definition or roleArn or you will receive a MissingRequiredParameter error. A qualified state machine ARN refers to a Distributed Map state defined within a state machine. For example, the qualified state machine ARN arn:partition:states:region:account-id:stateMachine:stateMachineName/mapStateLabel refers to a Distributed Map state with a label mapStateLabel in the state machine named stateMachineName. A qualified state machine ARN can either refer to a Distributed Map state defined within a state machine, a version ARN, or an alias ARN. The following are some examples of qualified and unqualified state machine ARNs:   The following qualified state machine ARN refers to a Distributed Map state with a label mapStateLabel in a state machine named myStateMachine.  arn:partition:states:region:account-id:stateMachine:myStateMachine/mapStateLabel   If you provide a qualified state machine ARN that refers to a Distributed Map state, the request fails with ValidationException.    The following qualified state machine ARN refers to an alias named PROD.  arn:&lt;partition&gt;:states:&lt;region&gt;:&lt;account-id&gt;:stateMachine:&lt;myStateMachine:PROD&gt;   If you provide a qualified state machine ARN that refers to a version ARN or an alias ARN, the request starts execution for that version or alias.    The following unqualified state machine ARN refers to a state machine named myStateMachine.  arn:&lt;partition&gt;:states:&lt;region&gt;:&lt;account-id&gt;:stateMachine:&lt;myStateMachine&gt;    After you update your state machine, you can set the publish parameter to true in the same action to publish a new version. This way, you can opt-in to strict versioning of your state machine.  Step Functions assigns monotonically increasing integers for state machine versions, starting at version number 1.   All StartExecution calls within a few seconds use the updated definition and roleArn. Executions started immediately after you call UpdateStateMachine may use the previous state machine definition and roleArn.  
    */
   updateStateMachine(params: StepFunctions.Types.UpdateStateMachineInput, callback?: (err: AWSError, data: StepFunctions.Types.UpdateStateMachineOutput) => void): Request<StepFunctions.Types.UpdateStateMachineOutput, AWSError>;
   /**
-   * Updates an existing state machine by modifying its definition, roleArn, or loggingConfiguration. Running executions will continue to use the previous definition and roleArn. You must include at least one of definition or roleArn or you will receive a MissingRequiredParameter error. A qualified state machine ARN refers to a Distributed Map state defined within a state machine. For example, the qualified state machine ARN arn:partition:states:region:account-id:stateMachine:stateMachineName/mapStateLabel refers to a Distributed Map state with a label mapStateLabel in the state machine named stateMachineName. A qualified state machine ARN can either refer to a Distributed Map state defined within a state machine, a version ARN, or an alias ARN. The following are some examples of qualified and unqualified state machine ARNs:   The following qualified state machine ARN refers to a Distributed Map state with a label mapStateLabel in a state machine named myStateMachine.  arn:partition:states:region:account-id:stateMachine:myStateMachine/mapStateLabel   If you provide a qualified state machine ARN that refers to a Distributed Map state, the request fails with ValidationException.    The following qualified state machine ARN refers to an alias named PROD.  arn:&lt;partition&gt;:states:&lt;region&gt;:&lt;account-id&gt;:stateMachine:&lt;myStateMachine:PROD&gt;   If you provide a qualified state machine ARN that refers to a version ARN or an alias ARN, the request starts execution for that version or alias.    The following unqualified state machine ARN refers to a state machine named myStateMachine.  arn:&lt;partition&gt;:states:&lt;region&gt;:&lt;account-id&gt;:stateMachine:&lt;myStateMachine&gt;    After you update your state machine, you can set the publish parameter to true in the same action to publish a new version. This way, you can opt-in to strict versioning of your state machine.  Step Functions assigns monotonically increasing integers for state machine versions, starting at version number 1.   All StartExecution calls within a few seconds use the updated definition and roleArn. Executions started immediately after you call UpdateStateMachine may use the previous state machine definition and roleArn.  
+   * Updates an existing state machine by modifying its definition, roleArn, loggingConfiguration, or EncryptionConfiguration. Running executions will continue to use the previous definition and roleArn. You must include at least one of definition or roleArn or you will receive a MissingRequiredParameter error. A qualified state machine ARN refers to a Distributed Map state defined within a state machine. For example, the qualified state machine ARN arn:partition:states:region:account-id:stateMachine:stateMachineName/mapStateLabel refers to a Distributed Map state with a label mapStateLabel in the state machine named stateMachineName. A qualified state machine ARN can either refer to a Distributed Map state defined within a state machine, a version ARN, or an alias ARN. The following are some examples of qualified and unqualified state machine ARNs:   The following qualified state machine ARN refers to a Distributed Map state with a label mapStateLabel in a state machine named myStateMachine.  arn:partition:states:region:account-id:stateMachine:myStateMachine/mapStateLabel   If you provide a qualified state machine ARN that refers to a Distributed Map state, the request fails with ValidationException.    The following qualified state machine ARN refers to an alias named PROD.  arn:&lt;partition&gt;:states:&lt;region&gt;:&lt;account-id&gt;:stateMachine:&lt;myStateMachine:PROD&gt;   If you provide a qualified state machine ARN that refers to a version ARN or an alias ARN, the request starts execution for that version or alias.    The following unqualified state machine ARN refers to a state machine named myStateMachine.  arn:&lt;partition&gt;:states:&lt;region&gt;:&lt;account-id&gt;:stateMachine:&lt;myStateMachine&gt;    After you update your state machine, you can set the publish parameter to true in the same action to publish a new version. This way, you can opt-in to strict versioning of your state machine.  Step Functions assigns monotonically increasing integers for state machine versions, starting at version number 1.   All StartExecution calls within a few seconds use the updated definition and roleArn. Executions started immediately after you call UpdateStateMachine may use the previous state machine definition and roleArn.  
    */
   updateStateMachine(callback?: (err: AWSError, data: StepFunctions.Types.UpdateStateMachineOutput) => void): Request<StepFunctions.Types.UpdateStateMachineOutput, AWSError>;
   /**
@@ -430,6 +430,10 @@ declare namespace StepFunctions {
      * The list of tags to add to a resource. An array of key-value pairs. For more information, see Using Cost Allocation Tags in the Amazon Web Services Billing and Cost Management User Guide, and Controlling Access Using IAM Tags. Tags may only contain Unicode letters, digits, white space, or these symbols: _ . : / = + - @.
      */
     tags?: TagList;
+    /**
+     * Settings to configure server-side encryption.
+     */
+    encryptionConfiguration?: EncryptionConfiguration;
   }
   export interface CreateActivityOutput {
     /**
@@ -502,6 +506,10 @@ declare namespace StepFunctions {
      * Sets description about the state machine version. You can only set the description if the publish parameter is set to true. Otherwise, if you set versionDescription, but publish to false, this API action throws ValidationException.
      */
     versionDescription?: VersionDescription;
+    /**
+     * Settings to configure server-side encryption.
+     */
+    encryptionConfiguration?: EncryptionConfiguration;
   }
   export interface CreateStateMachineOutput {
     /**
@@ -569,12 +577,20 @@ declare namespace StepFunctions {
      * The date the activity is created.
      */
     creationDate: Timestamp;
+    /**
+     * Settings for configured server-side encryption.
+     */
+    encryptionConfiguration?: EncryptionConfiguration;
   }
   export interface DescribeExecutionInput {
     /**
      * The Amazon Resource Name (ARN) of the execution to describe.
      */
     executionArn: Arn;
+    /**
+     * If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt permission to decrypt the definition. Alternatively, you can call DescribeStateMachine API with includedData = METADATA_ONLY to get a successful response without the encrypted definition.
+     */
+    includedData?: IncludedData;
   }
   export interface DescribeExecutionOutput {
     /**
@@ -745,6 +761,10 @@ declare namespace StepFunctions {
      * The Amazon Resource Name (ARN) of the execution you want state machine information for.
      */
     executionArn: Arn;
+    /**
+     * If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt permission to decrypt the definition. Alternatively, you can call the API with includedData = METADATA_ONLY to get a successful response without the encrypted definition.
+     */
+    includedData?: IncludedData;
   }
   export interface DescribeStateMachineForExecutionOutput {
     /**
@@ -784,12 +804,20 @@ declare namespace StepFunctions {
      * The revision identifier for the state machine. The first revision ID when you create the state machine is null. Use the state machine revisionId parameter to compare the revision of a state machine with the configuration of the state machine used for executions without performing a diff of the properties, such as definition and roleArn.
      */
     revisionId?: RevisionId;
+    /**
+     * Settings to configure server-side encryption. 
+     */
+    encryptionConfiguration?: EncryptionConfiguration;
   }
   export interface DescribeStateMachineInput {
     /**
      * The Amazon Resource Name (ARN) of the state machine for which you want the information. If you specify a state machine version ARN, this API returns details about that version. The version ARN is a combination of state machine ARN and the version number separated by a colon (:). For example, stateMachineARN:1.
      */
     stateMachineArn: Arn;
+    /**
+     * If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt permission to decrypt the definition. Alternatively, you can call the API with includedData = METADATA_ONLY to get a successful response without the encrypted definition.   When calling a labelled ARN for an encrypted state machine, the includedData = METADATA_ONLY parameter will not apply because Step Functions needs to decrypt the entire state machine definition to get the Distributed Map state’s definition. In this case, the API caller needs to have kms:Decrypt permission.  
+     */
+    includedData?: IncludedData;
   }
   export interface DescribeStateMachineOutput {
     /**
@@ -805,7 +833,7 @@ declare namespace StepFunctions {
      */
     status?: StateMachineStatus;
     /**
-     * The Amazon States Language definition of the state machine. See Amazon States Language.
+     * The Amazon States Language definition of the state machine. See Amazon States Language. If called with includedData = METADATA_ONLY, the returned definition will be {}.
      */
     definition: Definition;
     /**
@@ -837,8 +865,27 @@ declare namespace StepFunctions {
      * The description of the state machine version.
      */
     description?: VersionDescription;
+    /**
+     * Settings to configure server-side encryption. 
+     */
+    encryptionConfiguration?: EncryptionConfiguration;
   }
   export type Enabled = boolean;
+  export interface EncryptionConfiguration {
+    /**
+     * An alias, alias ARN, key ID, or key ARN of a symmetric encryption KMS key to encrypt data. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
+     */
+    kmsKeyId?: KmsKeyId;
+    /**
+     * Maximum duration that Step Functions will reuse data keys. When the period expires, Step Functions will call GenerateDataKey. Only applies to customer managed keys.
+     */
+    kmsDataKeyReusePeriodSeconds?: KmsDataKeyReusePeriodSeconds;
+    /**
+     * Encryption type
+     */
+    type: EncryptionType;
+  }
+  export type EncryptionType = "AWS_OWNED_KEY"|"CUSTOMER_MANAGED_KMS_KEY"|string;
   export type EventId = number;
   export interface ExecutionAbortedEventDetails {
     /**
@@ -1145,6 +1192,7 @@ declare namespace StepFunctions {
   export type Identity = string;
   export type IncludeExecutionData = boolean;
   export type IncludeExecutionDataGetExecutionHistory = boolean;
+  export type IncludedData = "ALL_DATA"|"METADATA_ONLY"|string;
   export interface InspectionData {
     /**
      * The raw state input.
@@ -1224,6 +1272,8 @@ declare namespace StepFunctions {
     body?: HTTPBody;
   }
   export type InspectionLevel = "INFO"|"DEBUG"|"TRACE"|string;
+  export type KmsDataKeyReusePeriodSeconds = number;
+  export type KmsKeyId = string;
   export interface LambdaFunctionFailedEventDetails {
     /**
      * The error code of the failure.
@@ -1774,6 +1824,10 @@ declare namespace StepFunctions {
      * Passes the X-Ray trace header. The trace header can also be passed in the request payload.
      */
     traceHeader?: TraceHeader;
+    /**
+     * If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt permission to decrypt the definition. Alternatively, you can call the API with includedData = METADATA_ONLY to get a successful response without the encrypted definition.
+     */
+    includedData?: IncludedData;
   }
   export interface StartSyncExecutionOutput {
     /**
@@ -2245,6 +2299,10 @@ declare namespace StepFunctions {
      * An optional description of the state machine version to publish. You can only specify the versionDescription parameter if you've set publish to true.
      */
     versionDescription?: VersionDescription;
+    /**
+     * Settings to configure server-side encryption. 
+     */
+    encryptionConfiguration?: EncryptionConfiguration;
   }
   export interface UpdateStateMachineOutput {
     /**