cdk-docker-image-deployment 0.0.74 → 0.0.76

package/node_modules/aws-sdk/clients/secretsmanager.d.ts

@@ -132,11 +132,11 @@ declare class SecretsManager extends Service {
    */
   restoreSecret(callback?: (err: AWSError, data: SecretsManager.Types.RestoreSecretResponse) => void): Request<SecretsManager.Types.RestoreSecretResponse, AWSError>;
   /**
-   * Configures and starts the asynchronous process of rotating the secret. For more information about rotation, see Rotate secrets. If you include the configuration parameters, the operation sets the values for the secret and then immediately starts a rotation. If you don't include the configuration parameters, the operation starts a rotation with the values already stored in the secret.  For database credentials you want to rotate, for Secrets Manager to be able to rotate the secret, you must make sure the secret value is in the  JSON structure of a database secret. In particular, if you want to use the  alternating users strategy, your secret must contain the ARN of a superuser secret. To configure rotation, you also need the ARN of an Amazon Web Services Lambda function and the schedule for the rotation. The Lambda rotation function creates a new version of the secret and creates or updates the credentials on the database or service to match. After testing the new credentials, the function marks the new secret version with the staging label AWSCURRENT. Then anyone who retrieves the secret gets the new version. For more information, see How rotation works. You can create the Lambda rotation function based on the rotation function templates that Secrets Manager provides. Choose a template that matches your Rotation strategy. When rotation is successful, the AWSPENDING staging label might be attached to the same version as the AWSCURRENT version, or it might not be attached to any version. If the AWSPENDING staging label is present but not attached to the same version as AWSCURRENT, then any later invocation of RotateSecret assumes that a previous rotation request is still in progress and returns an error. Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.  Required permissions:  secretsmanager:RotateSecret. For more information, see  IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager. You also need lambda:InvokeFunction permissions on the rotation function. For more information, see  Permissions for rotation.
+   * Configures and starts the asynchronous process of rotating the secret. For more information about rotation, see Rotate secrets. If you include the configuration parameters, the operation sets the values for the secret and then immediately starts a rotation. If you don't include the configuration parameters, the operation starts a rotation with the values already stored in the secret.  For database credentials you want to rotate, for Secrets Manager to be able to rotate the secret, you must make sure the secret value is in the  JSON structure of a database secret. In particular, if you want to use the  alternating users strategy, your secret must contain the ARN of a superuser secret. To configure rotation, you also need the ARN of an Amazon Web Services Lambda function and the schedule for the rotation. The Lambda rotation function creates a new version of the secret and creates or updates the credentials on the database or service to match. After testing the new credentials, the function marks the new secret version with the staging label AWSCURRENT. Then anyone who retrieves the secret gets the new version. For more information, see How rotation works. You can create the Lambda rotation function based on the rotation function templates that Secrets Manager provides. Choose a template that matches your Rotation strategy. When rotation is successful, the AWSPENDING staging label might be attached to the same version as the AWSCURRENT version, or it might not be attached to any version. If the AWSPENDING staging label is present but not attached to the same version as AWSCURRENT, then any later invocation of RotateSecret assumes that a previous rotation request is still in progress and returns an error. When rotation is unsuccessful, the AWSPENDING staging label might be attached to an empty secret version. For more information, see Troubleshoot rotation in the Secrets Manager User Guide. Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.  Required permissions:  secretsmanager:RotateSecret. For more information, see  IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager. You also need lambda:InvokeFunction permissions on the rotation function. For more information, see  Permissions for rotation.
    */
   rotateSecret(params: SecretsManager.Types.RotateSecretRequest, callback?: (err: AWSError, data: SecretsManager.Types.RotateSecretResponse) => void): Request<SecretsManager.Types.RotateSecretResponse, AWSError>;
   /**
-   * Configures and starts the asynchronous process of rotating the secret. For more information about rotation, see Rotate secrets. If you include the configuration parameters, the operation sets the values for the secret and then immediately starts a rotation. If you don't include the configuration parameters, the operation starts a rotation with the values already stored in the secret.  For database credentials you want to rotate, for Secrets Manager to be able to rotate the secret, you must make sure the secret value is in the  JSON structure of a database secret. In particular, if you want to use the  alternating users strategy, your secret must contain the ARN of a superuser secret. To configure rotation, you also need the ARN of an Amazon Web Services Lambda function and the schedule for the rotation. The Lambda rotation function creates a new version of the secret and creates or updates the credentials on the database or service to match. After testing the new credentials, the function marks the new secret version with the staging label AWSCURRENT. Then anyone who retrieves the secret gets the new version. For more information, see How rotation works. You can create the Lambda rotation function based on the rotation function templates that Secrets Manager provides. Choose a template that matches your Rotation strategy. When rotation is successful, the AWSPENDING staging label might be attached to the same version as the AWSCURRENT version, or it might not be attached to any version. If the AWSPENDING staging label is present but not attached to the same version as AWSCURRENT, then any later invocation of RotateSecret assumes that a previous rotation request is still in progress and returns an error. Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.  Required permissions:  secretsmanager:RotateSecret. For more information, see  IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager. You also need lambda:InvokeFunction permissions on the rotation function. For more information, see  Permissions for rotation.
+   * Configures and starts the asynchronous process of rotating the secret. For more information about rotation, see Rotate secrets. If you include the configuration parameters, the operation sets the values for the secret and then immediately starts a rotation. If you don't include the configuration parameters, the operation starts a rotation with the values already stored in the secret.  For database credentials you want to rotate, for Secrets Manager to be able to rotate the secret, you must make sure the secret value is in the  JSON structure of a database secret. In particular, if you want to use the  alternating users strategy, your secret must contain the ARN of a superuser secret. To configure rotation, you also need the ARN of an Amazon Web Services Lambda function and the schedule for the rotation. The Lambda rotation function creates a new version of the secret and creates or updates the credentials on the database or service to match. After testing the new credentials, the function marks the new secret version with the staging label AWSCURRENT. Then anyone who retrieves the secret gets the new version. For more information, see How rotation works. You can create the Lambda rotation function based on the rotation function templates that Secrets Manager provides. Choose a template that matches your Rotation strategy. When rotation is successful, the AWSPENDING staging label might be attached to the same version as the AWSCURRENT version, or it might not be attached to any version. If the AWSPENDING staging label is present but not attached to the same version as AWSCURRENT, then any later invocation of RotateSecret assumes that a previous rotation request is still in progress and returns an error. When rotation is unsuccessful, the AWSPENDING staging label might be attached to an empty secret version. For more information, see Troubleshoot rotation in the Secrets Manager User Guide. Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.  Required permissions:  secretsmanager:RotateSecret. For more information, see  IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager. You also need lambda:InvokeFunction permissions on the rotation function. For more information, see  Permissions for rotation.
    */
   rotateSecret(callback?: (err: AWSError, data: SecretsManager.Types.RotateSecretResponse) => void): Request<SecretsManager.Types.RotateSecretResponse, AWSError>;
   /**
@@ -296,7 +296,7 @@ declare namespace SecretsManager {
      */
     RecoveryWindowInDays?: RecoveryWindowInDaysType;
     /**
-     * Specifies whether to delete the secret without any recovery window. You can't use both this parameter and RecoveryWindowInDays in the same call. If you don't use either, then Secrets Manager defaults to a 30 day recovery window. Secrets Manager performs the actual deletion with an asynchronous background process, so there might be a short delay before the secret is permanently deleted. If you delete a secret and then immediately create a secret with the same name, use appropriate back off and retry logic.  Use this parameter with caution. This parameter causes the operation to skip the normal recovery window before the permanent deletion that Secrets Manager would normally impose with the RecoveryWindowInDays parameter. If you delete a secret with the ForceDeleteWithouRecovery parameter, then you have no opportunity to recover the secret. You lose the secret permanently. 
+     * Specifies whether to delete the secret without any recovery window. You can't use both this parameter and RecoveryWindowInDays in the same call. If you don't use either, then Secrets Manager defaults to a 30 day recovery window. Secrets Manager performs the actual deletion with an asynchronous background process, so there might be a short delay before the secret is permanently deleted. If you delete a secret and then immediately create a secret with the same name, use appropriate back off and retry logic.  Use this parameter with caution. This parameter causes the operation to skip the normal recovery window before the permanent deletion that Secrets Manager would normally impose with the RecoveryWindowInDays parameter. If you delete a secret with the ForceDeleteWithoutRecovery parameter, then you have no opportunity to recover the secret. You lose the secret permanently. 
      */
     ForceDeleteWithoutRecovery?: BooleanType;
   }
@@ -574,7 +574,7 @@ declare namespace SecretsManager {
      */
     Filters?: FiltersListType;
     /**
-     * Lists secrets in the requested order. 
+     * Secrets are listed by CreatedDate. 
      */
     SortOrder?: SortOrderType;
   }
@@ -796,15 +796,15 @@ declare namespace SecretsManager {
   export type RotationLambdaARNType = string;
   export interface RotationRulesType {
     /**
-     * The number of days between automatic scheduled rotations of the secret. You can use this value to check that your secret meets your compliance guidelines for how often secrets must be rotated. In DescribeSecret and ListSecrets, this value is calculated from the rotation schedule after every successful rotation. In RotateSecret, you can set the rotation schedule in RotationRules with AutomaticallyAfterDays or ScheduleExpression, but not both.
+     * The number of days between automatic scheduled rotations of the secret. You can use this value to check that your secret meets your compliance guidelines for how often secrets must be rotated. In DescribeSecret and ListSecrets, this value is calculated from the rotation schedule after every successful rotation. In RotateSecret, you can set the rotation schedule in RotationRules with AutomaticallyAfterDays or ScheduleExpression, but not both. To set a rotation schedule in hours, use ScheduleExpression.
      */
     AutomaticallyAfterDays?: AutomaticallyRotateAfterDaysType;
     /**
-     * The length of the rotation window in hours, for example 3h for a three hour window. Secrets Manager rotates your secret at any time during this window. The window must not go into the next UTC day. If you don't specify this value, the window automatically ends at the end of the UTC day. The window begins according to the ScheduleExpression. For more information, including examples, see Schedule expressions in Secrets Manager rotation.
+     * The length of the rotation window in hours, for example 3h for a three hour window. Secrets Manager rotates your secret at any time during this window. The window must not extend into the next rotation window or the next UTC day. The window starts according to the ScheduleExpression. If you don't specify a Duration, for a ScheduleExpression in hours, the window automatically closes after one hour. For a ScheduleExpression in days, the window automatically closes at the end of the UTC day. For more information, including examples, see Schedule expressions in Secrets Manager rotation in the Secrets Manager Users Guide.
      */
     Duration?: DurationType;
     /**
-     * A cron() or rate() expression that defines the schedule for rotating your secret. Secrets Manager rotation schedules use UTC time zone.  Secrets Manager rate() expressions represent the interval in days that you want to rotate your secret, for example rate(10 days). If you use a rate() expression, the rotation window opens at midnight, and Secrets Manager rotates your secret any time that day after midnight. You can set a Duration to shorten the rotation window. You can use a cron() expression to create rotation schedules that are more detailed than a rotation interval. For more information, including examples, see Schedule expressions in Secrets Manager rotation. If you use a cron() expression, Secrets Manager rotates your secret any time during that day after the window opens. For example, cron(0 8 1 * ? *) represents a rotation window that occurs on the first day of every month beginning at 8:00 AM UTC. Secrets Manager rotates the secret any time that day after 8:00 AM. You can set a Duration to shorten the rotation window.
+     * A cron() or rate() expression that defines the schedule for rotating your secret. Secrets Manager rotation schedules use UTC time zone. Secrets Manager rotates your secret any time during a rotation window. Secrets Manager rate() expressions represent the interval in hours or days that you want to rotate your secret, for example rate(12 hours) or rate(10 days). You can rotate a secret as often as every four hours. If you use a rate() expression, the rotation window starts at midnight. For a rate in hours, the default rotation window closes after one hour. For a rate in days, the default rotation window closes at the end of the day. You can set the Duration to change the rotation window. The rotation window must not extend into the next UTC day or into the next rotation window. You can use a cron() expression to create a rotation schedule that is more detailed than a rotation interval. For more information, including examples, see Schedule expressions in Secrets Manager rotation in the Secrets Manager Users Guide. For a cron expression that represents a schedule in hours, the default rotation window closes after one hour. For a cron expression that represents a schedule in days, the default rotation window closes at the end of the day. You can set the Duration to change the rotation window. The rotation window must not extend into the next UTC day or into the next rotation window.
      */
     ScheduleExpression?: ScheduleExpressionType;
   }

package/node_modules/aws-sdk/clients/securityhub.d.ts

@@ -5824,6 +5824,14 @@ declare namespace SecurityHub {
      * The version of the Lambda function.
      */
     Version?: NonEmptyString;
+    /**
+     * The instruction set architecture that the function uses. Valid values are x86_64 or arm64.
+     */
+    Architectures?: NonEmptyStringList;
+    /**
+     * The type of deployment package that's used to deploy the function code to Lambda. Set to Image for a container image and Zip for a .zip file archive. 
+     */
+    PackageType?: NonEmptyString;
   }
   export interface AwsLambdaFunctionEnvironment {
     /**
@@ -11554,6 +11562,14 @@ declare namespace SecurityHub {
      * Describes the actions a customer can take to resolve the vulnerability in the software package. 
      */
     Remediation?: NonEmptyString;
+    /**
+     * The source layer hash of the vulnerable package. 
+     */
+    SourceLayerHash?: NonEmptyString;
+    /**
+     * The Amazon Resource Name (ARN) of the source layer. 
+     */
+    SourceLayerArn?: NonEmptyString;
   }
   export type SoftwarePackageList = SoftwarePackage[];
   export type SortCriteria = SortCriterion[];

package/node_modules/aws-sdk/clients/servicecatalogappregistry.d.ts

@@ -99,6 +99,10 @@ declare class ServiceCatalogAppRegistry extends Service {
    * Retrieves an attribute group, either by its name or its ID. The attribute group can be specified either by its unique ID or by its name.
    */
   getAttributeGroup(callback?: (err: AWSError, data: ServiceCatalogAppRegistry.Types.GetAttributeGroupResponse) => void): Request<ServiceCatalogAppRegistry.Types.GetAttributeGroupResponse, AWSError>;
+  /**
+   *  Retrieves a TagKey configuration from an account. 
+   */
+  getConfiguration(callback?: (err: AWSError, data: ServiceCatalogAppRegistry.Types.GetConfigurationResponse) => void): Request<ServiceCatalogAppRegistry.Types.GetConfigurationResponse, AWSError>;
   /**
    * Retrieves a list of all of your applications. Results are paginated.
    */
@@ -116,11 +120,11 @@ declare class ServiceCatalogAppRegistry extends Service {
    */
   listAssociatedAttributeGroups(callback?: (err: AWSError, data: ServiceCatalogAppRegistry.Types.ListAssociatedAttributeGroupsResponse) => void): Request<ServiceCatalogAppRegistry.Types.ListAssociatedAttributeGroupsResponse, AWSError>;
   /**
-   * Lists all resources that are associated with specified application. Results are paginated.
+   *  Lists all of the resources that are associated with the specified application. Results are paginated.    If you share an application, and a consumer account associates a tag query to the application, all of the users who can access the application can also view the tag values in all accounts that are associated with it using this API.  
    */
   listAssociatedResources(params: ServiceCatalogAppRegistry.Types.ListAssociatedResourcesRequest, callback?: (err: AWSError, data: ServiceCatalogAppRegistry.Types.ListAssociatedResourcesResponse) => void): Request<ServiceCatalogAppRegistry.Types.ListAssociatedResourcesResponse, AWSError>;
   /**
-   * Lists all resources that are associated with specified application. Results are paginated.
+   *  Lists all of the resources that are associated with the specified application. Results are paginated.    If you share an application, and a consumer account associates a tag query to the application, all of the users who can access the application can also view the tag values in all accounts that are associated with it using this API.  
    */
   listAssociatedResources(callback?: (err: AWSError, data: ServiceCatalogAppRegistry.Types.ListAssociatedResourcesResponse) => void): Request<ServiceCatalogAppRegistry.Types.ListAssociatedResourcesResponse, AWSError>;
   /**
@@ -147,6 +151,14 @@ declare class ServiceCatalogAppRegistry extends Service {
    * Lists all of the tags on the resource.
    */
   listTagsForResource(callback?: (err: AWSError, data: ServiceCatalogAppRegistry.Types.ListTagsForResourceResponse) => void): Request<ServiceCatalogAppRegistry.Types.ListTagsForResourceResponse, AWSError>;
+  /**
+   *  Associates a TagKey configuration to an account. 
+   */
+  putConfiguration(params: ServiceCatalogAppRegistry.Types.PutConfigurationRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
+  /**
+   *  Associates a TagKey configuration to an account. 
+   */
+  putConfiguration(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
    * Syncs the resource with current AppRegistry records. Specifically, the resource’s AppRegistry system tags sync with its associated application. We remove the resource's AppRegistry system tags if it does not associate with the application. The caller must have permissions to read and update the resource.
    */
@@ -189,6 +201,12 @@ declare class ServiceCatalogAppRegistry extends Service {
   updateAttributeGroup(callback?: (err: AWSError, data: ServiceCatalogAppRegistry.Types.UpdateAttributeGroupResponse) => void): Request<ServiceCatalogAppRegistry.Types.UpdateAttributeGroupResponse, AWSError>;
 }
 declare namespace ServiceCatalogAppRegistry {
+  export interface AppRegistryConfiguration {
+    /**
+     *  Includes the definition of a tagQuery. 
+     */
+    tagQueryConfiguration?: TagQueryConfiguration;
+  }
   export interface Application {
     /**
      * The identifier of the application.
@@ -336,7 +354,7 @@ declare namespace ServiceCatalogAppRegistry {
      */
     arn?: AttributeGroupArn;
     /**
-     * The name of the attribute group. 
+     *   This field is no longer supported. We recommend you don't use the field when using ListAttributeGroupsForApplication.    The name of the attribute group. 
      */
     name?: Name;
   }
@@ -534,7 +552,7 @@ declare namespace ServiceCatalogAppRegistry {
      */
     tags?: Tags;
     /**
-     * The information about the integration of the application with other services, such as Resource Groups.
+     *  The information about the integration of the application with other services, such as Resource Groups. 
      */
     integrations?: Integrations;
   }
@@ -598,6 +616,12 @@ declare namespace ServiceCatalogAppRegistry {
      */
     tags?: Tags;
   }
+  export interface GetConfigurationResponse {
+    /**
+     *  Retrieves TagKey configuration from an account. 
+     */
+    configuration?: AppRegistryConfiguration;
+  }
   export interface Integrations {
     /**
      *  The information about the resource group integration.
@@ -688,7 +712,7 @@ declare namespace ServiceCatalogAppRegistry {
   }
   export interface ListAttributeGroupsForApplicationResponse {
     /**
-     *  The details related to a specific AttributeGroup. 
+     *  The details related to a specific attribute group. 
      */
     attributeGroupsDetails?: AttributeGroupDetailsList;
     /**
@@ -731,6 +755,12 @@ declare namespace ServiceCatalogAppRegistry {
   export type MaxResults = number;
   export type Name = string;
   export type NextToken = string;
+  export interface PutConfigurationRequest {
+    /**
+     *  Associates a TagKey configuration to an account. 
+     */
+    configuration: AppRegistryConfiguration;
+  }
   export interface Resource {
     /**
      * The name of the resource.
@@ -749,6 +779,12 @@ declare namespace ServiceCatalogAppRegistry {
      */
     integrations?: ResourceIntegrations;
   }
+  export interface ResourceDetails {
+    /**
+     * The value of the tag.
+     */
+    tagValue?: TagValue;
+  }
   export interface ResourceGroup {
     /**
      * The state of the propagation process for the resource group. The states includes:  CREATING if the resource group is in the process of being created.  CREATE_COMPLETE if the resource group was created successfully.  CREATE_FAILED if the resource group failed to be created.  UPDATING if the resource group is in the process of being updated.  UPDATE_COMPLETE if the resource group updated successfully.  UPDATE_FAILED if the resource group could not update successfully.
@@ -772,7 +808,15 @@ declare namespace ServiceCatalogAppRegistry {
     /**
      * The Amazon resource name (ARN) that specifies the resource across services.
      */
-    arn?: StackArn;
+    arn?: Arn;
+    /**
+     *  Provides information about the Service Catalog App Registry resource type. 
+     */
+    resourceType?: ResourceType;
+    /**
+     *  The details related to the resource. 
+     */
+    resourceDetails?: ResourceDetails;
   }
   export interface ResourceIntegrations {
     /**
@@ -781,7 +825,7 @@ declare namespace ServiceCatalogAppRegistry {
     resourceGroup?: ResourceGroup;
   }
   export type ResourceSpecifier = string;
-  export type ResourceType = "CFN_STACK"|string;
+  export type ResourceType = "CFN_STACK"|"RESOURCE_TAG_VALUE"|string;
   export type Resources = ResourceInfo[];
   export type StackArn = string;
   export type String = string;
@@ -811,7 +855,14 @@ declare namespace ServiceCatalogAppRegistry {
     actionTaken?: SyncAction;
   }
   export type TagKey = string;
+  export type TagKeyConfig = string;
   export type TagKeys = TagKey[];
+  export interface TagQueryConfiguration {
+    /**
+     *  Condition in the IAM policy that associates resources to an application. 
+     */
+    tagKey?: TagKeyConfig;
+  }
   export interface TagResourceRequest {
     /**
      * The Amazon resource name (ARN) that specifies the resource.

package/node_modules/aws-sdk/clients/ssm.d.ts

@@ -196,6 +196,14 @@ declare class SSM extends Service {
    * Deletes a resource data sync configuration. After the configuration is deleted, changes to data on managed nodes are no longer synced to or from the target. Deleting a sync configuration doesn't delete data.
    */
   deleteResourceDataSync(callback?: (err: AWSError, data: SSM.Types.DeleteResourceDataSyncResult) => void): Request<SSM.Types.DeleteResourceDataSyncResult, AWSError>;
+  /**
+   * Deletes a Systems Manager resource policy. A resource policy helps you to define the IAM entity (for example, an Amazon Web Services account) that can manage your Systems Manager resources. Currently, OpsItemGroup is the only resource that supports Systems Manager resource policies. The resource policy for OpsItemGroup enables Amazon Web Services accounts to view and interact with OpsCenter operational work items (OpsItems).
+   */
+  deleteResourcePolicy(params: SSM.Types.DeleteResourcePolicyRequest, callback?: (err: AWSError, data: SSM.Types.DeleteResourcePolicyResponse) => void): Request<SSM.Types.DeleteResourcePolicyResponse, AWSError>;
+  /**
+   * Deletes a Systems Manager resource policy. A resource policy helps you to define the IAM entity (for example, an Amazon Web Services account) that can manage your Systems Manager resources. Currently, OpsItemGroup is the only resource that supports Systems Manager resource policies. The resource policy for OpsItemGroup enables Amazon Web Services accounts to view and interact with OpsCenter operational work items (OpsItems).
+   */
+  deleteResourcePolicy(callback?: (err: AWSError, data: SSM.Types.DeleteResourcePolicyResponse) => void): Request<SSM.Types.DeleteResourcePolicyResponse, AWSError>;
   /**
    * Removes the server or virtual machine from the list of registered servers. You can reregister the node again at any time. If you don't plan to use Run Command on the server, we suggest uninstalling SSM Agent first.
    */
@@ -676,6 +684,14 @@ declare class SSM extends Service {
    * Retrieves the patch baseline that should be used for the specified patch group.
    */
   getPatchBaselineForPatchGroup(callback?: (err: AWSError, data: SSM.Types.GetPatchBaselineForPatchGroupResult) => void): Request<SSM.Types.GetPatchBaselineForPatchGroupResult, AWSError>;
+  /**
+   * Returns an array of the Policy object.
+   */
+  getResourcePolicies(params: SSM.Types.GetResourcePoliciesRequest, callback?: (err: AWSError, data: SSM.Types.GetResourcePoliciesResponse) => void): Request<SSM.Types.GetResourcePoliciesResponse, AWSError>;
+  /**
+   * Returns an array of the Policy object.
+   */
+  getResourcePolicies(callback?: (err: AWSError, data: SSM.Types.GetResourcePoliciesResponse) => void): Request<SSM.Types.GetResourcePoliciesResponse, AWSError>;
   /**
    *  ServiceSetting is an account-level setting for an Amazon Web Services service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an Amazon Web Services service charges money to the account based on feature or service usage, then the Amazon Web Services service team might create a default setting of false. This means the user can't use this feature unless they change the setting to true and intentionally opt in for a paid feature. Services map a SettingId object to a setting value. Amazon Web Services services teams define the default value for a SettingId. You can't create a new SettingId, but you can overwrite the default value if you have the ssm:UpdateServiceSetting permission for the setting. Use the UpdateServiceSetting API operation to change the default setting. Or use the ResetServiceSetting to change the value back to the original value defined by the Amazon Web Services service team. Query the current service setting for the Amazon Web Services account. 
    */
@@ -852,6 +868,14 @@ declare class SSM extends Service {
    * Add a parameter to the system.
    */
   putParameter(callback?: (err: AWSError, data: SSM.Types.PutParameterResult) => void): Request<SSM.Types.PutParameterResult, AWSError>;
+  /**
+   * Creates or updates a Systems Manager resource policy. A resource policy helps you to define the IAM entity (for example, an Amazon Web Services account) that can manage your Systems Manager resources. Currently, OpsItemGroup is the only resource that supports Systems Manager resource policies. The resource policy for OpsItemGroup enables Amazon Web Services accounts to view and interact with OpsCenter operational work items (OpsItems).
+   */
+  putResourcePolicy(params: SSM.Types.PutResourcePolicyRequest, callback?: (err: AWSError, data: SSM.Types.PutResourcePolicyResponse) => void): Request<SSM.Types.PutResourcePolicyResponse, AWSError>;
+  /**
+   * Creates or updates a Systems Manager resource policy. A resource policy helps you to define the IAM entity (for example, an Amazon Web Services account) that can manage your Systems Manager resources. Currently, OpsItemGroup is the only resource that supports Systems Manager resource policies. The resource policy for OpsItemGroup enables Amazon Web Services accounts to view and interact with OpsCenter operational work items (OpsItems).
+   */
+  putResourcePolicy(callback?: (err: AWSError, data: SSM.Types.PutResourcePolicyResponse) => void): Request<SSM.Types.PutResourcePolicyResponse, AWSError>;
   /**
    * Defines the default patch baseline for the relevant operating system. To reset the Amazon Web Services-predefined patch baseline as the default, specify the full patch baseline Amazon Resource Name (ARN) as the baseline ID value. For example, for CentOS, specify arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0574b43a65ea646ed instead of pb-0574b43a65ea646ed.
    */
@@ -2458,7 +2482,7 @@ declare namespace SSM {
      */
     DefaultInstanceName?: DefaultInstanceName;
     /**
-     * The name of the Identity and Access Management (IAM) role that you want to assign to the managed node. This IAM role must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal ssm.amazonaws.com. For more information, see Create an IAM service role for a hybrid environment in the Amazon Web Services Systems Manager User Guide.
+     * The name of the Identity and Access Management (IAM) role that you want to assign to the managed node. This IAM role must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal ssm.amazonaws.com. For more information, see Create an IAM service role for a hybrid environment in the Amazon Web Services Systems Manager User Guide.  You can't specify an IAM service-linked role for this parameter. You must create a unique role. 
      */
     IamRole: IamRole;
     /**
@@ -2775,7 +2799,7 @@ declare namespace SSM {
      */
     Description: OpsItemDescription;
     /**
-     * The type of OpsItem to create. Currently, the only valid values are /aws/changerequest and /aws/issue.
+     * The type of OpsItem to create. Systems Manager supports the following types of OpsItems:    /aws/issue  This type of OpsItem is used for default OpsItems created by OpsCenter.     /aws/changerequest  This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.     /aws/insights  This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.   
      */
     OpsItemType?: OpsItemType;
     /**
@@ -2830,12 +2854,20 @@ declare namespace SSM {
      * The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type /aws/changerequest.
      */
     PlannedEndTime?: DateTime;
+    /**
+     * The target Amazon Web Services account where you want to create an OpsItem. To make this call, your account must be configured to work with OpsItems across accounts. For more information, see Setting up OpsCenter to work with OpsItems across accounts in the Amazon Web Services Systems Manager User Guide.
+     */
+    AccountId?: OpsItemAccountId;
   }
   export interface CreateOpsItemResponse {
     /**
      * The ID of the OpsItem.
      */
     OpsItemId?: String;
+    /**
+     * The OpsItem Amazon Resource Name (ARN).
+     */
+    OpsItemArn?: OpsItemArn;
   }
   export interface CreateOpsMetadataRequest {
     /**
@@ -3085,6 +3117,22 @@ declare namespace SSM {
   }
   export interface DeleteResourceDataSyncResult {
   }
+  export interface DeleteResourcePolicyRequest {
+    /**
+     * Amazon Resource Name (ARN) of the resource to which the policies are attached.
+     */
+    ResourceArn: ResourceArnString;
+    /**
+     * The policy ID.
+     */
+    PolicyId: PolicyId;
+    /**
+     * ID of the current policy version. The hash helps to prevent multiple calls from attempting to overwrite a policy.
+     */
+    PolicyHash: PolicyHash;
+  }
+  export interface DeleteResourcePolicyResponse {
+  }
   export type DeliveryTimedOutCount = number;
   export interface DeregisterManagedInstanceRequest {
     /**
@@ -5137,6 +5185,10 @@ declare namespace SSM {
      * The ID of the OpsItem that you want to get.
      */
     OpsItemId: OpsItemId;
+    /**
+     * The OpsItem Amazon Resource Name (ARN).
+     */
+    OpsItemArn?: OpsItemArn;
   }
   export interface GetOpsItemResponse {
     /**
@@ -5402,6 +5454,45 @@ declare namespace SSM {
      */
     Sources?: PatchSourceList;
   }
+  export interface GetResourcePoliciesRequest {
+    /**
+     * Amazon Resource Name (ARN) of the resource to which the policies are attached.
+     */
+    ResourceArn: ResourceArnString;
+    /**
+     * A token to start the list. Use this token to get the next set of results.
+     */
+    NextToken?: String;
+    /**
+     * The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
+     */
+    MaxResults?: ResourcePolicyMaxResults;
+  }
+  export interface GetResourcePoliciesResponse {
+    /**
+     * The token for the next set of items to return. Use this token to get the next set of results.
+     */
+    NextToken?: String;
+    /**
+     * An array of the Policy object.
+     */
+    Policies?: GetResourcePoliciesResponseEntries;
+  }
+  export type GetResourcePoliciesResponseEntries = GetResourcePoliciesResponseEntry[];
+  export interface GetResourcePoliciesResponseEntry {
+    /**
+     * A policy ID.
+     */
+    PolicyId?: PolicyId;
+    /**
+     * ID of the current policy version. The hash helps to prevent a situation where multiple users attempt to overwrite a policy. You must provide this hash when updating or deleting a policy.
+     */
+    PolicyHash?: PolicyHash;
+    /**
+     * A resource policy helps you to define the IAM entity (for example, an Amazon Web Services account) that can manage your Systems Manager resources. Currently, OpsItemGroup is the only resource that supports Systems Manager resource policies. The resource policy for OpsItemGroup enables Amazon Web Services accounts to view and interact with OpsCenter operational work items (OpsItems).
+     */
+    Policy?: Policy;
+  }
   export interface GetServiceSettingRequest {
     /**
      * The ID of the service setting to get. The setting ID can be one of the following.    /ssm/automation/customer-script-log-destination     /ssm/automation/customer-script-log-group-name     /ssm/documents/console/public-sharing-permission     /ssm/managed-instance/activation-tier     /ssm/opsinsights/opscenter     /ssm/parameter-store/default-parameter-tier     /ssm/parameter-store/high-throughput-enabled   
@@ -7049,7 +7140,7 @@ declare namespace SSM {
      */
     CreatedBy?: String;
     /**
-     * The type of OpsItem. Currently, the only valid values are /aws/changerequest and /aws/issue.
+     * The type of OpsItem. Systems Manager supports the following types of OpsItems:    /aws/issue  This type of OpsItem is used for default OpsItems created by OpsCenter.     /aws/changerequest  This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.     /aws/insights  This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.   
      */
     OpsItemType?: OpsItemType;
     /**
@@ -7128,7 +7219,13 @@ declare namespace SSM {
      * The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type /aws/changerequest.
      */
     PlannedEndTime?: DateTime;
+    /**
+     * The OpsItem Amazon Resource Name (ARN).
+     */
+    OpsItemArn?: OpsItemArn;
   }
+  export type OpsItemAccountId = string;
+  export type OpsItemArn = string;
   export type OpsItemCategory = string;
   export type OpsItemDataKey = string;
   export type OpsItemDataType = "SearchableString"|"String"|string;
@@ -7209,7 +7306,7 @@ declare namespace SSM {
      */
     Operator: OpsItemFilterOperator;
   }
-  export type OpsItemFilterKey = "Status"|"CreatedBy"|"Source"|"Priority"|"Title"|"OpsItemId"|"CreatedTime"|"LastModifiedTime"|"ActualStartTime"|"ActualEndTime"|"PlannedStartTime"|"PlannedEndTime"|"OperationalData"|"OperationalDataKey"|"OperationalDataValue"|"ResourceId"|"AutomationId"|"Category"|"Severity"|"OpsItemType"|"ChangeRequestByRequesterArn"|"ChangeRequestByRequesterName"|"ChangeRequestByApproverArn"|"ChangeRequestByApproverName"|"ChangeRequestByTemplate"|"ChangeRequestByTargetsResourceGroup"|"InsightByType"|string;
+  export type OpsItemFilterKey = "Status"|"CreatedBy"|"Source"|"Priority"|"Title"|"OpsItemId"|"CreatedTime"|"LastModifiedTime"|"ActualStartTime"|"ActualEndTime"|"PlannedStartTime"|"PlannedEndTime"|"OperationalData"|"OperationalDataKey"|"OperationalDataValue"|"ResourceId"|"AutomationId"|"Category"|"Severity"|"OpsItemType"|"ChangeRequestByRequesterArn"|"ChangeRequestByRequesterName"|"ChangeRequestByApproverArn"|"ChangeRequestByApproverName"|"ChangeRequestByTemplate"|"ChangeRequestByTargetsResourceGroup"|"InsightByType"|"AccountId"|string;
   export type OpsItemFilterOperator = "Equal"|"Contains"|"GreaterThan"|"LessThan"|string;
   export type OpsItemFilterValue = string;
   export type OpsItemFilterValues = OpsItemFilterValue[];
@@ -7343,7 +7440,7 @@ declare namespace SSM {
      */
     Severity?: OpsItemSeverity;
     /**
-     * The type of OpsItem. Currently, the only valid values are /aws/changerequest and /aws/issue.
+     * The type of OpsItem. Systems Manager supports the following types of OpsItems:    /aws/issue  This type of OpsItem is used for default OpsItems created by OpsCenter.     /aws/changerequest  This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.     /aws/insights  This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.   
      */
     OpsItemType?: OpsItemType;
     /**
@@ -7941,6 +8038,9 @@ declare namespace SSM {
   export type PingStatus = "Online"|"ConnectionLost"|"Inactive"|string;
   export type PlatformType = "Windows"|"Linux"|"MacOS"|string;
   export type PlatformTypeList = PlatformType[];
+  export type Policy = string;
+  export type PolicyHash = string;
+  export type PolicyId = string;
   export type Product = string;
   export interface ProgressCounters {
     /**
@@ -8069,6 +8169,34 @@ declare namespace SSM {
      */
     Tier?: ParameterTier;
   }
+  export interface PutResourcePolicyRequest {
+    /**
+     * Amazon Resource Name (ARN) of the resource to which the policies are attached.
+     */
+    ResourceArn: ResourceArnString;
+    /**
+     * A policy you want to associate with a resource.
+     */
+    Policy: Policy;
+    /**
+     * The policy ID.
+     */
+    PolicyId?: PolicyId;
+    /**
+     * ID of the current policy version. The hash helps to prevent a situation where multiple users attempt to overwrite a policy.
+     */
+    PolicyHash?: PolicyHash;
+  }
+  export interface PutResourcePolicyResponse {
+    /**
+     * The policy ID. To update a policy, you must specify PolicyId and PolicyHash.
+     */
+    PolicyId?: PolicyId;
+    /**
+     * ID of the current policy version. The hash helps to prevent a situation where multiple users attempt to overwrite a policy. You must provide this hash when updating or deleting a policy.
+     */
+    PolicyHash?: PolicyHash;
+  }
   export type RebootOption = "RebootIfNeeded"|"NoReboot"|string;
   export type Region = string;
   export type Regions = Region[];
@@ -8273,6 +8401,7 @@ declare namespace SSM {
      */
     Truncated?: Boolean;
   }
+  export type ResourceArnString = string;
   export interface ResourceComplianceSummaryItem {
     /**
      * The compliance type.
@@ -8469,6 +8598,7 @@ declare namespace SSM {
   export type ResourceDataSyncState = string;
   export type ResourceDataSyncType = string;
   export type ResourceId = string;
+  export type ResourcePolicyMaxResults = number;
   export type ResourceType = "ManagedInstance"|"Document"|"EC2Instance"|string;
   export type ResourceTypeForTagging = "Document"|"ManagedInstance"|"MaintenanceWindow"|"Parameter"|"PatchBaseline"|"OpsItem"|"OpsMetadata"|"Automation"|"Association"|string;
   export type ResponseCode = number;
@@ -9690,7 +9820,7 @@ declare namespace SSM {
      */
     InstanceId: ManagedInstanceId;
     /**
-     * The IAM role you want to assign or change.
+     * The name of the Identity and Access Management (IAM) role that you want to assign to the managed node. This IAM role must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal ssm.amazonaws.com. For more information, see Create an IAM service role for a hybrid environment in the Amazon Web Services Systems Manager User Guide.  You can't specify an IAM service-linked role for this parameter. You must create a unique role. 
      */
     IamRole: IamRole;
   }
@@ -9757,6 +9887,10 @@ declare namespace SSM {
      * The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type /aws/changerequest.
      */
     PlannedEndTime?: DateTime;
+    /**
+     * The OpsItem Amazon Resource Name (ARN).
+     */
+    OpsItemArn?: OpsItemArn;
   }
   export interface UpdateOpsItemResponse {
   }

package/node_modules/aws-sdk/clients/ssmincidents.d.ts

@@ -369,6 +369,10 @@ declare namespace SSMIncidents {
      * Details used to create an incident when using this response plan.
      */
     incidentTemplate: IncidentTemplate;
+    /**
+     * Information about third-party services integrated into the response plan.
+     */
+    integrations?: Integrations;
     /**
      * The short format name of the response plan. Can't include spaces.
      */
@@ -617,6 +621,10 @@ declare namespace SSMIncidents {
      * Details used to create the incident when using this response plan.
      */
     incidentTemplate: IncidentTemplate;
+    /**
+     * Information about third-party services integrated into the Incident Manager response plan.
+     */
+    integrations?: Integrations;
     /**
      * The short format name of the response plan. The name can't contain spaces.
      */
@@ -778,6 +786,13 @@ declare namespace SSMIncidents {
   export type IncidentTitle = string;
   export type Integer = number;
   export type IntegerList = Integer[];
+  export interface Integration {
+    /**
+     * Information about the PagerDuty service where the response plan creates an incident.
+     */
+    pagerDutyConfiguration?: PagerDutyConfiguration;
+  }
+  export type Integrations = Integration[];
   export interface ItemIdentifier {
     /**
      * The type of related item. 
@@ -798,6 +813,10 @@ declare namespace SSMIncidents {
      * The metric definition, if the related item is a metric in Amazon CloudWatch.
      */
     metricDefinition?: MetricDefinition;
+    /**
+     * Details about an incident that is associated with a PagerDuty incident.
+     */
+    pagerDutyIncidentDetail?: PagerDutyIncidentDetail;
     /**
      * The URL, if the related item is a non-Amazon Web Services resource.
      */
@@ -949,6 +968,45 @@ declare namespace SSMIncidents {
     snsTopicArn?: Arn;
   }
   export type NotificationTargetSet = NotificationTargetItem[];
+  export interface PagerDutyConfiguration {
+    /**
+     * The name of the PagerDuty configuration.
+     */
+    name: PagerDutyConfigurationNameString;
+    /**
+     * Details about the PagerDuty service associated with the configuration.
+     */
+    pagerDutyIncidentConfiguration: PagerDutyIncidentConfiguration;
+    /**
+     * The ID of the Amazon Web Services Secrets Manager secret that stores your PagerDuty key, either a General Access REST API Key or User Token REST API Key, and other user credentials.
+     */
+    secretId: PagerDutyConfigurationSecretIdString;
+  }
+  export type PagerDutyConfigurationNameString = string;
+  export type PagerDutyConfigurationSecretIdString = string;
+  export interface PagerDutyIncidentConfiguration {
+    /**
+     * The ID of the PagerDuty service that the response plan associates with an incident when it launches.
+     */
+    serviceId: PagerDutyIncidentConfigurationServiceIdString;
+  }
+  export type PagerDutyIncidentConfigurationServiceIdString = string;
+  export interface PagerDutyIncidentDetail {
+    /**
+     * Indicates whether to resolve the PagerDuty incident when you resolve the associated Incident Manager incident.
+     */
+    autoResolve?: Boolean;
+    /**
+     * The ID of the incident associated with the PagerDuty service for the response plan.
+     */
+    id: PagerDutyIncidentDetailIdString;
+    /**
+     * The ID of the Amazon Web Services Secrets Manager secret that stores your PagerDuty key, either a General Access REST API Key or User Token REST API Key, and other user credentials.
+     */
+    secretId?: PagerDutyIncidentDetailSecretIdString;
+  }
+  export type PagerDutyIncidentDetailIdString = string;
+  export type PagerDutyIncidentDetailSecretIdString = string;
   export type Policy = string;
   export type PolicyId = string;
   export interface PutResourcePolicyInput {
@@ -1389,6 +1447,10 @@ declare namespace SSMIncidents {
      * The short format name of the incident. The title can't contain spaces.
      */
     incidentTemplateTitle?: IncidentTitle;
+    /**
+     * Information about third-party services integrated into the response plan.
+     */
+    integrations?: Integrations;
   }
   export interface UpdateResponsePlanOutput {
   }