cdk-docker-image-deployment 0.0.76 → 0.0.77

package/node_modules/aws-sdk/apis/ssm-sap-2018-05-10.examples.json

@@ -0,0 +1,5 @@
+{
+  "version": "1.0",
+  "examples": {
+  }
+}

package/node_modules/aws-sdk/apis/{ssmsap-2018-05-10.min.json → ssm-sap-2018-05-10.min.json}

@@ -7,10 +7,10 @@
     "protocol": "rest-json",
     "serviceAbbreviation": "SsmSap",
     "serviceFullName": "AWS Systems Manager for SAP",
-    "serviceId": "SsmSap",
+    "serviceId": "Ssm Sap",
     "signatureVersion": "v4",
     "signingName": "ssm-sap",
-    "uid": "ssmsap-2018-05-10"
+    "uid": "ssm-sap-2018-05-10"
   },
   "operations": {
     "DeleteResourcePermission": {

package/node_modules/aws-sdk/apis/states-2016-11-23.min.json

@@ -439,6 +439,9 @@
                     },
                     "heartbeatInSeconds": {
                       "type": "long"
+                    },
+                    "taskCredentials": {
+                      "shape": "S1x"
                     }
                   }
                 },
@@ -603,16 +606,16 @@
                   }
                 },
                 "mapIterationStartedEventDetails": {
-                  "shape": "S2a"
+                  "shape": "S2c"
                 },
                 "mapIterationSucceededEventDetails": {
-                  "shape": "S2a"
+                  "shape": "S2c"
                 },
                 "mapIterationFailedEventDetails": {
-                  "shape": "S2a"
+                  "shape": "S2c"
                 },
                 "mapIterationAbortedEventDetails": {
-                  "shape": "S2a"
+                  "shape": "S2c"
                 },
                 "lambdaFunctionFailedEventDetails": {
                   "type": "structure",
@@ -651,6 +654,9 @@
                     },
                     "timeoutInSeconds": {
                       "type": "long"
+                    },
+                    "taskCredentials": {
+                      "shape": "S1x"
                     }
                   }
                 },
@@ -1201,7 +1207,13 @@
         }
       }
     },
-    "S2a": {
+    "S1x": {
+      "type": "structure",
+      "members": {
+        "roleArn": {}
+      }
+    },
+    "S2c": {
       "type": "structure",
       "members": {
         "name": {},

package/node_modules/aws-sdk/clients/all.d.ts

@@ -319,4 +319,6 @@ export import MigrationHubOrchestrator = require('./migrationhuborchestrator');
 export import ConnectCases = require('./connectcases');
 export import ResourceExplorer2 = require('./resourceexplorer2');
 export import Scheduler = require('./scheduler');
+export import ChimeSDKVoice = require('./chimesdkvoice');
+export import IoTRoboRunner = require('./iotroborunner');
 export import SsmSap = require('./ssmsap');

package/node_modules/aws-sdk/clients/all.js

@@ -321,5 +321,7 @@ module.exports = {
   ConnectCases: require('./connectcases'),
   ResourceExplorer2: require('./resourceexplorer2'),
   Scheduler: require('./scheduler'),
+  ChimeSDKVoice: require('./chimesdkvoice'),
+  IoTRoboRunner: require('./iotroborunner'),
   SsmSap: require('./ssmsap')
 };

package/node_modules/aws-sdk/clients/appflow.d.ts

@@ -124,11 +124,11 @@ declare class Appflow extends Service {
    */
   listTagsForResource(callback?: (err: AWSError, data: Appflow.Types.ListTagsForResourceResponse) => void): Request<Appflow.Types.ListTagsForResourceResponse, AWSError>;
   /**
-   * Registers a new connector with your Amazon Web Services account. Before you can register the connector, you must deploy lambda in your account.
+   * Registers a new custom connector with your Amazon Web Services account. Before you can register the connector, you must deploy the associated AWS lambda function in your account.
    */
   registerConnector(params: Appflow.Types.RegisterConnectorRequest, callback?: (err: AWSError, data: Appflow.Types.RegisterConnectorResponse) => void): Request<Appflow.Types.RegisterConnectorResponse, AWSError>;
   /**
-   * Registers a new connector with your Amazon Web Services account. Before you can register the connector, you must deploy lambda in your account.
+   * Registers a new custom connector with your Amazon Web Services account. Before you can register the connector, you must deploy the associated AWS lambda function in your account.
    */
   registerConnector(callback?: (err: AWSError, data: Appflow.Types.RegisterConnectorResponse) => void): Request<Appflow.Types.RegisterConnectorResponse, AWSError>;
   /**
@@ -156,11 +156,11 @@ declare class Appflow extends Service {
    */
   tagResource(callback?: (err: AWSError, data: Appflow.Types.TagResourceResponse) => void): Request<Appflow.Types.TagResourceResponse, AWSError>;
   /**
-   * Unregisters the custom connector registered in your account that matches the connectorLabel provided in the request.
+   * Unregisters the custom connector registered in your account that matches the connector label provided in the request.
    */
   unregisterConnector(params: Appflow.Types.UnregisterConnectorRequest, callback?: (err: AWSError, data: Appflow.Types.UnregisterConnectorResponse) => void): Request<Appflow.Types.UnregisterConnectorResponse, AWSError>;
   /**
-   * Unregisters the custom connector registered in your account that matches the connectorLabel provided in the request.
+   * Unregisters the custom connector registered in your account that matches the connector label provided in the request.
    */
   unregisterConnector(callback?: (err: AWSError, data: Appflow.Types.UnregisterConnectorResponse) => void): Request<Appflow.Types.UnregisterConnectorResponse, AWSError>;
   /**
@@ -179,6 +179,14 @@ declare class Appflow extends Service {
    *  Updates a given connector profile associated with your account. 
    */
   updateConnectorProfile(callback?: (err: AWSError, data: Appflow.Types.UpdateConnectorProfileResponse) => void): Request<Appflow.Types.UpdateConnectorProfileResponse, AWSError>;
+  /**
+   * Updates a custom connector that you've previously registered. This operation updates the connector with one of the following:   The latest version of the AWS Lambda function that's assigned to the connector   A new AWS Lambda function that you specify  
+   */
+  updateConnectorRegistration(params: Appflow.Types.UpdateConnectorRegistrationRequest, callback?: (err: AWSError, data: Appflow.Types.UpdateConnectorRegistrationResponse) => void): Request<Appflow.Types.UpdateConnectorRegistrationResponse, AWSError>;
+  /**
+   * Updates a custom connector that you've previously registered. This operation updates the connector with one of the following:   The latest version of the AWS Lambda function that's assigned to the connector   A new AWS Lambda function that you specify  
+   */
+  updateConnectorRegistration(callback?: (err: AWSError, data: Appflow.Types.UpdateConnectorRegistrationResponse) => void): Request<Appflow.Types.UpdateConnectorRegistrationResponse, AWSError>;
   /**
    *  Updates an existing flow. 
    */
@@ -2462,7 +2470,7 @@ declare namespace Appflow {
      */
     includeDeletedRecords?: Boolean;
     /**
-     * Specifies which Salesforce API is used by Amazon AppFlow when your flow transfers data from Salesforce.  AUTOMATIC  The default. Amazon AppFlow selects which API to use based on the number of records that your flow transfers from Salesforce. If your flow transfers fewer than 1,000,000 records, Amazon AppFlow uses Salesforce REST API. If your flow transfers 1,000,000 records or more, Amazon AppFlow uses Salesforce Bulk API 2.0. Each of these Salesforce APIs structures data differently. If Amazon AppFlow selects the API automatically, be aware that, for recurring flows, the data output might vary from one flow run to the next. For example, if a flow runs daily, it might use REST API on one day to transfer 900,000 records, and it might use Bulk API 2.0 on the next day to transfer 1,100,000 records. For each of these flow runs, the respective Salesforce API formats the data differently. Some of the differences include how dates are formatted and null values are represented. Also, Bulk API 2.0 doesn't transfer Salesforce compound fields. By choosing this option, you optimize flow performance for both small and large data transfers, but the tradeoff is inconsistent formatting in the output.  BULKV2  Amazon AppFlow uses only Salesforce Bulk API 2.0. This API runs asynchronous data transfers, and it's optimal for large sets of data. By choosing this option, you ensure that your flow writes consistent output, but you optimize performance only for large data transfers. Note that Bulk API 2.0 does not transfer Salesforce compound fields.  REST_SYNC  Amazon AppFlow uses only Salesforce REST API. By choosing this option, you ensure that your flow writes consistent output, but you decrease performance for large data transfers that are better suited for Bulk API 2.0. In some cases, if your flow attempts to transfer a vary large set of data, it might fail with a timed out error.  
+     * Specifies which Salesforce API is used by Amazon AppFlow when your flow transfers data from Salesforce.  AUTOMATIC  The default. Amazon AppFlow selects which API to use based on the number of records that your flow transfers from Salesforce. If your flow transfers fewer than 1,000,000 records, Amazon AppFlow uses Salesforce REST API. If your flow transfers 1,000,000 records or more, Amazon AppFlow uses Salesforce Bulk API 2.0. Each of these Salesforce APIs structures data differently. If Amazon AppFlow selects the API automatically, be aware that, for recurring flows, the data output might vary from one flow run to the next. For example, if a flow runs daily, it might use REST API on one day to transfer 900,000 records, and it might use Bulk API 2.0 on the next day to transfer 1,100,000 records. For each of these flow runs, the respective Salesforce API formats the data differently. Some of the differences include how dates are formatted and null values are represented. Also, Bulk API 2.0 doesn't transfer Salesforce compound fields. By choosing this option, you optimize flow performance for both small and large data transfers, but the tradeoff is inconsistent formatting in the output.  BULKV2  Amazon AppFlow uses only Salesforce Bulk API 2.0. This API runs asynchronous data transfers, and it's optimal for large sets of data. By choosing this option, you ensure that your flow writes consistent output, but you optimize performance only for large data transfers. Note that Bulk API 2.0 does not transfer Salesforce compound fields.  REST_SYNC  Amazon AppFlow uses only Salesforce REST API. By choosing this option, you ensure that your flow writes consistent output, but you decrease performance for large data transfers that are better suited for Bulk API 2.0. In some cases, if your flow attempts to transfer a vary large set of data, it might fail wituh a timed out error.  
      */
     dataTransferApi?: SalesforceDataTransferApi;
   }
@@ -2928,6 +2936,23 @@ declare namespace Appflow {
      */
     connectorProfileArn?: ConnectorProfileArn;
   }
+  export interface UpdateConnectorRegistrationRequest {
+    /**
+     * The name of the connector. The name is unique for each connector registration in your AWS account.
+     */
+    connectorLabel: ConnectorLabel;
+    /**
+     * A description about the update that you're applying to the connector.
+     */
+    description?: Description;
+    connectorProvisioningConfig?: ConnectorProvisioningConfig;
+  }
+  export interface UpdateConnectorRegistrationResponse {
+    /**
+     * The ARN of the connector being updated.
+     */
+    connectorArn?: ARN;
+  }
   export interface UpdateFlowRequest {
     /**
      *  The specified name of the flow. Spaces are not allowed. Use underscores (_) or hyphens (-) only. 

package/node_modules/aws-sdk/clients/auditmanager.d.ts

@@ -52,11 +52,11 @@ declare class AuditManager extends Service {
    */
   batchDisassociateAssessmentReportEvidence(callback?: (err: AWSError, data: AuditManager.Types.BatchDisassociateAssessmentReportEvidenceResponse) => void): Request<AuditManager.Types.BatchDisassociateAssessmentReportEvidenceResponse, AWSError>;
   /**
-   *  Uploads one or more pieces of evidence to a control in an Audit Manager assessment. 
+   * Uploads one or more pieces of evidence to a control in an Audit Manager assessment. You can upload manual evidence from any Amazon Simple Storage Service (Amazon S3) bucket by specifying the S3 URI of the evidence.  You must upload manual evidence to your S3 bucket before you can upload it to your assessment. For instructions, see CreateBucket and PutObject in the Amazon Simple Storage Service API Reference.  The following restrictions apply to this action:   Maximum size of an individual evidence file: 100 MB   Number of daily manual evidence uploads per control: 100   Supported file formats: See Supported file types for manual evidence in the Audit Manager User Guide    For more information about Audit Manager service restrictions, see Quotas and restrictions for Audit Manager.
    */
   batchImportEvidenceToAssessmentControl(params: AuditManager.Types.BatchImportEvidenceToAssessmentControlRequest, callback?: (err: AWSError, data: AuditManager.Types.BatchImportEvidenceToAssessmentControlResponse) => void): Request<AuditManager.Types.BatchImportEvidenceToAssessmentControlResponse, AWSError>;
   /**
-   *  Uploads one or more pieces of evidence to a control in an Audit Manager assessment. 
+   * Uploads one or more pieces of evidence to a control in an Audit Manager assessment. You can upload manual evidence from any Amazon Simple Storage Service (Amazon S3) bucket by specifying the S3 URI of the evidence.  You must upload manual evidence to your S3 bucket before you can upload it to your assessment. For instructions, see CreateBucket and PutObject in the Amazon Simple Storage Service API Reference.  The following restrictions apply to this action:   Maximum size of an individual evidence file: 100 MB   Number of daily manual evidence uploads per control: 100   Supported file formats: See Supported file types for manual evidence in the Audit Manager User Guide    For more information about Audit Manager service restrictions, see Quotas and restrictions for Audit Manager.
    */
   batchImportEvidenceToAssessmentControl(callback?: (err: AWSError, data: AuditManager.Types.BatchImportEvidenceToAssessmentControlResponse) => void): Request<AuditManager.Types.BatchImportEvidenceToAssessmentControlResponse, AWSError>;
   /**
@@ -140,11 +140,11 @@ declare class AuditManager extends Service {
    */
   deregisterAccount(callback?: (err: AWSError, data: AuditManager.Types.DeregisterAccountResponse) => void): Request<AuditManager.Types.DeregisterAccountResponse, AWSError>;
   /**
-   * Removes the specified Amazon Web Services account as a delegated administrator for Audit Manager.   When you remove a delegated administrator from your Audit Manager settings, you continue to have access to the evidence that you previously collected under that account. This is also the case when you deregister a delegated administrator from Organizations. However, Audit Manager will stop collecting and attaching evidence to that delegated administrator account moving forward.   When you deregister a delegated administrator account for Audit Manager, the data for that account isn’t deleted. If you want to delete resource data for a delegated administrator account, you must perform that task separately before you deregister the account. Either, you can do this in the Audit Manager console. Or, you can use one of the delete API operations that are provided by Audit Manager.  To delete your Audit Manager resource data, see the following instructions:     DeleteAssessment (see also: Deleting an assessment in the Audit Manager User Guide)    DeleteAssessmentFramework (see also: Deleting a custom framework in the Audit Manager User Guide)    DeleteAssessmentFrameworkShare (see also: Deleting a share request in the Audit Manager User Guide)    DeleteAssessmentReport (see also: Deleting an assessment report in the Audit Manager User Guide)    DeleteControl (see also: Deleting a custom control in the Audit Manager User Guide)   At this time, Audit Manager doesn't provide an option to delete evidence. All available delete operations are listed above. 
+   * Removes the specified Amazon Web Services account as a delegated administrator for Audit Manager.  When you remove a delegated administrator from your Audit Manager settings, you continue to have access to the evidence that you previously collected under that account. This is also the case when you deregister a delegated administrator from Organizations. However, Audit Manager will stop collecting and attaching evidence to that delegated administrator account moving forward.  Keep in mind the following cleanup task if you use evidence finder: Before you use your management account to remove a delegated administrator, make sure that the current delegated administrator account signs in to Audit Manager and disables evidence finder first. Disabling evidence finder automatically deletes the event data store that was created in their account when they enabled evidence finder. If this task isn’t completed, the event data store remains in their account. In this case, we recommend that the original delegated administrator goes to CloudTrail Lake and manually deletes the event data store. This cleanup task is necessary to ensure that you don't end up with multiple event data stores. Audit Manager will ignore an unused event data store after you remove or change a delegated administrator account. However, the unused event data store continues to incur storage costs from CloudTrail Lake if you don't delete it.  When you deregister a delegated administrator account for Audit Manager, the data for that account isn’t deleted. If you want to delete resource data for a delegated administrator account, you must perform that task separately before you deregister the account. Either, you can do this in the Audit Manager console. Or, you can use one of the delete API operations that are provided by Audit Manager.  To delete your Audit Manager resource data, see the following instructions:     DeleteAssessment (see also: Deleting an assessment in the Audit Manager User Guide)    DeleteAssessmentFramework (see also: Deleting a custom framework in the Audit Manager User Guide)    DeleteAssessmentFrameworkShare (see also: Deleting a share request in the Audit Manager User Guide)    DeleteAssessmentReport (see also: Deleting an assessment report in the Audit Manager User Guide)    DeleteControl (see also: Deleting a custom control in the Audit Manager User Guide)   At this time, Audit Manager doesn't provide an option to delete evidence. All available delete operations are listed above.
    */
   deregisterOrganizationAdminAccount(params: AuditManager.Types.DeregisterOrganizationAdminAccountRequest, callback?: (err: AWSError, data: AuditManager.Types.DeregisterOrganizationAdminAccountResponse) => void): Request<AuditManager.Types.DeregisterOrganizationAdminAccountResponse, AWSError>;
   /**
-   * Removes the specified Amazon Web Services account as a delegated administrator for Audit Manager.   When you remove a delegated administrator from your Audit Manager settings, you continue to have access to the evidence that you previously collected under that account. This is also the case when you deregister a delegated administrator from Organizations. However, Audit Manager will stop collecting and attaching evidence to that delegated administrator account moving forward.   When you deregister a delegated administrator account for Audit Manager, the data for that account isn’t deleted. If you want to delete resource data for a delegated administrator account, you must perform that task separately before you deregister the account. Either, you can do this in the Audit Manager console. Or, you can use one of the delete API operations that are provided by Audit Manager.  To delete your Audit Manager resource data, see the following instructions:     DeleteAssessment (see also: Deleting an assessment in the Audit Manager User Guide)    DeleteAssessmentFramework (see also: Deleting a custom framework in the Audit Manager User Guide)    DeleteAssessmentFrameworkShare (see also: Deleting a share request in the Audit Manager User Guide)    DeleteAssessmentReport (see also: Deleting an assessment report in the Audit Manager User Guide)    DeleteControl (see also: Deleting a custom control in the Audit Manager User Guide)   At this time, Audit Manager doesn't provide an option to delete evidence. All available delete operations are listed above. 
+   * Removes the specified Amazon Web Services account as a delegated administrator for Audit Manager.  When you remove a delegated administrator from your Audit Manager settings, you continue to have access to the evidence that you previously collected under that account. This is also the case when you deregister a delegated administrator from Organizations. However, Audit Manager will stop collecting and attaching evidence to that delegated administrator account moving forward.  Keep in mind the following cleanup task if you use evidence finder: Before you use your management account to remove a delegated administrator, make sure that the current delegated administrator account signs in to Audit Manager and disables evidence finder first. Disabling evidence finder automatically deletes the event data store that was created in their account when they enabled evidence finder. If this task isn’t completed, the event data store remains in their account. In this case, we recommend that the original delegated administrator goes to CloudTrail Lake and manually deletes the event data store. This cleanup task is necessary to ensure that you don't end up with multiple event data stores. Audit Manager will ignore an unused event data store after you remove or change a delegated administrator account. However, the unused event data store continues to incur storage costs from CloudTrail Lake if you don't delete it.  When you deregister a delegated administrator account for Audit Manager, the data for that account isn’t deleted. If you want to delete resource data for a delegated administrator account, you must perform that task separately before you deregister the account. Either, you can do this in the Audit Manager console. Or, you can use one of the delete API operations that are provided by Audit Manager.  To delete your Audit Manager resource data, see the following instructions:     DeleteAssessment (see also: Deleting an assessment in the Audit Manager User Guide)    DeleteAssessmentFramework (see also: Deleting a custom framework in the Audit Manager User Guide)    DeleteAssessmentFrameworkShare (see also: Deleting a share request in the Audit Manager User Guide)    DeleteAssessmentReport (see also: Deleting an assessment report in the Audit Manager User Guide)    DeleteControl (see also: Deleting a custom control in the Audit Manager User Guide)   At this time, Audit Manager doesn't provide an option to delete evidence. All available delete operations are listed above.
    */
   deregisterOrganizationAdminAccount(callback?: (err: AWSError, data: AuditManager.Types.DeregisterOrganizationAdminAccountResponse) => void): Request<AuditManager.Types.DeregisterOrganizationAdminAccountResponse, AWSError>;
   /**
@@ -276,11 +276,11 @@ declare class AuditManager extends Service {
    */
   getOrganizationAdminAccount(callback?: (err: AWSError, data: AuditManager.Types.GetOrganizationAdminAccountResponse) => void): Request<AuditManager.Types.GetOrganizationAdminAccountResponse, AWSError>;
   /**
-   *  Returns a list of the in-scope Amazon Web Services for the specified assessment. 
+   * Returns a list of all of the Amazon Web Services that you can choose to include in your assessment. When you create an assessment, specify which of these services you want to include to narrow the assessment's scope.
    */
   getServicesInScope(params: AuditManager.Types.GetServicesInScopeRequest, callback?: (err: AWSError, data: AuditManager.Types.GetServicesInScopeResponse) => void): Request<AuditManager.Types.GetServicesInScopeResponse, AWSError>;
   /**
-   *  Returns a list of the in-scope Amazon Web Services for the specified assessment. 
+   * Returns a list of all of the Amazon Web Services that you can choose to include in your assessment. When you create an assessment, specify which of these services you want to include to narrow the assessment's scope.
    */
   getServicesInScope(callback?: (err: AWSError, data: AuditManager.Types.GetServicesInScopeResponse) => void): Request<AuditManager.Types.GetServicesInScopeResponse, AWSError>;
   /**
@@ -955,11 +955,11 @@ declare namespace AuditManager {
      */
     evidenceId?: UUID;
     /**
-     *  The error code that the AssessmentReportEvidence API returned. 
+     *  The error code that was returned. 
      */
     errorCode?: ErrorCode;
     /**
-     *  The error message that the AssessmentReportEvidence API returned. 
+     *  The error message that was returned. 
      */
     errorMessage?: ErrorMessage;
   }
@@ -1202,6 +1202,7 @@ declare namespace AuditManager {
     createdBy?: IamArn;
   }
   export type ChangeLogs = ChangeLog[];
+  export type CloudTrailArn = string;
   export type ComplianceType = string;
   export interface Control {
     /**
@@ -1237,7 +1238,7 @@ declare namespace AuditManager {
      */
     actionPlanInstructions?: ActionPlanInstructions;
     /**
-     *  The data source that determines where Audit Manager collects evidence from for the control. 
+     *  The data source types that determine where Audit Manager collects evidence from for the control. 
      */
     controlSources?: ControlSources;
     /**
@@ -1495,6 +1496,10 @@ declare namespace AuditManager {
      *  The identifier for the assessment. 
      */
     assessmentId: UUID;
+    /**
+     * A SQL statement that represents an evidence finder query. Provide this parameter when you want to generate an assessment report from the results of an evidence finder search query. When you use this parameter, Audit Manager generates a one-time report using only the evidence from the query output. This report does not include any assessment evidence that was manually added to a report using the console, or associated with a report using the API.  To use this parameter, the enablementStatus of evidence finder must be ENABLED.   For examples and help resolving queryStatement validation exceptions, see Troubleshooting evidence finder issues in the AWS Audit Manager User Guide. 
+     */
+    queryStatement?: QueryStatement;
   }
   export interface CreateAssessmentReportResponse {
     /**
@@ -1815,7 +1820,7 @@ declare namespace AuditManager {
      */
     iamId?: IamArn;
     /**
-     *  The evaluation status for evidence that falls under the compliance check category. For evidence collected from Security Hub, a Pass or Fail result is shown. For evidence collected from Config, a Compliant or Noncompliant result is shown. 
+     * The evaluation status for automated evidence that falls under the compliance check category.   Audit Manager classes evidence as non-compliant if Security Hub reports a Fail result, or if Config reports a Non-compliant result.   Audit Manager classes evidence as compliant if Security Hub reports a Pass result, or if Config reports a Compliant result.   If a compliance check isn't available or applicable, then no compliance evaluation can be made for that evidence. This is the case if the evidence uses Config or Security Hub as the underlying data source type, but those services aren't enabled. This is also the case if the evidence uses an underlying data source type that doesn't support compliance checks (such as manual evidence, Amazon Web Services API calls, or CloudTrail).   
      */
     complianceCheck?: String;
     /**
@@ -1842,6 +1847,26 @@ declare namespace AuditManager {
   export type EvidenceAttributeKey = string;
   export type EvidenceAttributeValue = string;
   export type EvidenceAttributes = {[key: string]: EvidenceAttributeValue};
+  export type EvidenceFinderBackfillStatus = "NOT_STARTED"|"IN_PROGRESS"|"COMPLETED"|string;
+  export interface EvidenceFinderEnablement {
+    /**
+     * The Amazon Resource Name (ARN) of the CloudTrail Lake event data store that’s used by evidence finder. The event data store is the lake of evidence data that evidence finder runs queries against.
+     */
+    eventDataStoreArn?: CloudTrailArn;
+    /**
+     * The current status of the evidence finder feature and the related event data store.     ENABLE_IN_PROGRESS means that you requested to enable evidence finder. An event data store is currently being created to support evidence finder queries.    ENABLED means that an event data store was successfully created and evidence finder is enabled. We recommend that you wait 24 hours until the event data store is backfilled with your past evidence data. You can use evidence finder in the meantime, but not all data might be available until the backfill is complete.    DISABLE_IN_PROGRESS means that you requested to disable evidence finder, and your request is pending the deletion of the event data store.    DISABLED means that you have permanently disabled evidence finder and the event data store has been deleted. You can't re-enable evidence finder after this point.  
+     */
+    enablementStatus?: EvidenceFinderEnablementStatus;
+    /**
+     * The current status of the evidence data backfill process.  The backfill starts after you enable evidence finder. During this task, Audit Manager populates an event data store with your past evidence data so that your evidence can be queried.    NOT_STARTED means that the backfill hasn’t started yet.     IN_PROGRESS means that the backfill is in progress. This can take up to 24 hours to complete, depending on the amount of evidence data.     COMPLETED means that the backfill is complete. All of your past evidence is now queryable.   
+     */
+    backfillStatus?: EvidenceFinderBackfillStatus;
+    /**
+     * Represents any errors that occurred when enabling or disabling evidence finder. 
+     */
+    error?: ErrorMessage;
+  }
+  export type EvidenceFinderEnablementStatus = "ENABLED"|"DISABLED"|"ENABLE_IN_PROGRESS"|"DISABLE_IN_PROGRESS"|string;
   export type EvidenceIds = UUID[];
   export interface EvidenceInsights {
     /**
@@ -2611,6 +2636,7 @@ declare namespace AuditManager {
   export type Notifications = Notification[];
   export type NullableInteger = number;
   export type ObjectTypeEnum = "ASSESSMENT"|"CONTROL_SET"|"CONTROL"|"DELEGATION"|"ASSESSMENT_REPORT"|string;
+  export type QueryStatement = string;
   export type Region = string;
   export interface RegisterAccountRequest {
     /**
@@ -2653,6 +2679,10 @@ declare namespace AuditManager {
      *  The value of the resource. 
      */
     value?: String;
+    /**
+     *  The evaluation status for a resource that was assessed when collecting compliance check evidence.    Audit Manager classes the resource as non-compliant if Security Hub reports a Fail result, or if Config reports a Non-compliant result.   Audit Manager classes the resource as compliant if Security Hub reports a Pass result, or if Config reports a Compliant result.   If a compliance check isn't available or applicable, then no compliance evaluation can be made for that resource. This is the case if a resource assessment uses Config or Security Hub as the underlying data source type, but those services aren't enabled. This is also the case if the resource assessment uses an underlying data source type that doesn't support compliance checks (such as manual evidence, Amazon Web Services API calls, or CloudTrail).   
+     */
+    complianceCheck?: String;
   }
   export type Resources = Resource[];
   export interface Role {
@@ -2698,7 +2728,7 @@ declare namespace AuditManager {
     category?: NonEmptyString;
   }
   export type ServiceMetadataList = ServiceMetadata[];
-  export type SettingAttribute = "ALL"|"IS_AWS_ORG_ENABLED"|"SNS_TOPIC"|"DEFAULT_ASSESSMENT_REPORTS_DESTINATION"|"DEFAULT_PROCESS_OWNERS"|string;
+  export type SettingAttribute = "ALL"|"IS_AWS_ORG_ENABLED"|"SNS_TOPIC"|"DEFAULT_ASSESSMENT_REPORTS_DESTINATION"|"DEFAULT_PROCESS_OWNERS"|"EVIDENCE_FINDER_ENABLEMENT"|string;
   export interface Settings {
     /**
      *  Specifies whether Organizations is enabled. 
@@ -2720,6 +2750,10 @@ declare namespace AuditManager {
      *  The KMS key details. 
      */
     kmsKey?: KmsKey;
+    /**
+     * The current evidence finder status and event data store details.
+     */
+    evidenceFinderEnablement?: EvidenceFinderEnablement;
   }
   export type ShareRequestAction = "ACCEPT"|"DECLINE"|"REVOKE"|string;
   export type ShareRequestComment = string;
@@ -2734,7 +2768,7 @@ declare namespace AuditManager {
      */
     keywordInputType?: KeywordInputType;
     /**
-     *  The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call.  If you’re mapping a data source to a rule in Config, the keywordValue that you specify depends on the type of rule:   For managed rules, you can use the rule identifier as the keywordValue. You can find the rule identifier from the list of Config managed rules.   Managed rule name: s3-bucket-acl-prohibited   keywordValue: S3_BUCKET_ACL_PROHIBITED      For custom rules, you form the keywordValue by adding the Custom_ prefix to the rule name. This prefix distinguishes the rule from a managed rule.   Custom rule name: my-custom-config-rule  keywordValue: Custom_my-custom-config-rule      For service-linked rules, you form the keywordValue by adding the Custom_ prefix to the rule name. In addition, you remove the suffix ID that appears at the end of the rule name.   Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w  keywordValue: Custom_CustomRuleForAccount-conformance-pack    Service-linked rule name: securityhub-api-gw-cache-encrypted-101104e1  keywordValue: Custom_securityhub-api-gw-cache-encrypted    Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba  keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled     
+     *  The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call.  If you’re mapping a data source to a rule in Config, the keywordValue that you specify depends on the type of rule:   For managed rules, you can use the rule identifier as the keywordValue. You can find the rule identifier from the list of Config managed rules.   Managed rule name: s3-bucket-acl-prohibited   keywordValue: S3_BUCKET_ACL_PROHIBITED      For custom rules, you form the keywordValue by adding the Custom_ prefix to the rule name. This prefix distinguishes the rule from a managed rule.   Custom rule name: my-custom-config-rule  keywordValue: Custom_my-custom-config-rule      For service-linked rules, you form the keywordValue by adding the Custom_ prefix to the rule name. In addition, you remove the suffix ID that appears at the end of the rule name.   Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w  keywordValue: Custom_CustomRuleForAccount-conformance-pack    Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba  keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled     
      */
     keywordValue?: KeywordValue;
   }
@@ -3026,6 +3060,10 @@ declare namespace AuditManager {
      *  The KMS key details. 
      */
     kmsKey?: KmsKey;
+    /**
+     * Specifies whether the evidence finder feature is enabled. Change this attribute to enable or disable evidence finder.  When you use this attribute to disable evidence finder, Audit Manager deletes the event data store that’s used to query your evidence data. As a result, you can’t re-enable evidence finder and use the feature again. Your only alternative is to deregister and then re-register Audit Manager.  Disabling evidence finder is permanent, so consider this decision carefully before you proceed. If you’re using Audit Manager as a delegated administrator, keep in mind that this action applies to all member accounts in your organization. 
+     */
+    evidenceFinderEnabled?: Boolean;
   }
   export interface UpdateSettingsResponse {
     /**