cdk-lambda-subminute 2.0.441 → 2.0.443

package/node_modules/aws-sdk/apis/workspaces-thin-client-2023-08-22.min.json

@@ -3,8 +3,10 @@
   "metadata": {
     "apiVersion": "2023-08-22",
     "endpointPrefix": "thinclient",
-    "jsonVersion": "1.1",
     "protocol": "rest-json",
+    "protocols": [
+      "rest-json"
+    ],
     "serviceFullName": "Amazon WorkSpaces Thin Client",
     "serviceId": "WorkSpaces Thin Client",
     "signatureVersion": "v4",
@@ -42,6 +44,9 @@
           },
           "tags": {
             "shape": "Sh"
+          },
+          "deviceCreationTags": {
+            "shape": "Sj"
           }
         }
       },
@@ -49,7 +54,7 @@
         "type": "structure",
         "members": {
           "environment": {
-            "shape": "Sk"
+            "shape": "Sn"
           }
         }
       },
@@ -178,7 +183,7 @@
               "id": {},
               "serialNumber": {},
               "name": {
-                "shape": "S10"
+                "shape": "S13"
               },
               "model": {},
               "environmentId": {},
@@ -272,6 +277,9 @@
               "kmsKeyArn": {},
               "tags": {
                 "shape": "Sh"
+              },
+              "deviceCreationTags": {
+                "shape": "Sj"
               }
             }
           }
@@ -362,7 +370,7 @@
           "devices": {
             "type": "list",
             "member": {
-              "shape": "S1k"
+              "shape": "S1n"
             }
           },
           "nextToken": {}
@@ -398,7 +406,7 @@
           "environments": {
             "type": "list",
             "member": {
-              "shape": "Sk"
+              "shape": "Sn"
             }
           },
           "nextToken": {}
@@ -567,7 +575,7 @@
             "locationName": "id"
           },
           "name": {
-            "shape": "S10"
+            "shape": "S13"
           },
           "desiredSoftwareSetId": {},
           "softwareSetUpdateSchedule": {}
@@ -577,7 +585,7 @@
         "type": "structure",
         "members": {
           "device": {
-            "shape": "S1k"
+            "shape": "S1n"
           }
         }
       },
@@ -614,14 +622,17 @@
             "shape": "S6"
           },
           "softwareSetUpdateMode": {},
-          "desiredSoftwareSetId": {}
+          "desiredSoftwareSetId": {},
+          "deviceCreationTags": {
+            "shape": "Sj"
+          }
         }
       },
       "output": {
         "type": "structure",
         "members": {
           "environment": {
-            "shape": "Sk"
+            "shape": "Sn"
           }
         }
       },
@@ -698,7 +709,13 @@
       "value": {},
       "sensitive": true
     },
-    "Sk": {
+    "Sj": {
+      "type": "map",
+      "key": {},
+      "value": {},
+      "sensitive": true
+    },
+    "Sn": {
       "type": "structure",
       "members": {
         "id": {},
@@ -727,17 +744,17 @@
         "arn": {}
       }
     },
-    "S10": {
+    "S13": {
       "type": "string",
       "sensitive": true
     },
-    "S1k": {
+    "S1n": {
       "type": "structure",
       "members": {
         "id": {},
         "serialNumber": {},
         "name": {
-          "shape": "S10"
+          "shape": "S13"
         },
         "model": {},
         "environmentId": {},

package/node_modules/aws-sdk/apis/workspaces-web-2020-07-08.min.json

@@ -288,7 +288,10 @@
             "shape": "Sr"
           },
           "identityProviderType": {},
-          "portalArn": {}
+          "portalArn": {},
+          "tags": {
+            "shape": "Sk"
+          }
         }
       },
       "output": {
@@ -509,6 +512,7 @@
           },
           "copyAllowed": {},
           "customerManagedKey": {},
+          "deepLinkAllowed": {},
           "disconnectTimeoutInMinutes": {
             "type": "integer"
           },
@@ -1605,6 +1609,7 @@
                   "shape": "S1n"
                 },
                 "copyAllowed": {},
+                "deepLinkAllowed": {},
                 "disconnectTimeoutInMinutes": {
                   "type": "integer"
                 },
@@ -1969,6 +1974,7 @@
             "shape": "S1n"
           },
           "copyAllowed": {},
+          "deepLinkAllowed": {},
           "disconnectTimeoutInMinutes": {
             "type": "integer"
           },
@@ -2272,6 +2278,7 @@
         },
         "copyAllowed": {},
         "customerManagedKey": {},
+        "deepLinkAllowed": {},
         "disconnectTimeoutInMinutes": {
           "type": "integer"
         },

package/node_modules/aws-sdk/clients/accessanalyzer.d.ts

@@ -43,6 +43,14 @@ declare class AccessAnalyzer extends Service {
    * Checks whether new access is allowed for an updated policy when compared to the existing policy. You can find examples for reference policies and learn how to set up and run a custom policy check for new access in the IAM Access Analyzer custom policy checks samples repository on GitHub. The reference policies in this repository are meant to be passed to the existingPolicyDocument request parameter.
    */
   checkNoNewAccess(callback?: (err: AWSError, data: AccessAnalyzer.Types.CheckNoNewAccessResponse) => void): Request<AccessAnalyzer.Types.CheckNoNewAccessResponse, AWSError>;
+  /**
+   * Checks whether a resource policy can grant public access to the specified resource type.
+   */
+  checkNoPublicAccess(params: AccessAnalyzer.Types.CheckNoPublicAccessRequest, callback?: (err: AWSError, data: AccessAnalyzer.Types.CheckNoPublicAccessResponse) => void): Request<AccessAnalyzer.Types.CheckNoPublicAccessResponse, AWSError>;
+  /**
+   * Checks whether a resource policy can grant public access to the specified resource type.
+   */
+  checkNoPublicAccess(callback?: (err: AWSError, data: AccessAnalyzer.Types.CheckNoPublicAccessResponse) => void): Request<AccessAnalyzer.Types.CheckNoPublicAccessResponse, AWSError>;
   /**
    * Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before deploying resource permissions.
    */
@@ -83,6 +91,14 @@ declare class AccessAnalyzer extends Service {
    * Deletes the specified archive rule.
    */
   deleteArchiveRule(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
+  /**
+   * Creates a recommendation for an unused permissions finding.
+   */
+  generateFindingRecommendation(params: AccessAnalyzer.Types.GenerateFindingRecommendationRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
+  /**
+   * Creates a recommendation for an unused permissions finding.
+   */
+  generateFindingRecommendation(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
    * Retrieves information about an access preview for the specified analyzer.
    */
@@ -123,6 +139,14 @@ declare class AccessAnalyzer extends Service {
    * Retrieves information about the specified finding. GetFinding and GetFindingV2 both use access-analyzer:GetFinding in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:GetFinding action.
    */
   getFinding(callback?: (err: AWSError, data: AccessAnalyzer.Types.GetFindingResponse) => void): Request<AccessAnalyzer.Types.GetFindingResponse, AWSError>;
+  /**
+   * Retrieves information about a finding recommendation for the specified analyzer.
+   */
+  getFindingRecommendation(params: AccessAnalyzer.Types.GetFindingRecommendationRequest, callback?: (err: AWSError, data: AccessAnalyzer.Types.GetFindingRecommendationResponse) => void): Request<AccessAnalyzer.Types.GetFindingRecommendationResponse, AWSError>;
+  /**
+   * Retrieves information about a finding recommendation for the specified analyzer.
+   */
+  getFindingRecommendation(callback?: (err: AWSError, data: AccessAnalyzer.Types.GetFindingRecommendationResponse) => void): Request<AccessAnalyzer.Types.GetFindingRecommendationResponse, AWSError>;
   /**
    * Retrieves information about the specified finding. GetFinding and GetFindingV2 both use access-analyzer:GetFinding in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:GetFinding action.
    */
@@ -273,11 +297,16 @@ declare namespace AccessAnalyzer {
     /**
      * A list of actions for the access permissions. Any strings that can be used as an action in an IAM policy can be used in the list of actions to check.
      */
-    actions: AccessActionsList;
+    actions?: AccessActionsList;
+    /**
+     * A list of resources for the access permissions. Any strings that can be used as a resource in an IAM policy can be used in the list of resources to check.
+     */
+    resources?: AccessResourcesList;
   }
   export type AccessActionsList = Action[];
   export type AccessCheckPolicyDocument = string;
   export type AccessCheckPolicyType = "IDENTITY_POLICY"|"RESOURCE_POLICY"|string;
+  export type AccessCheckResourceType = "AWS::DynamoDB::Table"|"AWS::DynamoDB::Stream"|"AWS::EFS::FileSystem"|"AWS::OpenSearchService::Domain"|"AWS::Kinesis::Stream"|"AWS::Kinesis::StreamConsumer"|"AWS::KMS::Key"|"AWS::Lambda::Function"|"AWS::S3::Bucket"|"AWS::S3::AccessPoint"|"AWS::S3Express::DirectoryBucket"|"AWS::S3::Glacier"|"AWS::S3Outposts::Bucket"|"AWS::S3Outposts::AccessPoint"|"AWS::SecretsManager::Secret"|"AWS::SNS::Topic"|"AWS::SQS::Queue"|"AWS::IAM::AssumeRolePolicyDocument"|string;
   export type AccessPointArn = string;
   export type AccessPointPolicy = string;
   export interface AccessPreview {
@@ -399,6 +428,7 @@ declare namespace AccessAnalyzer {
     statusReason?: AccessPreviewStatusReason;
   }
   export type AccessPreviewsList = AccessPreviewSummary[];
+  export type AccessResourcesList = Resource[];
   export type AclCanonicalId = string;
   export interface AclGrantee {
     /**
@@ -574,7 +604,7 @@ declare namespace AccessAnalyzer {
      */
     policyDocument: AccessCheckPolicyDocument;
     /**
-     * An access object containing the permissions that shouldn't be granted by the specified policy.
+     * An access object containing the permissions that shouldn't be granted by the specified policy. If only actions are specified, IAM Access Analyzer checks for access of the actions on all resources in the policy. If only resources are specified, then IAM Access Analyzer checks which actions have access to the specified resources. If both actions and resources are specified, then IAM Access Analyzer checks which of the specified actions have access to the specified resources.
      */
     access: CheckAccessNotGrantedRequestAccessList;
     /**
@@ -627,6 +657,31 @@ declare namespace AccessAnalyzer {
     reasons?: ReasonSummaryList;
   }
   export type CheckNoNewAccessResult = "PASS"|"FAIL"|string;
+  export interface CheckNoPublicAccessRequest {
+    /**
+     * The JSON policy document to evaluate for public access.
+     */
+    policyDocument: AccessCheckPolicyDocument;
+    /**
+     * The type of resource to evaluate for public access. For example, to check for public access to Amazon S3 buckets, you can choose AWS::S3::Bucket for the resource type. For resource types not supported as valid values, IAM Access Analyzer will return an error.
+     */
+    resourceType: AccessCheckResourceType;
+  }
+  export interface CheckNoPublicAccessResponse {
+    /**
+     * The result of the check for public access to the specified resource type. If the result is PASS, the policy doesn't allow public access to the specified resource type. If the result is FAIL, the policy might allow public access to the specified resource type.
+     */
+    result?: CheckNoPublicAccessResult;
+    /**
+     * The message indicating whether the specified policy allows public access to resources.
+     */
+    message?: String;
+    /**
+     * A list of reasons why the specified resource policy grants public access for the resource type.
+     */
+    reasons?: ReasonSummaryList;
+  }
+  export type CheckNoPublicAccessResult = "PASS"|"FAIL"|string;
   export type CloudTrailArn = string;
   export interface CloudTrailDetails {
     /**
@@ -1114,6 +1169,17 @@ declare namespace AccessAnalyzer {
   export type FindingType = "ExternalAccess"|"UnusedIAMRole"|"UnusedIAMUserAccessKey"|"UnusedIAMUserPassword"|"UnusedPermission"|string;
   export type FindingsList = FindingSummary[];
   export type FindingsListV2 = FindingSummaryV2[];
+  export interface GenerateFindingRecommendationRequest {
+    /**
+     * The ARN of the analyzer used to generate the finding recommendation.
+     */
+    analyzerArn: AnalyzerArn;
+    /**
+     * The unique ID for the finding recommendation.
+     */
+    id: GenerateFindingRecommendationRequestIdString;
+  }
+  export type GenerateFindingRecommendationRequestIdString = string;
   export interface GeneratedPolicy {
     /**
      * The text to use as the content for the new policy. The policy is created using the CreatePolicy action.
@@ -1202,6 +1268,60 @@ declare namespace AccessAnalyzer {
   export interface GetArchiveRuleResponse {
     archiveRule: ArchiveRuleSummary;
   }
+  export interface GetFindingRecommendationRequest {
+    /**
+     * The ARN of the analyzer used to generate the finding recommendation.
+     */
+    analyzerArn: AnalyzerArn;
+    /**
+     * The unique ID for the finding recommendation.
+     */
+    id: GetFindingRecommendationRequestIdString;
+    /**
+     * The maximum number of results to return in the response.
+     */
+    maxResults?: GetFindingRecommendationRequestMaxResultsInteger;
+    /**
+     * A token used for pagination of results returned.
+     */
+    nextToken?: Token;
+  }
+  export type GetFindingRecommendationRequestIdString = string;
+  export type GetFindingRecommendationRequestMaxResultsInteger = number;
+  export interface GetFindingRecommendationResponse {
+    /**
+     * The time at which the retrieval of the finding recommendation was started.
+     */
+    startedAt: Timestamp;
+    /**
+     * The time at which the retrieval of the finding recommendation was completed.
+     */
+    completedAt?: Timestamp;
+    /**
+     * A token used for pagination of results returned.
+     */
+    nextToken?: Token;
+    /**
+     * Detailed information about the reason that the retrieval of a recommendation for the finding failed.
+     */
+    error?: RecommendationError;
+    /**
+     * The ARN of the resource of the finding.
+     */
+    resourceArn: ResourceArn;
+    /**
+     * A group of recommended steps for the finding.
+     */
+    recommendedSteps?: RecommendedStepList;
+    /**
+     * The type of recommendation for the finding.
+     */
+    recommendationType: RecommendationType;
+    /**
+     * The status of the retrieval of the finding recommendation.
+     */
+    status: Status;
+  }
   export interface GetFindingRequest {
     /**
      * The ARN of the analyzer that generated the finding.
@@ -1796,7 +1916,27 @@ declare namespace AccessAnalyzer {
     statementId?: String;
   }
   export type ReasonSummaryList = ReasonSummary[];
+  export interface RecommendationError {
+    /**
+     * The error code for a failed retrieval of a recommendation for a finding.
+     */
+    code: String;
+    /**
+     * The error message for a failed retrieval of a recommendation for a finding.
+     */
+    message: String;
+  }
+  export type RecommendationType = "UnusedPermissionRecommendation"|string;
+  export type RecommendedRemediationAction = "CREATE_POLICY"|"DETACH_POLICY"|string;
+  export interface RecommendedStep {
+    /**
+     * A recommended step for an unused permissions finding.
+     */
+    unusedPermissionsRecommendedStep?: UnusedPermissionsRecommendedStep;
+  }
+  export type RecommendedStepList = RecommendedStep[];
   export type RegionList = String[];
+  export type Resource = string;
   export type ResourceArn = string;
   export type ResourceType = "AWS::S3::Bucket"|"AWS::IAM::Role"|"AWS::SQS::Queue"|"AWS::Lambda::Function"|"AWS::Lambda::LayerVersion"|"AWS::KMS::Key"|"AWS::SecretsManager::Secret"|"AWS::EFS::FileSystem"|"AWS::EC2::Snapshot"|"AWS::ECR::Repository"|"AWS::RDS::DBSnapshot"|"AWS::RDS::DBClusterSnapshot"|"AWS::SNS::Topic"|"AWS::S3Express::DirectoryBucket"|"AWS::DynamoDB::Table"|"AWS::DynamoDB::Stream"|string;
   export type RetiringPrincipal = string;
@@ -1944,6 +2084,7 @@ declare namespace AccessAnalyzer {
      */
     resourceOwnerAccount?: String;
   }
+  export type Status = "SUCCEEDED"|"FAILED"|"IN_PROGRESS"|string;
   export interface StatusReason {
     /**
      * The reason code for the current status of the analyzer.
@@ -2069,10 +2210,28 @@ declare namespace AccessAnalyzer {
      */
     serviceNamespace: String;
     /**
-     * The time at which the permission last accessed.
+     * The time at which the permission was last accessed.
      */
     lastAccessed?: Timestamp;
   }
+  export interface UnusedPermissionsRecommendedStep {
+    /**
+     * The time at which the existing policy for the unused permissions finding was last updated.
+     */
+    policyUpdatedAt?: Timestamp;
+    /**
+     * A recommendation of whether to create or detach a policy for an unused permissions finding.
+     */
+    recommendedAction: RecommendedRemediationAction;
+    /**
+     * If the recommended action for the unused permissions finding is to replace the existing policy, the contents of the recommended policy to replace the policy specified in the existingPolicyId field.
+     */
+    recommendedPolicy?: String;
+    /**
+     * If the recommended action for the unused permissions finding is to detach a policy, the ID of an existing policy to be detached.
+     */
+    existingPolicyId?: String;
+  }
   export interface UpdateArchiveRuleRequest {
     /**
      * The name of the analyzer to update the archive rules for.

package/node_modules/aws-sdk/clients/account.d.ts

@@ -11,6 +11,14 @@ declare class Account extends Service {
    */
   constructor(options?: Account.Types.ClientConfiguration)
   config: Config & Account.Types.ClientConfiguration;
+  /**
+   * Accepts the request that originated from StartPrimaryEmailUpdate to update the primary email address (also known as the root user email address) for the specified account.
+   */
+  acceptPrimaryEmailUpdate(params: Account.Types.AcceptPrimaryEmailUpdateRequest, callback?: (err: AWSError, data: Account.Types.AcceptPrimaryEmailUpdateResponse) => void): Request<Account.Types.AcceptPrimaryEmailUpdateResponse, AWSError>;
+  /**
+   * Accepts the request that originated from StartPrimaryEmailUpdate to update the primary email address (also known as the root user email address) for the specified account.
+   */
+  acceptPrimaryEmailUpdate(callback?: (err: AWSError, data: Account.Types.AcceptPrimaryEmailUpdateResponse) => void): Request<Account.Types.AcceptPrimaryEmailUpdateResponse, AWSError>;
   /**
    * Deletes the specified alternate contact from an Amazon Web Services account. For complete details about how to use the alternate contact operations, see Access or updating the alternate contacts.  Before you can update the alternate contact information for an Amazon Web Services account that is managed by Organizations, you must first enable integration between Amazon Web Services Account Management and Organizations. For more information, see Enabling trusted access for Amazon Web Services Account Management. 
    */
@@ -20,11 +28,11 @@ declare class Account extends Service {
    */
   deleteAlternateContact(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
-   * Disables (opts-out) a particular Region for an account.
+   * Disables (opts-out) a particular Region for an account.  The act of disabling a Region will remove all IAM access to any resources that reside in that Region. 
    */
   disableRegion(params: Account.Types.DisableRegionRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
-   * Disables (opts-out) a particular Region for an account.
+   * Disables (opts-out) a particular Region for an account.  The act of disabling a Region will remove all IAM access to any resources that reside in that Region. 
    */
   disableRegion(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
@@ -51,6 +59,14 @@ declare class Account extends Service {
    * Retrieves the primary contact information of an Amazon Web Services account. For complete details about how to use the primary contact operations, see Update the primary and alternate contact information.
    */
   getContactInformation(callback?: (err: AWSError, data: Account.Types.GetContactInformationResponse) => void): Request<Account.Types.GetContactInformationResponse, AWSError>;
+  /**
+   * Retrieves the primary email address for the specified account.
+   */
+  getPrimaryEmail(params: Account.Types.GetPrimaryEmailRequest, callback?: (err: AWSError, data: Account.Types.GetPrimaryEmailResponse) => void): Request<Account.Types.GetPrimaryEmailResponse, AWSError>;
+  /**
+   * Retrieves the primary email address for the specified account.
+   */
+  getPrimaryEmail(callback?: (err: AWSError, data: Account.Types.GetPrimaryEmailResponse) => void): Request<Account.Types.GetPrimaryEmailResponse, AWSError>;
   /**
    * Retrieves the opt-in status of a particular Region.
    */
@@ -83,8 +99,36 @@ declare class Account extends Service {
    * Updates the primary contact information of an Amazon Web Services account. For complete details about how to use the primary contact operations, see Update the primary and alternate contact information.
    */
   putContactInformation(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
+  /**
+   * Starts the process to update the primary email address for the specified account.
+   */
+  startPrimaryEmailUpdate(params: Account.Types.StartPrimaryEmailUpdateRequest, callback?: (err: AWSError, data: Account.Types.StartPrimaryEmailUpdateResponse) => void): Request<Account.Types.StartPrimaryEmailUpdateResponse, AWSError>;
+  /**
+   * Starts the process to update the primary email address for the specified account.
+   */
+  startPrimaryEmailUpdate(callback?: (err: AWSError, data: Account.Types.StartPrimaryEmailUpdateResponse) => void): Request<Account.Types.StartPrimaryEmailUpdateResponse, AWSError>;
 }
 declare namespace Account {
+  export interface AcceptPrimaryEmailUpdateRequest {
+    /**
+     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned. This operation can only be called from the management account or the delegated administrator account of an organization for a member account.  The management account can't specify its own AccountId. 
+     */
+    AccountId: AccountId;
+    /**
+     * The OTP code sent to the PrimaryEmail specified on the StartPrimaryEmailUpdate API call.
+     */
+    Otp: Otp;
+    /**
+     * The new primary email address for use with the specified account. This must match the PrimaryEmail from the StartPrimaryEmailUpdate API call.
+     */
+    PrimaryEmail: PrimaryEmailAddress;
+  }
+  export interface AcceptPrimaryEmailUpdateResponse {
+    /**
+     * Retrieves the status of the accepted primary email update request.
+     */
+    Status?: PrimaryEmailUpdateStatus;
+  }
   export type AccountId = string;
   export type AddressLine = string;
   export interface AlternateContact {
@@ -154,7 +198,7 @@ declare namespace Account {
      */
     PostalCode: PostalCode;
     /**
-     * The state or region of the primary contact address. This field is required in selected countries.
+     * The state or region of the primary contact address. If the mailing address is within the United States (US), the value in this field can be either a two character state code (for example, NJ) or the full state name (for example, New Jersey). This field is required in the following countries: US, CA, GB, DE, JP, IN, and BR.
      */
     StateOrRegion?: StateOrRegion;
     /**
@@ -176,7 +220,7 @@ declare namespace Account {
   }
   export interface DisableRegionRequest {
     /**
-     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must also be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
+     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
      */
     AccountId?: AccountId;
     /**
@@ -188,7 +232,7 @@ declare namespace Account {
   export type EmailAddress = string;
   export interface EnableRegionRequest {
     /**
-     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must also be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
+     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
      */
     AccountId?: AccountId;
     /**
@@ -215,7 +259,7 @@ declare namespace Account {
   }
   export interface GetContactInformationRequest {
     /**
-     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must also be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
+     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
      */
     AccountId?: AccountId;
   }
@@ -225,9 +269,21 @@ declare namespace Account {
      */
     ContactInformation?: ContactInformation;
   }
+  export interface GetPrimaryEmailRequest {
+    /**
+     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned. This operation can only be called from the management account or the delegated administrator account of an organization for a member account.  The management account can't specify its own AccountId. 
+     */
+    AccountId: AccountId;
+  }
+  export interface GetPrimaryEmailResponse {
+    /**
+     * Retrieves the primary email address associated with the specified account.
+     */
+    PrimaryEmail?: PrimaryEmailAddress;
+  }
   export interface GetRegionOptStatusRequest {
     /**
-     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must also be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
+     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
      */
     AccountId?: AccountId;
     /**
@@ -247,7 +303,7 @@ declare namespace Account {
   }
   export interface ListRegionsRequest {
     /**
-     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must also be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
+     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
      */
     AccountId?: AccountId;
     /**
@@ -276,8 +332,11 @@ declare namespace Account {
     Regions?: RegionOptList;
   }
   export type Name = string;
+  export type Otp = string;
   export type PhoneNumber = string;
   export type PostalCode = string;
+  export type PrimaryEmailAddress = string;
+  export type PrimaryEmailUpdateStatus = "PENDING"|"ACCEPTED"|string;
   export interface PutAlternateContactRequest {
     /**
      * Specifies the 12 digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you do not specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account, and the specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId; it must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, then don't specify this parameter, and call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
@@ -306,7 +365,7 @@ declare namespace Account {
   }
   export interface PutContactInformationRequest {
     /**
-     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must also be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
+     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.  The management account can't specify its own AccountId. It must call the operation in standalone context by not including the AccountId parameter.  To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
      */
     AccountId?: AccountId;
     /**
@@ -328,6 +387,22 @@ declare namespace Account {
   export type RegionOptList = Region[];
   export type RegionOptStatus = "ENABLED"|"ENABLING"|"DISABLING"|"DISABLED"|"ENABLED_BY_DEFAULT"|string;
   export type RegionOptStatusList = RegionOptStatus[];
+  export interface StartPrimaryEmailUpdateRequest {
+    /**
+     * Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned. This operation can only be called from the management account or the delegated administrator account of an organization for a member account.  The management account can't specify its own AccountId. 
+     */
+    AccountId: AccountId;
+    /**
+     * The new primary email address (also known as the root user email address) to use in the specified account.
+     */
+    PrimaryEmail: PrimaryEmailAddress;
+  }
+  export interface StartPrimaryEmailUpdateResponse {
+    /**
+     * The status of the primary email update request.
+     */
+    Status?: PrimaryEmailUpdateStatus;
+  }
   export type StateOrRegion = string;
   export type String = string;
   export type Title = string;